[JBoss-user] [Security JAAS/JBoss] - Re: Login module which accesses an EJB?
Further to this, I'm having a problem which is very strange. I'm not sure into which of the seperate jar/war files to put my security classes. I'm using JAAS, and I have a sar file which contains meta-inf/jboss-service.xml: ?xml version='1.0'? | !DOCTYPE policy PUBLIC | -//JBoss//DTD MBean Service 4.0//EN | http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd; | server |!-- The custom JAAS login configuration that installs |a Configuration capable of dynamically updating the |config settings |-- | mbean code=org.jboss.security.auth.login.DynamicLoginConfig | name=jboss.security.tests:service=LoginConfig | attribute name=PolicyConfig serialDataType=jbxb | jaas:policy | xsi:schemaLocation=urn:jboss:security-config:4.1 resource:security-config_4_1.xsd | xmlns:jaas=urn:jboss:security-config:4.1 | xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; | | !-- Our Greenfields login config -- | jaas:application-policy name=Greenfields | jaas:authentication | jaas:login-module code=com.fcl.security.GreenfieldsLoginModule flag=required | jaas:module-option name=unauthenticatedIdentityAnonymous/jaas:module-option | jaas:module-option name=principalClasscom.fcl.security.GreenfieldsUser/jaas:module-option | jaas:module-option name=ignorePasswordCasetrue/jaas:module-option | /jaas:login-module | /jaas:authentication | /jaas:application-policy | /jaas:policy | /attribute | depends optional-attribute-name=LoginConfigService | jboss.security:service=XMLLoginConfig | /depends | depends optional-attribute-name=SecurityManagerService | jboss.security:service=JaasSecurityManager | /depends | /mbean | /server I put my com.fcl.security.GreenfieldsLoginModule,com.fcl.security.LoginUtils (utility functions used by the login process) and com.fcl.security.GreenfieldsUser (The Principal class) into the WAR file (because it's the web app that does the JAAS authentication), but then I get [c]dejava.lang.LinkageError: loader constraints violated when linking com/fcl/security/GreenfieldsUser class when invoking my EJBs. I put com.fcl.security.GreenfieldsUser into my EJB jar file too. basically, my EAR is build like this... here's my application.xml: ?xml version=1.0 encoding=UTF-8? | application | xmlns=http://java.sun.com/xml/ns/j2ee; | xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; version=1.4 | xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application_1_4.xsd; | display-nameGreenFields/display-name | module | java id=greenfield.jargreenfield.jar/java | /module | module | ejb id=persistence.jarpersistence.jar/ejb | /module | module | ejb id=ejbs.jarejbs.jar/ejb | /module | module | java id=GreenfieldsLogin.sarGreenfieldsLogin.sar/java | /module | module | web | web-uriwebapp.war/web-uri | context-rootgfFw/context-root | /web | /module | /application View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3954993#3954993 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3954993 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Login module which accesses an EJB?
Now, I just put com.fcl.security.GreenfieldsLoginModule into my WAR file. All other classes from the com.fcl.security package are in greenfield.jar, just another java module listed in application.xml. But in my LoginModule, I now get this: 10:09:25,718 ERROR [fcl] tried to access method com.fcl.security.LoginUtils.login(Ljava/lang/String;[BLjava/lang/Long;)Lcom/fcl/secu | rity/GreenfieldsUser; from class com.fcl.security.GreenfieldsLoginModule | java.lang.IllegalAccessError: tried to access method com.fcl.security.LoginUtils.login(Ljava/lang/String;[BLjava/lang/Long;)Lcom/fcl | /security/GreenfieldsUser; from class com.fcl.security.GreenfieldsLoginModule | at com.fcl.security.GreenfieldsLoginModule.login(GreenfieldsLoginModule.java:116) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:587) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:521) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:330) | at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:306) | at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868) | at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663) | at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) | at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) | at java.lang.Thread.run(Thread.java:595) I have a terrible problem here. I cannot get our app to work. I'm feeling the project is going to get cancelled and I'll be fired. Why is it this DIFICULT? What do I have to do just to get login to work? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3955006#3955006 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3955006 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Login module which accesses an EJB?
First off, start a new thread as this is not related to the threads subject. Second, do not put | module | java id=GreenfieldsLogin.sarGreenfieldsLogin.sar/java | /module | in application.xml. Java 2 E E spec. knows nothing of JBoss sars. You need to set that in jboss-app.xml. Finally, do not complain to us that you are going to get fired if you do not get help. We are only here to help voluntarily, and you should not depend on us to get your job done. Happy to help otherwise, cgriffith View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3955078#3955078 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3955078 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Login module which accesses an EJB?
Klusi, I have a login module which does this as well. Is it good design? I am not sure. One very imporant point to note (as you will see if you search this forum) is that you can't secure the EJB that has authenticate(user,passwd) method using the same application-policy (i.e. security-domain). There would an circular login problem. Also, consider how you plan to authenticate the login module as a user of the EJB. enjoy, cgriffith View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3954678#3954678 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3954678 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Login module which accesses an EJB?
It is better to use the Database LM because it does the job for you while managing the subject population with roles. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3954709#3954709 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3954709 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user