[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Trying to port webapp from Weblogic 8.x to JBoss
Hello, You can look at this post. Note that it's not really helpful, but there are several difficulties I went through. http://www.jboss.com/index.html?module=bbop=viewtopict=67273 I opened a RFE concerning the support of role-mapping regards, dom View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3889076#3889076 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3889076 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Migrating from Weblogic to JBoss : problem with wepapp a
After many research, I think the answer is here : http://wiki.jboss.org/wiki/Wiki.jsp?page=PortingFromWeblogic For weblogic users : There is a important difference between jboss and weblogic for webapp (and I suppose for EJB too) : In weblogic : you can map a role to realm groups/users using the weblogic.xml. You can have user joe and group users that build a single role theRole you referenced in your web.xml. This way allows to avoid having applications group to be spread in the realm. In Jboss : the role-name you provide in your web.xml must be the group name you have in your realm (I don't think this word is useable in a jboss world). At the moment, I don't really understand what jboss-web.xml is aimed at concerning these features. To my mind, it's a little limitation jboss developer could look at. I hope this post will help former weblogic users Dom View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3888604#3888604 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888604 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration Deployment] - Re: Problem with jboss-web.xml : role mapping doesn't work f
Stopping thread. See answer in Servlet newsgroup. Dom View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3888365#3888365 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888365 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Migrating from Weblogic to JBoss : problem with wepapp a
Hello Scott and thank you for answering, I think I don't understand the whole thing, though it's clear to me when I use Weblogic. Maybe you can help me to improve my undestanding of jboss, can't you ? What I understand : Application developer want to restraitn access to specific URL and so use a security-constraint with a auth-constraint. From what I understand, the role-name of the auth-constraint are logical roles, ie, roles that as a business sense from the application developer point of view. In my case, the logical role is utilisateurCollaborateur. For each role-name you use in the auth-constraint, you have to add a security-role in you web.xml As the application developer is not the application deployer, there has to be a way to do the mapping that says which users have the roles the application developer need to deal with. Actually, I believe the way to do that is the use of jboss-web.xml. In Jboss-web.xml, for each role you mentioned in the auth-constraint, you have to the mapping role-name -- principal-name, where principal-name is the name of a user or a group you can find in you security realm. You can have several realm users/groups that builds a single role. That allows to avoid spreading application specific groups in the realm that exists anyway. As the realm is managed elsewhere and in it users may belong to specific group (I don't say role here), the whole thing has sense to me, and that's what I understand from the jboss documentation that I read carefully. This allow the application developer to use request.isUserInRole too, using security-role, instead of real groups of the db. If it's not the way it works, can you tell me where I'm wrong ? I'm looking forward to your answer. Dom [EMAIL PROTECTED] wrote : the only use of principal-name in the security-role is to assign additional roles to run-as principals. Authenticated users obtain their roles from the jaas login. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3888373#3888373 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888373 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Installation, Configuration Deployment] - Problem with jboss-web.xml : role mapping doesn't work for m
I already posted the same message on the serlet newsgroup. I try on this too just in case. *** I'm currently trying to migrate a webapp from weblogic8.1 to JBoss, and I'm meeting a problem I hadn't with WLS. My webapp has a security-constraint section with auth-constraint. I'm using Form authentication with DB Realm. My problem is that I can log in my webapp, but I get a 403 saying I'm not allowed to access ressources. I checked several things : - I can log in, ie login/password are checked against DB, so this part works. If I give a wrong password, I get form-error-page page. - I added a piece of code in my 403.jsp. I added 3 lines : 0. System.out.println(request.getRemoteUser()); -- return djeanprost 1. System.out.println(request.isUserInRole(collaborateur)); where collaborateur is a group of my group table. -- Return true, which is normal to me. 2. System.out.println(request.isUserInRole(utilisateurCollaborateur)); -- false utilisateurCollaborateur is a role I specified in the auth-constraint section in the web.xml. I also have a security-role section where I declare the utilisateurCollaborateur role name. In my jboss-web.xml, I have a security-role role-nameutilisateurCollaborateur/role-name principal-namecollaborateur/principal-name principal-namedjeanprost/principal-name /security-role where I map utilisateurCollaborateur to collaborateur and djeanprost. I added the principal name djeanprost to add a test : it does not work neither. I conclude the mapping from utilisateurCollaborateur to collaborateur is not done. Where am I wrong ? Regards, View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3888179#3888179 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888179 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: location of compiled jsp files on jboss4.0.2?
I believe it's in the work dir of your server dir. You have to find out in which of the sub-dir the jsp is. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3887854#3887854 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3887854 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Migrating from Weblogic to JBoss : problem with wepapp a
I precise that if in my jboss-web.xml I use a role-name which is not declared in a security-role of the web.xml, the webapp is not deployed saying there is a mistake in the jboss-web.xml, which is normal. So, my problem is that utilisateurCollaborateur is not mapped to the principal-name I provided. Is there a debug feature I could turn on to help me find out what's going wrong ? View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3887856#3887856 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3887856 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Migrating from Weblogic to JBoss : problem with weapp auth.
I already posted the same message on the serlet newsgroup. I try on this too just in case. *** I'm currently trying to migrate a webapp from weblogic8.1 to JBoss, and I'm meeting a problem I hadn't with WLS. My webapp has a security-constraint section with auth-constraint. I'm using Form authentication with DB Realm. My problem is that I can log in my webapp, but I get a 403 saying I'm not allowed to access ressources. I checked several things : - I can log in, ie login/password are checked against DB, so this part works. If I give a wrong password, I get form-error-page page. - I added a piece of code in my 403.jsp. I added 3 lines : 0. System.out.println(request.getRemoteUser()); -- return djeanprost 1. System.out.println(request.isUserInRole(collaborateur)); where collaborateur is a group of my group table. -- Return true, which is normal to me. 2. System.out.println(request.isUserInRole(utilisateurCollaborateur)); -- false utilisateurCollaborateur is a role I specified in the auth-constraint section in the web.xml. I also have a security-role section where I declare the utilisateurCollaborateur role name. In my jboss-web.xml, I have a security-role role-nameutilisateurCollaborateur/role-name principal-namecollaborateur/principal-name principal-namedjeanprost/principal-name /security-role where I map utilisateurCollaborateur to collaborateur and djeanprost. I added the principal name djeanprost to add a test : it does not work neither. I conclude the mapping from utilisateurCollaborateur to collaborateur is not done. Where am I wrong ? Regards, View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3887929#3887929 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3887929 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Migrating from Weblogic to JBoss : problem with weapp au
I made a dump of the request.getUserPrincipal(). Here it is : 14:53:46,846 INFO [STDOUT] debut de org.jboss.web.tomcat.security.JBossGenericPrincipal name = djeanprost password = null realm = [EMAIL PROTECTED] roles = debut de tableau EPArchitectureSI EPEncadrementIntermediaire EPPoleCompetences LorisIntranet absenteismeIntranet ameliorationpermanenteIntranet barGEDIntranet basedocCMECDPIntranet basedocCMEIntranet basedocGRHIntranet basedocPHSIntranet basedocPSOIntranet basedocQCOIntranet collaborateur collaborateurUtilisateurVersions declarationAbsenteismeIntranet dossiersStatistiquesIntranet ficheAbsenteisme intendance outilsCommerciaux outilsPedagogiquesIntranet utilisateurRelancesIntranet fin de tableau authPrincipal = djeanprost callerPrincipal = djeanprost credentials = password1 subject = Objet : Principal : djeanprost Principal : Roles(members:absenteismeIntranet,basedocCMECDPIntranet,utilisateurRelancesIntranet,outilsCommerciaux,collaborateurUtilisateurVers ions,outilsPedagogiquesIntranet,ficheAbsenteisme,basedocPHSIntranet,basedocCMEIntranet,intendance,dossiersStatistiquesIntranet,EPEncadrementIntermedia ire,basedocGRHIntranet,basedocPSOIntranet,declarationAbsenteismeIntranet,barGEDIntranet,EPPoleCompetences,EPArchitectureSI,LorisIntranet,ameliorationp ermanenteIntranet,collaborateur,basedocQCOIntranet) userRoles = debut de liste absenteismeIntranet basedocCMECDPIntranet utilisateurRelancesIntranet outilsCommerciaux collaborateurUtilisateurVersions outilsPedagogiquesIntranet ficheAbsenteisme basedocPHSIntranet basedocCMEIntranet intendance dossiersStatistiquesIntranet EPEncadrementIntermediaire basedocGRHIntranet basedocPSOIntranet barGEDIntranet declarationAbsenteismeIntranet EPPoleCompetences EPArchitectureSI LorisIntranet ameliorationpermanenteIntranet basedocQCOIntranet collaborateur fin de liste fin de org.jboss.web.tomcat.security.JBossGenericPrincipal You can see that my principal doesn't have the role utilisateurCollaborateur although I specified role-mapping with jboss-web.xml which is below : jboss-web security-domainjava:/jaas/djp/security-domain context-rootaccueil/context-root security-role role-nameutilisateurCollaborateur/role-name principal-namecollaborateur/principal-name /security-role /jboss-web Here is my web.xml (a subset) web-app servlet-namemainServlet/servlet-name servlet-classcom.dexia.common.gui.WebServlet/servlet-class init-param param-namewebAppClassName/param-name param-valuecom.dexia.sofaxis.accueil.gui.AccueilGUI/param-value /init-param servlet-mapping ... /servlet-mapping security-constraint web-resource-collection web-resource-nameprotected/web-resource-name url-pattern/services/url-pattern url-pattern/main.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameutilisateurCollaborateur/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/connexion.jsp/form-login-page form-error-page/echecConnexion.jsp/form-error-page /form-login-config /login-config security-role role-nameutilisateurCollaborateur/role-name /security-role ... Does anyone has a clue ? View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3887961#3887961 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3887961 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Migrating from Weblogic to JBoss : problem with wepapp authe
Hello, I'm currently trying to migrate a webapp from weblogic8.1 to JBoss, and I'm meeting a problem I hadn't with WLS. My webapp has a security-constraint section with auth-constraint. I'm using Form authentication with DB Realm. My problem is that I can log in my webapp, but I get a 403 saying I'm not allowed to access ressources. I checked several things : - I can log in, ie login/password are checked against DB, so this part works. If I give a wrong password, I get form-error-page page. - I added a piece of code in my 403.jsp. I added 3 lines : 0. System.out.println(request.getRemoteUser()); -- return djeanprost 1. System.out.println(request.isUserInRole(collaborateur)); where collaborateur is a group of my group table. -- Return true, which is normal to me. 2. System.out.println(request.isUserInRole(utilisateurCollaborateur)); -- false utilisateurCollaborateur is a role I specified in the auth-constraint section in the web.xml. I also have a security-role section where I declare the utilisateurCollaborateur role name. In my jboss-web.xml, I have a security-role role-nameutilisateurCollaborateur/role-name principal-namecollaborateur/principal-name principal-namedjeanprost/principal-name /security-role where I map utilisateurCollaborateur to collaborateur and djeanprost. I added the principal name djeanprost to add a test : it does not work neither. I conclude the mapping from utilisateurCollaborateur to collaborateur is not done. Where am I wrong ? Regards, Dom View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3887704#3887704 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3887704 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
