[JBoss-user] [Security JAAS/JBoss] - Re: Security context propagation from web client to ejb
This is why I chose tokenized security instead of JAAS, which I view as a work in progress. You can pass a user session token as a simple parameter to any EJB method from any Java client. With one line of code, your EJB method can validate that the user has access to the business method. The line of code will throw an AccessDenied exception if the user does not have access, which your client framework can handle in a standardized way. No container context is required for tokenized security. Indeed, it is even J2EE vendor independent, so your WebSphere clients can call JBoss EJBs. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3835113#3835113 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3835113 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Security context propagation from web client to ejb
I am basically having the same problem, but within one vm. Servlet authentication is no problem, accessing secured ejbs from a client in a different vm is also no problem - only accessing secured ejbs from the servlet (in the same vm) fails. I am probably missing something very obvious. Excerpt from the log: anonymous wrote : | 2004-05-15 11:40:23,923 TRACE [org.jboss.security.plugins.JaasSecurityManager.adb] updateCache, subject=Betreff: | Principal: elke | Principal: Roles(members:ADBadmin) | | | 2004-05-15 11:40:23,933 TRACE [org.jboss.security.plugins.JaasSecurityManager.adb] validateCache, [EMAIL PROTECTED] | | 2004-05-15 11:40:32,535 INFO [STDOUT] add (in servlet) | | 2004-05-15 11:40:32,535 TRACE [org.jboss.security.plugins.JaasSecurityManager.adb] validateCache, [EMAIL PROTECTED] | | 2004-05-15 11:40:32,535 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] Authenticated principal=null | | 2004-05-15 11:40:32,535 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] method=public abstract de.bsd.adb.ejb.Facade de.bsd.adb.ejb.FacadeHome.create() throws javax.ejb.CreateException,java.rmi.RemoteException, interface=HOME, requiredRoles=[] | | 2004-05-15 11:40:32,535 TRACE [org.jboss.security.plugins.JaasSecurityManager.adb] validateCache, [EMAIL PROTECTED] | | 2004-05-15 11:40:32,535 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] Authenticated principal=null | | 2004-05-15 11:40:32,535 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] method=public abstract de.bsd.adb.beans.Adresse de.bsd.adb.ejb.Facade.add(de.bsd.adb.beans.Adresse) throws java.rmi.RemoteException, interface=REMOTE, requiredRoles=[ADBadmin] | | 2004-05-15 11:40:32,535 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=null, method=add, interface=REMOTE, requiredRoles=[ADBadmin], principalRoles=[] | In login-config.xml, I have an authentication, which is being referred in jboss.xml and jboss-web.xml. I am using the DB-Server Login-Module; result does not change if I also add a ClientLoginModule before or after the DB-Server Module. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3835066#3835066 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3835066 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Security context propagation from web client to ejb
Forgot: this is on 3.2.3 with tomcat. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3835067#3835067 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3835067 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Security context propagation from web client to ejb
I have the same problem too, using JBoss 3.2.3 ands Tomcat. It would be very heplfull for our web-developper to develop only with tomcat, and just test with Tomcat/JBoss. Any tips about that? View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3834984#3834984 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3834984 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: Security context propagation from web client to ejb
A standalone tomcat instance is no different than a java client. You have to establish the security context for calls into the ejb container. If you want to resue the security context presented to the web container, then you need non-standard integration such as a tomcat valve to gain access to this information. This is what the security layer does in the embedded version of tomcat/jboss. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3834998#3834998 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3834998 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
