[JBoss-user] [Management, JMX/JBoss] - Re: I can't get to JMX to start invoking methods... (I need
Thank you. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823120#3823120 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823120 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Management, JMX/JBoss] - Re: I can't get to JMX to start invoking methods... (I need
Juha, That worked like a charm. Thanks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823132#3823132 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823132 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Solution! Re: JBoss SX seems to cache user/roles
Thanks for all your help. I was able to clear the cache. Here is the code that does the trick. It took a bit of doing. There was sample code online but it was with an older version of JBoss so it did not quite work. The Director of Training for JBoss Europe sent me the final missing piece. Here is code that clears the security cache. Hopefully someone will find this useful when they google it in the future. Enjoy! | /* | * This file was created by Rick Hightower of ArcMinds Inc. | * | */ | package org.appfuse.webapp.service; | | import java.lang.reflect.Method; | import java.net.InetAddress; | import java.rmi.Remote; | | import javax.management.ObjectName; | import javax.naming.Context; | import javax.naming.InitialContext; | | import org.apache.commons.logging.Log; | import org.apache.commons.logging.LogFactory; | | /** | * @author Richard Hightower | * ArcMind Inc. http://www.arc-mind.com | */ | public class UserManagerJBossSpecific extends UserManagerImpl { | | private static Log log = LogFactory.getLog(UserManagerJBossSpecific.class); | private Remote server = null; | private Context initialContext = null; | | /** | * @throws Exception | */ | public UserManagerJBossSpecific() throws Exception { | super(); | } | | | public void flushAuthCache() throws Exception { | log.debug("flushAuthCache start"); | ObjectName jaasMgr = | new ObjectName("jboss.security:service=JaasSecurityManager"); | Object[] params = { "expressDomain" }; | String[] signature = { "java.lang.String" }; | invoke(jaasMgr, "flushAuthenticationCache", params, signature); | log.debug("flushAuthCache stop"); | } | | protected Object invoke( | ObjectName name, | String method, | Object[] args, | String[] sig) | throws Exception { | | return invoke(getServer(), name, method, args, sig); | | } | | protected Object invoke( | Remote server, | ObjectName name, | String method, | Object[] args, | String[] sig) | throws Exception { | | //((org.jboss.jmx.adaptor.rmi.RMIAdaptor) server). | //invoke(name, method, args, sig); | | Class [] argTypes = new Class [] | {ObjectName.class, String.class, Object[].class, String[].class}; | Method m = server.getClass().getMethod("invoke", argTypes); | return m.invoke(server,new Object[]{name, method, args, sig}); | } | | | Remote getServer() throws Exception { | | init(); | | return server; | | } | | protected void init() throws Exception { | | if (initialContext == null) { | | initialContext = new InitialContext(); | | } | | if (server == null) { | | String serverName = System.getProperty("testAdvantage.jboss.server.name"); | | if (serverName == null) { | | serverName = InetAddress.getLocalHost().getHostName(); | | } | | server = | (Remote) initialContext.lookup("jmx/invoker/RMIAdaptor"); | | } | | } | | } | Notice I don't include any JBoss specific classes, this is because I did not want to add them to the build script. Not sure if this is a good idea or not. I left a comment in showing how to do it directly instead of reflection. I try to make a habit of including the solution as well as the problem (after I get help and figure it out). ;) --Richard M Hightower II View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823134#3823134 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823134 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Management, JMX/JBoss] - I can't get to JMX to start invoking methods... (I need to i
I am trying to use JMX to call into the server and invalidate the security cache, but I can't seem to get to JMX. See for background info: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=45932 I can't seem to init the server Code: | protected void init() throws Exception { | | if (initialContext == null) { | | initialContext = new InitialContext(); | | } | | if (server == null) { | | String serverName = | | | System.getProperty("testAdvantage.jboss.server.name"); //not set, this prop is null | | if (serverName == null) { | | serverName = InetAddress.getLocalHost().getHostName(); //the host name is RicksMachine | | } | | server = | (Remote) initialContext.lookup("jmx:" + serverName + ":rmi"); | | } | | } | | Here is the exception I get. Code: | 10:07:15,312 ERROR [STDERR] javax.naming.NameNotFoundException: jmx:RicksMachine:rmi not bound | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:495) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:503) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getObject(NamingServer.java:509) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.lookup(NamingServer.java:282) | 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:528) | 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507) | 10:07:15,312 ERROR [STDERR] at javax.naming.InitialContext.lookup(InitialContext.java:347) | 10:07:15,312 ERROR [STDERR] at org.appfuse.webapp.service.UserManagerJBossSpecific.init(UserManagerJBossSpecific.java:102) | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822999#3822999 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822999 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Beginners Corner] - javax.naming.NameNotFoundException: cant find.... JMX jmx:lo
I am trying to use JMX to call into the server and invalidate the security cache, but I can't seem to get to JMX. See for background info: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=45932 I can't seem to init the server Code: | protected void init() throws Exception { | | if (initialContext == null) { | | initialContext = new InitialContext(); | | } | | if (server == null) { | | String serverName = | | | System.getProperty("testAdvantage.jboss.server.name"); //not set, this prop is null | | if (serverName == null) { | | serverName = InetAddress.getLocalHost().getHostName(); //the host name is RicksMachine | | } | | server = | (Remote) initialContext.lookup("jmx:" + serverName + ":rmi"); | | } | | } | | Here is the exception I get. Code: | 10:07:15,312 ERROR [STDERR] javax.naming.NameNotFoundException: jmx:RicksMachine:rmi not bound | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:495) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:503) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getObject(NamingServer.java:509) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.lookup(NamingServer.java:282) | 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:528) | 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507) | 10:07:15,312 ERROR [STDERR] at javax.naming.InitialContext.lookup(InitialContext.java:347) | 10:07:15,312 ERROR [STDERR] at org.appfuse.webapp.service.UserManagerJBossSpecific.init(UserManagerJBossSpecific.java:102) | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822998#3822998 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822998 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss SX seems to cache user/roles
Well I tried... I can't seem to init the server | protected void init() throws Exception { | | if (initialContext == null) { | | initialContext = new InitialContext(); | | } | | if (server == null) { | | String serverName = System.getProperty("testAdvantage.jboss.server.name"); //not set, this prop is null | | if (serverName == null) { | | serverName = InetAddress.getLocalHost().getHostName(); //the host name is RicksMachine | | } | | server = | (Remote) initialContext.lookup("jmx:" + serverName + ":rmi"); | | } | | } | | Here is the exception I get. | 10:07:15,312 ERROR [STDERR] javax.naming.NameNotFoundException: jmx:RicksMachine:rmi not bound | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:495) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getBinding(NamingServer.java:503) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.getObject(NamingServer.java:509) | 10:07:15,312 ERROR [STDERR] at org.jnp.server.NamingServer.lookup(NamingServer.java:282) | 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:528) | 10:07:15,312 ERROR [STDERR] at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507) | 10:07:15,312 ERROR [STDERR] at javax.naming.InitialContext.lookup(InitialContext.java:347) | 10:07:15,312 ERROR [STDERR] at org.appfuse.webapp.service.UserManagerJBossSpecific.init(UserManagerJBossSpecific.java:102) | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822926#3822926 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822926 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss SX seems to cache user/roles
I did some serching around I came up with a code snippet | Object[] params = new Object[]{jaasDomainName, simplePrincipal}; | String[] signature = new String[]{ "java.lang.String ", | "java.security.Principal "}; | mbeanServer.invoke(jaasObjectName, "flushAuthenticationCache ", params, | signature); | Code from http://www.junlu.com/msg/36344.html I'll need to do some more research. I have not worked with JMX much. But thanks for the trail. I also found this: (JBossTestServices) | /** Flush all authentication credentials for the java:/jaas/other security | | 295 domain | | 296 */ | | 297 3 void flushAuthCache() throws Exception | | 298 { | | 299 3 ObjectName jaasMgr = new ObjectName("jboss.security:service=JaasSecurityManager"); | | 300 3 Object[] params = {"other"}; | | 301 3 String[] signature = {"java.lang.String"}; | | 302 3 invoke(jaasMgr, "flushAuthenticationCache", params, signature); | | 303 } | | | The above can be found at: http://www.thecortex.net/clover/eg/jboss/report/org/jboss/test/JBossTestServices.html It is sure nice having the entire code base online so it can be googled! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822903#3822903 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822903 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss SX seems to cache user/roles
Thanks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822898#3822898 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822898 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss SX seems to cache user/roles
Setting the cache policy to nothing did not work! :( Oh well | 19:29:20,296 ERROR [Engine] CoyoteAdapter An exception or error occurred in the container during the request processing | java.lang.NullPointerException | at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:318) | at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.hasRole(JBossSecurityMgrRealm.java:339) | at org.apache.catalina.authenticator.AuthenticatorBase.accessControl(AuthenticatorBase.java:632) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) | at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) | at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) | at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) | at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76) | at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) | at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) | at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) | at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) | at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) | at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172) | at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) | at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65) | Help! ;) View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822804#3822804 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822804 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss SX seems to cache user/roles
|private static CachePolicy lookupCachePolicy(String securityDomain) |{ | CachePolicy authCache = null; | String domainCachePath = cacheJndiName + '/' + securityDomain; | try | { | InitialContext iniCtx = new InitialContext(); | authCache = (CachePolicy) iniCtx.lookup(domainCachePath); | } | catch(Exception e) | { | // Failed, treat the cacheJndiName name as a global CachePolicy binding | try | { | InitialContext iniCtx = new InitialContext(); | authCache = (CachePolicy) iniCtx.lookup(cacheJndiName); | } | catch(Exception e2) | { | log.warn("Failed to locate auth CachePolicy at: "+cacheJndiName |+ " for securityDomain="+securityDomain); | } | } | return authCache; |} | | It looks like the lookup just returns a null if it cannot find a cache... Worth a shot Setting cache policy blank | | | | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822803#3822803 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822803 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss SX seems to cache user/roles
I saw this http://jboss.sourceforge.net/doc-24/ch07s09.html The example they give seems to set the cache policy. | | | org.jboss.security.plugins.JaasSecurityManager | | | org.jboss.security.SubjectSecurityProxyFactory | | | srp/SRPAuthenticationCache | | | Mine does set a cache policy. Here is my version of the above from jboss-service.xml | | | org.jboss.security.plugins.JaasSecurityManager | | | After looking at the code for org.jboss.security.plugins.JaasSecurityManagerService, it seems to default to a timed cache. public class JaasSecurityManagerService |extends ServiceMBeanSupport |implements JaasSecurityManagerServiceMBean | { |... |private static final String DEFAULT_CACHE_POLICY_PATH = "java:/timedCacheFactory"; | ... | How do I setup the timed cache? Can I just set this parameter to nothing? Will that override the timed cache? I'll try. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822802#3822802 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822802 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - JBoss SX seems to cache user/roles
Is there anyway to tell JBoss SX not to cache user/roles data? I am using DatabaseServerLoginModule as follows: | | | | java:/jdbc/mysql | | select passwrd from app_user where username=? | | | select role_name, 'Roles' from user_role where username=? | | | | | In this application an admin can come along and edit another users roles, but this does not seem to get reflected. It seems like JBoss SX caches the roles/user mappings. Is there anyone to turn this caching off? I downloaded the JBoss SX source from SF and walked the tree from DatabaseServerLoginModule to AbstractServerLoginModule and it does not seem like they are caching the results. I am guessing it is another class that uses DatabaseServerLoginModule that caches the roles/users. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822798#3822798 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822798 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
Thank you. Thank you. Thank you. It looks like it is finally working. YEAH! Turns out I did not want to use any encryption because the Servlet in my system already does it as well. Here is the final jboss-web.xml http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd";> java:/jaas/expressDomain . . . Here is the final security domain setup java:/jdbc/mysql select passwrd from app_user where username=? select role_name, 'Roles' from user_role where username=? Thanks again! Rick Hightower View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822783#3822783 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822783 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
[DEBUG] 32:04 (JaasSecurityManager.java:authenticate:458) Login failure javax.security.auth.login.FailedLoginException: Password Incorrect/Password Requ ired at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(Usernam ePasswordLoginModule.java:154) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 29) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822780#3822780 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822780 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
I was missing the java:/ in front of jdbc/mysql java:/jdbc/mysql View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822775#3822775 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822775 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
Apologies, heck! You ROCK! Thanks for your help. Cool. I'll try it. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822769#3822769 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822769 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
The good news is I can't login which means I am not using the NullSecurityManager. The bad news is I can't login. I get the following exception: javax.naming.NamingException: Could not dereference object [Root exception is ja vax.naming.NameNotFoundException: express not bound] at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:970) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:613) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBos sSecurityMgrRealm.java:276) at org.jboss.web.tomcat.tc4.authenticator.FormAuthenticator.authenticate (FormAuthenticator.java:320) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica torBase.java:481) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve .java:246) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:641) at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(Contai nerStatsValve.java:76) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java: 2417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche rValve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:641) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit yAssociationValve.java:65) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 577) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex t.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:19 7) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :781) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce ssConnection(Http11Protocol.java:549) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :605) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:677) at java.lang.Thread.run(Thread.java:534) Caused by: javax.naming.NameNotFoundException: express not bound at org.jnp.server.NamingServer.getBinding(NamingServer.java:495) at org.jnp.server.NamingServer.getBinding(NamingServer.java:503) at org.jnp.server.NamingServer.getObject(NamingServer.java:509) at org.jnp.server.NamingServer.lookup(NamingServer.java:282) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:528) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:507) at javax.naming.InitialContext.lookup(InitialContext.java:347) at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:964) View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822764#3822764 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822764 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTEC
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
Nope. Thanks. I'll try that. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822761#3822761 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822761 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
Here is what I get on startup: [ INFO] 19:17 (ServiceMBeanSupport.java:start:220) Started jboss.security:service=XMLLoginConfig [DEBUG] 19:17 (ServiceMBeanSupport.java:start:187) Starting [DEBUG] 19:17 (JaasSecurityManagerService.java:startService:337) securityMgrCtxPath=java:/jaas [DEBUG] 19:17 (JaasSecurityManagerService.java:startService:343) cachePolicyCtxPath=java:/timedCacheFactory [DEBUG] 19:17 (JaasSecurityManagerService.java:startService:348) [EMAIL PROTECTED] [ INFO] 19:17 (ServiceMBeanSupport.java:start:220) Started jboss.security:service=JaasSecurityManager [DEBUG] 19:19 (ServiceMBeanSupport.java:create:154) Creating [DEBUG] 19:19 (ServiceMBeanSupport.java:create:172) Created [DEBUG] 19:19 (ServiceMBeanSupport.java:start:187) Starting [DEBUG] 19:19 (EmbeddedTomcatService.java:startService:252) Setting catalina debug level to: 0 [DEBUG] 19:19 (EmbeddedTomcatService.java:startService:268) Setting catalina.home to: C:\tools\jboss-3.2.3\server\default [DEBUG] 19:19 (EmbeddedTomcatService.java:startService:269) Setting catalina.base to: C:\tools\jboss-3.2.3\server\default [ INFO] 19:20 (Log4jLogger.java:log:149) CoyoteConnector Coyote can't register jmx for protocol [ INFO] 19:20 (Log4jLogger.java:log:149) CoyoteConnector Coyote can't register jmx for protocol [ INFO] 19:20 (EmbeddedTomcatService.java:startService:279) OK [DEBUG] 19:20 (AbstractWebContainer.java:init:276) Begin init [DEBUG] 19:20 (AbstractWebContainer.java:init:353) End init [DEBUG] 19:20 (AbstractWebContainer.java:start:418) webContext: null [DEBUG] 19:20 (AbstractWebContainer.java:start:419) warURL: file:/C:/tools/jboss-3.2.3/server/default/deploy/http-invoker.sar/invoke r.war/ [DEBUG] 19:20 (AbstractWebContainer.java:start:420) webAppParser: [EMAIL PROTECTED] [ INFO] 19:20 (EmbeddedTomcatService.java:performDeploy:306) deploy, ctxPath=/invoker, warUrl=file:/C:/tools/jboss-3.2.3/server/default/deplo y/http-invoker.sar/invoker.war/ [DEBUG] 19:20 (EmbeddedTomcatService.java:createWebContext:521) Using session cookies default setting [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:555) AbstractWebContainer.parseWebAppDescriptors, Begin [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:563) Creating ENC using ClassLoader: [EMAIL PROTECTED] [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567) [EMAIL PROTECTED] url=file:/C:/tools/jboss-3.2 .3/server/default/deploy/http-invoker.sar/ ,addedOrder=3} [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567) [EMAIL PROTECTED] [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567) [EMAIL PROTECTED] [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:567) [EMAIL PROTECTED] [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:576) Linked java:comp/UserTransaction to JNDI name: UserTransaction [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:585) addEnvEntries [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:588) linkResourceEnvRefs [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:591) linkResourceRefs [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:594) linkEjbRefs [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:597) linkEjbLocalRefs [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:600) linkSecurityDomain [DEBUG] 19:20 (AbstractWebContainer.java:linkSecurityDomain:788) Linking security/securityMgr to JNDI name: java:/jaas/http-invoker [DEBUG] 19:20 (AbstractWebContainer.java:parseWebAppDescriptors:602) AbstractWebContainer.parseWebAppDescriptors, End [ INFO] 19:21 (Log4jLogger.java:log:149) SingleSignOnContextConfig[/invoker]: Added certificates -> request attribute Val ve [ INFO] 19:21 (Log4jLogger.java:log:149) SingleSignOnContextConfig[/invoker]: Configured an authenticator for method BASI C [DEBUG] 19:21 (EmbeddedTomcatService.java:lifecycleEvent:536) Context.lifecycleEvent, event=org.apache.catalina.LifecycleEvent[source=Standard Engine[MainEngine].StandardHost[localhost].StandardContext[/invoker]] [ WARN] 19:21 (EmbeddedTomcatService.java:contextInit:637) Unable to invoke setDelegate on class loader:org.jboss.web.tomcat.tc4.WebCtxLoad [EMAIL PROTECTED] [ INFO] 19:21 (Log4jLogger.java:log:149) StandardManager[/invoker]: Seeding random number generator class java.security.S ecureRandom [ INFO] 19:21 (Log4jLogger.java:log:149) StandardManager[/invoker]: Seeding of random number generator has been completed [ INFO] 19:21 (Log4jLogger.java:log:149) StandardWrapper[/invoker:default]: Loading container servlet default [ INFO] 19:21 (Log4jLogger.java:log:149) StandardWrapper[/invoker:invoker]: Loading container servlet invoker [DEBUG] 19:22 (EmbeddedTomcatService.java:performDeploy:310) Initialized: {WebApplication: /C:/tools/jboss-3.2.3/server/default/deploy/http-i nvoker.sar/invoker.war/, URL: file:/C:/tools/jboss-3.2.3/server/default/deploy/h ttp-invoker.sar/invoke
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
I tried it and it was not too telling. In fact, I only get the following: [ INFO] 45:17 (JaasSecurityManagerService.java:newSecurityDomainCtx:494) Created [EMAIL PROTECTED] [DEBUG] 45:17 (JaasSecurityManager.java:setCachePolicy:181) CachePolicy set to: [EMAIL PROTECTED] [ INFO] 45:17 (JaasSecurityManagerService.java:setSecurityDomainCache:451) setCachePolicy, [EMAIL PROTECTED] [ INFO] 45:17 (JaasSecurityManagerService.java:lookupSecurityDomain:472) Added HsqlDbRealm, [EMAIL PROTECTED] to ma p [ INFO] 45:18 (JaasSecurityManagerService.java:newSecurityDomainCtx:494) Created [EMAIL PROTECTED] [DEBUG] 45:18 (JaasSecurityManager.java:setCachePolicy:181) CachePolicy set to: [EMAIL PROTECTED] [ INFO] 45:18 (JaasSecurityManagerService.java:setSecurityDomainCache:451) setCachePolicy, [EMAIL PROTECTED] [ INFO] 45:18 (JaasSecurityManagerService.java:lookupSecurityDomain:472) Added jbossmq, [EMAIL PROTECTED] to map [ INFO] 45:18 (JaasSecurityManagerService.java:newSecurityDomainCtx:494) Created [EMAIL PROTECTED] [DEBUG] 45:18 (JaasSecurityManager.java:setCachePolicy:181) CachePolicy set to: [EMAIL PROTECTED] [ INFO] 45:18 (JaasSecurityManagerService.java:setSecurityDomainCache:451) setCachePolicy, [EMAIL PROTECTED] [ INFO] 45:18 (JaasSecurityManagerService.java:lookupSecurityDomain:472) Added JmsXARealm, [EMAIL PROTECTED] to map It does not mention org.jboss.security.auth.spi.DatabaseServerLoginModule that I configured. I wonder if I am missing something else. Like a mapping from jboss-web.xml to the DatabaseServerLoginModule that I configured. Also, when I log into the site, I get nothing from org.jboss.security in my log file. That seems odd, in a bad not so good kind of way. I added the following code: manager.setUserName(request.getRemoteUser()); manager.setAdmin(request.isUserInRole("admin")); log.debug(manager.getUserName()); log.debug("admin=" + manager.isAdmin()); It appears everyone is admin! What is weirder is I can login using any password. Ahhh! All of this worked with just plain Tomcat. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822736#3822736 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822736 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss Security Roles Problem.... everyone is admin!
Excellent idea. I will try that. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822725#3822725 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822725 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - JBoss Security Roles Problem.... everyone is admin!
I am having a problem with roles. A user called tomcat is in a role called admin, but should not be. I can login okay with the tomcat user but, the tomcat user can do everything an admin can do, which is not what I want. I then tried to programmatically see if tomcat user is an admin and he was. JBoss security is setup as follows:When I run the querries in the database workbench they seem to work as they should. (I tried several combinations of encoding and hash to no avail). It should be like this: user tomcat is in the role "user" user mraible is in the role "admin" Here is the role table: CREATE TABLE USER_ROLE ( ID NUMERIC( 18, 0) NOT NULL, USER_ID NUMERIC( 18, 0) NOT NULL, USERNAME VARCHAR( 255) NOT NULL COLLATE NONE, ROLE_NAME VARCHAR( 255) NOT NULL COLLATE NONE, PRIMARY KEY (ID) ); This query select USER_NAME ROLENAME from USER_ROLE; outputs this: USER_NAME ROLENAME tomcat user mraible admin Here is the DDL for the user table: RECREATE TABLE APP_USER ( ID NUMERIC( 18, 0) NOT NULL, USERNAME VARCHAR( 40) NOT NULL COLLATE NONE, PASSWRD VARCHAR( 150) NOT NULL COLLATE NONE, FIRSTNAME VARCHAR( 40) NOT NULL COLLATE NONE, LASTNAME VARCHAR( 40) NOT NULL COLLATE NONE, EMAIL VARCHAR( 100) COLLATE NONE, PHONENUMBER VARCHAR( 15) COLLATE NONE, PASSWORDHINT VARCHAR( 40) COLLATE NONE, INCREMENTBY FLOAT, VER INTEGER, PRIMARY KEY (ID) ); The above has the following data: ID,USERNAME,FIRSTNAME,EMAIL 1,"tomcat","Tomcat","[EMAIL PROTECTED]" 2,"mraible","Matt","[EMAIL PROTECTED]" 3,"rick","Rick","[EMAIL PROTECTED]" View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3822557#3822557 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3822557 --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user jdbc/mysql select passwrd from app_user where username=? select role_name, 'Roles' from user_role where username=? SHA base64