[JBoss-user] [EJB 3.0] - Re: EJBs and Transactions
After some googling and trying random incantations, I ended up wit hthis at the top of the EJB methods which create an EntityManagerFactory: @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED) | Who'd a thunk it? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3955204#3955204 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3955204 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Login module which accesses an EJB?
Further to this, I'm having a problem which is very strange. I'm not sure into which of the seperate jar/war files to put my security classes. I'm using JAAS, and I have a sar file which contains meta-inf/jboss-service.xml: ?xml version='1.0'? | !DOCTYPE policy PUBLIC | -//JBoss//DTD MBean Service 4.0//EN | http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd; | server |!-- The custom JAAS login configuration that installs |a Configuration capable of dynamically updating the |config settings |-- | mbean code=org.jboss.security.auth.login.DynamicLoginConfig | name=jboss.security.tests:service=LoginConfig | attribute name=PolicyConfig serialDataType=jbxb | jaas:policy | xsi:schemaLocation=urn:jboss:security-config:4.1 resource:security-config_4_1.xsd | xmlns:jaas=urn:jboss:security-config:4.1 | xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; | | !-- Our Greenfields login config -- | jaas:application-policy name=Greenfields | jaas:authentication | jaas:login-module code=com.fcl.security.GreenfieldsLoginModule flag=required | jaas:module-option name=unauthenticatedIdentityAnonymous/jaas:module-option | jaas:module-option name=principalClasscom.fcl.security.GreenfieldsUser/jaas:module-option | jaas:module-option name=ignorePasswordCasetrue/jaas:module-option | /jaas:login-module | /jaas:authentication | /jaas:application-policy | /jaas:policy | /attribute | depends optional-attribute-name=LoginConfigService | jboss.security:service=XMLLoginConfig | /depends | depends optional-attribute-name=SecurityManagerService | jboss.security:service=JaasSecurityManager | /depends | /mbean | /server I put my com.fcl.security.GreenfieldsLoginModule,com.fcl.security.LoginUtils (utility functions used by the login process) and com.fcl.security.GreenfieldsUser (The Principal class) into the WAR file (because it's the web app that does the JAAS authentication), but then I get [c]dejava.lang.LinkageError: loader constraints violated when linking com/fcl/security/GreenfieldsUser class when invoking my EJBs. I put com.fcl.security.GreenfieldsUser into my EJB jar file too. basically, my EAR is build like this... here's my application.xml: ?xml version=1.0 encoding=UTF-8? | application | xmlns=http://java.sun.com/xml/ns/j2ee; | xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; version=1.4 | xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application_1_4.xsd; | display-nameGreenFields/display-name | module | java id=greenfield.jargreenfield.jar/java | /module | module | ejb id=persistence.jarpersistence.jar/ejb | /module | module | ejb id=ejbs.jarejbs.jar/ejb | /module | module | java id=GreenfieldsLogin.sarGreenfieldsLogin.sar/java | /module | module | web | web-uriwebapp.war/web-uri | context-rootgfFw/context-root | /web | /module | /application View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3954993#3954993 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3954993 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Login module which accesses an EJB?
Now, I just put com.fcl.security.GreenfieldsLoginModule into my WAR file. All other classes from the com.fcl.security package are in greenfield.jar, just another java module listed in application.xml. But in my LoginModule, I now get this: 10:09:25,718 ERROR [fcl] tried to access method com.fcl.security.LoginUtils.login(Ljava/lang/String;[BLjava/lang/Long;)Lcom/fcl/secu | rity/GreenfieldsUser; from class com.fcl.security.GreenfieldsLoginModule | java.lang.IllegalAccessError: tried to access method com.fcl.security.LoginUtils.login(Ljava/lang/String;[BLjava/lang/Long;)Lcom/fcl | /security/GreenfieldsUser; from class com.fcl.security.GreenfieldsLoginModule | at com.fcl.security.GreenfieldsLoginModule.login(GreenfieldsLoginModule.java:116) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:587) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:521) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:330) | at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:306) | at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868) | at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663) | at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) | at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) | at java.lang.Thread.run(Thread.java:595) I have a terrible problem here. I cannot get our app to work. I'm feeling the project is going to get cancelled and I'll be fired. Why is it this DIFICULT? What do I have to do just to get login to work? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3955006#3955006 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3955006 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [EJB 3.0] - EJBs and Transactions
I'm not too sure abuot Transactions, I thought they were something to do with databases, but they appear to be something to do with EJBs Anyway, in one of my EJBs, I create a HibernateEntityManagerFactory. The createEntityManagerFactory() call fails with 13:10:09,203 ERROR [SchemaUpdate] could not complete schema update | java.sql.SQLException: You cannot commit during a managed transaction! | at org.jboss.resource.adapter.jdbc.BaseWrapperManagedConnection.jdbcCommit(BaseWrapperManagedConnection.java:496) | at org.jboss.resource.adapter.jdbc.WrappedConnection.commit(WrappedConnection.java:334) | at org.hibernate.tool.hbm2ddl.SchemaUpdate.execute(SchemaUpdate.java:129) | at org.hibernate.impl.SessionFactoryImpl.init(SessionFactoryImpl.java:295) | at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1176) | at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:414) | at org.hibernate.ejb.Ejb3Configuration.createEntityManagerFactory(Ejb3Configuration.java:575) | at org.hibernate.ejb.Ejb3Configuration.createEntityManagerFactory(Ejb3Configuration.java:410) Something to do with the EJB starting a Transaction? How do I get the call to createEntityManagerFactory NOT to use a ManagedTransaction??? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3955052#3955052 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3955052 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Accessing modules from application.xml
I'm wondering how I can get access to the modules specified in my application.xml descriptor. I have for example, module | ejb id=persistence.jarpersistence.jar/ejb | /module | How can I access that jar as a resource in a standard way? Is it on the classpath of any ClassLoader that I can access? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3951860#3951860 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3951860 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Accessing modules from application.xml
This gets the URL: URL myURL = Thread.currentThread().getContextClassLoader().getResource(persistence.jar); View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3951883#3951883 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3951883 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JCA/JBoss] - Creating a DataSource definition file on the fly
I'm trying to create a DataSource on demand in my web app according to a submitted form. I'm creating an XML file in the deploy directory. The syntax looks fine to me, this is what it looks like: ?xml version=1.0 encoding=UTF-8? | datasources | local-tx-datasource | jndi-namefoobarDS/jndi-name | connection-urljdbc:mysql://delta:3306/greenfield/connection-url | driver-classcom.mysql.jdbc.Driver/driver-class | user-namesteve/user-name | exception-sorter-class-name | org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter | /exception-sorter-class-name | metadata | type-mappingmySQL/type-mapping | /metadata | /local-tx-datasource | /datasources A second or so later, when the JBoss deployer sees it, I get this: 09:10:25,421 WARN [MainDeployer] undeploy 'file:/C:/jboss/server/default/deploy/foobarDS.xml' : package not deployed | 09:10:25,437 ERROR [URLDeploymentScanner] Incomplete Deployment listing: | | --- Packages waiting for a deployer --- | [EMAIL PROTECTED] { url=file:/C:/jboss/server/default/deploy/foobarDS.xml } | deployer: null | status: null | state: INIT_WAITING_DEPLOYER | watch: file:/C:/jboss/server/default/deploy/foobarDS.xml | altDD: null | lastDeployed: 1150447131296 | lastModified: 1150447131296 | mbeans: | | --- Incompletely deployed packages --- | [EMAIL PROTECTED] { url=file:/C:/jboss/server/default/deploy/foobarDS.xml } | deployer: null | status: null | state: INIT_WAITING_DEPLOYER | watch: file:/C:/jboss/server/default/deploy/foobarDS.xml | altDD: null | lastDeployed: 1150447131296 | lastModified: 1150447131296 | mbeans: | | --- MBeans waiting for other MBeans --- | ObjectName: persistence.units:ear=GF.ear.ear,unitName=RWF | State: NOTYETINSTALLED | I Depend On: | jboss.jca:name=RWFDS,service=ManagedConnectionFactory | | --- MBEANS THAT ARE THE ROOT CAUSE OF THE PROBLEM --- | ObjectName: jboss.jca:name=RWFDS,service=ManagedConnectionFactory | State: NOTYETINSTALLED | Depends On Me: | persistence.units:ear=GF.ear.ear,unitName=RWF | The code is exactly the same as other DataSource definition files I have in there (apart from the name, and URL), so what's causing it to barf on this one? I'm going to need to do this. Our installation process is an JBoss app which creates all the necessary externals (DataSource definition file, supplied database tables), and then drops a packaged EAR from within itself into the deploy directory. If successful, it deletes its own EAR. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3951267#3951267 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3951267 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JCA/JBoss] - Re: Creating a DataSource definition file on the fly
Sorted. The file name must end with -ds, so it's now called schemaname-ds.xml View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3951279#3951279 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3951279 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [EJB/JBoss] - Can't use dom4j. Class org/dom4j/Document violates loader co
I'm getting the error: 08:54:07,109 ERROR [fcl] java.lang.LinkageError: Class org/dom4j/Document violates loader constraints | 08:54:07,109 ERROR [fcl] Error source /gfFw/MenuBuilder.jsp | 08:54:07,109 ERROR [fcl] Exeption in /gfFw/MenuBuilder.jsp | java.lang.LinkageError: Class org/dom4j/Document violates loader constraints | at org.apache.jsp.MenuBuilder_jsp.updateUserMenu(org.apache.jsp.MenuBuilder_jsp:74) I have put the latest dom4j jar in WEB-INF/lib What does this error mean? I need to use dom4j. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3948640#3948640 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3948640 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [EJB/JBoss] - Re: Can't use dom4j. Class org/dom4j/Document violates loade
It's OK, dom4j doesn't implement the DOM3 methods in the JRE 1.5 libraries. We can't use it! :-( View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3948720#3948720 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3948720 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Error when getting Subject
I've found that you have to have a security-domain/ (that's empty!) entry in jboss.xml, and use the @SecurityDomain annotation on your EJB3s. That's the only way it actually works! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3934609#3934609 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3934609 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: How to get authenticated user's Subject from EJB
I've been through this. http://www.jboss.com/index.html?module=bbop=viewtopict=45724postdays=0postorder=ascstart=19 That's the final posting where I have it all working... It was a painful process which a lot of people also seem to have probs with. It is not well documented, and still, I feel inconsistent. The way that you MUST have an emopty security-domain entry in jboss.xml, and must put the @SecurityDomain(foo) annotation into every EJB. Weird. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3933983#3933983 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3933983 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence,JBoss/CMP, Hibernate, Database] - Re: Confihuring Hibernate from within JBoss
I found the answer: | property name=hibernate.ejb.interceptor value=com.fcl.util.ReferenceInterceptor/ | property name=hibernate.ejb.event.post-commit-insert value=com.fcl.util.HibernateEventListener/ | property name=hibernate.ejb.event.post-commit-update value=com.fcl.util.HibernateEventListener/ | property name=hibernate.ejb.event.post-commit-delete value=com.fcl.util.HibernateEventListener/ | View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=397#397 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=397 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration Deployment] - Programmatic configuration of EJB3 deployment.
I need to add some Hibernate settings to my JBoss EJB3 deployment. The jars are currently scanned at deployment time, annotations are detected, and the entities deployed. But I want to set Interceptors in hibernate, so I need to get into that process. How can I do this? I've tried looking at Hibernate's Entity Manager documentation, and found an Ejb3Configuration class, but that doesn't do the scanning for annotations. If looked at Hibernate's PersistenceXmlLoader. I don't think I can use any of these. Jboss seems to need to do its own thing. How can I access JBoss's EJB3 deployment process, and add hibernate settings to it - particularly Interceptors? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3933067#3933067 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3933067 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence,JBoss/CMP, Hibernate, Database] - Confihuring Hibernate from within JBoss
I need to add some Hibernate settings to my JBoss EJB3 deployment. The jars are currently scanned at deployment time, annotations are detected, and the entities deployed all great. But I want to set an org.hibernate.Interceptor in hibernate, so I need to get into that process. How can I do this? I've tried looking at Hibernate's Entity Manager documentation, and found an Ejb3Configuration class, but that doesn't do the scanning for annotations. I looked at Hibernate's PersistenceXmlLoader - also doesn't do the EJB3 scaning bit. I don't think I can use any of these. Jboss seems to need to do its own thing. How can I access JBoss's EJB3 deployment process, and add hibernate settings to it - particularly Interceptors? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3933102#3933102 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3933102 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: getting Custom Principal in EJBContext.getCallerPrincipa
OK, it's working now. Below, our security domain is called Greenfields. Insert your own String there. They key points are that you must have an empty security domain entry in your jboss.xml! You must not specify the correct one, otherwise the login will not work!. This means that you must then annotate your EJBs with @SecurityDomain(Greenfields) Then create a .sar file with META-INF/jboss-service.xml like this | ?xml version='1.0'? | !DOCTYPE policy PUBLIC | -//JBoss//DTD MBean Service 4.0//EN | http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd; | server |!-- The custom JAAS login configuration that installs |a Configuration capable of dynamically updating the |config settings |-- | mbean code=org.jboss.security.auth.login.DynamicLoginConfig | name=jboss.security.tests:service=LoginConfig | attribute name=PolicyConfig serialDataType=jbxb | jaas:policy | xsi:schemaLocation=urn:jboss:security-config:4.1 resource:security-config_4_1.xsd | xmlns:jaas=urn:jboss:security-config:4.1 | xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; | | !-- Our Greenfields login config -- | jaas:application-policy name=Greenfields | jaas:authentication | jaas:login-module code=com.fcl.security.GreenfieldsLoginModule flag=required | jaas:module-option name=unauthenticatedIdentityanonymous/jaas:module-option | jaas:module-option name=principalClasscom.fcl.security.GreenfieldsUser/jaas:module-option | jaas:module-option name=ignorePasswordCasetrue/jaas:module-option | /jaas:login-module | /jaas:authentication | /jaas:application-policy | /jaas:policy | /attribute | depends optional-attribute-name=LoginConfigService | jboss.security:service=XMLLoginConfig | /depends | depends optional-attribute-name=SecurityManagerService | jboss.security:service=JaasSecurityManager | /depends | /mbean | | /server And put your login module into a jar in the SAR. Put the SAR inside the EAR. In the login module, have | private SimpleGroup callerPrincipal = new SimpleGroup(CallerPrincipal); | private SimpleGroup roles = new SimpleGroup(Roles); | private Group[] roleSets = { callerPrincipal, roles }; | and in your login method, add your roles to the roles group, and your user principal to the callerPrincipal group. This is great (if a bit weird), and web components can correctly ascertain the remote user, and the user's roles using request.getUserPrincipal() and request.isUserInRole(). Custom roles added to the roles group must extend org.jboss.security.SimplePrincipal to be propagated to the EJB container. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931556#3931556 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931556 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: getting Custom Principal in EJBContext.getCallerPrincipa
I have the same problem that everyone else has! I am doing things correctly in my JAAS LoginModule: | public class GreenfieldsLoginModule extends AbstractServerLoginModule | { | | ... | | private void createRoleSets() throws LoginException | { | SimpleGroup roles = new SimpleGroup(Roles); | | // Add roles held by the user. | // Currently, the only role is User. | roles.addMember(new GreenfieldsUserRole(User)); | | SimpleGroup callerPrincipal = new SimpleGroup(CallerPrincipal); | callerPrincipal.addMember(getIdentity()); | | roleSets = new SimpleGroup[]{ roles, callerPrincipal }; | } | | ... | } | It extends AbstractServerLoginModule. The createIdentity() method of that correctly creates my custom principal because I have my login-config.xml set up like this: | !-- Greenfields JAAS login module. -- | application-policy name=Greenfields | authentication | login-module code=com.fcl.security.GreenfieldsLoginModule | flag=required | module-option name=unauthenticatedIdentityanonymous/module-option | module-option name=principalClasscom.fcl.security.GreenfieldsUser/module-option | module-option name=ignorePasswordCasetrue/module-option | | /login-module | /authentication | /application-policy | | In my JSP pages, request.getUserPrincipal() returns a com.fcl.security.GreenfieldsUser as I expect. In my first try, my EJB returned a org.jboss.security.SimplePrincipal from ctx.getCallerPrincipal() inside the EJB. Now I've added the following jboss.xml to my EJB JAR: | ?xml version=1.0 encoding=UTF-8? | jboss | security-domainjava:/jaas/Greenfields/security-domain | /jboss And it's saying | 10:54:48,375 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files | java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found At the point I'm invoking the EJB's method. It's not even getting into the EJB, it's trying to log in again using the properties files! This must be so common!. I want it to use the same Principal as the web application so that I can use my own custom principal which knows all about the logged in user, his preferences, and privileges! How do I do it? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931288#3931288 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931288 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
Hi j2ee_junkie! I'm trying to implement my own LoginModule, again without having to configure any external config files. I have the Login module, but I can't make it use it without changing the server/conf/login-config.xml. I'm using the Embedded Login Configuration in http://wiki.jboss.org/wiki/Wiki.jsp?page=DynamicLoginConfig I'm putting that into a .sar file as you describe: | GF.ear | +-- GF.sar | +-- META-INF | | +-- jboss-service.xml | +-- CustomLoginModules.jar | +--com/fcl/security/GreenfieldsLoginModule.class | +-- ejbs.jar | +-- webapp.war jboss-service.xml looks like | ?xml version='1.0'? | !DOCTYPE policy PUBLIC | -//JBoss//DTD MBean Service 4.0//EN | http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd; | server |!-- The custom JAAS login configuration that installs |a Configuration capable of dynamically updating the |config settings |-- | mbean code=org.jboss.security.auth.login.DynamicLoginConfig | name=jboss.security.tests:service=LoginConfig | attribute name=PolicyConfig serialDataType=jbxb | jaas:policy | xsi:schemaLocation=urn:jboss:security-config:4.1 resource:security-config_4_1.xsd | xmlns:jaas=urn:jboss:security-config:4.1 | xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; | | !-- Our Greenfields login config -- | jaas:application-policy name=Greenfields | jaas:authentication | jaas:login-module code=com.fcl.security.GreenfieldsLoginModule flag=required | jaas:module-option name=unauthenticatedIdentityanonymous/jaas:module-option | jaas:module-option name=principalClasscom.fcl.security.GreenfieldsUser/jaas:module-option | jaas:module-option name=ignorePasswordCasetrue/jaas:module-option | /jaas:login-module | | !-- Include the ClientLoginModule propagation -- | jaas:login-module code=org.jboss.security.ClientLoginModule flag=required | jaas:module-option name=password-stackingtrue/jaas:module-option | jaas:module-option name=multi-threadedtrue/jaas:module-option | /jaas:login-module | | /jaas:authentication | /jaas:application-policy | /jaas:policy | /attribute | depends optional-attribute-name=LoginConfigService | jboss.security:service=XMLLoginConfig | /depends | depends optional-attribute-name=SecurityManagerService | jboss.security:service=JaasSecurityManager | /depends | /mbean | /server | But it's producing: 14:40:55,031 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files | java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found | at org.jboss.security.auth.spi.Util.loadProperties(Util.java:313) | at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) | at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) | at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:587) | at
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
Version 4.0.3 How do I turn tracing on? Update on not getting my custom Principal. I am getting a com.fcl.security.GreenfieldsUser out of the SessionContext, but I can't cast it to that (which was making me think it was just handing me a SimplePrincipal) I think it's from a different ClassLoader. I have the GreenfieldsUser class file in the EJB jar that's inside the EAR. Surely that should then be usable? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931364#3931364 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931364 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
Version 4.0.3 How do I turn tracing on? Update on not getting my custom Principal. I am getting a com.fcl.security.GreenfieldsUser out of the SessionContext, but I can't cast it to that (which was making me think it was just handing me a SimplePrincipal) I think it's from a different ClassLoader. I have the GreenfieldsUser class file in the EJB jar that's inside the EAR. Surely that should then be usable? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931365#3931365 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931365 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
OK, I can cast the SessionContext.getCallerPrincipal() to my custom Principal class! It's just started working!! Hmm... OK, now I just need this DynamicLoginConfig to work. Any idea how I can add a DataSource without having to drop a seperate XML file into the deploy directory? I'd just like to keep everying inside the EAR. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931368#3931368 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931368 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
It's just T weird. I have to have an empty security domain in jboss.xml in my EJS jar: | ?xml version=1.0 encoding=UTF-8? | jboss | security-domain/ | /jboss If I put the correct security domain in (java:/jaas/Greenfields), it says: | 15:45:21,781 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files | java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found | at org.jboss.security.auth.spi.Util.loadProperties(Util.java:313) | at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) | at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) | at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:587) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:521) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:330) | at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:121) | at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:67) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) | at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) | at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) | at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:178) | at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:74) | at $Proxy120.getAll(Unknown Source) | at com.fcl.gf.mgr.ListMgr.getList(Unknown Source) But then I have to put @SecurityDomain(Greenfields) At the declaration of my EJB into the EJBs that I'm using, otherwise it says: 15:48:01,968 ERROR [STDERR] javax.ejb.EJBException: java.lang.IllegalStateException: isCallerInRole() called with no security conte | t. Check that a security-domain has been set for the application. | 15:48:01,968 ERROR [STDERR] at org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:69) | 15:48:01,984 ERROR [STDERR] at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83) | 15:48:01,984 ERROR [STDERR] at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:192) | 15:48:01,984 ERROR [STDERR] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) | 15:48:01,984 ERROR [STDERR] at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) | 15:48:01,984 ERROR [STDERR] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98) | 15:48:01,984 ERROR [STDERR] at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:5 | ) THis isn't making sanse. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931375#3931375 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931375 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
And application.xml goes in the META-INF of the EAR file??? All these xml files all over the place! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931383#3931383 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931383 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
OK, that bit is working, I have my DataSources dynamically loaed with the EAR. But it's still really weird. request.getUserPrincipal.isUserInRole(User) returns true. sessionContext.isCallerInRole(User) returns false; ? And WHY must I have an EMPTY security-domain/ element in jboss.xml in the EJB jar to make the login work? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931386#3931386 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931386 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Dynamic registration of a custom login module?
The sar thing doesn't work. At least not with that embedded Dynamic config. Just putting login-config.xml in the base of the EAR doesn't do it. And adding a to application.xml pointing to login-config.xml causes an error. Don't think you can do that. Anway. Why is sessionContext.isCallerInRole(User) returning false? request.isUserInRole(User) returns true, because in my LoginModule, I have | private void createRoleSets() throws LoginException | { | SimpleGroup roles = new SimpleGroup(Roles); | | // Add roles held by the user. | // Currently, the only role is User. | roles.addMember(new GreenfieldsUserRole(User)); | | SimpleGroup callerPrincipal = new SimpleGroup(CallerPrincipal); | callerPrincipal.addMember(getIdentity()); | | roleSets = new SimpleGroup[]{ roles, callerPrincipal }; | } | It's not working. It's not reliable. It's weird. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3931399#3931399 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3931399 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration Deployment] - Configuring hibernate event listeners with a hibernate.ejb.c
I have the following line in my persistence.xml: | property name=hibernate.ejb.cfgfile value=hibernate_config.xml/ | In hibernate_config.xml, I have: | ?xml version='1.0' encoding='utf-8'? | !DOCTYPE hibernate-configuration PUBLIC |-//Hibernate/Hibernate Configuration DTD 3.0//EN |http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd; | hibernate-configuration | session-factory | event type=save-update | listener class=com.fcl.util.HibernateEventListener/ | /event | event type=pre-update | listener class=com.fcl.util.HibernateEventListener/ | /event | event type=post-commit-update | listener class=com.fcl.util.HibernateEventListener/ | listener class=org.hibernate.lucene.event.LuceneEventListener/ | /event | event type=post-commit-insert | listener class=com.fcl.util.HibernateEventListener/ | listener class=org.hibernate.lucene.event.LuceneEventListener/ | /event | event type=post-commit-delete | listener class=com.fcl.util.HibernateEventListener/ | listener class=org.hibernate.lucene.event.LuceneEventListener/ | /event | /session-factory | /hibernate-configuration So, I want to have my own listener on the pre-update event. The way JBoss configures its hibernate session factory overwrites setting from hibernate_config.xml It processes hibernate_config.xml first, and sets the listeners, but then JBoss has to do its own configuration for its own purposes. The way hibernate event listeners are set is that you pass an array of listener objects to associate with a certain event. This array becomes the new listener set. They are not added - all previous listeners are lost. So JBoss is overwriting some configuration settings. IMHO, this is a bug. I cannot configure Hibernate as I require. In the absence of an addBlahEventListener() call in hibernate, surely JBoss, should tread more carefully by getting the listener array, copying it into a new array, adding its own to the end (or the beginning - whatever), and then setting the listeners. How do I go about reporting this? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3919312#3919312 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3919312 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence,JBoss/CMP, Hibernate, Database] - Re: Hibernate and Lucene integration
Using the Lucene API is not the problem. Looks fairly simple to get going. The problem is that it says that you can set up annotations to have Hibernate automagically maintain a Lucene index without writing a single line of Java! In fact, as well as hooking automatic Lucene updates in, you should be able to hook your own listening classes in to create/update/delete events on persisted objects for other reasons like security auditing. Fecked if I can make it work though! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3918313#3918313 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3918313 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence,JBoss/CMP, Hibernate, Database] - Re: Hibernate and Lucene integration
OK, as usual, the docs are completely lacking. Here is what worked. In META_INF/persistence.xml in the .par file: | property name=hibernate.ejb.cfgfile value=hibernate_config.xml/ | hibernate_config.xml goes in the root level in the .par file. It contains: | ?xml version='1.0' encoding='utf-8'? | !DOCTYPE hibernate-configuration PUBLIC |-//Hibernate/Hibernate Configuration DTD 3.0//EN |http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd; | hibernate-configuration | session-factory | event type=post-commit-update | listener class=org.hibernate.lucene.event.LuceneEventListener/ | /event | event type=post-commit-insert | listener class=org.hibernate.lucene.event.LuceneEventListener/ | /event | event type=post-commit-delete | listener class=org.hibernate.lucene.event.LuceneEventListener/ | /event | /session-factory | /hibernate-configuration Why not just document it properly? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3918380#3918380 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3918380 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: limitations of ClientLoginModule and security model
Using static methods of the the JACC javax.security.jacc.PolicyContext object, you can use Code: HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext(javax.servlet.http.HttpServletRequest); So you can get any parameters from the login form that you want. Using javax.security.jacc.PolicyContext.getHandlerKeys(), in my LoginModule, I find PolicyContext has javax.ejb.arguments PolicyContext has javax.servlet.http.HttpServletRequest. It is a org.apache.catalina.connector.RequestFacade PolicyContext has javax.security.auth.Subject.container PolicyContext has javax.xml.soap.SOAPMessage PolicyContext has org.jboss.ejb.BeanMetaData PolicyContext has javax.ejb.EnterpriseBean Most of the keys return null, only the javax.servlet.http.HttpServletRequest key returns anything. On Logout, I find PolicyContext has javax.ejb.arguments PolicyContext has javax.servlet.http.HttpServletRequest. It is a org.apache.catalina.connector.RequestFacade PolicyContext has javax.security.auth.Subject.container. It is a javax.security.auth.Subject PolicyContext has javax.xml.soap.SOAPMessage PolicyContext has org.jboss.ejb.BeanMetaData PolicyContext has javax.ejb.EnterpriseBean View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3917868#3917868 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3917868 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence,JBoss/CMP, Hibernate, Database] - Hibernate and Lucene integration
How? The documantation just says nothing. It's about 4 lines of actual explanation. http://www.hibernate.org/hib_docs/annotations/reference/en/html/lucene.html It mentions smoe annotations, mentions an analyzer class, and shows a fragment of XML and that's it! Anyone done this? I'd like to hook into creation, modificatino and deletion to keep the Lucene index updated. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3917896#3917896 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3917896 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration Deployment] - How do you turn off clustering?
The developers here are running jboss on their individual workstations for development purposes. Trouble is, the JBoss instances cluster with each other which interferes with each developer's testing. How do you turn clustering off so that each is totally standalone? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3917580#3917580 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3917580 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration Deployment] - Re: How do you turn off clustering?
Under the server directory, I only have /default View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3917603#3917603 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3917603 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Need to programatically check access to a URL.
OK, the CodeSource can be got in a non container-specific way: | String loadPath = this.getClass().getProtectionDomain().getCodeSource().getLocation().toString(); | webCS = new CodeSource(new URL(loadPath.substring(0, loadPath.indexOf(/WEB-INF) + 1)), (Certificate[])null); | So, now I have my LoginModule generating this information at login time, and then saving itself in the HttpSession. I have implemented a method in it: | public boolean isURLAuthorized(String URLString) | { | return policy.implies(protDomain, new WebResourcePermission(URLString, )); | } | So, now I can check availability of URLs in my tag handlers that output links. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915792#3915792 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915792 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: proprietary authentication mechanisms
You can plug in your own JAAS LoginModule, so yes, you can authenticate any old way you want! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915822#3915822 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915822 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Need to programatically check access to a URL.
[EMAIL PROTECTED] wrote : Why don't u place resources that need to be accessed by management under /restricted/management/ and protect. | | Explain to me why an application based role like manager that is checked via isUserInRole(manager) to be mapped against an operational/deployment role- is a lot of hardcoding? You are free to define as many app roles as you need. | | Keep it simple. | | Have a look at JACC and our realm that deals with permissions in | | | org.jboss.web.tomcat.security.JaccAuthorizationRealm | | | Maybe that may give you some more ideas. I don't want links to appear to pages that the user is not authorized to get to. But calling isUserInRole(manager) before writing a href=\/management/stats.jsp\ is hardcoding knowledge that is encoded declaratively in web.xml into the java! What is the point of having declarative security in web.xml, enforced by the container if I'm going to have to add that knowledge into the java code? What I need is isAuthorizedURL(\/management/stats.jsp\) which checks with the container whether the URL is available to the current user's roles. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915462#3915462 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915462 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Need to programatically check access to a URL.
Right. After wading through the source code of JaccAuthorizationRealm, I have the following test working: | import java.util.Set; | import java.security.Policy; | import java.security.Principal; | import java.security.AccessController; | import java.security.CodeSource; | import java.security.ProtectionDomain; | import javax.security.auth.Subject; | import javax.security.jacc.PolicyContext; | import javax.security.jacc.WebResourcePermission; | import org.jboss.web.tomcat.security.JaccContextValve; | ... | private static final String SUBJECT_CONTEXT_KEY = javax.security.auth.Subject.container; | ... | Subject caller = null; | try | { | caller = (Subject)PolicyContext.getContext(SUBJECT_CONTEXT_KEY); | } | catch (Exception e) | { | System.out.println(Failed to get subject from PolicyContext\n + e); | } | if (caller == null) | { | System.out.println(Access to /restricted/test.jsp is denied); | } | else | { | WebResourcePermission perm = new WebResourcePermission(/restricted/test.jsp, ); | Policy policy = Policy.getPolicy(); | | Set principalsSet = caller.getPrincipals(); | Principal[] principals = new Principal[principalsSet.size()]; | principalsSet.toArray(principals); | | CodeSource webCS = (CodeSource)JaccContextValve.activeCS.get(); | ProtectionDomain pd = new ProtectionDomain(webCS, null, null, principals); | boolean allowed = policy.implies(pd, perm); | if (allowed) | System.out.println(Access to /restricted/test.jsp is permitted); | else | System.out.println(Access to /restricted/test.jsp is NOT permitted); | } | There should be a standard way of doing this. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915559#3915559 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915559 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: My LoginModule needs more than just j_username and j_pas
I'm surprised that you suggest such a complex hack. In fact, using static methods of the the JACC javax.security.jacc.PolicyContext object, you can use | HttpServletRequest request = (HttpServletRequest)PolicyContext.getContext(javax.servlet.http.HttpServletRequest); | Using javax.security.jacc.PolicyContext.getHandlerKeys(), in my LoginModule, I find PolicyContext has javax.ejb.arguments PolicyContext has javax.servlet.http.HttpServletRequest. It is a org.apache.catalina.connector.RequestFacade PolicyContext has javax.security.auth.Subject.container PolicyContext has javax.xml.soap.SOAPMessage PolicyContext has org.jboss.ejb.BeanMetaData PolicyContext has javax.ejb.EnterpriseBean Most of the keys return null, only the javax.servlet.http.HttpServletRequest key returns anything. On Logout, I find PolicyContext has javax.ejb.arguments PolicyContext has javax.servlet.http.HttpServletRequest. It is a org.apache.catalina.connector.RequestFacade PolicyContext has javax.security.auth.Subject.container. It is a javax.security.auth.Subject PolicyContext has javax.xml.soap.SOAPMessage PolicyContext has org.jboss.ejb.BeanMetaData PolicyContext has javax.ejb.EnterpriseBean So, looks like you can find the Subject any time using the javax.security.auth.Subject.container key. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915245#3915245 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915245 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Custom callback handler
oglueck, see http://www.jboss.com/index.html?module=bbop=viewtopict=73854 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915247#3915247 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915247 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Need to programatically check access to a URL.
Fluff! Back from holiday. Still need to do this. Any ideas? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915248#3915248 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915248 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: how to get the number of bytes sent by the servlet respo
There's lots of ways. If you want every servlet counted, you can write a javax.servlet.Filter (You can filter depending on URL pattern so you can be selective if you want) which passes an HttpServletResponseWrapper which you would write along the filter chain. This wrapper's getOutputStream() method would return an OutputStream subclass of your own making which counts bytes written. getWriter() would use getOutputStream(). You would then declare your filter in your web.xml descriptor. If it's just one servlet that you are fully in control of, then don't call out.write() directly, call it through a method which counts the bytes. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913733#3913733 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913733 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: how to get the number of bytes sent by the servlet respo
Just send all output through a method! | private int responseLength = 0; // zero it at the start of your code!!! | | private void write(OutputStream out, String data) | { | responseLength += data.length; | out.write(data); | } | What's wrong with that? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913748#3913748 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913748 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: How to display value in B combobox with change in combob
OK, your onchange code is going to have to use an XMLHttpRequest: http://developer.apple.com/internet/webcontent/xmlhttpreq.html and http://www.google.co.uk/search?hl=enq=XMLHttpRequestbtnG=Google+Searchmeta= It will use one of these objects to send a request with whatever parameters are needed to producde the new combobox data back to a servlet which will send back a response. The way I do this is I have the servlet send back a response of type text/javascript, and send the javascript code to call those DOM methods and update the second combobox. (You did read those DOM documents didn't you?) Back in the browser, in your javascript onreadystatechange handler which processes the response when the readyState == 4, you can eval() the responseText, and it will be executes. NB: Put a try{}catch{} round it so that you can highlight bugs in your returned javascript... takes a while to write bug-free javascript, especially when you have to compile your servlet and run your app to get the javascript out into the browser. Don't forget to do a setTimeout() to call a failure method after a certain time - which is cancelled by the onreadystatechange handler on success - to handle server non-response! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913750#3913750 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913750 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
Well, thanks a bunch JBoss gurus! (Not you elponderador, the developers who should know this, and should have helped!) After much searching, I randomly stumbled across the correct incantation: in jboss-web.xml | jboss-web |!-- Specify the security domain for authentication/authorization and |require that the domain's cache be flushed when the session invalidates. |-- |security-domain flushOnSessionInvalidation=true |java:/jaas/jbossweb-form-auth | /security-domain | /jboss-web | So now, I can log out when they click the logout link. Great. Next up, how to programatically determine whether a URL is available to the current user. I'm of course using container-managed authorization, but it's no good outputting a link only to have the user click on it, and be tipped into the error page by JBoss. I want to have a custom tag for links which does not output any HTML if the URL is not accessible to the current user. Any ideas? No doubt, I'll find the incantation at some random site given enough searching... View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913766#3913766 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913766 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Need to programatically check access to a URL.
I have a custom JAAS login module worknig fine in JBoss. I have container-managed access control to my various web URIs, and that works fine. Now, I need to be able to, in code, determine whether the current user has access to a certain URL. This is obviously to decide whether or not to display certain links. It's no good offering them /restricted/management.jsp if they don't have the manager role. I could check isUserInRole(manager), but that's too much hardcoding, I just want to ask the container whether the user can access /restricted/management.jsp. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913803#3913803 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913803 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
Adding public Principal authenticate(Header[] headers, Map data); To the Realm interface? Sounds good. How (under JBoss) would I instruct the embedded Tomcat to use my user-written Realm Object just for one webapp? Would you then also add new javax.security.auth.callback.Callback implementations so that my user-written LoginModule (which extends org.jboss.security.auth.spi.AbstractServerLoginModule - is that correct???) can ask it's CallbackHandler for the Header array and the parameter Map? Any timeframe on this more useful authentication ability being part of a downloadable JBoss? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913516#3913516 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913516 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
Also, how does one log out? After using the container's authentication to call through to my LoginModule, my web app's logout processing then doesn't have access to the LoginContext to call the logout() method. I suppose my LoginModule can put it into my user principal during login DOH! just looked, the LoginModule has no access to the LoginContext that called it! How can I possibly log out? Anyway... My user principal object (an application-specific Object which carries a lot of app-specific context) which goes into the CallerPrincipal Group of the Subject annoyingly has to extend org.jboss.security.SimplePrincipal. Why should this be? Surely, it just needs to implement java.security.Principal? Why does JBoss check that it's an instance of org.jboss.security.SimplePrincipal? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913520#3913520 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913520 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
Solved! http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessingServletRequestForAuthentication How come nobody, not even the JBoss staff knew this unlikely-looking incantation? If this is a standard part of a JACC-conforming container, then this gem of information should be made extremely prominent! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913528#3913528 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913528 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: How to display value in B combobox with change in combob
You want a javascript forum. Basically, you hook your javascript code into the onchange of combobox A. You'll need to understand the DOM model of HTML documents: http://www.w3.org/TR/2003/REC-DOM-Level-2-HTML-20030109/ecma-script-binding.html which is a special case of the general DOM model: http://www.w3.org/TR/2000/REC-DOM-Level-2-Core-20001113/ecma-script-binding.html You will use a few of those methods to modify the HTML document. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913540#3913540 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913540 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
Well, there's still the problem if the web app not having access to the LoginContext created by the container's authentication process so that it can explicitly log out. This is another glaring omission for which there must be a solution somewhere. How does anyone ever log out of JAAS-secured web apps under JBoss? Also, the questions about why the user principal has to be a org.jboss.security.SimplePrincipal. Why? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913543#3913543 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913543 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
That doesn't work. I have debug statements in my LoginModule's logout() method, and they are not being executed. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913564#3913564 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913564 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
You're saying it should call login() and then immediately logout() on the first HTTP request?? That would be bizarre. I want to log out when then hit the logout link. Anyway, it's not diong that - it's never getting into my LoginModule's logout() method. The login() is being called fine, and I'm connecting to the backend server, caching the connection in the session, and the webapp then uses that. When they hit the logout link though, it does a session.invalidate(), and no logout() is called, and the connection to the backend server stays open, and consumes a licence seat (It's HORRIBLE legacy stuff, and that's how they're clinging to viability - licencing!) Now I could do the processing myself, but what if there were more login modules stacked up (as they may well be with JAAS authentication). It may be that more logout() methods in other modules may need to be called. The container must have some way of doing this! We need access to the LoginContext used by the container at authentication time! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913573#3913573 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913573 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
OK, that won't work. Any other ideas? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3913395#3913395 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3913395 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
Yes, I just started a thread about this. I'm amazed that there's no standard J2EE way to provide your own authentication. I would have thought that JBoss might provide a way for you to supply your I just found http://jcp.org/en/jsr/detail?id=196 but that's just at the review stage. Do any JBoss people know when this will make it into a downloadable JBoss release? If it's available, how do we work it? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912590#3912590 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912590 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Remote client Authentication by three atributes
OK that's 3 threads now on the front page asking for this, and no replies from the JBoss staff. Huh View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912609#3912609 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912609 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
In fact, it gets worse. To perform the athentication, I need parameters from the original URL. The client will go to http://foo.com/myapp/index.jsp?cic=IBMsrv=bigblueport=2332 (or sometyhing similar) And the authentication needs the cic as the company code, and the srv and port (as host name and port number) to connect to the back end server to do the authentication. It also must register the connection to the server in the HttpSession for subsequent use. username+password is inadequate!. We need access to the HttpRequest, and HttpSession! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912647#3912647 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912647 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Multi Credential Authentication
It looks like we should be able to do this by using a custom Tomcat authenticator. I'd probably extend org.jboss.web.tomcat.security.AuthenticatorBase to make use of its existing logic, but override public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException OK, now how do we specify that that class should be used for FORM based logins? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912658#3912658 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912658 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Custom authenticator in JBoss embedded Tomcat
OK, I need to authenticate based on more than j_username and j_password from the login form that the user gets redirected to. I'd probably extend org.jboss.web.tomcat.security.AuthenticatorBase to make use of its existing logic, but override public boolean authenticate(Request request, Response response, LoginConfig config) throws IOException OK, now how do we specify that that class should be used for FORM based logins? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912662#3912662 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912662 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Creating Custom Authenticators
[EMAIL PROTECTED] wrote : http://jira.jboss.com/jira/browse/JBAS-2480 That's not very helpful! Could someone answer the OP's question please? I need to do this too! View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912665#3912665 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912665 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: My LoginModule needs more than just j_username and j_pas
Well? Gurus? Surely there must be many cases where a LoginHandler needs more than just username/password? This is a major shortcoming, and means we can't use container-managed form based authentication. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912279#3912279 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912279 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - My LoginModule needs more than just j_username and j_passwor
I have written a custom login module to authenticate against our legacy (and it's really old, and non-standard!) back end. This needs a company name parameter from the login form - in fact, it needs to be able to access the HttpSession to get and set attributes in it.. Now that I am trying to use container-handled FORM based authentication, I can't get this information. Before I did form based auth, I used to use a Filter, and have the filter invoke a JSP when it detected an unlogged-in session which would submit to my own login servlet which created a LoginContext passing it a special CallbackHandler initialized with all the needed information which could handle all kinds of custom Callback subclasses to get the info it neeed. Is it possible to do this? Surely someone must have realized that you often need more than just username/password to do authentication View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912106#3912106 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912106 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Custom callback handler
That page: http://wiki.jboss.org/wiki/Wiki.jsp?page=JaasSecurityManagerService+CallbackHandlerClassName Doesn't exist. This is exactly the kind of thing I'm trying to do. I want to be able to create the Callbackhandler to send to the LoginContext myself, and populate it with a lot of information which my LoginModule needs. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3912109#3912109 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3912109 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user