MAPPING MORE THAN ONE WEB RESOURCE TO SECURITY ROLES
I have protected my Application with declarative security and all works properly. When somebody try to access the Main Page, the Basic Authentification turn on. That´s good. I have also protected methods and mapped it with roles. Now... I want to protect a second web recourse, a .js (script src="javascript:void(0);"/script) file but only for a few security-roles. If the role is allowed, the script is charged, if not, the script is not charged. The problem is that when I try to access this Web resource, Orion asks for my login and password again - as if the verification hadn't been stored in the session. If I try to enter with a rol that isn't mapped to this resource, it doesn't even recognize the user and the password. How can I make it so that Orion only asks me ONCE for my username and password and also so that I can load Web resources without having to enter my password, etc... again (assuming I have the correct permissions to load the resources in question). Thank you very much !!! __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
(SPECIFIC) QUESTIONS ABOUT MANAGING SECURITY
Well.. I'm using declarative (using only xml descriptors) security not programative security. Elena Barns wrote : This exception is thrown when you use method that throws this exception, soas with any exception you have to put this method in try{} block and incatch(e com.evermind.server.rmi.OrionRemoteException) {} put method thatshows the user message about lacking of security permissions. This is myopinionElena 1. I can´t catch the com.evermind.server.rmi.OrionRemoteException because it´s a Orion propietary Exception and my Application must work over any Application Server to get the J2EE Certified Seal. Serguei Batiuk wrote : You probably need to derive all you exceptions from RemoteException, and work with these exceptionsas usually, for example: public class WrongUserException extends RemoteException { public WrongUserException { } ... } Then you code will look like: public class SomeClass { public void SomeMethod { try { // Invoke some secure method.. MyEJB ejb = someBean.someSecureMethod(); } catch( WrongUserException e ) { // Wrong User! } catch( RemoteException ) { // Something else has happened! } } } HTH, Sergei. 2. Yeah... good idea but how and when must I throw this "WrongUserException" ? That´s my problem... I don´t know when I have a pure RemoteException or when I have a RemoteException that mask a Security Constraint... __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
MORE THAN ONE USER PROBLEM
Hi Magnus !!! Our security developing on Orion goes very good. Now I have more specific questions. 1. The web interface and EJBs security works but when I try to use a restricted a EJB method I only get a remoteException (I know... it´s normal). Is there some way to control if this exception is caused by a Security Constraint ? (To show for example... "You´re not allowed to do that"). 2. I try to use two users with twodifferent roles/groups but it doesn´t work (I must do something wrong...) have you some kind of application (like the illuminati apply you sended me) but with two different users and different roles/groups ?. 3. At least, but not at last... with who must we talk about Orion pricing and the possibility to include it into a "all-in-one" pack with our application ? Thank you very much Magnus !!! Best Regards !! __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
QUESTIONS ABOUT MANAGING SECURITY
I have implemented security on my application and I´m a newbie with these questions. My apply catch the exceptions and show it via JSP. When I try to access a method that I don't have permission for, I get a com.evermind.server.rmi.OrionRemoteException: dave is not allowed to call this EJB method, check your security settings (method-permission in ejb-jar.xml and security-role-mapping in orion-application.xml). This a Orion propietary Exception and my question is... Wich is the Exception that throws every ApplicationServer ? a generic RemoteException ? and how can I manage it to control if it´s a security exception and show, for example, a "You´re not allowed to do that" text in my JSP ? Thank you very much, mates __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
STRANGE (and BIG!!!) PROBLEM
It's a little bit strange... I'm implementing security on my application and customizing my xml descriptors. All went ok (I had Basic Authentication) and I wanted to implement security also in the EJBs methods. I change the ejb-jar.xml source and this text appears : Auto-deploying UbicuaCMP.jar (Classes were updated)... The compiler has run outof memory. Consider using the "-J-mxnumber" command line option to increase the maximum heap size.Error compiling D:\Orion155\ubicua/UbicuaCMP.jar: Syntax error in sourceOrion/1.5.2 initialized I work with 512MB memory... so I don´t think is a problem of lack of memory... I try to use also the "-J-mxnumber" command but it doesnt work !. Can anybody explain where and how works this command ? (a sample example will be wellcomed !) Thanks !!! __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
IMPLEMENTING SECURITY AND AUTHENTIFICATION
I want to create some users for my application, map this users with pre-created roles, and then, know about how can I make the authentification. Please help me ! I must do it very, vey quickly !!! __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
HELP !!! SECURITY
Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
The Security (again)
Title: En blanco I discover myself how to get a dialog to put the login and password when my application starts, now, the problem is that... it doesn´t work properly !!! I write the correct login and password but the server doesn´t recognize it !!! Someboy has a good idea about what happens ? Thank you very much !!! __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__