[JBoss-user] [Security JAAS/JBoss] - Re: unothodox module stacking?
Thanks for your advice. I'm going to try to extend the DSLM, but I admit I have no idea what that might entail. Any advice you have on this would be great. I've done some searching on the site, but there seems to be just pieces of info for specific problems. Thanks! B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3952014#3952014 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3952014 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - unothodox module stacking?
I've successfully integrated my app with JBoss and JAAS using JBoss's DatabaseServerLoginModule instead of my own login module. The only think I'm missing in this configuration is that my old login module did custom things like update another table to audit that the user successfully logged in, and stuff like recording when people failed to log in after a number of times. It seems that my only option to get this functionality back is to either right my own custom login module or stack other modules to be called and try to log the info that way. Is this approach advisable or should I just start writing my CustomLoginModule? Thanks! B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3951783#3951783 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3951783 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: unothodox module stacking?
Thanks for the reply. I could accomplish what I want if I can pass a stored proc call in the module option. Is that possible? Something like call usp_login ? B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3951803#3951803 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3951803 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: getting the role name after form login
Does anyone think this code is off-base? It seemed to me that the only way to get the role, once the correct group was discovered, was to loop over the Enumeration of members. For me this will be ok since the users of my app won't have multiple roles assigned to them. Unless someone has a better way or there is a problem with this, I'm going to use it for now. Thanks again for the replies and help. B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3947180#3947180 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3947180 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - getting the role name after form login
I apologize if this is dumb, but I'm sucessfully logging in with the DatabaseLoginModule, but now how do I get the name of the role? I want to display the role name on the web page. I know I can get the userid from request.getUserPrincipal().getName() but should I use this and is there something similar for getting the authenticated user's role? Thanks for the help, Bob View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3947094#3947094 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3947094 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: getting the role name after form login
Thanks so much for the replies. I'll try them out asap. B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3947146#3947146 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3947146 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: getting the role name after form login
This code seems to work:
private void findRole() throws PolicyContextException {
// Get the Authenticated Subject
Subject subject = (Subject)
PolicyContext.getContext(javax.security.auth.Subject.container);
//Now look for a Group called Roles
Set principals = subject.getPrincipals(Principal.class);
Iterator iter = principals.iterator();
while(iter.hasNext()) {
Principal p = (Principal)iter.next();
if(p instanceof SimpleGroup) {
SimpleGroup sg = (SimpleGroup)p;
if(Roles.equals(sg.getName())) {
Enumeration en = sg.members();
while(en.hasMoreElements()) {
String role =
en.nextElement().toString();
if(role != null) {
setRole(role);
}
}
}
}
}
}
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3947158#3947158
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3947158
---
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642
___
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Using BouncyCastle with DatabaseServerLoginModule
I'm currently using BouncyCastly as the provider for my MessageDigest algorithm implementation (because I'm using SHA-256, not MD5). How or can I make JBoss use BC by default with the DatabaseServerLoginModule module-options? I want to be able to specify something like this: module-option name=hashAlgorithmSHA-256/module-option But I think I'll need to make JBoss aware of the BouncyCastly provider. Is that correct? How do I do that? Thanks! B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3946837#3946837 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3946837 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Using BouncyCastle with DatabaseServerLoginModule
Thanks Scott, I added Provider fine, but how with DatabaseServerLoginModule know to use the SHA-256 algorithm provided by BC? Will it know to use it because the sun JCE doesn't support SHA-256? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3946879#3946879 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3946879 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Using BouncyCastle with DatabaseServerLoginModule
Ok. Thanks. I'll try it, but I'm thinking now that SHA-256 should be SHA-256 no matter who implements it. So passwords hashed with BC SHA-256 should hash to the same value with the Sun SHA-256. Thanks again for the help. B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3946885#3946885 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3946885 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Using BouncyCastle with DatabaseServerLoginModule
I've got it now. My main problem was not having module-option name=ignorePasswordCaseTRUE/module-option in my login-config. Thanks again for all the help. B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3946910#3946910 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3946910 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
Will do, and thanks for the useful information. I really hate being a noob at something!!! (especially and app server) B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3946524#3946524 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3946524 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
Thanks for the help! One more question though. . . Do I need to extend JBoss's JAAS class, I think AbstractServerLoginContext, to get JBoss to recognize my custom LoginModule? Thanks again for the help. B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3946084#3946084 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3946084 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
I'm still having issues here. Is the idea to use some code to always check request.isUserInRole(user), or does the container do that? B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3944287#3944287 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3944287 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - JBoss won't recognize my appication-policy name
I'm pretty new to JBoss, but I have worked with JAAS for a while. I have a custom LoginModule that works great if I configure it in the other section of login-config.xml. When I create a section just for my module, call it id1, the web app totally passes it by. Here are the steps I took to configure it. I added the section to login-config.xml: application-policy name = id2 login-module code=com.choiceid.login.IDLoginModule flag=required module-option name=dsJndiNamejava:cidb/module-option module-option name=principalsQueryselect userlist.password from userlist where userid=?/module-option module-option name=rolesQueryselect role.[desc] as [Roles] from userlist inner join role on userlist.role = role.[id] where userid =?/module-option /login-module /application-policy I added security-domainjava:/jaas/id2/security-domain to JBoss-web.xml, and I added the realm-name to the web.xml. After all that, and a bounce of Jboss, application-policy name isn't found and the LoginModule isn't executed. Again, if I put it in other it works like a champ. Any ideas? Thanks! B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3943860#3943860 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3943860 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JBoss won't recognize my appication-policy name
Sorry I made a typo in the application-policy name section, it should read id1 NOT id2. My bad, this is a typo in the post, not in the code :) View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3943863#3943863 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3943863 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JAAS Container managed versus code managed auth
Thanks, I've got the server guide for 4.0 but I haven't read it all, though I haven't seen anything yet that describes exactly what I think I need. For instance, how does the container determine if a user is still logged while they are browsing through protected pages. I need secure ALL my pages. B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3943922#3943922 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3943922 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - JAAS Container managed versus code managed auth
Hi all, I'm new to JBoss as well as the idea of container managed login authentication using stuff like web.xml to protect resources. I come from a java shop that still uses stone knives and bear skins, and handles all things like login and resource protecting in the code using session based cookie solution. I've have used JAAS, based on this article: http://www.javaworld.com/javaworld/jw-09-2002/jw-0913-jaas.html and some of this code: http://www.javaworld.com/javaworld/jw-09-2002/jaas/jw-0913-jaas.zip I am using this successfully using the Resin application server, but JBoss doesn't like it. Basically, I've wrapped the login process in a java bean that gets called on every jsp. The code in the bean checks to make sure the user has a valid session and if not, then it sends them to the login screen. When the user logs in from the log in screen, the Login bean actually uses JAAS to call my custom LoginModule to log the user in, then it sets my SessionLoginContext in the http session as an attribute. Each call to the a subsequent page the bean calls checklogin which gets the login context from the session and checks to be sure the session has the proper role. if it does, the app carries on, if not, it makes the user log in again. I know this may be counter to the container managed way, but it works great and once the user is logged in, they stay logged in until the session goes away. Can I get the same sort of functionality using the container managed way? Can someone please help me figure out where to start. If you see my other post, I have made attempts to configure my custom login module, but Jboss is having trouble recognizing it. That is a separate issue. I'm looking for a good pattern to follow I guess, to use JAAS with http sessions or something like it using the container. Thanks! B View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3943885#3943885 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3943885 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
