[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
No, it would not make a difference. It is the callers resposibility to provide the correct security credentials. Maybe your POJO endpoint is not secured, then of course there is no security context that can automatically be propagated to the EJB layer. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3942081#3942081 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3942081 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
Keep in mind, I'm not using an EJB endpoint. My endpoint is a POJO and it then calls the secure session bean. Will that make a difference in your fix? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3941407#3941407 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3941407 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
The EndpointMetaData supports |public void setAuthMethod(String authMethod) |{ | this.authMethod = authMethod; |} | |public void setTransportGuarantee(String transportGuarantee) |{ | this.transportGuarantee = transportGuarantee; |} | which are only called from | JSR109ServerMetaDataBuilder | That means the generated web.xml will only contain these security settings for JSR109 EJB endpoints when you define them in jboss.xml http://jira.jboss.com/jira/browse/JBWS-865 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3940319#3940319 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3940319 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
Has anyone got this to work with JBoss 4.0.4.CR2? I want to be sure that this works with the GA release so that we can go live on it. Thomas, are you still watching this thread? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3939926#3939926 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3939926 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
Have you enabled tracing on the server side to debug this: http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ step 4. Check the logs to see if there is any security activity on the server side. Then follow Thomas's link from the user guide. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3939978#3939978 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3939978 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
No, I have not tried adding debug tracing, but I did add a soap message hander to the service so I could see the inbound soap message. The message no longer contained any security information in the soap header as it previously did when using Axis. The classes that get used on the client side to generate the request soap message are different with JBossWS, so is it possible that this piece, implementing stub._setProperty(String,String), may not have been tested with JBossWS. I know for sure that when using the Axis ws4ee-client classes, when you call stub._setProperty(String,String), it added security related information to the soap header. I just can't seem to get this to happen with JBossWS. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3939991#3939991 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3939991 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
Ya, I followed all of these steps and it did not work. It was working in JBoss 4.0.3 SP1 but it no longer works in JBoss 4.0.4.CR2. I'm using EJB3, so I'm setting up my security via annotations, but it should not matter. Here is some code from my bean: @Stateless | @SecurityDomain(dbms) | @RolesAllowed(dbmsuser) | public class InventoryInfoBean implements InventoryInfo The call initially goes through a POJO Java Service Endpoint because you did not yet have support for EJB3 service endpoints. That POJO endpoint uses JNDI to look up the EJB from above and passes the call to it. In my client, I do the following on the Stub object: stub._setProperty(Stub.USERNAME_PROPERTY, user); | stub._setProperty(Stub.PASSWORD_PROPERTY, password); And this all worked in JBoss 4.0.3 SP1 but no longer in 4.0.4CR2. Can someone please verify that this will work with the new JBossWS? Thanks. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3939316#3939316 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3939316 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
The best way to do this might be to use a handler: http://labs.jboss.com/portal/jbossws/user-guide/en/html/headers-handlers.html#handlers View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3936216#3936216 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3936216 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3936444#3936444 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3936444 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: JAAS Security Login with JBossWS
Does anyone have any thoughts on this issue? It's a bit pressing and I would appreciate any advice from anyone out there. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3935940#3935940 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3935940 --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user