[JBoss-user] [Security & JAAS/JBoss] - Re: unexpected behavior with authenticated but unauthorized
Well, then the solution is simple enough. Add and entry for 403 errors and handle gracefully from there. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923645#3923645 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923645 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - unexpected behavior with authenticated but unauthorized user
I've set up a test case for a user that is successfully authenticated but that is not authrorized by the security-constraint to access a servlet. I've tested other form basedlogin behavior and got the expected resuts. Accession page requireing authentication redirects to form-login-page, invalid credentials to form-error-page, valid credentials for authorized user to initial target. However, when I provide valid credentials for user that is not authorized, I get an HTTP Status 403 back. Other container managers I've used direct to form-login-page in this sittuation. What can I do to intercept this condition and redirect to a page of my choosing? I'm using JBoss 4.0.2 and the LdapLoginModule. Again, everything works except for this condition. Excerpts from web.xml and ldif follow. The usera gets in fine, userb gets a status 403. cut - part of web.xml - begin unprotected resources /login_placeholder.jsp /error_placeholder.jsp protected resources /welcome_placeholder.jsp authRole /welcome_placeholder.jsp realm FORM /login_placeholder.jsp /error_placeholder.jsp authRole cut - part of web.xml - end cut - part of LDIF - begin dn: uid=usera,ou=people,dc=acorp,dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: usera mail: [EMAIL PROTECTED] cn: Authorized User sn: User userpassword: {SSHA}/J+00NUgSWm/iM1KIiR2GuR+E+ugezfz dn: uid=userb,ou=people,dc=acorp,dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: userb mail: [EMAIL PROTECTED] cn: Nonauthorized User sn: User userpassword: {SSHA}XYOUSJ7BcSHQ+5viFT8Zzoo6Mb3dGoLn dn: cn=authRole,ou=roles,dc=acorp,dc=com changetype: add objectclass: top objectclass: groupofuniquenames cn: authRole description: Group of users with access to app uniqueMember: uid=usera,ou=people,dc=acorp,dc=com cut - part of LDIF - end View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923501#3923501 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923501 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Messaging, JMS & JBossMQ] - JAAS/JBoss unexpected behavior with authenticated but unauth
I've set up a test case for a user that is successfully authenticated but that is not authrorized by the security-constraint to access a servlet. I've tested other form basedlogin behavior and got the expected resuts. Accession page requireing authentication redirects to form-login-page, invalid credentials to form-error-page, valid credentials for authorized user to initial target. However, when I provide valid credentials for user that is not authorized, I get an HTTP Status 403 back. Other container managers I've used direct to form-login-page in this sittuation. What can I do to intercept this condition and redirect to a page of my choosing? I'm using JBoss 4.0.2 and the LdapLoginModule. Again, everything works except for this condition. Excerpts from web.xml and ldif follow. The usera gets in fine, userb gets a status 403. cut - part of web.xml - begin unprotected resources /login_placeholder.jsp /error_placeholder.jsp protected resources /welcome_placeholder.jsp authRole /welcome_placeholder.jsp realm FORM /login_placeholder.jsp /error_placeholder.jsp authRole cut - part of web.xml - end cut - part of LDIF - begin dn: uid=usera,ou=people,dc=acorp,dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: usera mail: [EMAIL PROTECTED] cn: Authorized User sn: User userpassword: {SSHA}/J+00NUgSWm/iM1KIiR2GuR+E+ugezfz dn: uid=userb,ou=people,dc=acorp,dc=com changetype: add objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: userb mail: [EMAIL PROTECTED] cn: Nonauthorized User sn: User userpassword: {SSHA}XYOUSJ7BcSHQ+5viFT8Zzoo6Mb3dGoLn dn: cn=authRole,ou=roles,dc=acorp,dc=com changetype: add objectclass: top objectclass: groupofuniquenames cn: authRole description: Group of users with access to app uniqueMember: uid=usera,ou=people,dc=acorp,dc=com cut - part of LDIF - end View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923500#3923500 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923500 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Management, JMX/JBoss] - Re: Can't persist collection or array attributes of XMBeans
Hmmm... didn't escape the xmbean attribute fragment... lemme try againView the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905527#3905527 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905527 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user Customer AV Set Customers java.util.TreeSet
[JBoss-user] [Management, JMX/JBoss] - Can't persist collection or array attributes of XMBeans
We're using JBoss 4.0.2 and JDK 1.4.2_07 on Windows and Linux boxes. Our XMBean is persisting the non-collection data using the DelegatingPersistenceManager/AttributePersistenceService/XMLAttributePersistenceManager configuration just fine. We also tested this using the ObjectStreamPersistenceManager and got the same results. By digging into the DelegatingPersistenceManager, we were able to trace down a couple of things. First, whatever is preparing the MBeanInfo and MBeanAttributeInfo before getting to the DelegatingPersistenceManager wasn't setting the attributeValue and lastUpdatedTimeStamp2 values. By putting persistenc information on the collection attribute itself, the value and lastUpdatedTimeStamp values were being set, but attributeValue and lastUpdatedTimeStamp2 were still not being set. Collection Set Collection java.util.TreeSet I was able to get a temporary work around going on my development environment by overriding DelegatingPersistenceManager with the following change: ... Object value = attrDesc.getFieldValue(ModelMBeanConstants.ATTRIBUTE_VALUE); Object updated = attrDesc.getFieldValue(ModelMBeanConstants.LAST_UPDATED_TIME_STAMP2); Object pPolicy = attrDesc.getFieldValue(ModelMBeanConstants.PERSIST_POLICY); // Deal with persistable collections and arrays if ( value == null && attrDesc.getFieldValue( "value" ) != null ) { // If the value and/or lastUpdatedTimeStamp are non-null, given // both attributeValue and lastUpdatedTimeStamp2 are null, this is // a collection or array value = attrDesc.getFieldValue("value"); updated = attrDesc.getFieldValue("lastUpdatedTimeStamp"); } ... For unfathomable reasons I won't go into, the client doesn't want to recompile our own DelegatingPersistenceManager with this patch. So I created a xmbeanCollectionPersistenceSupport.jar containing our implementation. Now we're at the point that I'm stuck on. When we put xmbeanCollectionPersistenceSupport.jar in the /lib/endorsed and run the server from Eclipse using the JBoss plugin, everything works peachy and collections get persisted. However, when we run from the command line, we get this exception: 11:03:54,354 ERROR [ModelMBeanInvoker] Unable to instantiate the persistence manager:com.clientName.mx.persistence.DelegatingPersistenceManager RuntimeErrorException: instantiating com.clientName.mx.persistence.DelegatingPersistenceManager failed: java.lang.NoClassDefFoundError: org/jboss/mx/persistence/PersistenceManager Cause: java.lang.NoClassDefFoundError: org/jboss/mx/persistence/PersistenceManager How do I get my new class recognized without putting it in /lib/endorsed? Is there another way to address the issue? Can anyone put me out of my misery? Thanks Bob Blackard Momentum SI View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905526#3905526 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905526 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user