RE: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x
I am sorry that I didn't replyed earlier but I was out of office for several days. Back to work then... I have already defined the same security domain to both jboss-web.xml and jboss.xml. To test the behaviour I changed my login module to IdentityLoginModule. Using this login module I can call my ejbs from both the secure and the unsecure areas. You can also see: http://www.jboss.org/forums/thread.jsp?forum=49thread=27710 -Original Message- From: Scott M Stark [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 6:18 AM To: [EMAIL PROTECTED] Subject: Re: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x The secured ejbs must also be secured under the java:/jaas/secured security-domain for this to work. You have added: security-domainjava:/jaas/secured/security-domain to both the jboss-web.xml and jboss.xml descriptors? Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: Panagiotis Korros [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 29, 2003 8:08 AM Subject: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x I have a web application with a restricted area and an unrestricted area. The structure is the following: /secure (webapp) /secure/admin/ (secure area accesible only by the admin role) /secure/admin/page1.jsp /secure/page2.jsp (accesible by everyone) page1.jsp and page2.jsp call the same ejb (marked us unchecked). when i call page1.jsp the system authenticates me and then everything works ok. when i call page2.jsp directly without being authenticated first I get the following error: java.lang.RuntimeException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null I used the unauthenticatedIdentity property but nothing changed. Any ideas or solutions about the problem would be very helpful! Korros Panagiotis. my login-config.xml contains: application-policy name=secure authentication login-module code=org.jboss.security.auth.spi.UsersRolesLoginModule flag=required module-option name=unauthenticatedIdentitynobody/module-option /login-module /authentication /application-policy --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x
There are examples of this in the web integration unit tests so if you can't see a difference submit a testcase as an attachement to a bug report at sourceforge: http://sourceforge.net/projects/jboss/ Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: Panagiotis Korros [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 06, 2003 12:54 AM Subject: RE: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x I am sorry that I didn't replyed earlier but I was out of office for several days. Back to work then... I have already defined the same security domain to both jboss-web.xml and jboss.xml. To test the behaviour I changed my login module to IdentityLoginModule. Using this login module I can call my ejbs from both the secure and the unsecure areas. You can also see: http://www.jboss.org/forums/thread.jsp?forum=49thread=27710 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x
The secured ejbs must also be secured under the java:/jaas/secured security-domain for this to work. You have added: security-domainjava:/jaas/secured/security-domain to both the jboss-web.xml and jboss.xml descriptors? Scott Stark Chief Technology Officer JBoss Group, LLC - Original Message - From: Panagiotis Korros [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 29, 2003 8:08 AM Subject: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x I have a web application with a restricted area and an unrestricted area. The structure is the following: /secure (webapp) /secure/admin/ (secure area accesible only by the admin role) /secure/admin/page1.jsp /secure/page2.jsp (accesible by everyone) page1.jsp and page2.jsp call the same ejb (marked us unchecked). when i call page1.jsp the system authenticates me and then everything works ok. when i call page2.jsp directly without being authenticated first I get the following error: java.lang.RuntimeException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null I used the unauthenticatedIdentity property but nothing changed. Any ideas or solutions about the problem would be very helpful! Korros Panagiotis. my login-config.xml contains: application-policy name=secure authentication login-module code=org.jboss.security.auth.spi.UsersRolesLoginModule flag=required module-option name=unauthenticatedIdentitynobody/module-option /login-module /authentication /application-policy --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user