[jboss-user] [Security] - JBoss Programmatic Login, non-password authentication
Hello. I am having difficulty determining how to perform programmatic login in JBoss where the credentials is more complex than a simple username + password pair. In our system, users are identified by UserName (String), AuthAgentId (long), and VerificationCode (String). Basically, AuthAgentId is the "domain"; each one is an independent namespace of UserNames. VerificationCode is a SHA-256 signature that we use to verify the authenticity of the user. Therefore we have a custom LoginModule: import org.jboss.security.auth.spi.AbstractServerLoginModule; | | public class VhmDbServerLoginModule extends AbstractServerLoginModule { | public void initialize(...) { ... } | public boolean login () throws LoginException { ... } | ... | } Also, we have a custom CallbackHandler to actually feed the LoginModule: public class UsernameAuthAgentHandler implements CallbackHandler { | private transient final String username; | private transient final String verificationCode; | private transient final long authAgentId; | | public UsernameAuthAgentHandler ( | String username, long authAgentId, String verificationCode) { | ... | } | | public void handle (Callback[] callbacks) throws | UnsupportedCallbackException { | for (Callback c : callbacks) { | if (c instanceof NameCallback) { | NameCallback nc = (NameCallback) c; | nc.setName(username); | } | else if (c instanceof TextInputCallback) { | TextInputCallback tc = (TextInputCallback) c; | if (tc.getPrompt().equals("VerificationCode")) { | tc.setText(verificationCode); | } | } | else if (c instanceof LongInputCallback) { | LongInputCallback lc = (LongInputCallback) c; | if (lc.getPrompt().equals("AuthAgent")) { | lc.setValue(authAgentId); | } | } | else { | throw new UnsupportedCallbackException(c, "Unrecognized Callback"); | } | } | } | } Good so far - We use LoginContext to perform the login: Request request = SecurityAssociationValve.activeRequest.get(); | if (request == null) { | throw new IllegalStateException("request is null"); | } | | UsernameAuthAgentHandler uaah = | new UsernameAuthAgentHandler(username, agentId, credential); | | String realm = request.getContext().getLoginConfig().getRealmName(); | LoginContext lc = null; | try { | lc = new LoginContext(realm, uaah); | lc.login(); | } | catch (LoginException le) { | return false; | } | ... This works, it results in a subject that looks like: Subject: | Principals: | Principal: com.vhm.security.auth.userprinci...@65824b9 | Principal: Roles(members:OWNER,SUBSCRIBER,ACCESS_FULL) | Principal: CallerPrincipal(members:com.vhm.security.auth.userprinci...@65824b9) | pubCredentials: size = 0 | privCredentials: size = 0 I can share the exact LoginModule code incase this output looks invalid, but it seems correct to me. I then call the WebAuthentication.register(Request request, Principal principal, String s, Object o) method. I created a subclass of WebAuthentication in order to make the method public. Principal p = | lc.getSubject().getPrincipals(UserPrincipal.class).iterator().next(); | wad.register(request, p, username, credential); After all this, I make another request to a servlet. I call request.getUserPrincipal() and it returns my custom UserPrincipal! However, when I call request.isUserInRole("OWNER") I get false. I expect this since I never had a chance to register the roles. My question is - How do I actually register the roles with the request/session? Some people in #jboss tell me to "Create a SAR". I know how to do this, but I have absolutely no clue what this Service should do. I have no existing services I know to fork. So - I'm at a total loss. If someone could please help me register the roles with the catalina session, I would be eternally grateful! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4270078#4270078 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4270078 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [EJB 3.0 Users] - Execute TimerService().createTimer() exactly once in a clust
Hello. First off, I've read the article at: http://www.jboss.org/community/wiki/DeployingEJB3TimersInCluster I now have a SLSB with an @Timeout which is deployed with: jboss.ha:service=HASingletonDeployer,type=Barrier The problem is, unlike the article linked above, I will not be starting the timers multiple times over the lifetime of the application. In my case, I want the timer to be started exactly once for the whole cluster. I previously had a ServletContextListener subclass where contextInitialized() would kill all timers and start them. The problem is, now if I have more nodes join the cluster, the timers are killed and recreated. Is there a better way to accomplish this? Additionally, I thought maybe I could start the Timer in the @PostConstruct of the SLSBs themselves. However, this fails with TimerService.getTimers should not be access from this bean method: IN_EJB_CREATE Any help regarding this is appreciated! Thanks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4254043#4254043 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4254043 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Configuring virtual directories in Jboss4.2.2
Odd, removing the web.xml still causes the warning, but things work now. I guess it was the appName and debug that was making it break. Regardless, I now have more descriptive information in the Wiki regarding this - with updated directory paths and removal of the two context properties that were causing an additional 2 warnings (and I believe the source of my problem). If someone knows when the directory structure changed in Jboss, they can change my "Recent versions of Jboss" to something like "Jboss versions x.x.x and up" View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4197005#4197005 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4197005 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Configuring virtual directories in Jboss4.2.2
Well, you see the error I was receiving "Unable to process deployment descriptor for context '/llama'" So, I added a deployment descriptor to that directory and now it works. -Paul View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4197004#4197004 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4197004 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Configuring virtual directories in Jboss4.2.2
Doesn't work. However, I figured out the problem, apparently the external directory requires it's own WEB-APP/web.xml file. This must be what "step 1" was trying to describe. I am editing the Wiki right now with more descriptive information. Thanks for your fast response! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4196999#4196999 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4196999 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Configuring virtual directories in Jboss4.2.2
Some more details: server.xml | | | However, I get this: 17:46:42,885 WARN [Digester] [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'appBase' to '' did not find a matching property. | 17:46:42,886 WARN [Digester] [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'debug' to '99' did not find a matching property. | 17:46:42,908 INFO [AprLifecycleListener] The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-6-openjdk/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib | 17:46:43,006 INFO [Http11Protocol] Initializing Coyote HTTP/1.1 on http-0.0.0.0-8080 | 17:46:43,007 INFO [AjpProtocol] Initializing Coyote AJP/1.3 on ajp-0.0.0.0-8009 | 17:46:43,007 INFO [Catalina] Initialization processed in 252 ms | 17:46:43,007 INFO [StandardService] Starting service jboss.web | 17:46:43,009 INFO [StandardEngine] Starting Servlet Engine: JBossWeb/2.0.1.GA | 17:46:43,246 WARN [config] Unable to process deployment descriptor for context '/llama' So, I removed appBase and debug from the context, however, I still get: 17:48:11,725 WARN [config] Unable to process deployment descriptor for context '/llama' View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4196994#4196994 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4196994 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Configuring virtual directories in Jboss4.2.2
Hmm, I tried the instructions on the page. I am running JBoss4.2.3. I followed the "Serving Static External Files jboss-3.2.4 Onwards" directions. My version is > 3.2.4, and the instructions for pre-3.2.4 use the org.jboss.tomcat.tc4 package which is now depreciated. However: when running my application, I receive no errors, but trying to access files in my context-path results in 404 errors. So - what could be wrong? I'm not following "Step 1" exactly, because it doesn't make sense. Instead I am editing server/default/deploy/jboss-web.deployer/server.xml Thanks in advance! Paul View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4196993#4196993 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4196993 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user