I was able to ameliorate this problem be creating a sar file with a class that
subclassed JBoss's SystemPropertiesService. This allowed me to use an
encrypted password. Actually it just reads keystore password from the
keystore.password file, decrypts it, and sets the
My tests seem to indicate that the client java code running in JBoss is not
aware of the enclosing JBoss' keystore and truststore. It is not clear where
it is getting a certificate when the server asks for one during two-SSL, but
the certificate sent is considered bad. I would think that it
The mbean SystemPropertiesService should allow me to set java System
properties. Hopefully I can use this to set the javax.net.ssl.keyStore to the
JBoss Identity keystore.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4224901#4224901
Reply to the post :
I have JBoss setup to use a typical identity keystore (Identity.jks), but the
servlets running in JBoss do not know about this keystore or its password. The
passwords are cloaked using Anil's technique
(http://www.jboss.org/community/docs/DOC-9702).
How can I setup JBoss so that my servlets
Ah, yes, when I was reading the source, it seemed like a good place to start
writing a custom module. I do not have time to do this in the current
schedule, but will do it for the next cycle. Thanks Anil.
Note: One thing that helped when using this verifier and the
BaseCertLoginModule was
I have two JBoss servers running our application, connected by https, and I
have a question about client certificates, one is a client and the other a
server. However when I turned on clientAuth (and CLIENT-CERT), the client
JBoss does not seem to send the correct certificate. I get this
Are there any other Certificate Verifers for BaseCertLoginModule besides the
AnyCertVerifier?
AnyCertVerifier is the only one I saw in the source code, but it is too
permissive. It does not even check the expiration date.
If no verifier is specified, BaseCertLoginModule does the
anil.saldh...@jboss.com wrote : Try adding the standard Apache Tomcat
RemoteAddress/RemoteHost valves in a context.xml in WEB-INF of your web
application.
|
| http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
Thanks Anil, that was exactly what I was looking for! A very nice
My war file has two types of servlets. I would like to authenticate one group
with client-cert and the other type with basic authentication. [They both live
under a context-root of /servlet as defined in jboss-web.xml] I did not see
anything obvious in the web.xml.
Is this possible to do?
alexanders wrote : Not sure this question is in scope of the forum.
|
| Two things you need to describe in your web.xml:
| 1) Security constraint mapped to some url pattern and requires some role.
| 2) Role mapped to security domain.
|
| So you need to configure your web.xml as
When I try to use the BaseCertLoginModule, it fails with this error:
anonymous wrote : Don't know how to obtain X509Certificate from: class
java.lang.String
I looked at the source code and the failure occurs when the getAliasAndCert()
method tries to read a X509 cert from
I think I fixed this; please disregard this post. It was a simple
configuration problem.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4221408#4221408
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4221408
Should I use a good, old servlet filter? Obviously this would require some Java
code, but it seems simple to do (and I have used them before):
http://www.jboss.org/community/docs/DOC-11257
Or should I use a web:context-filter... and subclass JBoss's Generic Handler?
Or is this just for web
Wow, no answer. After coming from the Apache world, I am surprised that JBoss
cannot limit access to particular servlets by IP.
We are running on RedHat Linux; should this filtering be done at the OS level
instead. I did not see a way to do this in iptables.
View the original post :
Surely there is an easier way thant that?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4219590#4219590
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4219590
___
jboss-user
I have a simple JBoss installation that contains a small number of servlets.
How do I restrict some of them so that they can only be accessed from
localhost? I would think that this is easy, but I cannot find this capability.
Also is there a easy way to reject http PUT's for the whole server
16 matches
Mail list logo