[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Startup servlet invoking Secured EJB
After debugging the jboss code, i found that the reason why the servlet is able to invoke the method on bean is because, somehow it is able to get the right role, which is required by the bean. I put a breakpoint in the OILServerILService at the following line: | case OILConstants.AUTHENTICATE: | result = server.authenticate((String)in.readObject(), (String)in.readObject()); | break; Also, i placed a breakpoint in SecurityManager class: | public String authenticate(String user, String password) throws JMSException The value that gets passed on to the method is the user name and password(in my case admin,adminPassword). The role corresponding to admin has the privilege to invoke the method on bean. Hence i am able to access the bean. But, my question still remains as to how and where is this username and password obtained, to be passed on to the SecurityManager, since i havent mentioned any of these as parameters to the startup servlet. Can anyone please answer this. I have been trying to figure this out for the past few days. Thank you. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3893192#3893192 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3893192 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Startup servlet invoking Secured EJB
And here's an extract from the web.xml file: servlet | servlet-nameAppStartupServlet/servlet-name | servlet-classcom.app.servlet.StartupServlet/servlet-class | load-on-startup1/load-on-startup | /servlet | | | security-constraint | web-resource-collection | web-resource-nameMy app/web-resource-name | url-pattern/jsp/*/url-pattern | url-pattern*.do/url-pattern | url-pattern*.jsp/url-pattern | url-pattern/servlet/*/url-pattern | url-pattern/servlet/DisplayChart/url-pattern | http-methodGET/http-method | http-methodPOST/http-method | /web-resource-collection | auth-constraint | role-namedev/role-name | role-nameadmin/role-name | role-nameuser/role-name | /auth-constraint | /security-constraint | | login-config | auth-methodBASIC/auth-method | realm-nameJBoss HTTP Invoker/realm-name | /login-config | security-role | role-namedev/role-name | /security-role | security-role | role-nameadmin/role-name | /security-role | security-role | role-nametapuser/role-name | /security-role View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3893216#3893216 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3893216 --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
