Hi,
In an EJB 3.0 application I have methods on a session bean that delegate calls
to a POJO @Service.
I have just started to apply security, starting with a UsersRolesLoginModule
which seems to be working for the session bean calls from the client.
I presume that if the authenticated user can
Sohil,
I'm not accessing the cacerts file explicitly, I'm calling JCE KeyGenerator to
create a key. When I call KeyGenerator.getInstance("DES"), I get the
SecurityException when I'm running in container. I don't get this exception
while running out of container. As far as I can tell, I'm us
Hi,
Since we migrated our app from 4..0.3 to 4.0.4 GA, we are facing the following
problem:
- some ejb2 sb are created with the right JAAS credentials but while getting
the principal, the username is not the right one. It's usualy, anonymous (or
null if module-option name="unauthenticatedIdentit
Jochen-
With your custom Authenticator approach,
did you try doing a browser redirect that sends back the same exact request
information back maybe minus the deviceid information, once the authentication
is successfull and the user's identity is sucessfully established within the
Authenticator
wussykye-
Try accessing your cert file using a full system path to your cacert file
within your EJB to make sure this is not an issue with locating the cacert file.
Also, did you try getting an input stream to the cert file in your EJB and make
sure the file is actually being located and read.
Hi,
I have a proprietary client which sends a hardware ID in the http request for
authenticating the device.
But we want to use the standard J2EE security mechanisms in our application and
use the vendor neutral api request.isUserInRole() and getRemoteUser().
So I deveolped an Authenticator ex
thanks for reply.
jboss.xml is deployed correctly with ejb jar.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956457#3956457
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956457
My application uses encryption for storing info in it's tables. When I run the
encryption code outside of JBoss, it works fine. When it is called in an EJB,
there is a SecurityException thrown with a message about "Cannot locate policy
or framework files!" and "Cannot set up certs for trusted
A bit more.
This only happens when the authenticated user does not have the proper role to
access the URL.
I did forget to add, I am looking for the subject in a Valve.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956441#3956441
Reply to the post :
http
Seams my problem with SecurityAssociation is within a portected URL the
SubjectContext is null
2006-07-09 14:57:37,745 TRACE [org.jboss.security.SecurityAssociation]
getSubject, sc=null
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956435#3956435
Reply to
I need access to the users subject from a servlet. When I access a unprotected
URL I can retrive it just fine
example:
SecurityAssociation.getSubject()
and
PolicyContext.getContext("javax.security.auth.Subject.container");
But if I go to a protected URL, (the url-pattern under security-constr
Hello,
I would like to use jguard with pentaho (which is deployed on JBoss 4.03) to
secure the portal.
After downloading the jguard zip and install it, i was able to launch
start-pentaho.bat but i had the following errors :
anonymous wrote :
| 2006-07-07 10:55:29,984 WARN [org.jboss.system
http://jira.jboss.com/jira/browse/JBAS-3378
It won't happen soon though.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956391#3956391
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956391
---
I guess, that depends on your JDK/JSSE ;-)
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956361#3956361
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956361
Using Tomcat but need to do more? Need to support web servi
Does JBoss support the TLS encryption TLS_RSA_WITH_3DES_EDE_CBC_SHA?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956315#3956315
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956315
Using Tomcat but need to do more?
"[EMAIL PROTECTED]" wrote : More like:
|
|
| |
| |
| |
| | ...
| |
| |
| |
| |
| We have the same concept for JBoss container configurations. So I do not
see why we cannot do for the application policies in the security configuration
space.
|
|
Hi!
Stand alone pplication means running the application from the command prompt
i.e. java -jar , not in the jboss. if i try to deploy it as a
service it starts giving the exception, where it works fine in the previous
case.
I am using JAXRPC in my application. here is the code snippet which d
More like:
|
|
|
| ...
|
|
|
|
| We have the same concept for JBoss container configurations. So I do not
see why we cannot do for the application policies in the security configuration
space.
|
| I will add a feature request for this, if I do not see any objectio
OK, to help you out here an copy-and-paste complete example:
package foo.bar;
|
| import java.io.BufferedInputStream;
| import java.io.IOException;
| import java.io.InputStream;
| import java.security.cert.Certificate;
| import java.security.cert.CertificateException;
| import java
Currently, I can reuse login modules by changing the login configuration stack
in various security domains. Would it be possible to make a given security
domain referenceable from another stack/domain in the future as an enhancement?
Without this, configuration can get messy (so it seems).
Fo
Hardeep-
Looks like this might be a configuration issue.
Some things to look at:
1) if the server side keystore has a self-signed cert, the SunX509 TrustManager
you are using in your client code accepts them
2) Looks like you are setting up the TrustManager on the client side to trust
svsos.c
Hello Friends,
We have enabled SSL in JBoss 4.0.2 by editing the file
\server\default\deploy\jbossweb-tomcat55.sar\server.xml and
uncommenting the following entry:
However, on viewing the message flow using ethereal, I have observed that the
soap message consisting of s
Hi!
Is your jboss.xml in the WEB-INF directory in your jar-file? If not, that
causes your problem.
Meinert
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956177#3956177
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=repl
1.
because @SecurityDomain is jboss specific, is there a way to remove it from
class code and keep just the standard @RolesAllowed?
i tried to remove it from source code and have in jboss.xml
mobistax
after this, i dont get any security on bean methods.
2.
why is authentication-autho
Yes, setting up a suitable X509TrustManager (+ see SSLContext) is a much better
hint ;-)
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956028#3956028
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956028
Using Tomcat
"elkner" wrote :
| Well, why do you need SSL, if you trust all certs? Definitely a "no master"
hint
Well, this is because if you are using a self-signed cert you will get an
invalid certificate exception unless a proper TrustManager is setup in the SSL
Context on the client.
For a self sig
"[EMAIL PROTECTED]" wrote : ... you need to "Trust all certs" when you setup
the connection programmatically
Well, why do you need SSL, if you trust all certs? Definitely a "no master"
hint ...
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955938#3955938
R
anonymous wrote :
| I don't want my MDB to hold or authenticate any credentials, simply assume
a given security role like the EJB3 @RunAs annotation.
|
Your MDB does not authenticate/hold any credentials. You should be able to
invoke it just with EJB3 @RunAs annotation.
Its when the MDB
Thanks. I was under the impression that ClientLoginModule just passed already
established credentials: "...It merely copies the login information provided to
it into the JBoss server EJB invocation layer..."
I don't want my MDB to hold or authenticate any credentials, simply assume a
given sec
Jeremy,
I think you are merging two separate issues of authentication and encryption.
You can specify that the conatiner use client certificates as a means to
authenticate a user by setting the auth-method element to "CLIENT-CERT". This
means that when a user tries to access a restricted resou
Andrew-
Instead of hardcoding the username/password in your MDB client code that calls
the EJB3 on another server
you may have to propagate the "Subject" established in the MDB, over to the
remote EJB3 using the client-side login mechanism detailed here:
http://wiki.jboss.org/wiki/Wiki.jsp?pag
I think I see how that would work for standard security - the part of the
problem that I am struggling with is that we are doing 2-way SSL.
I have clientauth="true" in the connector configuration in Tomcat's server.xml.
Basically, that has made it so that everyone who connects to the site has t
Jeremy,
Java Servlet Spec's declarative security does just that. See jboss server
guide security chapter
http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html
as well as wiki
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss
cgriffith
View the original post :
Hello all,
I am working on a project that would like to do something that I don't know how
to accomplish.
Is it possible to configure a site where certain contexts/directories on that
site require client authentication while others do not? (All communications
must be done via SSL on port 443
"hardeep.kwatra" wrote :
| I am getting invalidate certificate exception. If i run this application as
a standalone, it works fine.
|
When you say running as standalone you mean the client application to the SSL
webservice running in JBoss?
Also, can you post the client Java code that is
Hi,
I am trying to deploy an application as service, which reads the contents of a
jms Queue and tries to send it to the other webservices i.e. within the same
container and to another jboss application server using certificate
authentication (SSL) on port 443.
I am getting invalidate certific
Thank you for reply. It saves me a lot of time :-)
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955493#3955493
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955493
Using Tomcat but need to do more? Need to support w
Have a look at:
http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955489#3955489
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955489
Using Tomcat but ne
Hello!
I am using DatabaseServerLoginModule to perform authentication. My application
allows to manage users via web interface, as well as connecting users to
predefined (unchangable) roles. When I create user I connect him to roles. This
user is correctly authenticated and constrained with aut
So, I've got a MDB on one server that wants to call an EJB3 on another server.
The EJB3 is secured with a SecurityDomain on its server and I want the MDB to
be able to call the EJB3 with a role as per the security-identity, run-as, etc.
tags, but, of course, the EJB's SecurityDomain doesn't exi
Hi Alexio,
I didn't find a good solution in modifying ClientLoginModule, so I'm trying
to use jpdl and servlet redirection like I've seen in another post.
Bye
Roby
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955210#3955210
Reply to the post :
http:/
Believe it or not, #1 seems to be working for me. I have a SecurityDomain
annotation in one of my EJBs and one of its methods has no RolesAllowed
annotation, and I can call that method in the EJB without authentication. Just
a regular NamingContext lookup.
Maybe the AOP joinpoints don't get a
adogg,
Option 1, is what I mentioned before. If at least one method of a bean is
secured, then the whole bean must be covered by a security domain. As such,
access to any method, will require a caller to be authenticated. Note this
does not mean the caller has to be authorized, just athentic
Good call on the RunAs annotation, but I want to hit my EJB from an MBean, and
as far as I can tell (and I've tried), I can't use RunAs on an MBean. Couple
of things I was thinking about:
1. Make backdoor methods in my Local interface (not in my Remote) that don't
have any security, and then c
First off, start a new thread as this is not related to the threads subject.
Second, do not put
|
| GreenfieldsLogin.sar
|
|
in application.xml. Java 2 E E spec. knows nothing of JBoss sars. You need to
set that in jboss-app.xml.
Finally, do not complain to us that you are goin
adogg,
I do not know for sure, but I would think that what you want is not possible.
You could for example configure certain methods of your EJB to require certain
roles. However, by securing the bean(even if only securing one method) means
that any user must be authenticated before access.
I'd like to impose security restrictions on my EJB3, but only in the Remote
interface. If called via the Local interface, I want no restrictions.
Can I add @RolesAllowed annotations to the method declarations in my remote
interface without adding them to the implementation class? Seems to me
Now, I just put com.fcl.security.GreenfieldsLoginModule into my WAR file.
All other classes from the com.fcl.security package are in greenfield.jar, just
another java module listed in application.xml.
But in my LoginModule, I now get this:
10:09:25,718 ERROR [fcl] tried to access method
com.fc
Further to this, I'm having a problem which is very strange.
I'm not sure into which of the seperate jar/war files to put my security
classes.
I'm using JAAS, and I have a sar file which contains meta-inf/jboss-service.xml:
| http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd";>
|
|
All session bean implementations have the required @SecurityDomain("theDomain")
annotation.
What does not work is that once somebody has logged in, he can call any session
bean method, even those calling for a role he is not in.
This is in JBoss 4.0.3. This has worked fine before in EJB 2.1.
Looking at your authenticated subject:
| 2006-06-30 19:57:35,030 TRACE
[org.jboss.security.plugins.JaasSecurityManager.my-web] getUserRoles, subject:
Subject:
| Principal: [EMAIL PROTECTED]
| Principal: Roles(members)
| Principal:
com(members:secure_capture_role,
Hi
I need help with this one. I've configured my files correctly, I am trying to
authenticate a user [EMAIL PROTECTED], but it does not seem to work. From the
logging, it seems likes its authenticated, but halfway throught the process the
authenticate fails. Please see log below:
06-06-30 19:
It is better to use the Database LM because it does the job for you while
managing the subject population with roles.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954709#3954709
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=
Klusi,
I have a login module which does this as well. Is it good design? I am not
sure. One very imporant point to note (as you will see if you search this
forum) is that you can't secure the EJB that has authenticate(user,passwd)
method using the same application-policy (i.e. security-domai
We found a solution. Actually after updating the password you need to logout
using the LoginContext of that user and login again.
eg., LoginContext.logout () and LoginContext.login ().
Hope this helps
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954656#3954
this case is happening when i scan the server with MaxPatrol 7.5..
But it solve now, by securing the the JMX-Console
Thanx to scott
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954630#3954630
Reply to the post :
http://www.jboss.com/index.html?module=bb&o
I got the same problem.
Roby, did you figure out how to modify ClientLoginModule in order to propgate
the credentials?
TIA
Alexio
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954619#3954619
Reply to the post :
http://www.jboss.com/index.html?module=bb&op
I have a database with user and roles tables and a set of Session EJB's to
access this data. Now I am thinking about writing a JAAS login module that
calls an authenticate(user,passwd) on the UserServiceEJB. Is this a good design
or should I prefer using the database login module, which directly
I don't have ejb-jar.xml. Because I don't thinlk specify anything in
ejb-jar.xml.
Am I understanding wrong?
If something is needed in ejb-jar.xml,could you show me the example?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954536#3954536
Reply to the post
Please refer to
http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch3.chapter.html. There is an
org.jboss.security.jndi.LoginInitialContextFactory, and you could also try to
use HTTPS to access the initial context.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic
I'm sorry I gave you a wrong information.
I selected plus as user. The logging above is in this case.
If it works correct,user1 can't excute plus.
Susumu
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954372#3954372
Reply to the post :
http://www.jboss.com
Can you please post your ejb-jar.xml. The logs show that the user1 was
authenticated correctly and he has been identified in the correct role.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954377#3954377
Reply to the post :
http://www.jboss.com/index.html
Can you please post your ejb-jar.xml
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954375#3954375
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954375
Using Tomcat but need to do more? Need to support web services, s
"cool_bhanu" wrote :
|
| /display.jsp
| /error.jsp
|
|
|
| is forcing it to go to the pages which i give in form-login-page
| instead it should go
| to NameAction which extends Action and based on the logic there
| i should go to the required success or error pag
If you are using the FormAuthenticator you will have to integrate your custom
FormAuthenticator to do this.
You will need to extend org.apache.catalina.authenticator.FormAuthenticator and
override the
public boolean authenticate(HttpRequest request,
HttpResponse
apcac_bond,
There is no way to configure this from your application that I am aware of.
You could extend Tomcat's FormAuthenticator. The extension would always return
to a url set in an init param of your ServletContext when user successfully
authentciates. This is just one idea.
enjoy, cg
anonymous wrote : In this case I select multi as user1.
This is going to work, isnt it? Since you have specified that the method multi
can be invoked by users in role "user" (and user1 belongs to "user" role).
Your first post mentioned that
anonymous wrote : The method multi is allowed only "u
The log is below. In this case I select multi as user1.
2006-06-29 18:53:58,408 TRACE [org.jboss.web.tomcat.security.RunAsListener]
jsp, runAs: null
2006-06-29 18:53:58,408 TRACE [org.jboss.web.tomcat.security.RunAsListener]
jsp, runAs: null
2006-06-29 18:53:58,408 DEBUG [org.apache.catalina.co
anonymous wrote : I'm terribly sorry but I don't know how to get authetication
trace logging
Have a look at Q4: How to debug security layer at:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ
anonymous wrote : Where(in which file) can I find application-policy config?
You can find this is
Hello. I think you forgot the @SecurityDomain at the class.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954258#3954258
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954258
Using Tomcat but need to do more? Need t
test
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954244#3954244
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954244
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly
I'm terribly sorry but I don't know how to get authetication trace logging.
Where(in which file) can I find application-policy config?
Could you let me know it?
I use jmx-console and the currently logged principal in the domain is user1.
Susumu
View the original post :
http://www.jboss.com/in
Thanks Scott,
I'm trying to find a solution reading Seam forum, to check if someone has
the same problem. I'm looking also at jboss source code, to see how to modify
ClientLoginModule to propagate credential on web container, but at them moment
it seems to me not so simple.
Thanks a lot for
That problem had me stuck for quite a while. It's especially tough as all the
tutorials and JaasHowTo and JASS FAQ don't mention this issue.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954088#3954088
Reply to the post :
http://www.jboss.com/index.html?m
"[EMAIL PROTECTED]" wrote : Then that is an ejb3 bug.
Does this mean that you'll be reverting back to using "java:/jaas/" in
jboss.xml (or @SecurityDomain) in a future version?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954041#3954041
Reply to the post :
Then that is an ejb3 bug.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954032#3954032
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954032
Using Tomcat but need to do more? Need to support web services, security?
Ge
The way this should be done in the current architecture is to create an
alternate or modified org.jboss.security.ClientLoginModule that propagates the
login state to the web container layer.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954020#3954020
Repl
The integration security code is in the tomcat module of the jbossas source
tree. Fisheye can been used to browse it online.
http://fisheye.jboss.com/viewrep/JBoss/jboss-tomcat/src/main/org/jboss/web/tomcat/security
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopi
Hi Cgrifith
Sorry to trouble u once again
I have encountered some problem with the login in struts
I had made necessary changes to include
and login-config to include the user properties
but the
/display.jsp
/error.jsp
is forcing it to go to the pages which i give in form-login-page
Thank you very much for your help, I hope to find a good solution that can be
useful also for other.
Bye,
Roby
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953997#3953997
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=repl
Roby,
There is not much documentation. Your best source is Tomcat code as well as
JBoss wiki at
http://wiki.jboss.org/wiki/Wiki.jsp?page=Tomcat.
Also, if you have special security needs, you may want to post them on thread
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=74435
or if y
Tony,
I am running JBoss 4.0.3SP1 on Fedora Core 4. I used nmap 4.03. Scanning
produces no problems.
cgriffith
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953986#3953986
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=rep
Thank's a lot for your reply,
could you suggest a link or some documentation that explain how to extend
Tomcat's security system?
With the expression "do customization to Tomcat's security system" do you mean
to create a custom Authenticator?
I'm sorry for my questions but I'm quite new to se
Hi All,
Is there anyone tried to scan their server with port scan while JBOSS is
running on the server? I've tried this and port scan make JBOSS shut down
automatically at the server with log like this :
2006-06-20 09:05:30,453 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[localho
This thread refers to task http://jira.jboss.com/jira/browse/JBAS-1477.
This simple task is to allow a login module to know what application-policy
(i.e. security-domain) it is a member of. This is useful to diagnose
configuration problems that default to "other" security domain. However, ther
Roby,
anonymous wrote :
| Why the web layer can't see credentials and principals (the security domain
is the same)?
|
Because you have not logged into a security domain (i.e. a JBoss
SecurityManger.)
By creating your own LoginContext, and calling login() yourself, you have by
passed JB
Hi all,
I have a problem with security authentication using Jaas and Seam. What I'd
like to do is to authenticate a user programmatically from a Stateless Bean
acting as a Seam component named "login"
| public String login() {
| SecurityAssociationHandler handler = new SecurityAssociati
Actually, it gets even weirder. It is true that you need to remove
"java:/jaas/" in jboss.xml 's security-domain element. But that same prefix
must be present in the jboss-web.xml 's security-domain element otherwise the
web authentication doesn't work.
View the original post :
http://www.jbos
This thread has the answer.
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=78329
Apparently, the "java:/jaas/" must now be removed. Not that this is your fault,
but it would have been nice if this change have been documented in the release
notes. It's a pretty significant change.
Now
This is what I have for parsing of the jboss.xml file. Not much in the line of
tracing ...
2006-06-27 11:14:30,834 DEBUG [org.jboss.ejb3.Ejb3Module] Creating
jboss.j2ee:service=EJB3,module=pinkcommon-ejb.jar
2006-06-27 11:14:30,841 DEBUG [org.jboss.ejb3.security.JaccHelper] Initialising
JACC Co
Also,
Doing a forum search with query "@SecurityDomain" AND annotation AND "security
domain" yeilds similar situations as yours.
cgriffith
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953751#3953751
Reply to the post :
http://www.jboss.com/index.html?mod
David,
I have a good look at the trace logging when you deploy your ear. Look for
security-domain binding settings made by deployer and parsing of your
descriptors.
cgriffith
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953743#3953743
Reply to the post
To get the security domain settings I'm using jboss-web.xml and jboss.xml just
as I did in 4.0.3. There is nothing peculiar about them. And if I try to use
the @SecurityDomain annotation instead, I get the same problem. Here are the
files ...
http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd"
David,
Yes, your login-config.xml is correct. Your earlier post varifies that the
"PinkRealm" is in fact getting configured. The problem is with your
deployment. The output from your last post shows that the a "java:"
security-domain is being attempted, but since it does not exist, the defau
Oh, and here is the trace leading up to the error. It's as if jBoss is ignoring
the security domain entries in jboss-web.xml and jboss.xml.
anonymous wrote : 2006-06-27 10:12:06,082 TRACE
[org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
| 2006-06-27 10:12:06,082 TRACE [or
OK, aside from a reinstall, I'm not sure what I did differently, but I now get
this error. It happens on first access of the application. This means that
deployment is happening correctly, but that for some reason it is either using
the default realm or ignoring the DatabaseServiceLoginModule.
Actually we are also invalidating the session and forcing the user to logout.
But in our case we need to restart the server also apart from the client.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953693#3953693
Reply to the post :
http://www.jboss.com/in
Susumu,
The String parameter of java.util.List getAuthenticationCachePrincipals() is
the name of the security domain. This function will show you what principals
are currently logged in that domain.
Your post below is useless. What is needed is trace logging of the
authentication at the tim
no solution found: we invalidate the session and force the user to login again
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953673#3953673
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3953673
Using Tomcat but need t
Hai, We are also facing the same problem. Our problem is we are spawning
threads (which access ejb methods!). After spawning the thread we are changing
the password. After that when the thread accesses the Bean methods Security
exception is thrown. Please let us know if you find a solution f
1 - 100 of 6052 matches
Mail list logo
