Re: Custom Login Module HttpServletRequest access for webservice
kevan wrote: > > > On Mar 5, 2009, at 5:40 AM, Kaupo wrote: > >> I'd love to file a jira enhancement request. But I've never done that >> before, so when can I do it? > > Thanks Kaupo. > > Geronimo's Jira page is here -- > http://issues.apache.org/jira/browse/GERONIMO > > You'll need a Jira account to create Jira's. Do this here -- > https://issues.apache.org/jira/secure/Signup!default.jspa > > --kevan > > Thanks Kevan! Just created the new Issue: http://issues.apache.org/jira/browse/GERONIMO-4572 http://issues.apache.org/jira/browse/GERONIMO-4572 Hope it's appropriate -Kaupo -- View this message in context: http://www.nabble.com/Custom-Login-Module-HttpServletRequest-access-for-webservice-tp22303812s134p22354239.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Custom Login Module HttpServletRequest access for webservice
On Mar 5, 2009, at 5:40 AM, Kaupo wrote: I'd love to file a jira enhancement request. But I've never done that before, so when can I do it? Thanks Kaupo. Geronimo's Jira page is here -- http://issues.apache.org/jira/browse/GERONIMO You'll need a Jira account to create Jira's. Do this here -- https://issues.apache.org/jira/secure/Signup!default.jspa --kevan
Re: Custom Login Module HttpServletRequest access for webservice
djencks wrote: > > > I'm pretty sure that the specs don't support what your login module is > doing, and that it only works due to some accidents of implementation > in geronimo. However, we ought to be able to make it work for ejb > webservices just as well as for servlets. I doubt it will be a big > change. I'm not sure we can get it fixed for 2.1.4 we'll see. > Could you file a jira enhancement request? > > The "official" way to do this is really to use JASPI and set up a > custom authentication method that replaces the BASIC auth and fishes > the info out of the request and provides it to the login service > in this case presumably a login module. However JASPI is only > available in trunk and with the currently rapidly changing jetty 7 > integration and we don't have the tck for it yet. > > thanks > david jencks > I'd love to file a jira enhancement request. But I've never done that before, so when can I do it? JASPI sounds interesting but unfortunately I don't have time to learn it - the project deadline is approaching. Thanks for the fast reply David! -Kaupo -- View this message in context: http://www.nabble.com/Custom-Login-Module-HttpServletRequest-access-for-webservice-tp22303812s134p22349175.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Custom Login Module HttpServletRequest access for webservice
On Mar 2, 2009, at 11:39 PM, Kaupo wrote:
Hi!
I have made a custom login module where I need to retrieve some user
data
from the HttpServletRequest. The following piece of code work well:
request = (HttpServletRequest)
PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
The problem is that it only works when I login from the website.
When I use BASIC authentication from a webservice then the request
is going
to be null!
(I think it's because I made my service out of a bean and configured
it in
the ejb container)
Is there a way for me to get a similar or a HttpServletRequest when
loging
in from my webservice?
I need to get the users/servers IP from where the call is made.
I'm pretty sure that the specs don't support what your login module is
doing, and that it only works due to some accidents of implementation
in geronimo. However, we ought to be able to make it work for ejb
webservices just as well as for servlets. I doubt it will be a big
change. I'm not sure we can get it fixed for 2.1.4 we'll see.
Could you file a jira enhancement request?
The "official" way to do this is really to use JASPI and set up a
custom authentication method that replaces the BASIC auth and fishes
the info out of the request and provides it to the login service
in this case presumably a login module. However JASPI is only
available in trunk and with the currently rapidly changing jetty 7
integration and we don't have the tck for it yet.
thanks
david jencks
Thanks in advance
-Kaupo
--
View this message in context:
http://www.nabble.com/Custom-Login-Module-HttpServletRequest-access-for-webservice-tp22303812s134p22303812.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
Re: Custom login module error
On Feb 13, 2007, at 7:15 AM, Kev D'Arcy wrote: > Hi, > > Any ideas why I'd be getting this error: > > java.lang.ClassNotFoundException: > aib.dos.wasce.security.LDAPLoginModule in classloader > console/realm-LdapRealm/1.0/car > > With a custom login module? It's deployed within the Geronimo > repository. Did you add a dependency on the jar that contains the login module? --kevan Sorry to ask a silly question, but where/how do I do this? Do I need to manually edit the deployment plan and use the command line to deploy it? Kev ** This document is strictly confidential and is intended for use by the addressee unless otherwise indicated. This email has been scanned by an external email security system. Allied Irish Banks **
Re: Custom login module error
On Feb 13, 2007, at 7:15 AM, Kev D'Arcy wrote: Hi, Any ideas why I'd be getting this error: java.lang.ClassNotFoundException: aib.dos.wasce.security.LDAPLoginModule in classloader console/realm-LdapRealm/1.0/car With a custom login module? It's deployed within the Geronimo repository. Did you add a dependency on the jar that contains the login module? --kevan
RE: Custom Login Module .LDAPLoginModule and Exception
Can you post the settings you're using for the Geronimo LDAPLoginModule?
Dave
-Original Message-
From: sreepriya ramakrishnan [mailto:[EMAIL PROTECTED]
Sent: Monday, October 02, 2006 9:31 AM
To: user@geronimo.apache.org
Subject: Custom Login Module .LDAPLoginModule and Exception
Hi all,
I have configured the LDAPLoginModule provided by Geronimo and another
custom login module in a stacked manner in Geronimo V1.0. I have my own
callbackHandler class implemented and I try to invoke the configured
modules in a Servlet Filter in the following manner:
lc = new Logincontext("myrealmnam",mycallbackhandler);
I get the followign exception:
Login failed:
javax.security.auth.login.LoginException: Error filling callback list
I have configured teh LDAPLoginModule as the first one in the stack and
if it is successful, the second module will be called.
There seems to be no further details. Can someone please let me know
what is the meaning of teh exception?
Thanks,
Priya
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Re: Custom login module
>It is actually possible to rebuild the plans without the geronimo >source. The original plans are supplied in doc/plans and you can edit >them and redeploy. Could you please show how I can to redeploy them? I've tried this: java -jar bin/deployer.jar --user system --password manager redeploy j2ee-security-plan.xml org/apache/geronimo/Security and get the following: 07.10.2005 9:36:52 ClientCommunicatorAdmin restart WARNING: Failed to restart: java.io.IOException: Failed to get a RMI stub: javax.naming.NameNotFoundException: JMXConnector Stopped org/apache/geronimo/Security Error: Operation failed: no such object in table WBR, Ivan Dubrov
Re: Custom login module
On Oct 5, 2005, at 11:25 PM, Scott Anderson wrote: On 10/5/05, Ivan S. Dubrov <[EMAIL PROTECTED]> wrote: Hello, My hack was a little cleaner. I was adding the jar containing my custom login modules as a dependancy to first j2ee-server-plan.xml but since the j2ee-security-plan.xml was established I have had to move the dependancy for my security jar up to the parent configuration of both the server and security plans; naming-server-plan.xml. I've tried to redeploy these plans, but no luck. Did you redeployed them or built server from sources with modified plans? Anyway, I think this is bug, since I've done things exactly (I think so) as they described here: http://chariotsolutions.com/geronimo/geronimo-html-one- page.html#security-custom I was following the same script and also could not get it to work as advertised. As far as I know to deploy updated geronimo plans you do need the geronimo source. I have found that you are required to re-build the assembly module to get any changes to the plans in the modules/assembly/src/plan directory deployed. I find Aaron's book a little unclear as to whether you are intended to amend the standard geronimo plans or include your login module/security realm configuration in a separate plan, so I'm not quite as clear that the procedure he describes doesn't work. I was worried that this situation with login module classloaders would occur, and sure enough it has: the inability to use custom login modules in other configurations is definitely a bug. I've entered a bug http://issues.apache.org/jira/browse/GERONIMO-1044 to make sure we remember to fix this. It is actually possible to rebuild the plans without the geronimo source. The original plans are supplied in doc/plans and you can edit them and redeploy. thanks david jencks
Re: Custom login module
On 10/5/05, Ivan S. Dubrov <[EMAIL PROTECTED]> wrote: > Hello, > > >My hack was a little cleaner. I was adding the jar containing my > >custom login modules as a dependancy to first j2ee-server-plan.xml but > >since the j2ee-security-plan.xml was established I have had to move > >the dependancy for my security jar up to the parent configuration of > >both the server and security plans; naming-server-plan.xml. > > I've tried to redeploy these plans, but no luck. Did you redeployed them or > built server from sources with modified plans? > > Anyway, I think this is bug, since I've done things exactly (I think so) as > they described here: > http://chariotsolutions.com/geronimo/geronimo-html-one-page.html#security-custom > I was following the same script and also could not get it to work as advertised. As far as I know to deploy updated geronimo plans you do need the geronimo source. I have found that you are required to re-build the assembly module to get any changes to the plans in the modules/assembly/src/plan directory deployed.
Re: Custom login module
Hello, >My hack was a little cleaner. I was adding the jar containing my >custom login modules as a dependancy to first j2ee-server-plan.xml but >since the j2ee-security-plan.xml was established I have had to move >the dependancy for my security jar up to the parent configuration of >both the server and security plans; naming-server-plan.xml. I've tried to redeploy these plans, but no luck. Did you redeployed them or built server from sources with modified plans? Anyway, I think this is bug, since I've done things exactly (I think so) as they described here: http://chariotsolutions.com/geronimo/geronimo-html-one-page.html#security-custom I will look at the JIRA, maybe someone have already reported bug... WBR, Ivan Dubrov.
Re: Custom login module
> > If I add my login module classes into the geronimo-security-1.0-M5.jar > (very dirty hack, of course :) ), it works. So I have some misunderstanding > with the class loading, I think. My hack was a little cleaner. I was adding the jar containing my custom login modules as a dependancy to first j2ee-server-plan.xml but since the j2ee-security-plan.xml was established I have had to move the dependancy for my security jar up to the parent configuration of both the server and security plans; naming-server-plan.xml.
Re: Custom login module
Hi Ivan, What's the context-priority-classloader setting for your web app? If defaulting or false, can you set to true? Also, anything in your geronimo.log? I've never setup a custom login module. If the above doesn't help resolve, if you can make your app available, I'll have a look at it... --kevanOn 10/5/05, Ivan S. Dubrov <[EMAIL PROTECTED]> wrote: Hello,I have a problem with custom login module - the Geronimo does not find it. I have the following in the geronimo-application.xml (irrelevant parts are omitted):http://geronimo.apache.org/xml/ns/j2ee/application "configId="myapp"parentId="org/apache/geronimo/Server">myapp/jars/security.jar http://geronimo.apache.org/xml/ns/security"> class="org.apache.geronimo.security.jaas.LoginModuleGBean">myapp.security.LoginModuleGeronimo truemyappclass="org.apache.geronimo.security.realm.GenericSecurityRealm">myapp org/apache/geronimo/ServerJaasLoginService myapp-modulesREQUIREDmyapp-custom-login But when I try to login, I get the following:16:38:13,491 INFO [JAASJettyRealm] problemjavax.security.auth.login.LoginException: No LoginModules configured for myapp at javax.security.auth.login.LoginContext.init(LoginContext.java:256)at javax.security.auth.login.LoginContext.(LoginContext.java:403)at org.apache.geronimo.jetty.JAASJettyRealm.authenticate (JAASJettyRealm.java:91)at org.mortbay.jetty.servlet.FormAuthenticator$FormCredential.authenticate(FormAuthenticator.java:305)at org.mortbay.jetty.servlet.FormAuthenticator.authenticate(FormAuthenticator.java :148)at org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter.obtainUser(SecurityContextBeforeAfter.java:282)at org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter.checkSecurityConstraints (SecurityContextBeforeAfter.java:190)at org.apache.geronimo.jetty.JettyWebAppContext.checkSecurityConstraints(JettyWebAppContext.java:516)at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch (WebApplicationHandler.java:434)at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:567)at org.mortbay.http.HttpContext.handle(HttpContext.java:1565)at org.mortbay.jetty.servlet.WebApplicationContext.handle (WebApplicationContext.java:635)at org.mortbay.http.HttpContext.handle(HttpContext.java:1517)at org.mortbay.http.HttpServer.service(HttpServer.java:954)at org.mortbay.http.HttpConnection.service (HttpConnection.java:816)at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:983)at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)at org.mortbay.http.SocketListener.handleConnection (SocketListener.java:244)at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)If I add my login module classes into the geronimo-security-1.0-M5.jar (very dirty hack, of course :) ), it works. So I have some misunderstanding with the class loading, I think.WBR,Ivan Dubrov.
