[JBoss-user] [Management, JMX/JBoss] - Re: MainDeployer getting absolute path of deployed package
You try in such way: URL url = ((UnifiedClassLoader)this.getClass().getClassLoader()).getURL(); View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873758#3873758 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873758 --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Security problem with accessing DB and JNDI
Is it possible to prevent accessing DB and JNDI staff from JSP? For example it will be greate to have security exception when new InitialContext(); is trying to create in JSP, but all is ok when from ejbXXX.jar. Any suggestions? Please help! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3863060#3863060 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3863060 --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [HTTPD, Servlets & JSP] - JSP security. Please help!
We are planing to make a JSP + ejb hosting. But there is one problem: how to prevent changing JSPs of one user by another user? Can I specify java.policy separatly for each war or ear? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3863058#3863058 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3863058 --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [EJB/JBoss] - ejbLoad problem
Can anyone explain me why ejbLoad for bean instanse is invoked only once? In our BD changing data in BD by a bean can enfluence to another one. But the second bean does retrive actual value because ejbLoad was invoked only once. Please, help me! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842219#3842219 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842219 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Access to HttpServletRequest in custom LoginModule
I think it will be greate to add a new callbackhandler which can save parameters from request. But in your case I can advise you to use filters to implement logic whcih you want. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842217#3842217 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842217 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: ClientLoginModule works incorectly
But we use 3.2.5:( View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842112#3842112 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842112 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - ClientLoginModule works incorectly
Scott,
Due to this code in ClientLoginModule:
|public boolean login() throws LoginException
|{
| .
| if (useFirstPass == true)
| {
| try
| {
| Object name = sharedState.get("javax.security.auth.login.name");
| if ((name instanceof Principal) == false)
| {
|String username = name != null ? name.toString() : "";
| HERE loginPrincipal = new SimplePrincipal(username);
| } else
|
|
| public boolean commit() throws LoginException
|{
| // Set the login principal and credential and subject
| >>AND HERE SecurityAssociationActions.setPrincipalInfo(loginPrincipal,
loginCredential, subject);
|
| // Add the login principal to the subject if is not there
| Set principals = subject.getPrincipals();
| if (principals.contains(loginPrincipal) == false)
| principals.add(loginPrincipal);
| return true;
|}
|
it is imposible to use custom Principal Class.
Please, fix it or explain how we can use our own custom principal class with
"ClientLoginModule logic"?
Thank you!!!
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842099#3842099
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842099
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Dynamic login page
Hello. We use FORM based authorization. But it seems that to make login page dynamical is quite difficult. Let me explain a test case: Our web portal has several general modules and every module require authorization. Now to authorize user is redirected to common user page login.jsp, but it would be greate if interface of login page depends upon module which request user to authroze. Any suggestions are welcome? Also is it imposible to obtain url of secured page to obtain wich login page was displaed? Thank you! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841843#3841843 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841843 --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
It seems that problem was resolved: login-config.xml for 3.2.3 was: | | | | | | | | | login-config.xml for 3.2.5 is: | | | | | useFirstPass | true | | | | After this manipulation all is OK. Can you explain in detailes changes in 3.2.5? Thank you! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841310#3841310 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841310 --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
Our application work well under JBOSS 3.2.3, but when I try to run our application under 3.2.5 I have got some errors. We are using jaas security domain in web application and Security Proxy for handling of invokes of beans. So, beans don't have declared security domain. In some classes we use SecurityAssociations.getPrincipal(). But in 3.2.3 in this classes we obtain real principal, which was used during authorization, but in 3.2.5 this method returns null. What is happen? How I can use SecurityAssociation in 3.2.5. Please HELP! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3841210#3841210 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3841210 --- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS bug or tomcat integration?
Please, tell me: is it real to restore previous login principals after lc.logout()? It seems that ClientLoginModule clearing up all Security Associations after logout. We need to have "principal stacking" possibility. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3831157#3831157 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3831157 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS bug or tomcat integration?
Thank you Scott!!! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3831155#3831155 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3831155 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: classic
thank you for this topic. It's quite interesting, becaus I found the answer to the quiestion which I tryid to resolve very long time. JBOSS developers can you highlight this quiestion in JBOSS JAAS documentation? Thank you! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3830274#3830274 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3830274 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Authentication Exception in SecurityInterceptor
Did you define security domain in your jboss.xml for your EJB? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3830275#3830275 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3830275 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Login as new user from login module
The question is how can I dynamicaly relogin during one request to the server? In some cases it's very important to have such possibility, for examples suppose that you have "User" entity bean. And this bean has "changePassword" method, which can be executed by "Administrator" or by user which is represented by this entity bean instance. And there is the way: temporary switch to "Administrator" user to perform this action. May be this example not so good(because this functionality may be implemented in such another way), but it is quite simple to understand. But it's seems that Subject.doAs, lc.login-lc.logout, pushRunAsRole don't work:( View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3829231#3829231 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3829231 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: custom Principal and custom LoginModule
I can help you. To resolve this problem you must upgrate to the newer version JBOSS from CVS or I can send you patched by me jar file for tomcat-jboss integration. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3829216#3829216 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3829216 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS bug or tomcat integration?
It seems that your example don't work (JBOSS 3.2.3 +Tomcat 4).
Code from unsecured page:
| <%@ page import="javax.security.auth.login.LoginContext,
| org.jboss.security.auth.callback.UsernamePasswordHandler,
| org.jboss.security.SecurityAssociation,
| javax.security.auth.Subject,
| java.security.PrivilegedAction,
| java.io.IOException,
| XXX.core.DBHelper,
| XXX.ejb.core.XXXObjectHome"%>
| <%=SecurityAssociation.getPrincipal()%>
| <%
| LoginContext lc = new LoginContext("my-domain",new
UsernamePasswordHandler("internal","internal"));
| lc.login();
| %>
| <%=request.getUserPrincipal()%>
| <%=SecurityAssociation.getPrincipal()%>
| <%
| XXXObjectHome XXObjectHome = DBHelper.getInstance().getXXXObjectHome();
| XXXObjectHome.findByPath("system/object").getName();
| lc.logout();
| %>
|
returns me in logs:
| 2004-04-05 17:10:30,835 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBExceptio
| n, causedBy:
| java.lang.SecurityException: Authentication exception, principal=null
| at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
| curityInterceptor.java:164)
| at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
| tor.java:81)
| at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
| 20)
| at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
| actoryFinderInterceptor.java:93)
| at org.jboss.ejb.EntityContainer.internalInvokeHome(EntityContainer.java
| :483)
| at org.jboss.ejb.Container.invoke(Container.java:720)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
| java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
| sorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:324)
| at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBea
| nDispatcher.java:284)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
| at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
| at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.jav
| a:90)
| at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.
| java:46)
| at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:4
| 5)
| at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
| at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
| at $Proxy43.findByPath(Unknown Source)
| at org.apache.jsp.sec_jsp._jspService(sec_jsp.java:64)
| at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
|
|
But I have user internal/internal!
Please help me!
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3829211#3829211
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3829211
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS bug or tomcat integration?
Sorry, but may be I'm a fool, but I didn't find how I can execute some particular code under different principal:-( I found method SecurityAssociation.pushRunAsRole(), but it seems that this method doesn't have a effect: SecurityAssociation.getPrincipal before and after returns the same principal. Or please help me to resolve such problem: I want to use my entity EJBs in my particular LoginModule? Question is: when I try to invoke some method of ent.ejb from LoginModule I get SecurityException. And there is no surprise because I don't authentificate yet. To resolve this problem I used Subject.doAs methodology in weblogic server, but after switching to JBOSS server this method don't work and I'm confused and I can't find any approapriate method in JBOSS. Please help me! I read a lot of information regarding this problem in JBOSS, but I don't see a solution:( View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828310#3828310 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3828310 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - JAAS bug or tomcat integration?
Please explain me.
I encounter with one interesting bug which prevent me from further development.
Please, help me! I wrote test page. You can use it to understand the problem:
| <%@ page import="org.jboss.security.SecurityAssociation,
| java.io.PrintWriter,
| javax.security.auth.Subject,
| java.security.PrivilegedExceptionAction,
| java.security.AccessControlContext,
| java.security.AccessController,
| javax.security.auth.login.LoginContext,
| javax.security.auth.login.LoginException,
| java.util.HashMap,
| java.io.IOException,
| javax.security.auth.callback.*"%>
|
|
| Security Test
|
|
|
| <%!
| private HashMap map = new HashMap();
| public class MyCallbackHandler implements CallbackHandler
| {
| private String name = null;
| private String password = null;
|
| public MyCallbackHandler(String name, String password)
| {
| this.name = name;
| this.password = password;
| }
|
| public void handle(Callback[] callbacks)
| throws IOException, UnsupportedCallbackException
| {
| for (int i = 0; i < callbacks.length; i++)
| {
| Callback callback = callbacks;
| if(callback instanceof PasswordCallback)
| {
| PasswordCallback pc = (PasswordCallback) callback;
| pc.setPassword(password.toCharArray());
| }
| else if(callback instanceof NameCallback)
| {
| NameCallback nc = (NameCallback) callback;
| nc.setName(name);
| }
| }
| }
| }
| public Subject getSubject(String user, String password) throws LoginException
| {
| Subject ret = (Subject) map.get(user);
| if (ret==null)
| {
| LoginContext lc = new LoginContext("!YOURDOMAIN!",new
MyCallbackHandler(user,password));
| lc.login();
| ret = lc.getSubject();
| map.put(user,ret);
| }
| return ret;
| }
| %>
| Curent sycurity:
| request.getUserPrincipal() <%=request.getUserPrincipal()%>
| SecurityAssociation.getPrincipal() <%=SecurityAssociation.getPrincipal()%>
| SecurityAssociation.getPrincipal().getClass()
<%=SecurityAssociation.getPrincipal().getClass()%>
| SecurityAssociation.getSubject() <%=SecurityAssociation.getSubject()%>
| doAs internal:
| <%final JspWriter outWriter = out;
| Subject.doAs(getSubject("guest","guest"),new PrivilegedExceptionAction()
| {
| public Object run() throws Exception
| {
| outWriter.println("SecurityAssociation.getPrincipal()
"+SecurityAssociation.getPrincipal()+"");
| outWriter.println("SecurityAssociation.getPrincipal().getClass()
"+SecurityAssociation.getPrincipal().getClass()+"");
| outWriter.println("SecurityAssociation.getSubject()
"+SecurityAssociation.getSubject()+"");
| return null;
| }
| });
| %>
| Curent sycurity:
| request.getUserPrincipal() <%=request.getUserPrincipal()%>
| SecurityAssociation.getPrincipal() <%=SecurityAssociation.getPrincipal()%>
| SecurityAssociation.getPrincipal().getClass()
<%=SecurityAssociation.getPrincipal().getClass()%>
| SecurityAssociation.getSubject() <%=SecurityAssociation.getSubject()%>
| doAsPrincipal
| <%
| Subject.doAsPrivileged(getSubject("internal","internal"),new
PrivilegedExceptionAction()
| {
| public Object run() throws Exception
| {
| outWriter.println("SecurityAssociation.getPrincipal()
"+SecurityAssociation.getPrincipal()+"");
| outWriter.println("SecurityAssociation.getPrincipal().getClass()
"+SecurityAssociation.getPrincipal().getClass()+"");
| outWriter.println("SecurityAssociation.getSubject()
"+SecurityAssociation.getSubject()+"");
| return null;
| }
| },AccessController.getContext());
| %>
|
|
|
|
Where:
!YOURDOMAIN! - your security domain - please change it!
Also JSP use users principals fro "guest" with password "guest" and "internal" with
password "internal". You can change this users names too to fit your users set.
And as a result of JSP I got:
| Curent sycurity:
| request.getUserPrincipal() phantom
| SecurityAssociation
[JBoss-user] [Security & JAAS/JBoss] - Subject.doAs don't work. Please help me!
Sometime ago we change main developer server from weblogic to JBOSS and trying to
rebuild our security system to JBOSS security approach. But we discover than
Subject.doAs donÃÂÃÂÃÂÃÂt work at all. Please, explain how can we execute
privileged code?
Example
Code in non EJB class:
| ...
| log.debug("run!1 principal =
"+SecurityAssociation.getPrincipal());
| ret = Subject.doAs(getInternalSubject(), new
PrivilegedExceptionAction()
| {
| public Object run() throws Exception
| {
| log.debug("run!2 principal =
"+SecurityAssociation.getPrincipal());
| return grant.getValue(si);
| }
| });
|
|
where
| public static Subject getInternalSubject()
| {
| log.debug("getInternalSubject");
| if (internalSubject == null)
| {
| try
| {
| LoginContext lc = new LoginContext("XXX-domain", new
XXXCallbackHandler("internal", "internal"));
| lc.login();
| internalSubject = lc.getSubject();
| }
| catch (LoginException e)
| {
| throw new SkyNetRuntimeException("Exception during internal
logining", e);
| }
| }
| log.debug("internal subject = " + internalSubject);
| return internalSubject;
| }
|
but we get
| run!1 Principal = phantom
| run!2 Principal = phantom
|
Also in SecurityAssociation I find very interesting methods: pushRunAsRole
popRunAsRole - can you explain in what cases I must/can use these methods?
Thank you!
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3827842#3827842";>View
the original post
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3827842>Reply
to the post
---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Single Sign-ON, SPNEGO: How to?
It may be helpful: We implemented such things by NTLM auth. in JCIFS. See jcifs.samba.org http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3827416#3827416";>View the original post http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3827416>Reply to the post --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [EJB/JBoss] - There is no information in log file if ....
There is no information in log file if some RuntimeException rised during ejbStore. It took me about 2 days to understand problem. At the end i understood that there is nothing (except transaction rollback) in log file. http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825057#3825057";>View the original post http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825057>Reply to the post --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: getting Custom Principal in EJBContext.getCallerPrincipa
"starksm" wrote : Look at the jboss codebase for the org.jboss.security.auth.spiUsersRolesLoginModule and its base class org.jboss.security.auth.spi.UsernamePasswordLoginModule in the jboss-3.2/security/src/main tree for the commit behavior used with the example testcase. It will take 24 hours for this code to be available via anonymous cvs, try it at that time. I tested new code from CVS (UsernameLoginModule). Principals in Subject are correct, but request.getPrincipal() return the same: SimplePrincipal:(( Please, help me http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823870#3823870";>View the original post http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823870>Reply to the post --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: getting Custom Principal in EJBContext.getCallerPrincipa
Let me add some information. It may be helpful.
We used some time ago weblogic and now we are "translating" our code to JBOSS. And
there is one important point - SECURITY. We are tring to remake security using JAAS
tchnology And we used java.security.LoginModule to create new LoginModule for
JBOSS but not UsernamePasswordLoginModule (May be we are on a wrong way?). And this is
our LoginModule:
| package XX.security;
|
| import org.jboss.logging.Logger;
| import org.jboss.security.NestableGroup;
|
| import javax.security.auth.login.LoginException;
| import javax.security.auth.Subject;
| import javax.security.auth.spi.LoginModule;
| import javax.security.auth.callback.*;
| import java.util.Map;
| import java.util.Set;
| import java.util.Iterator;
| import java.io.IOException;
| import java.security.acl.Group;
| import java.security.Principal;
|
| public class XXLoginModule implements LoginModule
| {
| private Subject subject = null;
| private CallbackHandler callbackHandler = null;
| private Map sharedState=null;
| private Map options=null;
| private boolean useFirstPass = false;
| private boolean loginOK = false;
|
| private UserPrincipal userPrincipal = null;
|
| private static final Logger log = Logger.getLogger(XXLoginModule.class);
|
| public void initialize(Subject subject, CallbackHandler callbackHandler,
|Map sharedState, Map options)
| {
| this.subject = subject;
| this.callbackHandler = callbackHandler;
| this.sharedState = sharedState;
| this.options = options;
| String passwordStacking = (String) options.get("password-stacking");
| if( passwordStacking != null &&
passwordStacking.equalsIgnoreCase("useFirstPass") )
|useFirstPass = true;
|
| log.debug("initialized! caller = "+callbackHandler.getClass().getName());
| log.debug("subject = "+subject.getClass().getName());
| }
|
| public boolean login() throws LoginException
| {
| String[] info = getUserAndPassword();
| userPrincipal = new UserPrincipal(info[0]);
| loginOK = info[0]==null?false:info[0].equals(info[1]);
| log.debug("loginOK="+loginOK);
| return loginOK;
| }
|
| public boolean abort() throws LoginException
| {
| return true;
| }
|
| public boolean commit() throws LoginException
| {
| if(loginOK)
| {
| Set principals = subject.getPrincipals();
| principals.add(userPrincipal);
|
| for (Iterator it = principals.iterator(); it.hasNext();)
| {
| Principal principal = (Principal) it.next();
|
| }
|
| Role role = new Role("Roles");
| role.addMember(userPrincipal);
| principals.add(role);
| log.debug("Added "+userPrincipal+" class:
"+userPrincipal.getClass().getName()+" to group "+role.getName());
| return true;
| }
| else
| {
| return false;
| }
| }
|
| public boolean logout() throws LoginException
| {
| subject.getPrincipals(UserPrincipal.class).remove(userPrincipal);
| return true;
| }
|
| private String[] getUserAndPassword() throws LoginException
| {
| String[] ret = new String[2];
| if(callbackHandler==null)
| {
| throw new LoginException("Callback handler = null");
| }
| NameCallback nameCallback = new NameCallback("Name:","guest");
| PasswordCallback passwordCallback = new
PasswordCallback("Password:",false);
| try
| {
| callbackHandler.handle(new Callback[]{nameCallback,passwordCallback});
| String name = nameCallback.getName();
| String password = null;
| char[] tmpPassword = passwordCallback.getPassword();
| char[] tmpPassword2 = new char[tmpPassword.length];
| System.arraycopy(tmpPassword,0,tmpPassword2,0,tmpPassword.length);
| password=new String(tmpPassword2);
| ret[0]=name;
| ret[1]=password;
| }
| catch (IOException e)
| {
| throw new LoginException("Can't handle callbacks: "+e);
| }
| catch (UnsupportedCallbackException e)
| {
| throw new LoginException("Can't handle callbacks: "+e);
| }
| return ret;
| }
|
| protected Group createGroup(String name, Set principals)
|{
| Group roles = null;
| Iterator iter = principals.iterator();
| while( iter.hasNext() )
| {
| Object nex
[JBoss-user] [Security & JAAS/JBoss] - Re: getting Custom Principal in EJBContext.getCallerPrincipa
Thank you.
I'll test changes...
But could you explain some interesting lines from sources?
| ClassLoader loader = Thread.currentThread().getContextClassLoader();
| Class clazz = loader.loadClass(identityClassName);
| Class[] ctorSig = {String.class};
| Constructor ctor = clazz.getConstructor(ctorSig);
| Object[] ctorArgs = {username};
| p = (Principal) ctor.newInstance(ctorArgs);
|
Why i can't do like this?
| Class clazz = Class.forName(...);
| Constructor ctor = clazz.getConstructor(new Class[]{String.class});
| p = (Principal) ctor.newInstance(new Object[]{username});
|
Why I must use class loader to load a class?
Thank you a lot...
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823823#3823823
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823823
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: HELP !!!!!Custom Principal in request.getUserPrincipal()
Please, answer to this question... I look through the forum and found several questions like this, but there is no a answer! Please, help! Custom principal is very useful thing. I change my primary development server from weblogic to JBOSS and found this problem and i'm confused:(( View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823788#3823788 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823788 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: getting Custom Principal in EJBContext.getCallerPrincipa
Let me explain error:
in MyLoginModule commit method:
| Set principals = subject.getPrincipals();
| principals.add(new UserPrincipal(name));
|
| for (Iterator it = principals.iterator(); it.hasNext();)
| {
| Principal principal = (Principal) it.next();
|
| }
|
| Role role = new Role("Roles");
| role.addMember(userPrincipal);
| principals.add(role);
|
UserPrincipal difined as
public class UserPrincipal extends SimplePrincipal
Role defined as
public class Role extends SimpleGroup
test.jsp has such code
| <%="principal: "+request.getUserPrincipal()%>
| <%="class: "+request.getUserPrincipal().getClass().getName()%>
|
After logining a have such lines in test.jsp output:
| principal: qwe
| class: org.jboss.security.SimplePrincipal
|
I use JBOSS+tomcat but if check principals in EJB - result is the same...:(
Please help me to find out a mistake!:)
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823773#3823773
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823773
---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: getting Custom Principal in EJBContext.getCallerPrincipa
Hello I have the same problem. Please, anybody - answer! This quite important question in my view. Thank you View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823638#3823638 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823638 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
