HELP !!! SECURITY
Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
RE: HELP !!! SECURITY
David, The orionconsole application allows you to add and remove users, but it is VERY buggy, and not supported by IronFlare: java -jar orionconsole.jar Most of us write a admin web module to administer user's. Here are the relavent API's: 1. roleManager: This class can be instanced by using the following jndi lookup: RoleManager manager = (RoleManager)new InitialContext().lookup("java:comp/RoleManager"); It has things like addToRole, login, getPrincipal, and removePrincipal. This api is the class you should use to interact with a second api, usermanager. Check out the api here http://www.orionserver.com/docs/api/index.html. 2. UserManager: There are three of these builtin, - XMLUserManager. This one is used by the container for the global application, and users, and role/group mapping is stored in the principals.xml file of the orion/config directory. Since it is usually the parent of all other usermanagers, the principals.xml file should be included in each ear/META-INF directory with its own usersecurity. - DataSourceUserManager. This usermanager uses a database to store user information, groups, etc. - EJBUserManager. This usermanager uses an ejb to store user information, groups, etc. You can write your own user manager to interface with LDAP or any other security datastore. A good example is in http://www.orionsupport.com/articles/usermanager.html(orhttp://uk.orionsupport.com/articles/usermanager.html mirror). These security api's are specific to Orion, since there is no specification for how containers impement user security in j2ee. If you want to use user security, www.jollem.com has a draft tutorial on user security which talks about the specifics of configuring security for an application in orion. regards, the elephantwalker www.elephantwalker.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David BonillaSent: Friday, September 21, 2001 8:23 AMTo: Orion-InterestSubject: HELP !!! SECURITY Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil: 656 62 83 92Fax: (+34) 914 586 176__
RE: HELP !!! SECURITY
lo que? the orionconsole is run with: $orion# java -jar orionconsole.jar HTH, JP PS: mail me (in Spanish if you like) if that's not what you're looking for. An extended explanation would be appreciated -Original Message-From: David Bonilla [mailto:[EMAIL PROTECTED]]Sent: Viernes, 21 de Septiembre de 2001 11:23To: Orion-InterestSubject: HELP !!! SECURITY Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
HELP: Security !!! How to do it.
Hi guys I don't know if anyone has done this yet but i want to connect to Orion from a Java application using user authentication and authorisation. I have checked the archives but there is no solid advice there. My aim is to get a "username" and "password" from a user. Then i want to authenticate them using orion, how ? Do i use RoleManager.login()cos when i try to find it using "java:comp/RoleManager" then orion gives me naming exception that say that that name does not exist. Anyway if i was to authenticate the user, i then want to test my security settings below... So far i have this setup: So here is my test. i have a Session Bean with 6 methods methodA() methodB() methodC() methodD() methodE() methodF() i have 5 roles role1 role2 role3 role4 role5 these are the permissions role1 access ALL methods role2 access ABC role3 access DEF role4 access ADE role5 NO ACCESS then orion stuff i have 5 groups group1 mapped to role role1 group2 mapped to role role2 group3 mapped to role role3 group4 mapped to role role4 group5 mapped to role role5 i have 5 users user1in group1 role1 user2in group2 role2 user3in group3 role3 user4in group4 role4 user5in group5 role5 for example "user1" is linked to "role1" and "role1" can access all methods. However if i connect to orion with the following JNDI configurations java.naming.factory.initial=com.evermind.server.ApplicationClientInitialCont extFactory java.naming.provider.url=ormi://localhost/securityApp java.naming.security.principal=user1 java.naming.security.credentials=user1 i can manage to sucessfully call "create()" to get back the remote interface of my session bean. However if i call any of the bussiness methods then i get a security exception like below... " Error: user1 is not allowed to call this EJB method, check your security settings (method-permission -application.xml)." so what i am i doing wrong !!! here are my config files. APPLICATION.XML snip module ejbejb/ejb /module security-role role-namerole1/role-name /security-role security-role role-namerole2/role-name /security-role security-role role-namerole3/role-name /security-role security-role role-namerole4/role-name /security-role security-role role-namerole5/role-name /security-role /snip PRINCIPALS.XML principals groups group name="group1" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group2" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group3" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group4" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group5" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group /groups users user username="user1" password="user1" group-membership group="group1" / /user user username="user2" password="user2" group-membership group="group2" / /user user username="user3" password="user3" group-membership group="group3" / /user user username="user4" password="user4" group-membership group="group4" / /user user username="user5" password="user5" group-membership group="group5" / /user /users /principals ORION-APPLICATION.XML snip security-role-mapping name="role1" group name="group1" / /security-role-mapping
RE: HELP: Security !!! How to do it.
Another thing to add in the ATM example they authenicate a user usings the Servlets built in form authentication login form eg form method="POST" action="j_security_check" input type="text" name="j_username" input type="password" name="j_password" /form this i presume creates princepal that is passed to the EJB layer to be checked. So my question is how the hell do i do the same thing from a Java Application. -Original Message- From: Peter Delahunty [mailto:[EMAIL PROTECTED]] Sent: Friday, November 10, 2000 10:07 AM To: Orion-Interest Subject: HELP: Security !!! How to do it. Hi guys I don't know if anyone has done this yet but i want to connect to Orion from a Java application using user authentication and authorisation. I have checked the archives but there is no solid advice there. My aim is to get a "username" and "password" from a user. Then i want to authenticate them using orion, how ? Do i use RoleManager.login()cos when i try to find it using "java:comp/RoleManager" then orion gives me naming exception that say that that name does not exist. Anyway if i was to authenticate the user, i then want to test my security settings below... So far i have this setup: So here is my test. i have a Session Bean with 6 methods methodA() methodB() methodC() methodD() methodE() methodF() i have 5 roles role1 role2 role3 role4 role5 these are the permissions role1 access ALL methods role2 access ABC role3 access DEF role4 access ADE role5 NO ACCESS then orion stuff i have 5 groups group1 mapped to role role1 group2 mapped to role role2 group3 mapped to role role3 group4 mapped to role role4 group5 mapped to role role5 i have 5 users user1in group1 role1 user2in group2 role2 user3in group3 role3 user4in group4 role4 user5in group5 role5 for example "user1" is linked to "role1" and "role1" can access all methods. However if i connect to orion with the following JNDI configurations java.naming.factory.initial=com.evermind.server.ApplicationClientInitialCont extFactory java.naming.provider.url=ormi://localhost/securityApp java.naming.security.principal=user1 java.naming.security.credentials=user1 i can manage to sucessfully call "create()" to get back the remote interface of my session bean. However if i call any of the bussiness methods then i get a security exception like below... " Error: user1 is not allowed to call this EJB method, check your security settings (method-permission -application.xml)." so what i am i doing wrong !!! here are my config files. APPLICATION.XML snip module ejbejb/ejb /module security-role role-namerole1/role-name /security-role security-role role-namerole2/role-name /security-role security-role role-namerole3/role-name /security-role security-role role-namerole4/role-name /security-role security-role role-namerole5/role-name /security-role /snip PRINCIPALS.XML principals groups group name="group1" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group2" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group3" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group4" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group5" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group /groups users user username="user1" password="user1" group-membership group="group1" / /user
RE: initial context help - security role
Hi, You still need to define which "security role" can use a bean. And then use an attribute role-link to map the bean's needed security role to the deployment EJB server's security role. Looks like you need to do some settings in the application.xml file and the principals.xml file (add role-link attribute...). Anybody would like to contribute some examples for us! Regards, Tom MAK From: "Enrique Wallace" [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Subject: RE: initial context help Date: Tue, 18 Jul 2000 23:23:21 GMT I think I remember somebody said that you should use (Context.INITIAL_CONTEXT_FACTORY,"com.evermind.server.rmi.RMIInitialContextFactory"); Thanks for the quick response! This worked! I get further along now before getting another error. Now I'm doing this: Hashtable h = new Hashtable(); h.put(Context.INITIAL_CONTEXT_FACTORY,"com.evermind.server.rmi.RMIInitialContextFactory"); h.put(Context.PROVIDER_URL,"ormi://localhost/app"); h.put(Context.SECURITY_PRINCIPAL,"admin"); h.put(Context.SECURITY_CREDENTIALS,"123") Context jndiContext = new InitialContext(h); Object obj = jndiContext.lookup("CabinBean"); CabinHome home = (CabinHome) javax.rmi.PortableRemoteObject.narrow(obj, CabinHome.class) Cabin cabin_1 = home.create(1); but when it comes to the create(), I get this error message: com.evermind.server.rmi.OrionRemoteException: admin is not allowed to call the CabinBean.create(...) method, check your security settings. at EntityHomeWrapper1.create(EntityHomeWrapper1.java:340) at java.lang.reflect.Method.invoke(Native Method) at com.evermind.server.rmi.ba.run(JAX) at com.evermind.server.rmi.a8.gu(JAX) at com.evermind.server.rmi.a8.run(JAX) at com.evermind.util.e.run(JAX) at connection to localhost/127.0.0.1 as admin at com.evermind.server.rmi.a8.invokeMethod(JAX) at com.evermind.server.rmi.a_.invoke(JAX) at com.evermind.server.rmi.a0.invoke(JAX) at __Proxy0.create(Unknown Source) at com.titan.cabin.Client_1.main(Client_1.java:27) Where/how do I set my security settings? I had to activate the admin user in principals.xml myself. Thanks for your help. ekw Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com