[JBoss-user] [JBoss Portal] - Security questions and issues
Hi All, I've noticed that the login-config.xml in the Portal indicates a (new?) LoginModule (org.jboss.portal.core.security.jaas.IdentityPropagationLoginModule) that appears to take the place of ClientLoginModule for propogation. Is this assumption correct? I have tried using both but am getting different errors with each. The IdentityPropogationLoginModule fails when initializing our Portlet with a NullPointerException (I believe because our Portlet calls EJBCreate on a session bean, and there is no logged in user yet... the ejbCreate method is set as unchecked=true, but this hasn't helped; I've been pouring over docs looking at the intricacies / conflicts of dealing with roles, groups, etc - our LoginModule worked great until we started to place our apps under a security domain - it might still be working great, but now I'm not so sure ;). The ClientLoginModule fails with this security notice: 09:11:05,713 INFO [STDOUT] Caused by: java.lang.SecurityException: Insufficient method permissions, principal=[roles=[Authenticated],principal=anonymous], ejbName=UserManagement, method=getRootUsers, interface=REMOTE, requiredRoles=[Authenticated], principalRoles=null Note that the principal is flagged with an Authenticated role, but principalRoles is null... I think that is what's causing our problem there. Which way should I pursue? Should I even track down the problems with ClientLoginModule or should I chase down what's going on with the IdentityPropagationLoginModule? Thanks! Steve View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3891822#3891822 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3891822 --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [EJB/JBoss] - Re: ClassCastException with EJBs
"darranl" wrote : Have any of you read the links posted by Scott earlier in this thread? I realize everybody's busy and all, but perhaps a short summary of the problem (a sentence or two) before referring the world to 25 pages of detailed technical description containing _far_ more than we really need to understand the issue is not what we want here. So, perhaps this will help future visitors to this page: >From 4.0.2 JBoss has changed to the Servlet spec classloading model, i.e. it >uses the Tomcat classloader. The first link Scott provided details the hows and whys of the ClassLoader architecture implemented in JBoss. If you have time, read this, it will help you - but get a cup of coffee and spend some time with it, don't just gloss it over. http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossClassLoadingUseCases The second link Scott provided has some specific examples and reading the configurations and their implications triggered my brain far faster than the more exhaustive technical description. Since then, however the first link was helpful when I couldn't reason something out. http://wiki.jboss.org/wiki/Wiki.jsp?page=ClassLoadingConfiguration So, while I digest all this, I've set the UseJBossWebLoader to true (the standard distribution of JBossAS 4.0.2 sets this false) in the jbossweb-tomcat55.sar\META-INF\jboss-service.xml so that the rest of my team can keep going unhindered, and I can figure out what I need to do in terms of changing our deployment structure to be compliant. Steve View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3882717#3882717 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3882717 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
