[JBoss-user] [Security JAAS/JBoss] - Re: Losing my principals.
Hi, I'm also using Struts, a business delegate layer, a ejb session facade layer etc. I was wondering if the BASIC, FORM, DIGEST etc. configs were mandatory in order for not losing principals on the EJB side? I think not, but I'm not quit sure. The Subject I retrieve after authentication is stored in httpsession by me and it stays there, so no problem on that part. After successful user login, the first remote ejb call works well (according to defined role/method permissions in the ejb DD) and the ejb login module pushes the user role as expected. The problem is the following: On the second (and same) remote ejb call, principal and credential are still being passed, but my ejb login module is not being called anymore. As a natural consequence, the role is not found (null) and a security exception is thrown by the ejb container. Could this be somehow related to Jon's web config problem? (I doubt about that) login-config.xml application-policy name=SiglesLogin | authentication | login-module code=org.jboss.security.ClientLoginModule flag=required/ | login-module code=fr.paris.dsti.sigles.frontend.security.auth.SimpleLoginModule flag=required/ | login-module code=org.jboss.security.ClientLoginModule flag=required/ | /authentication | /application-policy | | application-policy name=SiglesEjb | authentication | login-module code=org.jboss.security.ClientLoginModule flag=required | module-option name=multi-threadedtrue/module-option | /login-module | | login-module code=fr.paris.dsti.sigles.frontend.security.auth.JBossEjbLoginModule flag=required / | | login-module code=org.jboss.security.ClientLoginModule flag=required | module-option name=multi-threadedtrue/module-option | /login-module | | /authentication | /application-policy | web.xml and jboss-web.xml *** I did not configure any security in these files *** jboss.xml security-domainjava:/jaas/SiglesEjb/security-domain | ...plus role declaration and method perission... View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3875279#3875279 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3875279 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Losing my principals.
Hi Jon, Have you tried adding the following login-module code=org.jboss.security.ClientLoginModule flag=required/ after the UsersRolesLoginModule? Doing this solved the same problem for me. I'm using a custom login module however. Cheers, Stephane View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3874783#3874783 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874783 --- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Losing my principals.
Yes, Stephane; thanks for the suggestion. I had read that it was a solution for custom modules, but I've tried it nonetheless. Jon View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3874793#3874793 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874793 --- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Losing my principals.
I would need to see an example that illustrates the ejb call. It sounds like you are making a call from an unsecured web component, or are clearing the security context through improper use of some security api. There have been issues fixed when one is interacting with some services like the rmi adaptor, so you could try 3.2.7 or 4.0.1sp1 so see if that is the issue. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3874847#3874847 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874847 --- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Losing my principals.
Ah, yes. I am making the call from an unsecured element. I'm using struts, and the call is from the action class, through a service level facade, to the sesion ejb. Only the jsps were defined as secured in the web collection. If I secure everything in the web-collection (using url-pattern /*) the principal is recognized in the session ejb and is available to the next page, so it looks like that's the cause. Thanks very much. I only wish I'd asked here last week before the dent in the wall made by my head had become so deep. Cheers, Jon View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3874896#3874896 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874896 --- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Losing my principals.
Sorry, the configuration didn't come through properly last time, here it is again. web.xml security-constraint | web-resource-collection | web-resource-nameAllJSPs/web-resource-name | url-pattern*.jsp/url-pattern | /web-resource-collection | auth-constraint | role-nameeveryone/role-name | /auth-constraint |/security-constraint | |login-config | auth-methodBASIC/auth-method | realm-nameUser-Basic-Authentication/realm-name |/login-config | |security-role | descriptionThe role required to access restricted content/description | role-nameeveryone/role-name |/security-role (To force everyone to log on immediately) jboss-web.xml jboss-web |security-domainjava:/jaas/User-Basic-Authentication/security-domain | /jboss-web jboss.xml security-domainjava:/jaas/User-Basic-Authentication/security-domain jboss-service.xml mbean code=org.jboss.security.plugins.SecurityConfig | name=jboss.security:service=SecurityConfig | attribute name=LoginConfig | jboss.security:service=XMLLoginConfig | /attribute |/mbean | |mbean code=org.jboss.security.auth.login.XMLLoginConfig | name=jboss.security:service=XMLLoginConfig | attribute name=ConfigResource | login-config.xml | /attribute |/mbean | |!-- JAAS security manager and realm mapping -- |mbean code=org.jboss.security.plugins.JaasSecurityManagerService | name=jboss.security:service=JaasSecurityManager | attribute name=SecurityManagerClassName | org.jboss.security.plugins.JaasSecurityManager | /attribute |/mbean | |mbean code=org.jboss.security.plugins.JaasSecurityDomain | name=jboss.security:service=JaasSecurityDomain, domain=User-Basic-Authentication | constructor | arg type=java.lang.String value=User-Basic-Authentication / | /constructor |/mbean jboss-service.xml (in the -tomcat41.sar\meta-inf subdirectory) !-- A HTTP/1.1 Connector on port 8082 -- | Connector | className=org.apache.coyote.tomcat4.CoyoteConnector | port=8082 minProcessors=5 maxProcessors=100 | redirectPort=8443 enableLookups=true | acceptCount=10 debug=0 | securityDomainName=java:/jaas/User-Basic-Authentication | connectionTimeout=2 useURIValidationHack=false/ login-conf.xml application-policy name = User-Basic-Authentication |authentication | login-module | code = org.jboss.security.auth.spi.UsersRolesLoginModule | flag = required / |/authentication | /application-policy View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3874701#3874701 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3874701 --- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
