[jboss-user] [Security JAAS/JBoss] - JACC and SecurityAssociation
I've created an EJB3 application with some JPA entities. Some of these entities have the notion of ownership. These entities have the getOwner() method, which returns the principal name of the subject that once created the entity (via sessionContext.getCallerPrincipal().getName()). What I would like to do now is to perform ownership checking via a JPA entity listener. Thus I login the user via JAAS client-login in a servlet filter, my JAAS login module sets the principal and Roles group on the subject and then the user can continue to update the entities which he owns. The ownership listener has a @PreUpdate method and here I would like to do the ownership checking. For this I can use the SecurityAssociation.getPrincipal() which gives me the current caller principal as expected. The thing is that I would like to be as JBoss independent as possible. Thus I would like to use JACC. Via PolicyContext.getContext(javax.security.auth.Subject.container) I can retrieve the Subject from within the entity listener, but on this subject I only have a SimplePrincipal with name guest, and of course the SimpleGroup 'Roles. I checked this out and even SecurityAssociation.getSubject.getPrincipals() only has guest for SimplePrincipal instead of the real caller principal name, while the SecurityAssociation.getPrincipal() gives back the correct active principal. How come? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4045714#4045714 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4045714 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration Deployment] - Re: JBoss AS 4.2.0.CR2 does not start
Adding localhost.localdomain indeed fixes the problem. It's weird that Fedora doesn't have this for default. Frank. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4040807#4040807 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4040807 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration Deployment] - Re: JBoss AS 4.2.0.CR2 does not start
[EMAIL PROTECTED] wrote : Is networking actually enabled on your machine? Well, if your can read this reply, yes. The funny thing is that when I'm working from my home network (eth1 wireless) it seems to boot normal. When booting JBoss 4.2 at 'work' (eth0 wired), it doesn't. Will investigate on this and come back with my findings. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4039183#4039183 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4039183 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration Deployment] - JBoss AS 4.2.0.CR2 does not start
When I start JBoss AS 4.2.0.CR2 under a default Linux Fedora Core 6, I get the following error followed by a container shutdown. anonymous wrote : | Caused by: java.lang.RuntimeException: Exception creating identity: localhost.localdomain: localhost.localdomain | at org.jboss.remoting.ident.Identity.get(Identity.java:211) | at org.jboss.remoting.network.NetworkRegistry.preRegister(NetworkRegistry.java:268) | I don't think this should be happening. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4038760#4038760 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4038760 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration Deployment] - Re: JBoss AS 4.2.0.CR2 does not start
The content of my /etc/hosts file is: anonymous wrote : | # Do not remove the following line, or various programs | # that require network functionality will fail. | ::1 localhost localhost.localdomain | 127.0.0.1 localhost | View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4038953#4038953 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4038953 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Why AbstractServerLoginModule.logout is not removing added r
Hi, I just came across a situation in which the sessionContext.getCallerPrincipal() returns null because the principal was removed from the subject during logout, which is OK. The funny thing is that, because AbstractServerLoginModule is not removing any added roles, the RBAC still lets the 'null' caller principal call the method annotated with @RolesAllowed. Why is AbstractServerLoginModule not removing the added roles while removing the principal from the subject? Frank. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4030523#4030523 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4030523 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Detached entities and security domains
Hi, I've got two EJB3 JAR, each hosting session beans living in different security domains. Is it true that the JPA entities received from a session bean living on security domain A, will be detached within the session bean living in the other security domain B, thus disabling lazy-loading? Could anyone confirm this behavior? Regards, Frank. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4024839#4024839 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4024839 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Using SEAM with Apache Tree2
The error: java.lang.IllegalArgumentException: Value must be a TreeModel or TreeNode is probably caused by the JBoss classloading; most likely you have the tomahawk library in both your EAR and your WAR. Removing the tomahawk library from the WAR will solve the issue. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4002886#4002886 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4002886 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Remoting] - Re: JBoss Remoting JDK 6.0 situation deadlock
Hi Tom, I'm using JBoss Remoting 1.4.6.GA now in my integration tests (for an application deployed on JBoss AS 4.0.5.GA) running Java 6, and the thing seems to behave just fine. Thanks for the work on this issue. Regards, Frank. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4002306#4002306 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4002306 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Remoting] - Re: JBoss Remoting JDK 6.0 situation deadlock
The patch of jboss-remoting is quite simple. See: http://jira.jboss.com/jira/browse/JBREM-659 I really don't get why this is taking so long for JBoss to tackle this issue (I know, a support contract would probably help). If JBoss feels like this is a Java6 bug, they could just call it a work-around. (while actually everybody knows by now it's a bug :) ) | Index: ./src/main/org/jboss/remoting/loading/ObjectInputStreamWithClassLoader.java | === | RCS file: /cvsroot/jboss/JBossRemoting/src/main/org/jboss/remoting/loading/ObjectInputStreamWithClassLoader.java,v | retrieving revision 1.2.4.1 | diff -u -r1.2.4.1 ObjectInputStreamWithClassLoader.java | --- ./src/main/org/jboss/remoting/loading/ObjectInputStreamWithClassLoader.java 11 May 2006 20:39:42 - 1.2.4.1 | +++ ./src/main/org/jboss/remoting/loading/ObjectInputStreamWithClassLoader.java 10 Jan 2007 14:18:32 - | @@ -136,7 +136,8 @@ | // EJBTHREE-440 | try | { | -return cl.loadClass(v.getName()); | +// JBREM-659 | +return Class.forName(v.getName(), false, cl); | } | catch(ClassNotFoundException ex) | { | View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=384#384 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=384 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Removing jaxws in ejb3-all jar
I experienced similar problems when trying to integrate JAX-WS RI into JBoss AS. It almost feels like Sun and JBoss don't really care that much about the capability of running the WS stacks on each others application servers. IMHO, the best environment right now for SOA is: JBoss AS with JAX-WS RI, but getting the WS runtime up and running really sucks... View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3996041#3996041 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3996041 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - Entity Ownership check
@RolesAllowed allows one to check whether a caller principal has a certain role in a declarative way. Besides checking permissions on executed operations there is also something I call entity ownership checking. This is where you want to check whether the caller principal is allowed to update an Entity. For this I would like to use an Entity Listener since this is one of those cross-cutting concerns. But apparently it's not possible to inject the SessionContext into the listener, since it's not an EJB3 session bean I guess. Thus I'm using the SecurityAssociation.getPrincipal/getSubject to gain access to the caller principal and roles in order to perform the entity ownership checks. Is it OK to use the SecurityAssociation for this purpose? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3994730#3994730 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3994730 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Seam 1.1.5 SeamSecurity...
anonymous wrote : s:secure is gone, it's been replaced with EL expressions s:hasRole and s:hasPermission. Does this mean that the view will also have servlet container security enabled on it? In my own Seam application I've places only the controller Seam BBs within a security domain. Thus these components can use the @RolesAllowed stuff. I'm using a servlet filter to push the session credentials to the client-login JAAS context. My view has no servlet container security enabled on it, but it can access the current used via #{currentUser} if needed for view purposes only, since that's the only task of the view (SoC). For this I used a simple Tomcat valve configured via context.xml. IMHO the view should not have security enabled on it, since it can only expose data or perform operations via the controller components. Thus placing the controller components inside a security domain does the trick. Servlet container security doesn't bring anything in case of an MVC framework like Seam. And, since Seam 1.1 we can have a nice error page in case of an RBAC exception, thus the view does not need to get access to the RBAC itself. This is also in line with another security aspect: input validation. Via the Hibernate annotations, they've also made the view dumb as it comes to input validation. Anyone has opinion on this? Can anyone already shed some light on which direction this is going to take? At JavaPolis someone of JBoss said they where going to use a rules thingy for the Seam security... KISS please... we already have a security system via EJB3, one should be enough. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3994418#3994418 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3994418 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0] - COUNT(*) works, COUNT(entity) not
I have an @Entity with composite @EmbeddedId primary key. When I do a query like: SELECT COUNT(*) FROM TheEntity AS theEntity WHERE theEntity.blablablabla then everything works, but when I replace this with: SELECT COUNT(theEntity) FROM TheEntity AS theEntity WHERE theEntity.blablabla then Hibernate fails on it with the following error: Caused by: java.sql.SQLException: Syntax error: Encountered , at line 1, column 39. The SQL statement that he tried to execute looks like select count((theEntity.a, theEntity.b)) as col_0_0_ from TheEntity theEntity where theEntity.a=? I'm using the default HSQL DefaultDS that comes with JBoss 4.0.5.GA Is this a bug, or is it just me? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3993011#3993011 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3993011 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - jndi lookup with 2 Seam WARs in one EAR
Hi, I have 2 Seam-based web application WARs in one single EAR. Apparently if WAR1 has a @Name(login) component and WAR2 has also a @Name(login) component, then Seam cannot seem to lookup the correct component, even if those two components use different @LocalBinding and in each components.xml the jndiPattern point in each WAR to their respective JNDI binding locations. Is this a bug or am I doing something wrong here? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3991239#3991239 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3991239 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: jndi lookup with 2 Seam WARs in one EAR
mmm... yeah... my brain is some slower than my posting in this forum... :) View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3991360#3991360 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3991360 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: Seam Stateless Beans
I thought Seam was somehow managing that a single JSF lifecycle always got to see the same stateless bean instance. Apparently I'm using the wrong Maven2/Facelets port of the dvdstore to learn all about Seam... http://vyzivus.host.sk/site-files/dvdstore.zip View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3989645#3989645 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3989645 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Re: RoleMappingLoginModule with rule: *=role1, role2
The following also did the trick: login-module code=MyLoginModule flag=required/login-module | login-module code=org.jboss.security.auth.spi.IdentityLoginModule flag=optional | module-option name=password-stackinguseFirstPass/module-option | module-option name=rolesTheRoleIWantToAdd/module-option | /login-module View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3989397#3989397 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3989397 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Seam Stateless Beans
I have this @Stateless bean with a setName() and getName() and a process() method. The first time I call process() via the page all is OK, but the second time the page calls getName() first, which still contains the previous value. Is there a way to clean this besides doing? | public void process() { |try { | reallyProcess(); |} |finally { | this.name = null; |} | } | I don't want to start a conversation for a single page. How does Seam handle the lifecycle of @Stateless beans? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3989398#3989398 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3989398 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - Re: JaasAuthenticationProvider in Seam 1.1
Using a forward to a native j_security_check is indeed an easy way to use the servlet container provided security features. But on the other hand, you're mixing JSF with non-JSF stuff. I was more thinking of using a servlet filter to do the client-login into the security domain when the username and password has been set on the session as attributes. That way the error reporting on a failed login stays within JSF. Any suggestions here? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3988168#3988168 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3988168 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [JBoss Seam] - JaasAuthenticationProvider in Seam 1.1
I would like to use my JAAS login module in my Seam-based application to protect some of the Seam EJB3 backing beans via EJB3 RBAC. I see that Seam 1.1 has a JaasAuthenticationProvider for this. How to use it? Looking at the source code of Seam 1.1.0.CR1 I wonder whether this thing already works with that much code commented out... View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3988001#3988001 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3988001 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - RoleMappingLoginModule with rule: *=role1, role2
RoleMappingLoginModule makes sense when the user already has a (JAAS JBoss specific) role. The funny thing here is that, before your are capable of using RoleMappingLoginModule, the user already must have a (JAAS JBoss specific) role assigned by a login module. Thus the initial JAAS LoginModule already needs to be JBoss-aware (because of the role replacement by RoleMappingLoginModule). How can I add a role to an authenticated user when he/she has been authenticated by a generic JAAS (i.e. non-JBoss aware) login module? I don't want to pollute my generic JAAS login module with JBoss specific stuff (the 'Roles' group thingy). View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3986256#3986256 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3986256 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user