[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss & Kerberos
It would have to be done through some out of band mechanism. The RMIServerSocket is used when a connection is created and there will be no user information associated with the thread. The only way this could be done is to read the Subject or key to obtain the Subject from the socket as sent by the client. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843689#3843689 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843689 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss & Kerberos
Thanks for your help I can't tell you much it has helped so far. Unfortunately, I have run into another problem. I would like to create custom RMI server and client socket factories that encrypt and decrypt the entire RMI message using the SRP SecretKey created during login. On the client I am able to get the SecretKey from the Subject and create encryption/decryption Ciphers based on the SecretKey. The problem is on the server. How do I get the Subject for the client that is connecting to the server? I tried to do this after the socket accept but it returned null: Subject subject = SecurityAssociation.getSubject(); How does the RMIServerSocket retrieve the apprioprate Subject so the server side socket can access a SecretKey that matches the clients so it can setup ciphers for input and output communication? I am using v3.2.3, with the service code from chap8 ex to perform the login. Thanks for all your help. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843684#3843684 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843684 --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss & Kerberos
The session key is available as a javax.crypto.SecretKey in the Subject private credentials set populated by the SRPLoginModule. There is an example of a custom pair of client/server interceptors in the org.jboss.test.security.interceptors package of the testuite that illustrate using the srp session key to encrypt just the arguments of ejb invocations using SealedObjects. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843164#3843164 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843164 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss & Kerberos
RMIServerFactorys above should be RMISocketFactory. Sorry for the typo. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843112#3843112 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843112 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss & Kerberos
I have tried out SRP example "ex3" in chapter 8 of the Admin & Development guide v3.2.3. This example shows how to performs authentication using SRP but the RMI data is still transferred without encryption. In order to add the encryption part I believe that I would have to create Custom RMIServerFactorys to that use an SRP session key to encrypt/decrypt the RMI data between the client and server. If this is correct, how do I get the SRP session key on both ends (client/server)? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843111#3843111 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843111 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: JBoss & Kerberos
We don't have a jboss speicific login module for kerberos but they exist so that would be the path to using kerberos with jboss. SRP is preferred simply because it does not have the pki management headache. Any kerberos integration would be similar to how SRP is done so its worth looking at from that perspective. If your pki phobic its a good alternative. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843108#3843108 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843108 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user