[JBoss-user] Confused with JAAS! Please help
Hello I'm running JBoss 2.2.1-Tomcat 3.2.1 with InstantDB. The Tomcat JDBCRealm and JBoss DatabaseServerLoginModule point to the same database tables (Users and Roles) for JAAS authentication. While my enterprise application is running, I add new users to the Users and Roles tables from a session bean, using a connection to the database that I have retrieved from JBoss's pool (by looking up the java:/DefaultDS data source). However when I try to login to a secure web page as the new user, Tomcat's JDBCRealm cannot find the data that I have inserted in the database. If I close JDBCRealm's database connection, I get the message instantdb is shutting down ... and when I try to login as the new user again with a new database connection established in JDBCRealm, the login is successful. As far as I understand, the message instantdb is shutting down ... is only printed when there are no connections to InstantDB left on the VM. However, I know that JBoss is still holding connections to InstantDB when I get this message ( I have tested this by holding a connection from the JBoss pool while the JDBCRealm database connection is being closed). So the behaviour is almost as if Tomcat's JDBCRealm is holding it's connection to InstantDB on a different VM to my JBoss EJBs? This would explain why I have to close the JDBCRealm connection and reopen it to see the inserted data, as InstantDB only allows access from one VM at a time. But JBoss and Tomcat run on the same VM don't they (I downloaded the JBoss-Tomcat bundle)? And when I print out the ClassLoaders that loaded the InstantDB connections in JDBCRealm and the EJB, they are identical. I'm really confused by this. Can anyone point out where I am being stupid? Mark Dr M.W. Shotton MICROMASS UK LIMITED Floats Road Wythenshawe Manchester M23 9LZ UK +44 (0) 161 718 4548 ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] JBossRealm Security Bug
Hello there
There is an omission in the version of org.jboss.tomcat.security.JbossRealm
that I checked out of CVS from the contrib/tomcat area. The principal and
credentials propogated from Tomcat are stored in ThreadLocal objects in
org.jboss.security.SecurityAssociation. However these ThreadLocal variables
are never reset to null. So the threads are returned to the pool and can be
used again with the principal and credentials still set (not very secure!).
The JbossRealm should implement a method to reset the principal and
credentials to null. I have done this as below:
package org.jboss.tomcat.security;
import java.security.Principal;
import java.util.Hashtable;
import org.apache.tomcat.core.Request;
import org.apache.tomcat.core.Response;
import org.apache.tomcat.util.SecurityTools;
import org.apache.tomcat.core.BaseInterceptor;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
/**
* This maps Tomcat credintials to jBoss credintials. It can probably be
placed after
* many other Tomcat realms to map that realm into jBoss.
* @author a href=mailto:[EMAIL PROTECTED];Kevin Lewis/a
* @version $Revision: 1.3 $
*
* changed imports to reflect new org.jboss.security structure
* @author a href=mailto:[EMAIL PROTECTED];Dewayne McNair/a
* @version $Revision: 1.3 $
*
*/
public class JbossRealm extends BaseInterceptor {
public int authenticate( Request req, Response response ){
Hashtable cred=new Hashtable();
SecurityTools.credentials( req, cred );
String user=(String)cred.get(username);
SecurityAssociation.setPrincipal( new SimplePrincipal( user
) );
String pw=(String)cred.get(password);
if (null != pw)
SecurityAssociation.setCredential( pw.toCharArray() );
return 0;
}
public int afterBody( Request req, Response response ){
SecurityAssociation.setPrincipal(null);
SecurityAssociation.setCredential(null);
return 0;
}
}
Mark
Dr M.W. Shotton
MICROMASS UK LIMITED
Floats Road
Wythenshawe
Manchester M23 9LZ
UK
+44 (0) 161 718 4548
___
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] SSL + Jaas
Hello Can anyone help me with a problem that I have with logging in to the JBoss security realm via Tomcat with SSL ... I am running JBoss with an embedded Tomcat that has SSL enabled. I login to the tomcat SimpleRealm via SSL and the user is authenticated OK. However the user credentials are not propogated to the JbossRealm properly. I get a principal = null message from the JBoss SecurityInterceptor when I try to access some protected bean methods which this user has access to. If I don't use SSl, everything is OK. Any advice would be much appreciated. Mark Dr M.W. Shotton MICROMASS UK LIMITED Floats Road Wythenshawe Manchester M23 9LZ UK +44 (0) 161 718 4548 ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] JBoss 2.1
Hello Can anyone help me with a problem in deploying an application on JBoss 2.1. My application deploys fine on 2.0 but when I try to deploy it on 2.1 I get the error: javax.naming.CommunicationException. Root exception is java.io.InvalidClassException: org.jboss.ejb.plugins.jrmp.interfaces.GenericProxy; Local class not compatible: stream classdesc serialVersionUID=-6230758090378349913 local class serialVersionUID=7822409041172562877 at java.io.ObjectStreamClass.validateLocalClass(ObjectStreamClass.java:523) at java.io.ObjectStreamClass.setClass(ObjectStreamClass.java:567) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:936) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:940) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:940) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386) at java.io.ObjectInputStream.inputClassFields(ObjectInputStream.java:2262) at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:519) at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1411) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.rmi.MarshalledObject.get(MarshalledObject.java:138) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:299) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:279) at javax.naming.InitialContext.lookup(InitialContext.java:350) at Test.main(Test.java:103) Dr M.W. Shotton MICROMASS UK LIMITED Floats Road Wythenshawe Manchester M23 9LZ UK +44 (0) 161 718 4548 ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] FW: JBoss 2.1
Further to my last message. This error occurs when I try to look up a bean from outside the JBoss-Tomcat container. I don't receive the error when I look up EJBs from a servlet on Tomcat. Mark -Original Message- From: Shotton Mark MMUk Sent: Monday, April 09, 2001 10:29 AM To: '[EMAIL PROTECTED]' Subject: JBoss 2.1 Hello Can anyone help me with a problem in deploying an application on JBoss 2.1. My application deploys fine on 2.0 but when I try to deploy it on 2.1 I get the error: javax.naming.CommunicationException. Root exception is java.io.InvalidClassException: org.jboss.ejb.plugins.jrmp.interfaces.GenericProxy; Local class not compatible: stream classdesc serialVersionUID=-6230758090378349913 local class serialVersionUID=7822409041172562877 at java.io.ObjectStreamClass.validateLocalClass(ObjectStreamClass.java:523) at java.io.ObjectStreamClass.setClass(ObjectStreamClass.java:567) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:936) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:940) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:940) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386) at java.io.ObjectInputStream.inputClassFields(ObjectInputStream.java:2262) at java.io.ObjectInputStream.defaultReadObject(ObjectInputStream.java:519) at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1411) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.rmi.MarshalledObject.get(MarshalledObject.java:138) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:299) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:279) at javax.naming.InitialContext.lookup(InitialContext.java:350) at Test.main(Test.java:103) Dr M.W. Shotton MICROMASS UK LIMITED Floats Road Wythenshawe Manchester M23 9LZ UK +44 (0) 161 718 4548 ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
