MAPPING MORE THAN ONE WEB RESOURCE TO SECURITY ROLES

2001-10-02 Thread David Bonilla 



I have protected my Application with declarative 
security and all works properly. When somebody try to access the Main 
Page, the Basic Authentification turn on. That´s good. I have also protected 
methods and mapped it with roles.

Now... I want to protect a second web recourse, a .js 
(script src="javascript:void(0);"/script) file but only for 
a few security-roles. If the role is allowed, the script is charged, if not, the 
script is not charged.

The problem is that when I try to access this Web resource, Orion asks for my 
login and password again - as if the verification hadn't been stored in the 
session. If I try to enter with a rol that isn't mapped to this resource, it 
doesn't even recognize the user and the password.
How can I make it so that Orion only asks me ONCE for my username and 
password and also so that I can load Web resources without having to enter my 
password, etc... again (assuming I have the correct permissions to load the 
resources in question).
Thank you very much !!!
__David Bonilla FuertesTHE BIT 
BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 
92Fax: (+34) 914 586 
176__

(SPECIFIC) QUESTIONS ABOUT MANAGING SECURITY

2001-10-01 Thread David Bonilla 



Well.. I'm using declarative (using only xml 
descriptors) security not programative security. 

Elena Barns wrote :

This exception is thrown when you use method that throws 
this exception, soas with any exception you have to put this method in try{} 
block and incatch(e com.evermind.server.rmi.OrionRemoteException) {} put 
method thatshows the user message about lacking of security permissions. 
This is myopinionElena
1. I can´t catch the 
com.evermind.server.rmi.OrionRemoteException because it´s a Orion 
propietary Exception and my Application must work over any Application Server to 
get the J2EE Certified Seal.

Serguei Batiuk wrote :


You probably 
need to derive all you exceptions from RemoteException, and work with these 
exceptionsas usually, for example:

public class 
WrongUserException extends RemoteException {
 public 
WrongUserException { 
 
}
 
...
}

Then you code 
will look like:

public class 
SomeClass {
 public 
void SomeMethod {
 try {
 // Invoke some secure 
method..
 MyEJB ejb = 
someBean.someSecureMethod();
 }
 catch( WrongUserException e ) 
{
 // Wrong 
User!
 }
catch( RemoteException ) 
{
 // Something else has 
happened!
 }
 
}
}

HTH,
Sergei.


2. Yeah... good idea but how and when must I throw this 
"WrongUserException" ? That´s my problem... I don´t know when I have a pure 
RemoteException or when I have a RemoteException that mask a Security 
Constraint...
__David Bonilla FuertesTHE BIT 
BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 
92Fax: (+34) 914 586 
176__

MORE THAN ONE USER PROBLEM

2001-09-27 Thread David Bonilla 



Hi Magnus !!!

Our security developing on Orion goes very good. Now I have 
more specific questions.

1. The web interface and EJBs security works 
but when I try to use a restricted a EJB method I only get a 
remoteException (I know... it´s normal). Is there some way to control if this 
exception is caused by a Security Constraint ? (To show for example... "You´re 
not allowed to do that").

2. I try to use two users with 
twodifferent roles/groups but it doesn´t work (I must do something 
wrong...) have you some kind of application (like the illuminati apply you 
sended me) but with two different users and different roles/groups 
?.

3. At least, but not at last... with who must 
we talk about Orion pricing and the possibility to include it into a 
"all-in-one" pack with our application ?

Thank you very much Magnus !!!

Best Regards !!
__David Bonilla FuertesTHE BIT 
BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 
92Fax: (+34) 914 586 
176__

QUESTIONS ABOUT MANAGING SECURITY

2001-09-27 Thread David Bonilla 



I have implemented security on my application and I´m a newbie 
with these questions. My apply catch the exceptions and show it via 
JSP.

When I try to access a method that 
I don't have permission for, I get a com.evermind.server.rmi.OrionRemoteException: dave is not allowed 
to call this EJB method, check your security settings (method-permission in 
ejb-jar.xml and security-role-mapping in 
orion-application.xml).
This a Orion propietary Exception 
and my question is... Wich is the Exception that throws every ApplicationServer 
? a generic RemoteException ? and how can I manage it to control if it´s a 
security exception and show, for example, a "You´re not allowed to do that" text 
in my JSP ?

Thank you very much, mates 

__David Bonilla FuertesTHE BIT 
BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 
92Fax: (+34) 914 586 
176__

STRANGE (and BIG!!!) PROBLEM

2001-09-26 Thread David Bonilla 



It's a little bit strange... I'm implementing security on my 
application and customizing my xml descriptors. All went ok (I had Basic 
Authentication) and I wanted to implement security also in the EJBs methods. I 
change the ejb-jar.xml source and this text appears :

Auto-deploying UbicuaCMP.jar (Classes were updated)... 
The compiler has run outof memory. Consider using the 
"-J-mxnumber" command line option to increase the maximum heap 
size.Error compiling D:\Orion155\ubicua/UbicuaCMP.jar: Syntax error in 
sourceOrion/1.5.2 initialized

I work with 512MB memory... so I don´t think is a problem of 
lack of memory... I try to use also the "-J-mxnumber" command 
but it doesnt work !. Can anybody explain where and how works this 
command ? (a sample example will be wellcomed !)

Thanks !!!
__David Bonilla FuertesTHE BIT 
BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 
92Fax: (+34) 914 586 
176__

IMPLEMENTING SECURITY AND AUTHENTIFICATION

2001-09-21 Thread David Bonilla 



I want to create some users for my application, map this users 
with pre-created roles, and then, know about how can I make the 
authentification.

Please help me ! I must do it very, vey quickly 
!!!

__David Bonilla FuertesTHE BIT 
BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 
92Fax: (+34) 914 586 
176__

HELP !!! SECURITY

2001-09-21 Thread David Bonilla 



Ok... I have understand all about security 
but know, how and where can I activate a option to use a Orion-Based console or 
something else to control de User Name and Password ?
__David 
Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 
92Fax: (+34) 914 586 
176__

The Security (again)

2001-09-21 Thread David Bonilla 
Title: En blanco



I discover myself how to get a dialog to put the login and password when my 
application starts, now, the problem is that... it doesn´t work properly 
!!!

I write the correct login and password but the server doesn´t recognize it 
!!!

Someboy has a good idea about what happens ?

Thank you very much !!!
__David Bonilla FuertesTHE BIT BANG 
NETWORKhttp://www.bit-bang.comProfesor Waksman, 
8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 
92Fax: (+34) 914 586 
176__