[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
Did you ever find an answer to your problem. I'm experiencing the same exception with jboss 4.2.2 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4175620#4175620 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4175620 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
ragavgomatam, I want to thank you very much for your patience and valuable help in answering my questions. Now I can proceed in my web application development more confident about what I'm doing. Thank you once again. Marcos View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4170618#4170618 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4170618 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
The only resource that jboss caches when you use its security features are the JAAS Subject in ihe HttpSession. In your case, since you are not using security, nothing is cached by Jboss. So don't worry. You are good & no memory is wasted. Enjoy View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4170574#4170574 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4170574 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
"ragavgomatam" wrote : | Clarify what do you mean by anonymous wrote : "JBoss still manage the release of resources" What resources are you referring to ? When I call manually webAuthentication.logout() or session.invalidate() I know that this release some kind of resources on the server more quickly. As I'm not using any of these facilities now with my unsecured EJBs, does JBoss manage the release of things like these automatically for me too? I mean, I don't want to have a lot of memory wasted on the server machine just because I'm running with unsecured EJBs. Marcos View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4170531#4170531 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4170531 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
anonymous wrote : But with these unsecured EJBs, does JBoss still manage the release of resources of the users that are not using the application anymore automatically for me? Clarify what do you mean by anonymous wrote : "JBoss still manage the release of resources" What resources are you referring to ? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4170438#4170438 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4170438 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
"ragavgomatam" wrote : | (1) If Security is not desired, then why bother. Most certainly you can have unsecured ejb's . This is absolutely ok. First I thought that in order to make EJB calls I had to be authenticated. So, it was crucial to me to have a place to log out, cancelling the authentication in order to release server resources more quickly. But as my application showed to me, and you confirmed that, I don't need to do so. I can have unsecured EJBs, that way I'm having now. But with these unsecured EJBs, does JBoss still manage the release of resources of the users that are not using the application anymore automatically for me? Maybe this is a naive question, but I would like to make sure anyhow. Marcos View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4170374#4170374 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4170374 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
anonymous wrote : This application that I'm developing doesn't have to have any security restrictions Questions I have are :- (1) If Security is not desired, then why bother. Most certainly you can have unsecured ejb's . This is absolutely ok. (2) If you do not provide any security restrictions by way of special elements entry into your web.xml and jboss-web.xml and ejb-jar.xml , then your application is unsecured. Jboss does nothing special in this case & allows access to any methods that you may call on your ejb's anonymous wrote : If not, what would be another place for me to do the logout from the WebAutentication facility? Again, do you need authentication ? Else don't bother View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4170353#4170353 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4170353 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
"ragavgomatam" wrote : Yes..Try it..This should do a Jaas Log out for you ragavgomatam, I've tried with the code: | HttpSession session = | (HttpSession) FacesContext.getCurrentInstance(). | getExternalContext().getSession(false); | session.invalidate(); | but unfortunately it doesn't work because at this point in the web life cycle when the web container calls the method marked with the @PreDestroy annotation to do the cleanup, FacesContext.getCurrentInstance() returns null. So, I get the following exception: | 2008-08-12 08:26:37,343 ERROR [org.jboss.web.jsf.integration.injection.JBossInjectionProvider] PreDestroy failed on managed bean. | java.lang.reflect.InvocationTargetException | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) | at java.lang.reflect.Method.invoke(Unknown Source) | at org.apache.catalina.util.DefaultAnnotationProcessor.preDestroy(DefaultAnnotationProcessor.java:112) | at org.jboss.web.jsf.integration.injection.JBossInjectionProvider.invokePreDestroy(JBossInjectionProvider.java:80) | at com.sun.faces.mgbean.BeanBuilder.destroy(BeanBuilder.java:120) | at com.sun.faces.mgbean.BeanManager.destroy(BeanManager.java:248) | at com.sun.faces.application.WebappLifecycleListener.handleAttributeEvent(WebappLifecycleListener.java:265) | at com.sun.faces.application.WebappLifecycleListener.sessionDestroyed(WebappLifecycleListener.java:133) | at com.sun.faces.config.ConfigureListener.sessionDestroyed(ConfigureListener.java:296) | at org.apache.catalina.session.StandardSession.expire(StandardSession.java:702) | at org.apache.catalina.session.StandardSession.expire(StandardSession.java:660) | at org.apache.catalina.session.StandardManager.stop(StandardManager.java:676) | at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4523) | at org.apache.catalina.core.ContainerBase.destroy(ContainerBase.java:1163) | at org.apache.catalina.core.StandardContext.destroy(StandardContext.java:4617) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) | at java.lang.reflect.Method.invoke(Unknown Source) | at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296) | at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) | at org.jboss.web.tomcat.service.TomcatDeployer.performUndeployInternal(TomcatDeployer.java:461) | at org.jboss.web.tomcat.service.TomcatDeployer.performUndeploy(TomcatDeployer.java:432) | at org.jboss.web.AbstractWebDeployer.stop(AbstractWebDeployer.java:422) | at org.jboss.web.WebModule.stopModule(WebModule.java:100) | at org.jboss.web.WebModule.stopService(WebModule.java:66) | at org.jboss.system.ServiceMBeanSupport.jbossInternalStop(ServiceMBeanSupport.java:315) | at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:247) | at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) | at java.lang.reflect.Method.invoke(Unknown Source) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) | at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) | at $Proxy0.stop(Unknown Source) | at org.jboss.system.ServiceController.stop(ServiceController.java:508) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) | at java.lang.reflect.Method.invoke(Unknown Source) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) | at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) | at $Proxy44.stop(Unknown Source)
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
Yes..Try it..This should do a Jaas Log out for you View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169990#4169990 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169990 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
"ragavgomatam" wrote : Try calling HttpSession.invalidate(). When you invalidate the session on log out, Jboss automatiocally clears the Principal from its internal cache. Are you saying that instead of calling webAuthentication.logout(), I should call something like this: | HttpSession session = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false); | session.invalidate(); | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169963#4169963 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169963 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
Try calling HttpSession.invalidate(). When you invalidate the session on log out, Jboss automatiocally clears the Principal from its internal cache. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169958#4169958 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169958 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
"ragavgomatam" wrote : Hi,
| Can you please publish your ejb method permissions ?
Hello, ragavgomatam! You solved the problem. I wasn't really securing my EJB
methods. After applying the security with the @SecurityDomain and @RolesAllowed
annotations, everything worked as expected. Now with a real username and
password the session bean method calls works without problems, but with an
invalid username and/or password or without authentication it the method calls
fail.
But another issue arised now. It's no more related with programmatically
authenticating, but with programmatically loging out from the authentication.
I'm using JSF in my web application. So, I put the code to logout in a session
backing bean method marked with the @PreDestroy annotation. In JSF, methods
marked with this annotation are called when the JSF container dispose of the
backing bean that it automatically created. So, I thought that this would be a
good place to put the logout code, like this:
| @PreDestroy
| public void finalizar()
| {
| IAutenticacao autenticacao =
| FabricaDados.getInstancia().getAutenticacao();
| autenticacao.logout(); // This just calls webAuthentication.logout()
inside
| }
|
but I get the following error message:
| 2008-08-11 08:38:05,546 ERROR
[org.jboss.web.jsf.integration.injection.JBossInjectionProvider] PreDestroy
failed on managed bean.
| java.lang.reflect.InvocationTargetException
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
| at java.lang.reflect.Method.invoke(Unknown Source)
| at
org.apache.catalina.util.DefaultAnnotationProcessor.preDestroy(DefaultAnnotationProcessor.java:112)
| at
org.jboss.web.jsf.integration.injection.JBossInjectionProvider.invokePreDestroy(JBossInjectionProvider.java:80)
| at com.sun.faces.mgbean.BeanBuilder.destroy(BeanBuilder.java:120)
| at com.sun.faces.mgbean.BeanManager.destroy(BeanManager.java:248)
| at
com.sun.faces.application.WebappLifecycleListener.handleAttributeEvent(WebappLifecycleListener.java:265)
| at
com.sun.faces.application.WebappLifecycleListener.sessionDestroyed(WebappLifecycleListener.java:133)
| at
com.sun.faces.config.ConfigureListener.sessionDestroyed(ConfigureListener.java:296)
| at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:702)
| at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:660)
| at
org.apache.catalina.session.StandardManager.stop(StandardManager.java:676)
| at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4523)
| at
org.apache.catalina.core.ContainerBase.destroy(ContainerBase.java:1163)
| at
org.apache.catalina.core.StandardContext.destroy(StandardContext.java:4617)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
| at java.lang.reflect.Method.invoke(Unknown Source)
| at
org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296)
| at
org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
| at
org.jboss.web.tomcat.service.TomcatDeployer.performUndeployInternal(TomcatDeployer.java:461)
| at
org.jboss.web.tomcat.service.TomcatDeployer.performUndeploy(TomcatDeployer.java:432)
| at org.jboss.web.AbstractWebDeployer.stop(AbstractWebDeployer.java:422)
| at org.jboss.web.WebModule.stopModule(WebModule.java:100)
| at org.jboss.web.WebModule.stopService(WebModule.java:66)
| at
org.jboss.system.ServiceMBeanSupport.jbossInternalStop(ServiceMBeanSupport.java:315)
| at
org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:247)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
| at java.lang.reflect.Method.invoke(Unknown Source)
| at
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
| at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
| at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
| at
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
| at
org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
| at $Proxy0.stop(Unknown Source)
| at org.jboss.system.ServiceController.stop(ServiceControll
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
Hi, Can you please publish your ejb method permissions ? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169705#4169705 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169705 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
"ragavgomatam" wrote : There is, I believe another way, without using FORM
authentication, you can use Programmatic login (using WebAuthentication) . You
will have to refer to the documentation for more details..Check out this url
| http://wiki.jboss.org/wiki/WebAuthentication
Hello, ragavgomatam!
I've been testing WebAuthentication, as suggested by you, and I'm getting some
good, and also strange, results. Below are some test that I made (with
comments):
Test 1 (with a valid user and password):
| WebAuthentication authentication = new WebAuthentication();
| authentication.login("9005", "1vgd4m");
| System.out.println(context.getUserPrincipal()); // 9005
| System.out.println(context.isUserInRole("USUARIO")); // true
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // true
|
| // Session bean method call ok
|
System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome());
// 'CRAJUBAR'
|
| authentication.logout();
| System.out.println(context.getUserPrincipal()); // null
| System.out.println(context.isUserInRole("USUARIO")); // false
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
|
Test 2 (without a valid user and password):
| WebAuthentication authentication = new WebAuthentication();
| authentication.login("9005abc", "1vgd4mabc");
| System.out.println(context.getUserPrincipal()); // null
| System.out.println(context.isUserInRole("USUARIO")); // false
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
|
| // Session bean method call ok (but why?)
|
System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome());
// 'CRAJUBAR'
|
| authentication.logout();
| System.out.println(context.getUserPrincipal()); // null
| System.out.println(context.isUserInRole("USUARIO")); // false
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
|
Test 3 (without authentication):
| // Session bean method call ok (but why? this is very strange)
|
System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome());
// 'CRAJUBAR'
|
Could you explain why the session bean's method calls are working even with a
invalid user and even without authentication?
Thank you.
Marcos
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169664#4169664
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169664
___
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
There is, I believe another way, without using FORM authentication, you can use Programmatic login (using WebAuthentication) . You will have to refer to the documentation for more details..Check out this url http://wiki.jboss.org/wiki/WebAuthentication View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169434#4169434 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169434 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
