HELP !!! SECURITY
Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
RE: HELP !!! SECURITY
David,
The
orionconsole application allows you to add and remove users, but it is VERY
buggy, and not supported by IronFlare:
java
-jar orionconsole.jar
Most
of us write a admin web module to administer user's.
Here
are the relavent API's:
1.
roleManager: This class can be instanced by using the following jndi
lookup:
RoleManager manager = (RoleManager)new
InitialContext().lookup("java:comp/RoleManager");
It has
things like addToRole, login, getPrincipal, and removePrincipal. This api is the
class you should use to interact with a second api, usermanager. Check out the
api here http://www.orionserver.com/docs/api/index.html.
2.
UserManager: There are three of these builtin,
- XMLUserManager. This one is used by the
container for the global application, and users, and role/group mapping is
stored in the principals.xml file of the orion/config directory. Since it is
usually the parent of all other usermanagers, the principals.xml file should be
included in each ear/META-INF directory with its own
usersecurity.
- DataSourceUserManager. This usermanager uses a database
to store user information, groups, etc.
- EJBUserManager. This usermanager uses an ejb to store
user information, groups, etc.
You
can write your own user manager to interface with LDAP or any other security
datastore. A good example is in http://www.orionsupport.com/articles/usermanager.html(orhttp://uk.orionsupport.com/articles/usermanager.html
mirror).
These
security api's are specific to Orion, since there is no specification for how
containers impement user security in j2ee.
If you
want to use user security, www.jollem.com
has a draft tutorial on user security which talks about the specifics of
configuring security for an application in orion.
regards,
the
elephantwalker
www.elephantwalker.com
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David
BonillaSent: Friday, September 21, 2001 8:23 AMTo:
Orion-InterestSubject: HELP !!! SECURITY
Ok... I have understand all about
security but know, how and where can I activate a option to use a Orion-Based
console or something else to control de User Name and Password ?
__David
Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor
Waksman, 8, 6º B28036 MadridSPAINTel.: (+34) 914 577 747Móvil:
656 62 83 92Fax: (+34) 914 586
176__
RE: HELP !!! SECURITY
lo que? the orionconsole is run with: $orion# java -jar orionconsole.jar HTH, JP PS: mail me (in Spanish if you like) if that's not what you're looking for. An extended explanation would be appreciated -Original Message-From: David Bonilla [mailto:[EMAIL PROTECTED]]Sent: Viernes, 21 de Septiembre de 2001 11:23To: Orion-InterestSubject: HELP !!! SECURITY Ok... I have understand all about security but know, how and where can I activate a option to use a Orion-Based console or something else to control de User Name and Password ? __David Bonilla FuertesTHE BIT BANG NETWORKhttp://www.bit-bang.comProfesor Waksman, 8, 6 B28036 MadridSPAINTel.: (+34) 914 577 747Mvil: 656 62 83 92Fax: (+34) 914 586 176__
HELP: Security !!! How to do it.
Hi guys I don't know if anyone has done this yet but i want to connect to Orion from a Java application using user authentication and authorisation. I have checked the archives but there is no solid advice there. My aim is to get a "username" and "password" from a user. Then i want to authenticate them using orion, how ? Do i use RoleManager.login()cos when i try to find it using "java:comp/RoleManager" then orion gives me naming exception that say that that name does not exist. Anyway if i was to authenticate the user, i then want to test my security settings below... So far i have this setup: So here is my test. i have a Session Bean with 6 methods methodA() methodB() methodC() methodD() methodE() methodF() i have 5 roles role1 role2 role3 role4 role5 these are the permissions role1 access ALL methods role2 access ABC role3 access DEF role4 access ADE role5 NO ACCESS then orion stuff i have 5 groups group1 mapped to role role1 group2 mapped to role role2 group3 mapped to role role3 group4 mapped to role role4 group5 mapped to role role5 i have 5 users user1in group1 role1 user2in group2 role2 user3in group3 role3 user4in group4 role4 user5in group5 role5 for example "user1" is linked to "role1" and "role1" can access all methods. However if i connect to orion with the following JNDI configurations java.naming.factory.initial=com.evermind.server.ApplicationClientInitialCont extFactory java.naming.provider.url=ormi://localhost/securityApp java.naming.security.principal=user1 java.naming.security.credentials=user1 i can manage to sucessfully call "create()" to get back the remote interface of my session bean. However if i call any of the bussiness methods then i get a security exception like below... " Error: user1 is not allowed to call this EJB method, check your security settings (method-permission -application.xml)." so what i am i doing wrong !!! here are my config files. APPLICATION.XML snip module ejbejb/ejb /module security-role role-namerole1/role-name /security-role security-role role-namerole2/role-name /security-role security-role role-namerole3/role-name /security-role security-role role-namerole4/role-name /security-role security-role role-namerole5/role-name /security-role /snip PRINCIPALS.XML principals groups group name="group1" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group2" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group3" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group4" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group5" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group /groups users user username="user1" password="user1" group-membership group="group1" / /user user username="user2" password="user2" group-membership group="group2" / /user user username="user3" password="user3" group-membership group="group3" / /user user username="user4" password="user4" group-membership group="group4" / /user user username="user5" password="user5" group-membership group="group5" / /user /users /principals ORION-APPLICATION.XML snip security-role-mapping name="role1" group name="group1" / /security-role-mapping
RE: HELP: Security !!! How to do it.
Another thing to add in the ATM example they authenicate a user usings the Servlets built in form authentication login form eg form method="POST" action="j_security_check" input type="text" name="j_username" input type="password" name="j_password" /form this i presume creates princepal that is passed to the EJB layer to be checked. So my question is how the hell do i do the same thing from a Java Application. -Original Message- From: Peter Delahunty [mailto:[EMAIL PROTECTED]] Sent: Friday, November 10, 2000 10:07 AM To: Orion-Interest Subject: HELP: Security !!! How to do it. Hi guys I don't know if anyone has done this yet but i want to connect to Orion from a Java application using user authentication and authorisation. I have checked the archives but there is no solid advice there. My aim is to get a "username" and "password" from a user. Then i want to authenticate them using orion, how ? Do i use RoleManager.login()cos when i try to find it using "java:comp/RoleManager" then orion gives me naming exception that say that that name does not exist. Anyway if i was to authenticate the user, i then want to test my security settings below... So far i have this setup: So here is my test. i have a Session Bean with 6 methods methodA() methodB() methodC() methodD() methodE() methodF() i have 5 roles role1 role2 role3 role4 role5 these are the permissions role1 access ALL methods role2 access ABC role3 access DEF role4 access ADE role5 NO ACCESS then orion stuff i have 5 groups group1 mapped to role role1 group2 mapped to role role2 group3 mapped to role role3 group4 mapped to role role4 group5 mapped to role role5 i have 5 users user1in group1 role1 user2in group2 role2 user3in group3 role3 user4in group4 role4 user5in group5 role5 for example "user1" is linked to "role1" and "role1" can access all methods. However if i connect to orion with the following JNDI configurations java.naming.factory.initial=com.evermind.server.ApplicationClientInitialCont extFactory java.naming.provider.url=ormi://localhost/securityApp java.naming.security.principal=user1 java.naming.security.credentials=user1 i can manage to sucessfully call "create()" to get back the remote interface of my session bean. However if i call any of the bussiness methods then i get a security exception like below... " Error: user1 is not allowed to call this EJB method, check your security settings (method-permission -application.xml)." so what i am i doing wrong !!! here are my config files. APPLICATION.XML snip module ejbejb/ejb /module security-role role-namerole1/role-name /security-role security-role role-namerole2/role-name /security-role security-role role-namerole3/role-name /security-role security-role role-namerole4/role-name /security-role security-role role-namerole5/role-name /security-role /snip PRINCIPALS.XML principals groups group name="group1" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group2" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group3" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group4" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group group name="group5" descriptionusers/description permission name="rmi:login" / permission name="com.evermind.server.rmi.RMIPermission" / /group /groups users user username="user1" password="user1" group-membership group="group1" / /user
RE: initial context help - security role
Hi,
You still need to define which "security role" can use a bean. And then use
an attribute role-link to map the bean's needed security role to the
deployment EJB server's security role.
Looks like you need to do some settings in the application.xml file and the
principals.xml file (add role-link attribute...).
Anybody would like to contribute some examples for us!
Regards,
Tom MAK
From: "Enrique Wallace" [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Subject: RE: initial context help
Date: Tue, 18 Jul 2000 23:23:21 GMT
I think I remember somebody said that you should use
(Context.INITIAL_CONTEXT_FACTORY,"com.evermind.server.rmi.RMIInitialContextFactory");
Thanks for the quick response! This worked! I get further along now
before
getting another error. Now I'm doing this:
Hashtable h = new Hashtable();
h.put(Context.INITIAL_CONTEXT_FACTORY,"com.evermind.server.rmi.RMIInitialContextFactory");
h.put(Context.PROVIDER_URL,"ormi://localhost/app");
h.put(Context.SECURITY_PRINCIPAL,"admin");
h.put(Context.SECURITY_CREDENTIALS,"123")
Context jndiContext = new InitialContext(h);
Object obj = jndiContext.lookup("CabinBean");
CabinHome home = (CabinHome) javax.rmi.PortableRemoteObject.narrow(obj,
CabinHome.class)
Cabin cabin_1 = home.create(1);
but when it comes to the create(), I get this error message:
com.evermind.server.rmi.OrionRemoteException: admin is not allowed to call
the CabinBean.create(...) method, check your security settings.
at EntityHomeWrapper1.create(EntityHomeWrapper1.java:340)
at java.lang.reflect.Method.invoke(Native Method)
at com.evermind.server.rmi.ba.run(JAX)
at com.evermind.server.rmi.a8.gu(JAX)
at com.evermind.server.rmi.a8.run(JAX)
at com.evermind.util.e.run(JAX)
at connection to localhost/127.0.0.1 as admin
at com.evermind.server.rmi.a8.invokeMethod(JAX)
at com.evermind.server.rmi.a_.invoke(JAX)
at com.evermind.server.rmi.a0.invoke(JAX)
at __Proxy0.create(Unknown Source)
at com.titan.cabin.Client_1.main(Client_1.java:27)
Where/how do I set my security settings? I had to activate the admin user
in principals.xml myself.
Thanks for your help.
ekw
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
