[JBoss-user] [Security & JAAS/JBoss] - Re: unexpected behavior with authenticated but unauthorized
Well, then the solution is simple enough. Add and entry for 403 errors and handle gracefully from there. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923645#3923645 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923645 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - unexpected behavior with authenticated but unauthorized user
I've set up a test case for a user that is successfully authenticated but that
is not authrorized by the security-constraint to access a servlet. I've tested
other form basedlogin behavior and got the expected resuts. Accession page
requireing authentication redirects to form-login-page, invalid credentials to
form-error-page, valid credentials for authorized user to initial target.
However, when I provide valid credentials for user that is not authorized, I
get an HTTP Status 403 back. Other container managers I've used direct to
form-login-page in this sittuation.
What can I do to intercept this condition and redirect to a page of my
choosing?
I'm using JBoss 4.0.2 and the LdapLoginModule. Again, everything works except
for this condition. Excerpts from web.xml and ldif follow. The usera gets in
fine, userb gets a status 403.
cut - part of web.xml - begin
unprotected resources
/login_placeholder.jsp
/error_placeholder.jsp
protected resources
/welcome_placeholder.jsp
authRole
/welcome_placeholder.jsp
realm
FORM
/login_placeholder.jsp
/error_placeholder.jsp
authRole
cut - part of web.xml - end
cut - part of LDIF - begin
dn: uid=usera,ou=people,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: usera
mail: [EMAIL PROTECTED]
cn: Authorized User
sn: User
userpassword: {SSHA}/J+00NUgSWm/iM1KIiR2GuR+E+ugezfz
dn: uid=userb,ou=people,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: userb
mail: [EMAIL PROTECTED]
cn: Nonauthorized User
sn: User
userpassword: {SSHA}XYOUSJ7BcSHQ+5viFT8Zzoo6Mb3dGoLn
dn: cn=authRole,ou=roles,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: groupofuniquenames
cn: authRole
description: Group of users with access to app
uniqueMember: uid=usera,ou=people,dc=acorp,dc=com
cut - part of LDIF - end
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923501#3923501
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923501
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
___
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Messaging, JMS & JBossMQ] - JAAS/JBoss unexpected behavior with authenticated but unauth
I've set up a test case for a user that is successfully authenticated but that
is not authrorized by the security-constraint to access a servlet. I've tested
other form basedlogin behavior and got the expected resuts. Accession page
requireing authentication redirects to form-login-page, invalid credentials to
form-error-page, valid credentials for authorized user to initial target.
However, when I provide valid credentials for user that is not authorized, I
get an HTTP Status 403 back. Other container managers I've used direct to
form-login-page in this sittuation.
What can I do to intercept this condition and redirect to a page of my choosing?
I'm using JBoss 4.0.2 and the LdapLoginModule. Again, everything works except
for this condition. Excerpts from web.xml and ldif follow. The usera gets in
fine, userb gets a status 403.
cut - part of web.xml - begin
unprotected resources
/login_placeholder.jsp
/error_placeholder.jsp
protected resources
/welcome_placeholder.jsp
authRole
/welcome_placeholder.jsp
realm
FORM
/login_placeholder.jsp
/error_placeholder.jsp
authRole
cut - part of web.xml - end
cut - part of LDIF - begin
dn: uid=usera,ou=people,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: usera
mail: [EMAIL PROTECTED]
cn: Authorized User
sn: User
userpassword: {SSHA}/J+00NUgSWm/iM1KIiR2GuR+E+ugezfz
dn: uid=userb,ou=people,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: userb
mail: [EMAIL PROTECTED]
cn: Nonauthorized User
sn: User
userpassword: {SSHA}XYOUSJ7BcSHQ+5viFT8Zzoo6Mb3dGoLn
dn: cn=authRole,ou=roles,dc=acorp,dc=com
changetype: add
objectclass: top
objectclass: groupofuniquenames
cn: authRole
description: Group of users with access to app
uniqueMember: uid=usera,ou=people,dc=acorp,dc=com
cut - part of LDIF - end
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3923500#3923500
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3923500
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
___
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Management, JMX/JBoss] - Re: Can't persist collection or array attributes of XMBeans
Hmmm... didn't escape the xmbean attribute fragment... lemme try againView the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905527#3905527 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905527 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user Customer AV Set Customers java.util.TreeSet
[JBoss-user] [Management, JMX/JBoss] - Can't persist collection or array attributes of XMBeans
We're using JBoss 4.0.2 and JDK 1.4.2_07 on Windows and Linux boxes. Our
XMBean is persisting the non-collection data using the
DelegatingPersistenceManager/AttributePersistenceService/XMLAttributePersistenceManager
configuration just fine. We also tested this using the
ObjectStreamPersistenceManager and got the same results.
By digging into the DelegatingPersistenceManager, we were able to trace down a
couple of things. First, whatever is preparing the MBeanInfo and
MBeanAttributeInfo before getting to the DelegatingPersistenceManager wasn't
setting the attributeValue and lastUpdatedTimeStamp2 values. By putting
persistenc information on the collection attribute itself, the value and
lastUpdatedTimeStamp values were being set, but attributeValue and
lastUpdatedTimeStamp2 were still not being set.
Collection Set
Collection
java.util.TreeSet
I was able to get a temporary work around going on my development environment
by overriding DelegatingPersistenceManager with the following change:
...
Object value =
attrDesc.getFieldValue(ModelMBeanConstants.ATTRIBUTE_VALUE);
Object updated =
attrDesc.getFieldValue(ModelMBeanConstants.LAST_UPDATED_TIME_STAMP2);
Object pPolicy =
attrDesc.getFieldValue(ModelMBeanConstants.PERSIST_POLICY);
// Deal with persistable collections and arrays
if ( value == null && attrDesc.getFieldValue( "value" ) != null
) {
// If the value and/or lastUpdatedTimeStamp are
non-null, given
// both attributeValue and lastUpdatedTimeStamp2 are
null, this is
// a collection or array
value = attrDesc.getFieldValue("value");
updated =
attrDesc.getFieldValue("lastUpdatedTimeStamp");
}
...
For unfathomable reasons I won't go into, the client doesn't want to recompile
our own DelegatingPersistenceManager with this patch. So I created a
xmbeanCollectionPersistenceSupport.jar containing our implementation. Now
we're at the point that I'm stuck on.
When we put xmbeanCollectionPersistenceSupport.jar in the
/lib/endorsed and run the server from Eclipse using the JBoss
plugin, everything works peachy and collections get persisted. However, when
we run from the command line, we get this exception:
11:03:54,354 ERROR [ModelMBeanInvoker] Unable to instantiate the persistence
manager:com.clientName.mx.persistence.DelegatingPersistenceManager
RuntimeErrorException: instantiating
com.clientName.mx.persistence.DelegatingPersistenceManager
failed: java.lang.NoClassDefFoundError:
org/jboss/mx/persistence/PersistenceManager
Cause: java.lang.NoClassDefFoundError:
org/jboss/mx/persistence/PersistenceManager
How do I get my new class recognized without putting it in
/lib/endorsed? Is there another way to address the issue? Can
anyone put me out of my misery?
Thanks
Bob Blackard
Momentum SI
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905526#3905526
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905526
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
___
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
