I think you ahve not enabled security for the ejb-app. What does the jboss.xml
say?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3916022#3916022
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3916022
I think you will not find a one-to-one match from weblogic to jboss. The best
way to do this is to understand what actually needs to happen during the login
(from your application perspective, security rules etc etc) and the have these
coded into one (or more) LoginModule implementations.
Then
Its done in the login() method
The commit method commits all this info into the subject.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3905950#3905950
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3905950
what is the error you are getting and please post the stack trace
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3904102#3904102
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3904102
Well the default classloader config that comes with jboss has changed since
4.0.2. Go to the deploy/tomcatx.sar/meta-inf folder.
open the service.xml and change the UseJBossclassloader to true and also set
usejava2classloading to true.
Should do the trick
View the original post :
You cannot use wild cards in ejb-jar.xml for declarative security.
Option 1)
However, you can install a security interceptor with your application that can
check these roles. The interceptor gets called before the ejb and you can
handle all checking there. The interceptor gets access to the
Create a custom checked exception (sub class of java.lang.Exception) with all
the properties you want. Throw this exception from your SEI methods. Wscompile
should be able to handle this easily. I have done this and works great (even
parent class properties get listed in the soap-fault tag is
web.xml init-param ?
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3899761#3899761
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899761
---
This SF.Net email is
Your principals query and the role query use wrong column name? Your table has
Username column isnt it?
Also your application policy name in login-config is defauth but you are using
megs in jboss.xml??
View the original post :
You will get the filter to work only if you are using form based auth. In case
you are using basic then the filter doesnt work!!
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3898578#3898578
Reply to the post :
Its definitely a bug. The LdapExtLoginModule is relatively new and might not
have undergone serious user testing :). Another thing missing is that the login
modules dont provide a role mapping capability to map groups from ldap to roles
that are different from the group name!!
View the
Hmm you may not be able to restrict home interface lookup using acl but you can
restrict who gets to call the create() methods in the interface using
declarative security.
The other way to restrict jndi lookups is to have a username/password for the
jndi access.
View the original post :
Well seems like you are calling EJBs from the login module (LM) . The problem
is that the LM commit() has not be called and untill commit() is called the AA
information is not valid for the subject!!.
Why dont you make the EJBs that you call from LM insecure?
View the original post :
At the highest level these are the steps required to convert a insecure j2ee
app to a secure one in jboss
For web apps
1) In the web.xml list the urls that need to be secure and the http methods
that need to be secure. This can be done as so.
| anonymous wrote : !-- Specify the secured
Some thoughts::
Seems like the earlier impl of relogin the user (behind the scenes) is a better
idea as the other option involves using mbean code. Kinda ties you up a lot to
jboss.
In J2EE use as few native features as possible. In case you cant help using it,
provide enough
If you are using basic authentication then yes jboss can help. You can write
your own/extend the existing loginmodules to get the password. It will nto be
encrypted. Even if you end up using SSL by the time the password reaches the
login module it should be decrypted already.
If you are using
Your class cast exception should be easy to solve. You are setting up a regular
datasource and trying to cast it to a XADataSource. In your mysql-ds.xml you
need to setup a xa datasource.
anonymous wrote :
| xa-datasource
| jndi-nameMySqlDS/jndi-name
|
If you want to manage transactions yourself (not a good idea most times) then
lookup UserTransaction object from JNDI and use that. Dont use the transaction
manager. It cant help you :)
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3897033#3897033
Reply to
I am trying to create a doc/lit webservice. I was successful in getting the
service running and testing it using a .net c# test client.
However, when I create an additional method in the SEI that accepts array
argument, it starts giving an exception such as the one below.
Any help will be
You can write your own JAAS login module and plug it into the
conf/login-config.xml file.
If you want complete portability ensure that you custom implement the Principal
and Group classes and dont use the ones from JBoss. I have done this
successfully. There is no issue with that.
Once you
Why dont you put a servlet filter for the j_security_check servlet in your
web.xml. In the filter code, you will have access to the request object from
where you can read j_username and store it in the session. This would be the
easiest way of doing this without tampering with the app server
My guess is that in your JSP/servlet, the call to request.getUserPrincipal() is
returning null.
If you are using a custom login module then you need to define a group named
CallerPrincipal to which you can add your Principal impl class. If you do
this then the request.getUserPrincipal() returns
read the sticky post for a good introduction.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3890114#3890114
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3890114
---
you are to replace them with the appropriate values.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3890115#3890115
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3890115
Make sure you include the CLientLoginModule in the mymail authentication
domain. This should help propogate the principal.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3889000#3889000
Reply to the post :
What do you mean by
anonymous wrote :
| although the http-session survived the restart.
|
How do you know the http-session on the server side survived the re-start?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=373#373
Reply to the post :
Seems like you dont ahve a auth.conf file for your client application. Try
providing the system property -D while calling java as follows.
anonymous wrote :
| -Djava.security.auth.login.config=${full_path_to_auth.conf}
|
There is a more detailed thread on this available in the same forum.
any exceptions?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=335#335
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=335
---
SF.Net email is Sponsored by the
Seems like you have to define a custom implementation of the RealmMapping
interface. The interface defines a method
anonymous wrote :
| /** Validates the application domain roles to which the operational
| environment Principal belongs.
| @param principal the caller principal
please provide the o/p or stack trace etc etc
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3888386#3888386
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888386
---
I did a little source code searching and found that the exception is thrown by
the org.jboss.ejb.plugins.SecurityInterceptor.
The exact piece of code that fails is
| // Check if the caller is allowed to access the method
| if
Finally managed to fix the problem. The issue was with my implementation of
java.security.acl.Group interface. In the isMember() I was checking directly
the principal rather than checking principal.getName(). The RealmMapping impl
used by the EJB Container checks for available roles using the
I wanted to post an interesting observation. I have a custom LoginModule
implementation that I was using. In the login module I was not using the
SimplePrincipal and the SimpleGroups implementations provided by JBoss. I was
using custom implementation of the java.security.Principal and
I forgot to mention that I am using jboss 4.0.1 sp1
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3888149#3888149
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888149
ITs more for reference. What problem are you facing excatly?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3888333#3888333
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3888333
Yes this is a pretty common thing to do when you first start off with JAAS. I
did the same too. I use the -D argument to the java command as below
java -Djava.security.auth.login.config=conf/auth.conf MAIN_CLASS
This need to be under the current directory.
View the original post :
HI,
I am doing the usual custom login module to login to the servlet and then
using the servlet to access a session ejb. Both the servlet and session bean
are secured by the role named Secure.
The security domain I am using is jwdomain and is set in the login-config.xml to
anonymous wrote :
Wanted to add some more details.
Since the same security domain seems to work for the web application and not
for the EJB, I suspect it could be some EJB config. I am positn the jboss.xml
and the ejb-jar.xml here for reference.
jboss.xml
| jboss
|
|
38 matches
Mail list logo