You try in such way:
URL url = ((UnifiedClassLoader)this.getClass().getClassLoader()).getURL();
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873758#3873758
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873758
--
Is it possible to prevent accessing DB and JNDI staff from JSP?
For example it will be greate to have security exception when new
InitialContext(); is trying to create in JSP, but all is ok when from
ejbXXX.jar.
Any suggestions?
Please help!
View the original post :
http://www.jboss.org/inde
We are planing to make a JSP + ejb hosting. But there is one problem: how to
prevent changing JSPs of one user by another user? Can I specify java.policy
separatly for each war or ear?
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3863058#3863058
Reply to t
Can anyone explain me why ejbLoad for bean instanse is invoked only once?
In our BD changing data in BD by a bean can enfluence to another one. But the second
bean does retrive actual value because ejbLoad was invoked only once.
Please, help me!
View the original post :
http://www.jboss.org/i
I think it will be greate to add a new callbackhandler which can save parameters from
request.
But in your case I can advise you to use filters to implement logic whcih you want.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842217#3842217
Reply to the p
But we use 3.2.5:(
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842112#3842112
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842112
---
This SF.Net email is spons
Scott,
Due to this code in ClientLoginModule:
|public boolean login() throws LoginException
|{
| .
| if (useFirstPass == true)
| {
| try
| {
| Object name = sharedState.get("javax.security.auth.login.name");
|
Hello.
We use FORM based authorization. But it seems that to make login page dynamical is
quite difficult. Let me explain a test case:
Our web portal has several general modules and every module require authorization. Now
to authorize user is redirected to common user page login.jsp, but it wou
It seems that problem was resolved:
login-config.xml for 3.2.3 was:
|
|
|
|
|
|
|
|
|
login-config.xml for 3.2.5 is:
|
|
|
|
| useFirstPass
Our application work well under JBOSS 3.2.3, but when I try to run our application
under 3.2.5 I have got some errors.
We are using jaas security domain in web application and Security Proxy for handling
of invokes of beans. So, beans don't have declared security domain. In some classes we
use
Please, tell me: is it real to restore previous login principals after lc.logout()? It
seems that ClientLoginModule clearing up all Security Associations after logout. We
need to have "principal stacking" possibility.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtop
Thank you Scott!!!
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3831155#3831155
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3831155
---
This SF.Net email is spons
thank you for this topic. It's quite interesting, becaus I found the answer to the
quiestion which I tryid to resolve very long time.
JBOSS developers can you highlight this quiestion in JBOSS JAAS documentation?
Thank you!
View the original post :
http://www.jboss.org/index.html?module=bb&op=
Did you define security domain in your jboss.xml for your EJB?
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3830275#3830275
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3830275
--
The question is
how can I dynamicaly relogin during one request to the server? In some cases it's very
important to have such possibility, for examples suppose that you have "User" entity
bean. And this bean has "changePassword" method, which can be executed by
"Administrator" or by user which
I can help you.
To resolve this problem you must upgrate to the newer version JBOSS from CVS or I can
send you patched by me jar file for tomcat-jboss integration.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3829216#3829216
Reply to the post :
http://www.j
It seems that your example don't work (JBOSS 3.2.3 +Tomcat 4).
Code from unsecured page:
| <%@ page import="javax.security.auth.login.LoginContext,
| org.jboss.security.auth.callback.UsernamePasswordHandler,
| org.jboss.security.SecurityAssociation,
|
Sorry, but may be I'm a fool, but I didn't find how I can execute some particular code
under different principal:-( I found method SecurityAssociation.pushRunAsRole(), but
it seems that this method doesn't have a effect: SecurityAssociation.getPrincipal
before and after returns the same principa
eturn null;
| }
| },AccessController.getContext());
| %>
|
|
|
|
Where:
!YOURDOMAIN! - your security domain - please change it!
Also JSP use users principals fro "guest" with password "guest" and "internal" with
password "intern
ining", e);
| }
| }
| log.debug("internal subject = " + internalSubject);
| return internalSubject;
| }
|
but we get
| run!1 Principal = phantom
| run!2 Principal = phantom
|
Also in SecurityAssociation I find very interes
It may be helpful:
We implemented such things by NTLM auth. in JCIFS. See jcifs.samba.org
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3827416#3827416";>View
the original post
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3827416>Reply
to the post
-
There is no information in log file if some RuntimeException rised during ejbStore. It
took me about 2 days to understand problem. At the end i understood that there is
nothing (except transaction rollback) in log file.
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825057#3825057";>V
"starksm" wrote : Look at the jboss codebase for the
org.jboss.security.auth.spiUsersRolesLoginModule and its base class
org.jboss.security.auth.spi.UsernamePasswordLoginModule in the
jboss-3.2/security/src/main tree for the commit behavior used with the example
testcase. It will take 24 hours
Let me add some information. It may be helpful.
We used some time ago weblogic and now we are "translating" our code to JBOSS. And
there is one important point - SECURITY. We are tring to remake security using JAAS
tchnology And we used java.security.LoginModule to create new LoginModule for
Thank you.
I'll test changes...
But could you explain some interesting lines from sources?
| ClassLoader loader = Thread.currentThread().getContextClassLoader();
| Class clazz = loader.loadClass(identityClassName);
| Class[] ctorSig = {String.class};
|
Please, answer to this question...
I look through the forum and found several questions like this, but there is no a
answer! Please, help! Custom principal is very useful thing. I change my primary
development server from weblogic to JBOSS and found this problem and i'm
confused:((
View the
Let me explain error:
in MyLoginModule commit method:
| Set principals = subject.getPrincipals();
| principals.add(new UserPrincipal(name));
|
| for (Iterator it = principals.iterator(); it.hasNext();)
| {
| Principal principal = (P
Hello
I have the same problem. Please, anybody - answer! This quite important question in my
view.
Thank you
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823638#3823638
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&
28 matches
Mail list logo
