RE: Problem implementing Custom User Management using SimpleUserManager
I have not tried this yet, but it just occurred to me that the naming.principal is just establishing the jndi security context - it does not do a login. If you want to login, you have to first establish the context with an account in principals.xml, and then use RoleManager.login(...) to login your user. The role manager gets information about the usermanager you registered, the InitialContext has nothing to do with your usermanager. (This is just a Gedankenexperiment - if you try it, let me know whether it actually works) --peter -Original Message- From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 5:15 PM To: Orion-Interest Subject: RE: Problem implementing Custom User Management using SimpleUserManager I am also experiencing this - no matter what I try (and I'm pretty sure I've tried everything), I cannot get an application client user to log in using a custom user manager (either SimpleUserManager-derived or DataSourceUserManager). Note that the application client logs in just fine using admin or any of the principals.xml users. But I get the Invalid username/password exception when trying users produced by the custom user manager. This is with Orion 1.5.2. Does anyone have application clients working with a custom user manager? Jeff -Original Message- From: Adam Maliborski [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 29, 2001 7:09 AM To: Orion-Interest Subject: Problem implementing Custom User Management using SimpleUserManager Hi, I am trying to validate users of my ejb server via a database using the SimpleUserManager. I have extended SimpleUserManager and overridden the three methods and confirmed that they are being called and returning true. I have made the following changes to the descriptors. ORION-APPLICATION.XML orion-application deployment-version=1.5.2 ejb-module remote=false path=ejb.jar / web-module id=web path=web.war / security-role-mapping name=administration group name=administration / /security-role-mapping security-role-mapping name=productbuilder group name=productbuilder / /security-role-mapping security-role-mapping name=enduser group name=enduser / /security-role-mapping persistence path=persistence / library path=c:\test\ejb.jar / principals path=principals.xml / user-manager class=com.test.rms.user.orion.UCIServerUserManager / log file path=application.log / /log namespace-access read-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administration / group name=productbuilder / group name=enduser / /security-role-mapping /namespace-resource /read-access write-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administration / group name=productbuilder / group name=enduser / /security-role-mapping /namespace-resource /write-access /namespace-access /orion-application PRINCIPALS.XML principals groups group name=administration permission name=administration / permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group group name=productbuilder permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group group name=enduser permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group /groups users /users /principals ORION-EJB-JAR.XML orion-ejb-jar deployment-version=1.5.2 deployment-time=e93e1950d0 enterprise-beans .. .. (EJB DECLARATION) .. assembly-descriptor security-role-mapping name=administration /security-role-mapping security-role-mapping name=productbuilder /security-role-mapping security-role-mapping name=enduser /security-role-mapping default-method-access security-role-mapping name=lt;default-ejb-caller- rolegt; impliesAll=true / /default-method-access /assembly-descriptor /orion-ejb-jar When I try to access the ejb server through an external java client using the following code : Properties prop = new Properties(); prop.put (java.naming.factory.initial, com.evermind.server.ApplicationClientIn itialContextFactory); prop.put(java.naming.provider.url, ormi://localhost/UCIServer); prop.put(java.naming.security.principal, adammal); prop.put(java.naming.security.credentials, adammal); Context initial = new InitialContext(prop); I get the following error : java.lang.SecurityException: Invalid username/password for UCIServer
RE: Problem implementing Custom User Management using SimpleUserManager
I will be interested to hear from anyone with experience in this; I'm developing an application at the moment that will be relying on a cusomter user manager. Indeed, the apparent simplicity of implementation is why I picked up on Orion. So any bumps in the road would be nice to note in advance. So let us know :) Reason http://www.exratio.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of SAURUGGER,PETER (A-PaloAlto,ex2) Sent: Tuesday, October 09, 2001 9:43 AM To: Orion-Interest Subject: RE: Problem implementing Custom User Management using SimpleUserManager I have not tried this yet, but it just occurred to me that the naming.principal is just establishing the jndi security context - it does not do a login. If you want to login, you have to first establish the context with an account in principals.xml, and then use RoleManager.login(...) to login your user. The role manager gets information about the usermanager you registered, the InitialContext has nothing to do with your usermanager. (This is just a Gedankenexperiment - if you try it, let me know whether it actually works) --peter -Original Message- From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 5:15 PM To: Orion-Interest Subject: RE: Problem implementing Custom User Management using SimpleUserManager I am also experiencing this - no matter what I try (and I'm pretty sure I've tried everything), I cannot get an application client user to log in using a custom user manager (either SimpleUserManager-derived or DataSourceUserManager). Note that the application client logs in just fine using admin or any of the principals.xml users. But I get the Invalid username/password exception when trying users produced by the custom user manager. This is with Orion 1.5.2. Does anyone have application clients working with a custom user manager? Jeff -Original Message- From: Adam Maliborski [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 29, 2001 7:09 AM To: Orion-Interest Subject: Problem implementing Custom User Management using SimpleUserManager Hi, I am trying to validate users of my ejb server via a database using the SimpleUserManager. I have extended SimpleUserManager and overridden the three methods and confirmed that they are being called and returning true. I have made the following changes to the descriptors. ORION-APPLICATION.XML orion-application deployment-version=1.5.2 ejb-module remote=false path=ejb.jar / web-module id=web path=web.war / security-role-mapping name=administration group name=administration / /security-role-mapping security-role-mapping name=productbuilder group name=productbuilder / /security-role-mapping security-role-mapping name=enduser group name=enduser / /security-role-mapping persistence path=persistence / library path=c:\test\ejb.jar / principals path=principals.xml / user-manager class=com.test.rms.user.orion.UCIServerUserManager / log file path=application.log / /log namespace-access read-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administration / group name=productbuilder / group name=enduser / /security-role-mapping /namespace-resource /read-access write-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administration / group name=productbuilder / group name=enduser / /security-role-mapping /namespace-resource /write-access /namespace-access /orion-application PRINCIPALS.XML principals groups group name=administration permission name=administration / permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group group name=productbuilder permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group group name=enduser permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group /groups users /users /principals ORION-EJB-JAR.XML orion-ejb-jar deployment-version=1.5.2 deployment-time=e93e1950d0 enterprise-beans .. .. (EJB DECLARATION) .. assembly-descriptor security-role-mapping name=administration /security-role-mapping security-role-mapping name=productbuilder /security-role-mapping security-role-mapping name=enduser /security-role-mapping default-method-access security-role
RE: Problem implementing Custom User Management using SimpleUserManager
I am also experiencing this - no matter what I try (and I'm pretty sure I've tried everything), I cannot get an application client user to log in using a custom user manager (either SimpleUserManager-derived or DataSourceUserManager). Note that the application client logs in just fine using admin or any of the principals.xml users. But I get the Invalid username/password exception when trying users produced by the custom user manager. This is with Orion 1.5.2. Does anyone have application clients working with a custom user manager? Jeff -Original Message- From: Adam Maliborski [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 29, 2001 7:09 AM To: Orion-Interest Subject: Problem implementing Custom User Management using SimpleUserManager Hi, I am trying to validate users of my ejb server via a database using the SimpleUserManager. I have extended SimpleUserManager and overridden the three methods and confirmed that they are being called and returning true. I have made the following changes to the descriptors. ORION-APPLICATION.XML orion-application deployment-version=1.5.2 ejb-module remote=false path=ejb.jar / web-module id=web path=web.war / security-role-mapping name=administration group name=administration / /security-role-mapping security-role-mapping name=productbuilder group name=productbuilder / /security-role-mapping security-role-mapping name=enduser group name=enduser / /security-role-mapping persistence path=persistence / library path=c:\test\ejb.jar / principals path=principals.xml / user-manager class=com.test.rms.user.orion.UCIServerUserManager / log file path=application.log / /log namespace-access read-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administration / group name=productbuilder / group name=enduser / /security-role-mapping /namespace-resource /read-access write-access namespace-resource root= security-role-mapping name=lt;jndi-user-rolegt; group name=administration / group name=productbuilder / group name=enduser / /security-role-mapping /namespace-resource /write-access /namespace-access /orion-application PRINCIPALS.XML principals groups group name=administration permission name=administration / permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group group name=productbuilder permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group group name=enduser permission name=rmi:login / permission name=com.evermind.server.rmi.RMIPermission / /group /groups users /users /principals ORION-EJB-JAR.XML orion-ejb-jar deployment-version=1.5.2 deployment-time=e93e1950d0 enterprise-beans .. .. (EJB DECLARATION) .. assembly-descriptor security-role-mapping name=administration /security-role-mapping security-role-mapping name=productbuilder /security-role-mapping security-role-mapping name=enduser /security-role-mapping default-method-access security-role-mapping name=lt;default-ejb-caller- rolegt; impliesAll=true / /default-method-access /assembly-descriptor /orion-ejb-jar When I try to access the ejb server through an external java client using the following code : Properties prop = new Properties(); prop.put (java.naming.factory.initial, com.evermind.server.ApplicationClientIn itialContextFactory); prop.put(java.naming.provider.url, ormi://localhost/UCIServer); prop.put(java.naming.security.principal, adammal); prop.put(java.naming.security.credentials, adammal); Context initial = new InitialContext(prop); I get the following error : java.lang.SecurityException: Invalid username/password for UCIServer (adammal) at com.evermind._cd._mu(Unknown Source) at com.evermind._cd._mu(Unknown Source) at com.evermind._cd._np(Unknown Source) at com.evermind._ce._np(Unknown Source) at com.evermind.server.rmi.RMIContext.lookup(Unknown Source) at com.evermind.server.administration.LazyResourceFinder._np (Unknown Source) at com.evermind.server.administration.LazyResourceFinder.getEJBHome (Unknown Source) at com.evermind._ck._ho(Unknown Source) at com.evermind.server.ApplicationClientInitialContextFactory.getInitialCon text(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext (NamingManager.java:668) at javax.naming.InitialContext.getDefaultInitCtx