[JBoss-user] Security and C# clients
Hi all, We are currently exposing session beans within JBoss as web services (using axis) to C# clients. We want to use the declarative syntax provided by J2EE within our beans' deployment descriptors and to use JAAS/JBoss security features - the problem is that there seems to be no standard mechanism for a C# client to provide it's credentials (that we know of) so that any beans with restricted role access can never be called (or rather these calls will return with security exception). Have other people solved this problem in any form? One thing we have looked at is writing an Interceptor which uses known 'user'/'password' parameters from the C# client and attempts to do a JAAS logon at a point in the call stack prior to the SecurityInterceptor, so as to assume the roles required by the bean we mean to call. However this still seems to fail :-( Any help with this would be appreciated. Thanks Sujay *** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security Role Matching Warning]
Hi all,
I'm currently receiving the following warning within my JBoss log file:
11:16:49,272 WARN [EnterpriseContext] no match found for security role
TestUser in the deployment descriptor.
and I'm struggling to understand why! Background info follows, I hope
someone can tell me if I've done something wrong.
Many Thanks
Sujay Jayaram
IT: Interest Rate Derivatives
Royal Bank of Scotland
135 Bishopsgate
London
EC2M 3UR
- Background Info --
1. This warning occurs when I call
sessionContext.isCallerInRole(TestUser) on a session bean called
RestrictedAccessEJB
2. The logged in user is given the TestUser role by my custom JAAS login
module:
protected Group[] getRoleSets() {
// TEST CODE
Group[] groups = {new SimpleGroup(Roles)};
if( (getUsername() != null)
getUsername().equals(RatesServicesTestUser)){
SimplePrincipal role = new SimplePrincipal(TestUser);
groups[0].addMember(role);
}
return groups;
}
3. ejb-jar contains the following lines:
session
ejb-nameRestrictedAccess/ejb-name
...
security-role-ref
role-nameTestUserName/role-name
role-linkTestUser/role-link
/security-role-ref
/session
...
!-- Assembly Descriptor --
assembly-descriptor
security-role
description![CDATA[description not supported yet by
ejbdoclet]]/description
role-nameTestUser/role-name
/security-role
method-permission
role-nameTestUser/role-name
method
description![CDATA[Authenticate the supplied
user.]]/description
ejb-nameRestrictedAccess/ejb-name
method-intfRemote/method-intf
method-namefoo/method-name
method-params
/method-params
/method
...
***
The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office:
36 St Andrew Square, Edinburgh EH2 2YB.
Authorised and regulated by the Financial Services Authority
This e-mail message is confidential and for use by the
addressee only. If the message is received by anyone other
than the addressee, please return the message to the sender
by replying to it and then delete the message from your
computer. Internet e-mails are not necessarily secure. The
Royal Bank of Scotland plc does not accept responsibility for
changes made to this message after it was sent.
Whilst all reasonable care has been taken to avoid the
transmission of viruses, it is the responsibility of the recipient to
ensure that the onward transmission, opening or use of this
message and any attachments will not adversely affect its
systems or data. No responsibility is accepted by The Royal
Bank of Scotland plc in this regard and the recipient should carry
out such virus and other checks as it considers appropriate.
Visit our websites at:
http://www.rbs.co.uk/CBFM
http://www.rbsmarkets.com
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] JBossCache
Hi all, I've been looking at incorporating caching into our middleware, and I wanted to ask a very naive question about the JBossCache product: Does incorporating JBossCache have to involve code modification in all cases - the examples I've seen require that code is aware of the TreeCache/TreeCacheAOP classes, however is there a way to get caching to occur transparently (as happens with products such as LiveStore???) I get the impression that transparent caching is not yet supported but I just wanted to be sure. Thanks Sujay Jayaram IT: Interest Rate Derivatives Royal Bank of Scotland 135 Bishopsgate London EC2M 3UR *** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] JBoss/Axis Clustering
Hi all, We are having problems when using Axis to invoke on an EJB (from a java webservices client) when the bean is setup to run in a clustered environment. Although a specific bean is invoked upon, it is always the (same) bean in the same VM as the Axis invoker (i.e. we get no load-balancing at all, even though a stand-alone java test client is able to contact each instance of the clustered bean on successive invocations, just as we would expect) It seems as though Axis avoids using HA-Jndi, and just uses the local jndi tree instead, and hence no load balancing occurs. I am wondering if we need to specify the bean as clustered with a special @jboss-net tag as well as the usual @jboss.clustered tag?? The other thing we looked at to get round this problem was to run two partitions, one for just the webserver(s) and one for the clustered bean but we can't seem to get HA-Jndi to work across multiple partitions, and we also had problems getting two partitions up and running (something which others seem to have had trouble with also) We are using jboss 3.2.3 on Linux - any help appreciated. Sujay *** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: http://www.rbs.co.uk/CBFM http://www.rbsmarkets.com --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
