[JBoss-user] [Security & JAAS/JBoss] - Re: JaasSecurityManager and caching of X509Certificate chain
Thanks. Yes that works correctly with X509Certificate arrays. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3844116#3844116 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3844116 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JaasSecurityManager and caching of X509Certificate chain
I've submitted a patch for this, see https://sourceforge.net/tracker/index.php?func=detail&aid=1003258&group_id=22866&atid=376687 View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3844104#3844104 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3844104 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - JaasSecurityManager and caching of X509Certificate chains
Hi, I have a Login module that I use with SSL client certificates. The log from the module suggests that it is invoked by the JaasSecurityManager on every client call, even when the client (and principal) is previously authenticated, and the principal is in the cache. Other username/password based modules do not show this behavior. My guess is that it is the validateCache method of the JaasSecurityManager that fails to match the credentials, which are X509Certificate arrays. What is the best way to get around this? Is it as simple as to change validateCache so that is can compare arrays of X509Certificates? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3844001#3844001 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3844001 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Setting CertificatePrincipal in JBoss 3.2.5
Hi, I wonder how I can set the certificatePrincipal attribute on the JBossSecurityMgrRealm used for web applications in Jboss 3.2.5. I've tried to add a Realm element inside both the Engine and Host element to the server.xml-file in jbossweb-tomcat50.sar, but no luck. That is, an instance of the JBossSecurityMgrRealm is instantiated and the certificatePrincipal is set on it, but this realm is never used by any of the deployed web-applications. What is the correct way to accomplish this? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843986#3843986 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843986 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Custom Login using SSL
Here is a method you could use inside a login module. It assumes you extend the AbstractServerLoginModule. | private Object[] getLoginInfo() throws LoginException { | | if (callbackHandler == null) { | log.warn("No callbackHandler available"); | throw new LoginException( | "Error: no CallbackHandler available " + "to collect authentication information"); | } | String username = null; | X509Certificate[] certs = null; | NameCallback nc = new NameCallback("username"); | ObjectCallback oc = new ObjectCallback("certs"); | Callback[] callbacks = { nc, oc }; | try { | callbackHandler.handle(callbacks); | username = nc.getName(); | | Object credential = oc.getCredential(); | if (credential == null || !(credential instanceof X509Certificate[])) { | log.debug("No X509Certficate chain"); | throw new LoginException("No X509Certficate chain"); | } | certs = (X509Certificate[]) credential; | } catch (java.io.IOException ioe) { | throw new LoginException(ioe.toString()); | } catch (UnsupportedCallbackException uce) { | throw new LoginException("CallbackHandler does not support: " + uce.getCallback()); | } | return new Object[] { username, certs }; | } | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3834837#3834837 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3834837 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: SSL configuration
A related question: Can I configure a HttpInvoker to use SSL? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3831303#3831303 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3831303 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user