[JBoss-user] [Security & JAAS/JBoss] - Re: 403sp1, problem with AuthorizationInterceptor for Invoke
I have not found out the reason of the problem, but I can add a little piece of information. The log says when booting: 2006-01-06 17:42:24,455 DEBUG [org.jboss.jmx.connector.invoker.AuthorizationInterceptor] Loaded authenticator: [EMAIL PROTECTED] | 2006-01-06 17:42:24,465 DEBUG [org.jboss.jmx.connector.invoker.AuthorizationInterceptor] Found authorize(Principal, Subject, String, String) | 2006-01-06 17:42:24,465 DEBUG [org.jboss.jmx.connector.invoker.AuthorizationInterceptor] Loaded authenticator: [EMAIL PROTECTED] | 2006-01-06 17:42:24,465 DEBUG [org.jboss.jmx.connector.invoker.AuthorizationInterceptor] Found authorize(Principal, Subject, String, String) | 2006-01-06 17:42:24,465 DEBUG [org.jboss.jmx.connector.invoker.InvokerAdaptorService] Creating jboss.jmx:name=Invoker,type=adaptor | 2006-01-06 17:42:24,465 DEBUG [org.jboss.jmx.connector.invoker.InvokerAdaptorService] Created jboss.jmx:name=Invoker,type=adaptor | 2006-01-06 17:42:24,485 DEBUG [org.jboss.jmx.connector.invoker.InvokerAdaptorService] Starting jboss.jmx:name=Invoker,type=adaptor | 2006-01-06 17:42:24,485 DEBUG [org.jboss.jmx.connector.invoker.InvokerAdaptorService] Started jboss.jmx:name=Invoker,type=adaptor Well, that looks like a fine initialization, but why does it occur twice? Am I not seeing something totally obvious? Is the AuthorizationInterceptor really supported within 403SP1? My workaround would be to have another LoginModule only authenticating when a user has a certain role, but I don´t like that too much... Thanks in advance, Andreas View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3916133#3916133 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3916133 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - 403sp1, problem with AuthorizationInterceptor for InvokerAda
Hello, I am trying to secure the Invoker Service in jmx-invoker-service.xml. The AuthenticationInterceptor works fine, but I like to have authorization as well - the hard coded role "JBossAdmin" is OK for now. I tried (that´s what I found) | | | securityDomain="java:/jaas/jmx-console" | ..but it says 17:54:11,102 WARN [BasicMBeanRegistry] MBeanException: preRegister() failed: [ObjectName='jboss.jmx:name=Invoker,type=adaptor', Class=org.jboss.jmx.connector.invoker.InvokerAdaptorService ([EMAIL PROTECTED])] Cause: java.beans.IntrospectionException: No PropertyDescriptor for attribute:securityDomain | 17:54:11,122 INFO [InvokerAdaptorService] Registration is not done -> stop | 17:54:11,142 ERROR [MainDeployer] Could not create deployment: file:/C:/JBoss/server/default/deploy/jmx-invoker-service.xml | org.jboss.deployment.DeploymentException: - nested throwable: (java.lang.reflect.InvocationTargetException) | at org.jboss.system.ServiceConfigurator.install(ServiceConfigurator.java:178) | at org.jboss.system.ServiceController.install(ServiceController.java:215) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) When I remove the securityDomain attribute, the deployment works - but not the interceptor anonymous wrote : twiddle --server=localhost:1199 --user=user --password=pw serverinfo -c brings 17:32:49,919 ERROR [Twiddle] Exec failed | java.lang.ArrayIndexOutOfBoundsException: 0 | at org.jboss.jmx.connector.invoker.AuthorizationInterceptor.invoke(AuthorizationInterceptor.java:91) at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:87) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:74) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) | at org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:164) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) which happens here 76 */ | 77 public Object invoke(Invocation invocation) throws Throwable | 78 { | 79String type = invocation.getType(); | 80if (type == Invocation.OP_INVOKE) | 81{ | 82 String opName = invocation.getName(); | 83 if (opName.equals("invoke")) | 84 { | 85 Object[] args = invocation.getArgs(); | 86 org.jboss.invocation.Invocation inv = (org.jboss.invocation.Invocation) args[0]; | 87 // Authenticate the caller based on the security association | 88 Principal caller = inv.getPrincipal(); | 89 //Get the Method Name | 90 Object[] obj = inv.getArguments(); | 91 ObjectName objname = (ObjectName) obj[0]; | 92 String opname = (String) obj[1]; I searched all over Wiki and Forum but did not find a solution. What am I doing wrong / what´s missing in the invocation / how can I achieve authorization? Thanks in advance and best regards, Andreas View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3915890#3915890 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3915890 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - Re: 4.0.2 / 4.0.3: SSO across different VHs now?
Thanks again for the quick reply! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3912931#3912931 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3912931 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - 4.0.2 / 4.0.3: SSO across different VHs now?
Hello, between 4.0.2 and 4.0.3sp1 the comment on the ClusteredSignleSignOnValve within tomcat/server.xml have been changed from anonymous wrote : Uncomment to enable single sign-on across web apps |deployed to this host AND to all other hosts in the cluster |with the same virtual hostname. to anonymous wrote : Uncomment to enable single sign-on across web apps |deployed to this host AND to all other hosts in the cluster. ..which gives the impression, that the (spec conforming) restriction about SSO only on the same VH is not there anymore. Well, I did a first test, and SSO did not work across different VH´s. Is SSO across different VHs within one cluster now possible? Is there anything else to configure to achieve it? Or is the new comment just wrong? Thanks a lot and cheers, Andreas View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3912894#3912894 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3912894 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration & Deployment] - Re: Sending request from one WAR to another WAR (CrossContex
in 4.0.3 you find the context.xml within the tomcat-deploy-folder.. default for crosscontext in jboss is "true".. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3912643#3912643 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3912643 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - Re: TreeCacheSSOClusterManager, NullPointer in addSession, 4
thank you very much, that was fast and helpful! you might want to consider to comment in the jboss-service.xml that the jboss.cache:service=TomcatClusteringCache is needed for SSO since 4.0.3. Just proposing to maintain the excellent quality of comments in all the other config-elements! :-) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3911672#3911672 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3911672 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - TreeCacheSSOClusterManager, NullPointer in addSession, 4.0.2
Hello, In 4.0.2 I extended the default-configuration by tc5-cluster-service.xml, jgroups.jar and jboss-cache.jar just to achieve SSO. Everything worked fine. Now in 4.0.3 (taking the new jars from all-configuration) SSO still seems to work fine, but with every new session there comes a NullPointerException in TreeCacheSSOClusterManager.addSession My config is the same like in 4.0.2, I did mind the (little) changes in tc5-cluster-service.xml from 4.0.2 to 4.0.3. Might there be anything to configure additionally which was not necessary in 4.0.2? Are there any new dependancies I have to take care about? I found no hint here nor in JIRA.. Thanks in advance & cheers, Andreas anonymous wrote : | 2005-12-08 16:58:03,807 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is B9E25435B4685D4FF5F701D29EDC1B90.default | ... | 2005-12-08 16:58:03,807 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Restore request from session 'B9E25435B4685D4FF5F701D29EDC1B90.default' | ... | 2005-12-08 16:58:03,807 TRACE [org.jboss.web.tomcat.tc5.sso.TreeCacheSSOClusterManager] Registering SSO C1CCD9C49C113C5A2E4153F9311D2CCF in clustered cache | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] acquiring RL: fqn=/SSO, caller=Thread[http-0.0.0.0-8643-3,5,jboss], lock= | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] acquired RL: fqn=/SSO, caller=Thread[http-0.0.0.0-8643-3,5,jboss], lock=read owners=[Thread[http-0.0.0.0-8643-3,5,jboss]] | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] createChild: fqn=/SSO/C1CCD9C49C113C5A2E4153F9311D2CCF, child_name=C1CCD9C49C113C5A2E4153F9311D2CCF | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.interceptors.LockInterceptor] created child C1CCD9C49C113C5A2E4153F9311D2CCF | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] acquiring RL: fqn=/SSO/C1CCD9C49C113C5A2E4153F9311D2CCF, caller=Thread[http-0.0.0.0-8643-3,5,jboss], lock= | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] acquired RL: fqn=/SSO/C1CCD9C49C113C5A2E4153F9311D2CCF, caller=Thread[http-0.0.0.0-8643-3,5,jboss], lock=read owners=[Thread[http-0.0.0.0-8643-3,5,jboss]] | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] createChild: fqn=/SSO/C1CCD9C49C113C5A2E4153F9311D2CCF/credentials, child_name=credentials | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.interceptors.LockInterceptor] created child credentials | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] acquiring WL: fqn=/SSO/C1CCD9C49C113C5A2E4153F9311D2CCF/credentials, caller=Thread[http-0.0.0.0-8643-3,5,jboss], lock= | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.Node] acquired WL: fqn=/SSO/C1CCD9C49C113C5A2E4153F9311D2CCF/credentials, caller=Thread[http-0.0.0.0-8643-3,5,jboss], lock=write owner=Thread[http-0.0.0.0-8643-3,5,jboss] | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.TreeCache] _put(null, "/SSO/C1CCD9C49C113C5A2E4153F9311D2CCF/credentials", key, [EMAIL PROTECTED]) | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.interceptors.UnlockInterceptor] releasing lock for /SSO/C1CCD9C49C113C5A2E4153F9311D2CCF/credentials: write owner=Thread[http-0.0.0.0-8643-3,5,jboss] | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.interceptors.UnlockInterceptor] releasing lock for /SSO/C1CCD9C49C113C5A2E4153F9311D2CCF: read owners=[Thread[http-0.0.0.0-8643-3,5,jboss]] | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.interceptors.UnlockInterceptor] releasing lock for /SSO: read owners=[Thread[http-0.0.0.0-8643-3,5,jboss]] | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.interceptors.ReplicationInterceptor] invoking method _put([Ljava.lang.Object;@6d89ad12), members=[ws-60269:4989], mode=REPL_ASYNC, exclude_self=true, timeout=15000 | 2005-12-08 16:58:03,807 DEBUG [org.jboss.cache.TreeCache] destination list is empty, discarding call | 2005-12-08 16:58:03,817 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web.default].[localhost]] Associate sso id C1CCD9C49C113C5A2E4153F9311D2CCF with session StandardSession[B9E25435B4685D4FF5F701D29EDC1B90.default] | 2005-12-08 16:58:03,817 TRACE [org.jboss.web.tomcat.tc5.sso.TreeCacheSSOClusterManager] addSession(): adding Session B9E25435B4685D4FF5F701D29EDC1B90.default to cached session set for SSO C1CCD9C49C113C5A2E4153F9311D2CCF | 2005-12-08 16:58:03,817 ERROR [org.jboss.web.tomcat.tc5.sso.TreeCacheSSOClusterManager] caught exception adding session B9E25435B4685D4FF5F701D29EDC1B90.default to SSO id C1CCD9C49C113C5A2E4153F9311D2CCF | java.lang.NullPointerException | at org.jboss.web.tomcat.tc5.sso.TreeCacheSSOClusterManager.addSession(TreeCacheSSOClusterManager.java:282) | at org.jboss.web.tomcat.tc5.sso.ClusteredSingleSignOn.associate(ClusteredSingleSignOn.java:438) | at org.apache.catalina.authenticator.AuthenticatorBase.register(AuthenticatorBase.java:721) | at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenti
[JBoss-user] [Beginners Corner] - Re: NoClassDefFoundError: org/jdom/Text jdk1.5 JB3.2.7
perhaps the jar whose classdef is not being found is not mentioned within the calling jar´s manifest? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3895580#3895580 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3895580 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [J2EE Design Patterns] - Re: deploy time configuration of EJB's
Another (easy but not very flexible) way could be to use the system property service: define e.g. different portnumbers within different jboss-instances and use the variable in the jboss-deployment descriptor ( -> ${portnumber} ) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3895579#3895579 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3895579 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration & Deployment] - Support restrictions with IBM JDK?
Hello, as I have read, JBOSS 4.0.x is supposed to run smoothely under AIX and IBM-JDK (1.4). What happens if problem occurs which does not happen with LINUX / SUN JDK: Will JBOSS support help anyway (e.g. with a workaround), or is it customer´s responsibility to get a solution from IBM? I wonder if JBOSS in fact supports many IBM JDK-users - perhaps such problems are rather fantasy than reality? I would really appreciate if JBOSS could answer and comment on this issue! Thanks in advance and best regards, Andreas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3887945#3887945 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3887945 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBoss Getting Started Documentation] - Re: executeTx: SecurityException..requiredRoles=[], principa
I had to extend the ejb-jar.xml by bankCustomer CustomerBean LocalHome * CustomerBean Local * TxBean LocalHome * TxBean Local * View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856900#3856900 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856900 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBoss Getting Started Documentation] - executeTx: SecurityException..requiredRoles=[], principalRol
Hello, I get this exception when trying to transfer funds within the DukesBank having ejb-security enabled. After I got this exception in 4.0.0 I saw that certain security-issues were fixed within 4.0.1RC1, but with RC1 it still does not work. (Even having setanonymous) Does anyone have any idea? Thanks in advance, Andreas 10:40:42,077 INFO [STDOUT] Debug: TxControllerBean releaseConnection 10:40:42,078 ERROR [LogInterceptor] EJBException in method: public abstract void com.sun.ebank.ejb.tx.TxController.transferFunds(java.math.BigDecimal,java.lang.String,java.lang.String,java.lang.String) throws java.rmi.RemoteException,com.sun.ebank.ejb.exception.InvalidParameterException,com.sun.ebank.ejb.exception.AccountNotFoundException,com.sun.ebank.ejb.exception.InsufficientFundsException,com.sun.ebank.ejb.exception.InsufficientCreditException: javax.ejb.EJBException: executeTx: SecurityException; CausedByException is: Insufficient method permissions, principal=200, method=create, interface=LOCALHOME, requiredRoles=[], principalRoles=[bankAdmin, bankCustomer] at com.sun.ebank.ejb.tx.TxControllerBean.executeTx(TxControllerBean.java:268) View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856837#3856837 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856837 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBoss Getting Started Documentation] - Re: Duke's Bank: EJB security-domain doesn't work, gives Aut
you seem to be using 4.0.0 try 4.0.1RC1 or put anonymous in your in your login-config.xml View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856499#3856499 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856499 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user