[JBoss-user] [Security JAAS/JBoss] - role-name from web.xml module-option name=rolesProper
Hello world, Sorry if this question has already been posted here, but i'm quite new in JBoss, so feel free to forward me to the relevant thread if necessary. I'm buiding a webapp where users can be distinguished by they role. I needed to respect JAAS, so 've defined this roles in myWebApp-roles.properties through my login-config-xml. To protect some features of my app, i want an URL control list. That's i intend to do in my web.xml The Authentication seems to be allright : i get my subjecvt and my principals ( Roles(members:BasicUser) ). But i don't have acces to my url : GET /myWebApp/action/menuView HTTP/1.1 302 - It seems like if the role wasn't shared between my webapp and JBoss? What's wrong ? What did i forget ? Please help, web.xml : --- security-constraint web-resource-collection web-resource-nameMyWebAppActions/web-resource-name MyWebApp actions mappings url-pattern/action/menuView/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-nameBasicUser/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config.xml : --- application-policy name=myWebApp login-module code=org.jboss.security.ClientLoginModule flag=required /login-module login-module code=org.jboss.security.auth.spi.UsersRolesLoginModule flag=required module-option name=unauthenticatedIdentity myAppGuest /module-option module-option name=usersProperties myWebApp-users.properties /module-option module-option name=rolesProperties myWebApp-roles.properties /module-option /login-module /application-policy myWebApp-roles.properties : -- MyUser=BasicUser View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3853647#3853647 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3853647 --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Role-mapping with LdapLoginModule and ActiveDirectory
Hello, I'm authenticating users against an ActiveDirectory server using the LdapLoginModule and this seems to be working nicely. Given a correct username and password the appropriate principal can be retrieved from the SessionContext of my bean. (for debugging only of course) However, I've had little luck with mapping users to roles with this setup, probably because I don't fully understand what is going on. As an example, the user with the distinguished name anonymous wrote : CN=Logi Ragnarsson,OU=Tolvudeild,OU=Upplysinga Taeknisvid,OU=Skrifstofa,OU=Notendur,DC=althingi,DC=is is authenticated, but will have an empty set of roles as seen by this exception: anonymous wrote : Insufficient method permissions, principal=logir, method=create, interface=HOME, requiredRoles=[pruf, Tolvudeild], principalRoles=[] The user has a number of role-mappings, including: anonymous wrote : memberOf CN=Tolvudeild,OU=Groups,DC=althingi,DC=is | memberOf CN=pruf,OU=Groups,DC=althingi,DC=is either of which should be sufficient to allow access to the bean. My feeble attempts at setting this up have resulted in the following login module configuration as the only one in the login-config.xml file: anonymous wrote : login-module code=org.jboss.security.auth.spi.LdapLoginModule flag=required | module-option name=debugtrue/module-option | module-option name=java.naming.provider.urlldap://adc.althingi.is//module-option | module-option name=principalDNSuffix@althingi.is/module-option | module-option name=rolesCtxDNOU=Groups,DC=althingi,DC=is/module-option | module-option name=roleAttributeIDmemberOf/module-option | module-option name=roleAttributeIsDNtrue/module-option | module-option name=roleNameAttributeIDname/module-option | module-option name=uidAttributeIDsAMAccountName/module-option | /login-module | I'm sure this is obvious to those who know what is going on, but I'm baffled. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3846432#3846432 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3846432 --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - role
hi all, if a role AAA has the access permission to the BBB EJBcomponent, how can i obtain the role AAA when i lookup the BBB EJBComponent? help please, thanks liuhf a href=http://www.jboss.org/index.html?module=bbop=viewtopicp=3827575#3827575;View the original post/a a href=http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3827575Reply to the post/a --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
