I would like to see more flexibility for JBossSX to interact with client for
obtaining various type of credentials.
When doing SSO, it's almost impossible to avoid doing HTTP redirects, set and
delete cookies and other HTTP operations.
It is therefore very beneficial to add a HTTP Callback
Actually I mean the Tomcat Authenticator and not the JAAS Login Modules.
The JAAS Login Module settings is alright.
But the authenticator settings is not picked up by JBoss.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4132352#4132352
Reply to the post :
You can enable debug. Refer to question 4
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ
The last time i mess with custom principal, I end up having to extend
SimplePrincipal to be compliant.
Worse case, you can always decompile your current module to verify your
suspicions
View the
If i remember well. when the LdapExtLoginModule flag = optional
the login will not fail as long as your next login module works to return the
roles.
Of course your next module's flag need to be 'required'
If you really have to modify the ldap login module, just modify the
LdapExtLoginModule's
Said too soon, the EJB Authorization Delegate could not retrieve Request object
since the Resource instance is that of EJBResource
Anyway for the EJB Authorization Delegate to retrieve the Request object?
or
Anyway to pass something to the EJB Authorization Delegate from Authentication?
View
Workaround the problem by using custom Principal in Login Module.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4130284#4130284
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4130284
Found a way by using Authenticator to set an attribute to HttpSession in
Request object and getting back the attribute in Authorization Delegate class
via WebResource's getServletRequest()
Still couldn't find a way for Authentication Module to do this.
View the original post :
Try to set under the database login module to bypass authentication
module-option name=password-stackinguseFirstPass/module-option
If this doesn't work, then you've to modify the db login module to only lookup
roles and skip authentication
View the original post :
If you can front JBoss AS with a SiteMinder supported web server, you can
consider to use this
http://wiki.jboss.org/wiki/Wiki.jsp?page=GenericHeaderBasedAuthentication
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4130017#4130017
Reply to the post :
With JBoss 5.x authorization module is now available.
However, how does the authorization delegate access the sharedState which is
located at the Authorization module?
For example, how can the authorization delegate get back the variables set by
the authentication module like below :
If you are using NTLM then you can probably try this
http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4129542#4129542
Reply to the post :
How do we set a custom authenticator for JBoss 5.x ?
I tried with editing
\jboss-5.0.0.Beta3\server\default\deployers\jbossweb.deployer\META-INF\war-deployers-beans.xml
but it doesn't seem to pick up the new settings.
With JBoss 4.0.5 it was with
Cool!
I tried the allowEmptyPasswords option. Works like a charm.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4126136#4126136
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4126136
Is it me or is it a bug?
I tried to login with a username that exist in LDAP but with BLANK password.
The login was successful.
login-config.xml Configuration as below
login-module code=org.jboss.security.auth.spi.LdapExtLoginModule
flag=required
module-option
Actually I tried that after posting this topic, but got the same error.
I edited the run.bat to include the jar file
-classpath %JBOSS_CLASSPATH%;C:\jbosscustauth.jar
error as below:
2008-01-07 11:02:38,796 ERROR
[org.jboss.web.tomcat.security.config.JBossContextConfig] Failed to customize
Found the problem to be compiler JDK version.
Referring to
http://wiki.jboss.org/wiki/Wiki.jsp?page=DeterminingClassVersionFromADotClassFile
I found the bytecode major version to be jdk 1.5
Compiled back with 1.4 and the problem is gone.
Strange though, that the error was not
JBOSS 4.0.5GA
Wrote a similar Authenticator to GenericHeaderAuthenticator
(http://wiki.jboss.org/wiki/Wiki.jsp?page=GenericHeaderBasedAuthentication)
and placed the jar file at
jboss-4.0.5.GA\server\default\deploy\jbossweb-tomcat55.sar
However JBoss can't find it throwing error
What version of jbosssx/spiJ the JBOSS AS 5.0 beta2 is using?
I am using the jbosssx framework 2.0.0 GA binaries and source.
The code does not compile well with the jar binaries bundled with JBOSS 5.0
Beta2, while the 2.0.0 binaries does not run on JBOSS 5.0 Beta 2.
(I'm writing the pluggable
Got some reply. 4.0.x does not support Authorization Modules
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4048816#4048816
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4048816
From the jbosssx project, I found what I need to create is a module like the
ones under org.jboss.security.authorization.modules
org.jboss.security.authorization.modules.web/ejb
However, I did not find this package under JBoss Application Server version
4.0.5 GA 's jbosssx.jar
Is the
20 matches
Mail list logo
