[JBoss-user] [Beginners Corner] - petstore for EJB 3.0
Hi, Now that JBoss 4.0 is out, is there a date for the publication of petstore that Bill Burke et al did for JavaOne? http://jboss.org/jbossBlog/blog/bburke/?permalink=EJB3%2C+Petstore%2C+and+JavaOne.html Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3855354#3855354 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3855354 --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation Configuration] - class local to jar not found when deployed on 3.2.4, but is
Hi, I've 1 ear file with a jar in it. The jar has a class in it that refers to another class - exists in the same jar. In 3.2.3 it's fine. In 3.2.4 built from CVS on 5 May 2004, I get NoClassDefFound exception!! What's going on? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3830943#3830943 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3830943 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation Configuration] - Re: class local to jar not found when deployed on 3.2.4, but
Doesn't work with 3.2.4RC1 either, so it's not a faulty cvs build. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3830952#3830952 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3830952 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation Configuration] - Re: class local to jar not found when deployed on 3.2.4, but
Hi Scott, Here is the stack trace: 14:00:52,231 ERROR [LogInterceptor] Unexpected Error: | java.lang.NoClassDefFoundError: com.martin.pgpmail.ECommercePGPAuth | at xpetstore.services.mail.ejb.MailerMDB.send(Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;ZZ)V(MailerMDB.java:166) | at xpetstore.services.mail.ejb.MailerMDB.onMessage(Ljavax.jms.Message;)V(MailerMDB.java:91) | at COM.jrockit.reflect.NativeMethodInvoker.invoke0(ILjava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Native Method) | at COM.jrockit.reflect.NativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) | at COM.jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) | at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) | at org.jboss.ejb.MessageDrivenContainer$ContainerInterceptor.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(MessageDrivenContainer.java:460 | ) | at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(CachedConnectionIntercep | tor.java:185) | at org.jboss.ejb.plugins.MessageDrivenInstanceInterceptor.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(MessageDrivenInstanceInterceptor.j | ava:62) | at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(Lorg.jboss.invocation.Invocation;Z)Ljava.lang.Object;(AbstractTxInterceptor.java:84) | at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(TxInterceptorCMT.java:281) | at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(TxInterceptorCMT.java:147) | at org.jboss.ejb.plugins.RunAsSecurityInterceptor.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(RunAsSecurityInterceptor.java:90) | at org.jboss.ejb.plugins.LogInterceptor.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(LogInterceptor.java:191) | at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(ProxyFactoryFinderInterceptor.java:12 | 2) | at org.jboss.ejb.MessageDrivenContainer.internalInvoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(MessageDrivenContainer.java:374) | at org.jboss.ejb.Container.invoke(Lorg.jboss.invocation.Invocation;)Ljava.lang.Object;(Container.java:713) | at org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(Ljava.lang.Object;Ljava.lang.reflect.Method;[Ljava.lang.Object;Ljavax.transaction.Transaction;Lj | ava.security.Principal;Ljava.lang.Object;)Ljava.lang.Object;(JMSContainerInvoker.java:856) | at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(Ljavax.jms.Message;)V(JMSContainerInvoker.java:1146) | at org.jboss.jms.asf.StdServerSession.onMessage(Ljavax.jms.Message;)V(StdServerSession.java:276) | at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(Lorg.jboss.mq.SpyMessage;)V(SpyMessageConsumer.java:867) | at org.jboss.mq.SpyMessageConsumer.addMessage(Lorg.jboss.mq.SpyMessage;)V(SpyMessageConsumer.java:159) | at org.jboss.mq.SpySession.run()V(SpySession.java:347) | at org.jboss.jms.asf.StdServerSession.run0()V(StdServerSession.java:200) | at org.jboss.jms.asf.StdServerSession.run()V(StdServerSession.java:180) | at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run()V(PooledExecutor.java:727) | at java.lang.Thread.run()V(Unknown Source) | at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source) I don't attach the ear to bug report at present as this is my whole app. Can you deduce anything from the trace above? I'll have a look at the classloading wiki tomorrow. Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3831030#3831030 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3831030 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation Configuration] - Re: class local to jar not found when deployed on 3.2.4, but
I was missing a jar for an interface. Thanks for the tip. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3831069#3831069 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3831069 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Strange session behaviour?
For anyone who wants to know - I'm told it's for security reasons (so that it isn't possible to steal sensitive information that was entered in via SSL). Makes sense. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829913#3829913 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829913 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
The jaas howto has a full example web based. This is explained towards the end of the article included in the download file View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829910#3829910 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829910 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Strange session behaviour?
This behaviour also occurs on tomcat 5.0.19 with no container based security constraints. Why does session survive http to https transition, but not from https to http? (If it started in https world) Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829764#3829764 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829764 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Strange session behaviour?
I have observed the following repeatable behaviour. The behaviour seems odd to me, but it may be correct. I have yet to try it on tomcat 5 standalone. This on JBoss 3.2.3 and 3.2.4RC2 The web app has 3 pages index.jsp restricted.jsp (protected with form based container auth) logout.jsp (does session invalidate requestdispatch forward to index.jsp) 1) access index.jsp on http (session1) 2) follow https link to restricted.jsp (session1) 3) follow https link to logout.jsp (session1) 4) now at https version of index.jsp with session2 5) do step 2 again (session2) 6) follow http link to index.jsp (session3!!! I would expect session2 still) To summarise: starting with an http link going to https retains the current session, but starting with https and going to http does not retain the session. I've read that old browsers don't retain sessions between http and https, but I'm using IE 6 patched up to date. Apologies that this isn't necessarily anything to do with JBoss but this is the only platform I've tried it on yet. It may be that the form based auth is an irrelevance - I've not done that simplification yet. Do any gurus have advice on this? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829659#3829659 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829659 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
liuhf, Look at the JAAS Howto readme first in the Security JAAS/JBoss forum Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829396#3829396 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829396 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - 3.2.4/tc5 vs 3.2.3/tc4
Initial impressions are that there are significant changes between these two sytems. My app uses struts and sitemesh, and form based container authorisation 1) In 3.2.3/tc4 sitemesh gets a chance to decorate the login form. In 3.2.4/tc5 only the plain login form is presented. As sitemesh does it's stuff as a servlet filter, and I assume container based auth comes before filters (confirm anyone?) I guess 3.2.4/tc5 is technically more correct than 3.2.3/tc4, but from a user perspective, i've now got a problem. 2) I have another servlet filter in my app which does some stuff when the user logs in. In 3.2.3/tc4 the req.getUserPrincipal().getName is whatever the user logged in as. In 3.2.4/tc5 it is caller_ which according to my reckoning is a user *role*, not a user *name*. Is this a bug?? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829397#3829397 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829397 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: 3.2.4/tc5 vs 3.2.3/tc4
2) 3.2.4/5c should read caller_username - it was in tags. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829399#3829399 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829399 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: userid/password for CMP
Michael, I believe you can specify the security-realm login access to the database. See http://www.jboss.org/index.html?module=bbop=viewtopict=45111 Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829436#3829436 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829436 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Tomcat SSL does not work on Windows but fine on Unix/Lin
Is javax.net.ssl.trustStore equivelent to Connector keystoreFile attribute in tomcat5 server.xml? Why use one instead of the other? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829443#3829443 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829443 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: userid/password for CMP
They can only do that if they can deploy it in the relevant security domain (I believe). Bottom line is they can use a command line SQL tool to access the database. Sounds like the security you need belongs in the database too. Also if they have access to the deployment descriptors, they can just change the method-permission. Sounds like you need to restrict access to the production server and have the application deployer be a trusted member of staff. I'm interested to see what outcome you have. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829446#3829446 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829446 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JAAS Howto: README FIRST
Still looks like 3.2.1 to me. Do you expect to update it for 3.2.4? View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829447#3829447 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829447 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: userid/password for CMP
1) The jmx-console web app should be secured like any other web app I'll think about other things later. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829460#3829460 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829460 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - jaas_howto on 3.2.4 reports different user to 3.2.3
Scott, On 3.2.3 it reports user java On 3.2.4 it reports user caller_java I thought caller_java in the example was a role - not a user. Why has this changed? Is this a bug? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829463#3829463 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829463 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Problemas getting struts-config.xml file as InputStream
I believe there are classes in struts to get whatever you want to know about the config. I would try posting your wider goal to the struts user email list Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829523#3829523 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829523 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: jaas_howto on 3.2.4 reports different user to 3.2.3
I see in the release notes for 3.2.4RC1 it says: anonymous wrote : Use the RealmMapping to obtain the CallerPrincipal mapping as the | Principal returned from the authenticate methods. This allows a custom | principal installed by a JAAS login module to be seen in the HttpServletRequest | getUserPrincipal call. I guess that is explaining the behaviour I see. I'm not clear why this feature exists. Is it just a convenience thing to map the user name to some other name. In what scenario is that useful/necessary? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829538#3829538 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829538 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
That's good to know. In accordance with the instructions on building jboss from CVS in the JBoss Admin and Dev manual 3rd ed (3.2.x) I'm looking at the jboss-3.2 version (my cvs client is the cvs plugin for eclipse) Every jboss-3.2 folder appears to be empty I tried a command line tool: cvs co -r JBoss_3_2_4 jboss-3.2 It says: cvs [server aborted]: no such tag JBoss_3_2_4 cvs checkout: in directory .: cvs checkout: cannot open CVS/Entries for reading: No such file or directory I had set CVSROOT=:pserver:[EMAIL PROTECTED]:/cvsroot/jboss Can you provide just a couple more pointers? I'm not a cvs expert (yet). Thanks Martin PS I am also having trouble with session ids changing after form based login - I am hoping that will also disappear with this fix. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829225#3829225 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829225 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
JBoss, Adam, Found the right cvs command in the build systems forum :-) Once I got it in a path that had no spaces it successfully build. My simple test program does indeed now work as expected. Many Thanks JBoss for the timely fix!! Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3829255#3829255 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3829255 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: servlet-jboss3.2.3 Problem
Have a look at http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/[/url] and [url]http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets.html View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3828613#3828613 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3828613 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
Hi Remy, When will the fix be released? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3828614#3828614 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3828614 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
Hi Remy, It looks like this issue has been closed by you on sourceforge, with a resolution of fixed. Does this mean there will be some new code out soon that I can use to solve this problem? When will that be - the overnight CVS? If so, a pointer to the specifc file affected would be good - just enough to build the affected jar. Thanks for your help Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3828340#3828340 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3828340 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
the forum can't display the html for my form It's just a form, action is process.jsp, method is post it has 1 input type text name text1 another input type submit, value OK That's it a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827825#3827825;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827825Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
As an aside, I see the the description tags also disappear in a quote block eg web.xml above a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827826#3827826;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827826Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
JBoss, please let me know what logging you would like turned on to supply further information if you are not able to reproduce this yourselves. Thanks Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827845#3827845;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827845Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
Something else that might throw more light on the situation the access log in jboss3.2.3 reports that the GET method is used to access process.jsp, where it should be the POST method. This would explain why the post data is lost. Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827870#3827870;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827870Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
I've run this test with 3.2.4RC1 and it fails I've also run the test with standalone tomcat 5.0.19 and it passes. I will post this as a bug in the morning Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827791#3827791;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827791Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
The test is quite simple form.html(unprotected) posts data to process.jsp(protected) Files included below for convenience: form.html anonymous wrote : | | | | | | | process.jsp anonymous wrote : | | text1=%=request.getParameter(text1)% | | | web.xml anonymous wrote : ?xml version=1.0 encoding=UTF-8? | !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; | | web-app | | |session-config | session-timeout2/session-timeout |/session-config | | security-constraint | web-resource-collection | web-resource-nameSignon/web-resource-name | Declarative security tests | !--url-pattern/form.html/url-pattern-- | url-pattern/process.jsp/url-pattern | url-pattern/login.html/url-pattern | http-methodHEAD/http-method | http-methodGET/http-method | http-methodPOST/http-method | http-methodPUT/http-method | http-methodDELETE/http-method | /web-resource-collection | auth-constraint | role-namecustomer/role-name | role-namemerchant/role-name | role-nameadmin/role-name | /auth-constraint | user-data-constraint | no description | transport-guaranteeNONE/transport-guarantee | /user-data-constraint | /security-constraint | | login-config | auth-methodFORM/auth-method | form-login-config | form-login-page/login.html/form-login-page | form-error-page/login.html/form-error-page | /form-login-config | /login-config | | security-role | role-namecustomer/role-name | /security-role | security-role | role-namemerchant/role-name | /security-role | security-role | role-nameadmin/role-name | /security-role | | /web-app jboss-web.xml anonymous wrote : ?xml version=1.0 encoding=UTF-8? | !DOCTYPE jboss-web PUBLIC -//JBoss//DTD Web Application 2.3//EN http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd; | | jboss-web | |security-domainjava:/jaas/authtest/security-domain | |!-- Resource Environment References -- | |!-- Resource references -- | |!-- EJB References -- | | /jboss-web | | FYI, the loginmodule I'm using with JBoss is DatabaseServerLoginModule RSVP Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827822#3827822;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827822Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
form.html anonymous wrote : | | | | | | | | a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827823#3827823;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827823Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Bug with post data surviving form based login?
a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827824#3827824;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827824Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Bug with post data surviving form based login?
Hi, I have a simple web app that illustrates that post data doesn't survive a form based login. I'd like to post the web app somewhere (wiki?) but I'm not sure of the best place in there. Don't want to report the bug on sourceforge until it's confirmed I've not made some mistake. Thanks Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827663#3827663;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827663Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Session Timeout Routing
I'm getting similar strange behaviour which I believe is associated with session timeout. Is there any progress in this area? I can't believe this isn't handled properly. I need to do some more research, but if anyone as some light to put on this I'm using JBoss 3.2.3 and with Tomcat4.1 bundle (Coyote connector). Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827223#3827223;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827223Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Session Timeout Routing
Further investigation revealed a bug in my code :-) a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827240#3827240;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827240Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets JSP] - Re: Session Timeout Routing
Hmm... HttpSessionListener looks interesting... a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827272#3827272;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827272Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - which keystore certificate for ssl
Hi, How does the SSLServerSocketFactory know which certificate in the keystore file should be presented for SSL? I expected something to identify the certificate in the Factory config (like alias or DN). Thanks Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3826509#3826509;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3826509Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence CMP/JBoss] - 1 to many cmr with composite primary key
Hi, I'm trying to set up a relationship between account and role, for DatabaseServerLoginModule, for new user registration. My T_ROLES table is username, userRoles, roleGroup and my T_ACCOUNT table is userId, pwd All three columns in T_ROLES form the primary key, and userId is the primary key for T_ACCOUNT. The entities are declared as follows in ejb-jar.xml anonymous wrote : | ![CDATA[]] | | ejb-nameAccount/ejb-name | | local-homexpetstore.domain.signon.interfaces.AccountLocalHome/local-home | xpetstore.domain.signon.interfaces.AccountLocal | | ejb-classxpetstore.domain.signon.ejb.AccountCMP/ejb-class | persistence-typeContainer/persistence-type | prim-key-classjava.lang.String/prim-key-class | False | cmp-version2.x/cmp-version | abstract-schema-nameAccount/abstract-schema-name | cmp-field | ![CDATA[]] | field-nameuserId/field-name | /cmp-field | cmp-field | ![CDATA[]] | field-namepasswordHash/field-name | /cmp-field | primkey-fielduserId/primkey-field | | !-- Write a file named ejb-finders-AccountEJB.xml if you want to define extra finders. -- | | anonymous wrote : | ![CDATA[]] | | ejb-nameRole/ejb-name | | local-homexpetstore.domain.signon.interfaces.RoleLocalHome/local-home | xpetstore.domain.signon.interfaces.RoleLocal | | ejb-classxpetstore.domain.signon.ejb.RoleCMP/ejb-class | persistence-typeContainer/persistence-type | prim-key-classxpetstore.domain.signon.interfaces.RolePK/prim-key-class | False | cmp-version2.x/cmp-version | abstract-schema-nameRole/abstract-schema-name | cmp-field | ![CDATA[]] | field-nameuserId/field-name | /cmp-field | cmp-field | ![CDATA[]] | field-nameuserRoles/field-name | /cmp-field | cmp-field | ![CDATA[]] | field-nameroleGroup/field-name | /cmp-field | | !-- Write a file named ejb-finders-RoleEJB.xml if you want to define extra finders. -- | | The relationship is anonymous wrote : ejb-relation | ejb-relation-nameaccount-roles/ejb-relation-name | | ejb-relationship-role | ejb-relationship-role-nameaccount-has-roles/ejb-relationship-role-name | One | relationship-role-source |ejb-nameAccount/ejb-name | /relationship-role-source | cmr-field |cmr-field-nameroles/cmr-field-name |cmr-field-typejava.util.Collection/cmr-field-type | /cmr-field | /ejb-relationship-role | | ejb-relationship-role | ejb-relationship-role-namerole-belongs_to-account/ejb-relationship-role-name | Many | cascade-delete/ | relationship-role-source |ejb-nameRole/ejb-name | /relationship-role-source | /ejb-relationship-role | | /ejb-relation | jbosscmp-jdbc.xml relationship is anonymous wrote : ejb-relation | ejb-relation-nameaccount-roles/ejb-relation-name | | foreign-key-mapping/ | | ejb-relationship-role | ejb-relationship-role-nameaccount-has-roles/ejb-relationship-role-name | key-fields | key-field |field-nameuserId/field-name |column-nameusername/column-name | /key-field | /key-fields | | /ejb-relationship-role | ejb-relationship-role | ejb-relationship-role-namerole-belongs_to-account/ejb-relationship-role-name | key-fields/ | | /ejb-relationship-role | /ejb-relation | What I find is that the userId is being written to the roleGroup field, even though I set the RolePK as follows: anonymous wrote : RolePK r=new RolePK(account.getUserId(),customer,Roles); | roles.add(getRoleLocalHome().create(r)); | r=new RolePK(account.getUserId(),caller_+account.getUserId(),CallerPrincipal); | roles.add(getRoleLocalHome().create(r)); | // this stuff requires admin privilege | account.setRoles(roles); | I presume this error has something to do with it being a compound primary key, and is the last field of the key - I dont know. Can anyone shed some light on why the userGroup fields don't have the values I set for them, but the value of userId instead. (RolePK is autogenerated by xdoclet) Thanks Martin a
[JBoss-user] [Security JAAS/JBoss] - Re: jaas auth and keystore
Sorry - when I said Principal, I was refering to it as an authenticated entity, thus negating the need for a password in Keystore.getKey() method. However, I'm starting to think it's not such a good idea anyway, because all someone would have to do, to get a key from the store would be to do a simple authentication module - produce the Principal and steal the key from the store. I wonder what the standard solution to this problem is - I want JAAS auth because I thought it was the blessed solution from Sun et al, but I'm still stuck with other passwords for PBE or secret key access frustrating. All the technical stuff I've read, seems to avoid this issue. It's no good embedding passwords in java classes as they can be extracted with decompilation. Is it secure to pass at least singular passwords into JBoss as a system property? ??? Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824983#3824983;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824983Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: jaas auth and keystore
I suppose a signed Principal would be good - signed by the login module, and the keystore has the public key of the login module, but then I'm back to the problem of securing the login module's private key., Plus the container would have to understand the signed Principal, so that idea doesn't fly :-( a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824984#3824984;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824984Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: jaas auth and keystore
The problem I see is that the keystore API doesn't deal with principals. Am I missing something? I can't believe this is a unique problem. Thanks again Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824684#3824684;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824684Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: jaas auth and keystore
To clarify this a bit more - is it possible to define the connection to a keystore with JCA? a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824510#3824510;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824510Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - DatabaseServerLoginModule with MD5 not working for me
Hi,
I've got this login module working with no hashing, but when I introduce the md5
hash, it fails to authenticate my users.
I have previously stored the hashed passwords in the database using this routine
called from ejbStore
anonymous wrote : public static String md5Hash(String source)
| {
| try{
| // Obtain a message digest object.
| MessageDigest md = MessageDigest.getInstance(MD5);
| md.update(source.getBytes(ISO-8859-1));
| // Calculate the digest for the given file.
| byte[] raw = md.digest();
| // Print out the digest in base64.
| BASE64Encoder encoder = new BASE64Encoder();
| return encoder.encode(raw);
| }
| catch (NoSuchAlgorithmException ae)
| {
| ae.printStackTrace();
| }
| catch (UnsupportedEncodingException ee)
| {
| ee.printStackTrace();
| }
| return ;
|
| }
|
|
|
My application policy looks like this:
anonymous wrote : application-policy name=secrealm
|
| login-module
code=org.jboss.security.auth.spi.DatabaseServerLoginModule flag=required
| module-option name=dsJndiNamejava:/xpetstoreDS
/module-option
| module-option name=principalsQueryselect pwd from
T_ACCOUNT where userId=?/module-option
| module-option name=rolesQueryselect userRoles, roleGroup
from T_ROLES where username=?/module-option
| module-option
name=unauthenticatedIdentitynobody/module-option
| module-option name=hashAlgorithmMD5/module-option
| module-option name=hashEncodingbase64/module-option
| module-option name=hashCharsetISO-8859-1/module-option
| /login-module
|
| /application-policy
|
I took a quick look at the source code for DatabaseServerLoginModule (v1.9) and
couldn't see where the hashAlgorithm setting is used (also not mentioned in the
javadoc tags)
Can anyone comment on how to get this to work?
I am using JBoss 3.2.3
Many Thanks
Martin
a
href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824394#3824394;View
the original post/a
a
href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824394Reply
to the post/a
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Configuring JBoss for DatabaseServerLoginModule
Did you get the JAAS howto working that Scott wrote? http://www.jboss.org/index.html?module=bbop=viewtopict=46370 Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824396#3824396;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824396Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: DatabaseServerLoginModule with MD5 not working for me
Derr The password stored in the database was being at least doubley hashed. Now working - please ignore. Thanks Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824403#3824403;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824403Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - jaas auth and keystore
I want somewhere to store secret keys securely - presumably keystore is the place. I want the secret keys to be associated with individual users - I can identify the users through with Principal (previously authenticated). Is it possible to generate and retreve secret keys in the keystore under the identity of the logged in principal? I am hoping access to keystore can be confgured in a similar way to having access to datasources can be configured based on securitydomain. This idea is a bit fuzzy, but am I thinking along the right line? Scott? anyone? Thanks Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3824460#3824460;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3824460Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [The Lizzard's corner] - java.sun.com website down??
Sorry for the seemingly dumb question but... I haven't been able to get it for the last 24 hours. Other sites (including JBoss ;-) and www.sun.com are fine. Can ping java.sun.com (192.18.97.71) restarted my DNS server and my laptop restarted my router still no joy Martin a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3823956#3823956;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823956Reply to the post/a --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [The Lizzard's corner] - Re: java.sun.com website down??
now back on line! a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3823974#3823974;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823974Reply to the post/a --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Datasource Configuration] - Re: How to encrypt the username and password in -db-service.
In fact the answer from Scott is here http://www.jboss.org/index.html?module=bbop=viewtopict=45111 a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3823839#3823839;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823839Reply to the post/a --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Datasource Configuration] - Re: How to encrypt the username and password in -db-service.
I would imagine the answer is to use JCE to encrypt the whole file, and customise the thing that reads this file to decrypt it. A bit of work but probably the answer. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823446#3823446 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823446 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Problems with FORM Authentication
about should read above View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823419#3823419 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823419 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Problems with FORM Authentication
What are you trying to achieve here - not the work arounds etc, but your initial objective? I have form based auth working with DatabaseLoginServerModule, mainly thanks to the paper I mentioned about, that Scott wrote. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823418#3823418 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823418 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - getting LoginContext after form based authentication
I hope this has a simple answer I've got a web application and authenticate users with form based jass authentication. When I want to log them out, I believe I need the LoginContext with which they were logged in. How do I get that? I don't see any obvious methods like request.getLoginContext() some such function. TIA Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823253#3823253 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823253 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: getting LoginContext after form based authentication
okay session.invalidate seems to do the trick View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823258#3823258 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823258 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: how is principal cached for subsequent accesses to web a
Working now - syntax of security-constraint/web-resource-collection/url-pattern was more limited than I appreciated. Servlet container caches auth details. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823330#3823330 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823330 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Beginners Corner] - Re: Serving Static content
Excellent - I need to do this, and when I do, I'll be back here to read in more detail. Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823331#3823331 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823331 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - how is principal cached for subsequent accesses to web appli
Hi, I'm using form based JAAS authentication on a struts application. I successfully login, and can still go to unchecked resources, but if I try to access another restricted resource I get a null principal. I'm using unauthenticatedIdentity for the unchecked stuff, but I don't know how the principal is maintained (by the container?) for subsequent actions. I'm reluctant to use the ClientLoginModule because a) it's not used the JavaWorld JAAS example from JBoss b) there is talk on the forum of thread pooling that implies is an unreliable solution. Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823035#3823035 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823035 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: how is principal cached for subsequent accesses to web a
I can confirm JaasSecurityManager settings: AuthenticationCacheJndiName java:/timedCacheFactory DefaultCacheTimeout 1800 DefaultCacheResolution 60 Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823043#3823043 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823043 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re:
Eric, That's sounds interesting - can you elaborate? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823171#3823171 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823171 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: how is principal cached for subsequent accesses to web a
Looking at the JavaWorld JAAS paper again, I see that subsequent web calls *don't* use the principal object, leading me to think I have to cache the principal in HTTPSession, and using it appropriately there after. This assumes I can run some servlet/jsp code before the restricted stuff that requires the principal. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3823070#3823070 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3823070 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JNDI name of application-policy is not bound
Actually I get the login form first, then when I submit the login credentials, I get the exception above. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822834#3822834 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822834 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JNDI name of application-policy is not bound
Missing security-domain in jboss.xml View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822835#3822835 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822835 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Problems with FORM Authentication
How about getting it working with the JBoss DatabaseServerLoginModule before trying your own custom module? A good starting point might be the updated JavaWorld JAAS Howto paper at http://sourceforge.net/docman/display_doc.php?docid=18240group_id=22866 I used that paper and now have form based auth working with a struts application - subsequent restricted page access fails - but that's anothe story. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822997#3822997 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822997 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JavaWorld JBoss JAAS paper
The tests seem to work except for servlet test 6. I see the note at the bottom of the new paper on this test, but I'm not clear what to do to get this to work. I am using 3.2.3. Can you give me some more help Scott? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822446#3822446 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822446 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JavaWorld JBoss JAAS paper
Hmm I added the following module option to DatabaseServerLoginModule module-option name=unauthenticatedIdentityjava/module-option I tried servlet PublicSession.echo() as anon but this still failed, but test 6 now works. I guess this is because echo is still checked, but at least the session is created, and this lets the unchecked call to noop work with the unauthenticated id above. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822447#3822447 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822447 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - JavaWorld JBoss JAAS paper
I'm trying to use the paper at http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas_p.html to get a working JAAS web application working, however the example is based on JBoss 2.4, and I'm using 3.2.3 I guess that format of the server_auth.conf file of still works as this legacy format in metioned in the Admin/Development manual for JBoss3.2.1. The build fails on the existance of Again I presume this is not critical as I think the tomcat configuration is now in deploy/jbossweb-tomcat41.sar However the test clients refer to a client side auth configuration file, and I don't know where the equivelent of this is for JBoss 3.2.3 Can someone shed some light on this, please? Are my previous assumptions correct? What does it take to get the example from this paper to work on 3.2.3? Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822420#3822420 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822420 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JavaWorld JBoss JAAS paper
Thanks very much Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822438#3822438 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822438 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation Configuration] - Best way to secure a datasource config file?
How should I do this? It contains details of how to connect to the database! Thanks Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822272#3822272 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822272 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation Configuration] - Re: Best way to secure a datasource config file?
Is it just a matter of setting the file permissions on xxx-ds.xml in the deploy dir, so that only the user that JBoss is running as, can read it? View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822275#3822275 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822275 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence CMP/JBoss] - Re: easiest way to encrypt a CMP field?
Thanks for the response so far. My database is Postgresql 7.4.1, and as well as passwords (MD5 noted), I also want to store other data that I need read+write access. I'm still gaining EJB knowledge - do ejbStore and ejbLoad play a part in this? Thanks again Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822170#3822170 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822170 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence CMP/JBoss] - Re: easiest way to encrypt a CMP field?
Thanks Andrew - I'll take a look. After a bit of research, my current thoughts are: 1) Use JAAS - I need this anyway 2) Use jboss DatabaseServerLoginModule 3) encrypt password with md5 4) (d)encrypt other data with Password-based encryption from JCE within ejbLoad/ejbStore The only downside of 4) is that once I have created the secret key from the user's password, I have to keep that key in the users session so I can (d)encrypt any data I need whilst they are logged in. This is okay so long as there's no memory dumps etc. I guess this is a normal scenario... This way - no one, not even sysadmin can read the sensitive data - right? I just need the source to DatabaseServerLoginModule so I can do md5 passwords - hopefully there's nothing in there to sink the plan. Martin View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3822180#3822180 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3822180 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
