Please Remove me from the e-mail list.
Thank You
Robin
-Original Message-
From: José Luis Cetina [mailto:maxtorz...@gmail.com]
Sent: Thursday, June 14, 2012 7:46 PM
To: users@openejb.apache.org
Subject: Re: Guest user
Hi Romain, well i have an other problem and i think is related to
Please Remove me from the e-mail list.
Thank You
Robin
-Original Message-
From: José Luis Cetina [mailto:maxtorz...@gmail.com]
Sent: Friday, June 15, 2012 8:07 AM
To: users@openejb.apache.org
Subject: Re: Guest user
Hi Romain, let me tell you, the problem only occurs when you use login
Please Remove me from the e-mail list.
Thank You
Robin
-Original Message-
From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com]
Sent: Friday, June 15, 2012 5:40 AM
To: users@openejb.apache.org
Subject: Re: Guest user
Hi,
i didnt test with the login but it seems it works
but please
Please Remove me from the e-mail list.
Thank You
Robin
-Original Message-
From: José Luis Cetina [mailto:maxtorz...@gmail.com]
Sent: Friday, June 15, 2012 9:46 AM
To: users@openejb.apache.org
Subject: Re: Guest user
Well i readed what you say, and i see the topic is: Session Fixation
Please Remove me from the e-mail list.
Thank You
Robin
-Original Message-
From: Romain Manni-Bucau [mailto:rmannibu...@gmail.com]
Sent: Friday, June 15, 2012 10:02 AM
To: users@openejb.apache.org
Subject: Re: Guest user
Np,
thanks you to take time to share the information :)
- Romain
Np,
thanks you to take time to share the information :)
- Romain
2012/6/15 José Luis Cetina
> Well i readed what you say, and i see the topic is: Session Fixation
> Protection and talk about a "security feature" then i decide to set the
> values in my second request after the login.
>
> Sessi
Well i readed what you say, and i see the topic is: Session Fixation
Protection and talk about a "security feature" then i decide to set the
values in my second request after the login.
Session Fixation Protection says:
"Essentially, when a user authenticates their session, Tomcat will change
the
that's because in your authenticator you have the attribute
"changeSessionIdOnAuthentication" set to true.
- Romain
2012/6/15 José Luis Cetina
> Hi Romain, let me tell you, the problem only occurs when you use login
> method and try to set something in the session bean just after the next
> li
Hi Romain, let me tell you, the problem only occurs when you use login
method and try to set something in the session bean just after the next
line of request.login, if I comment the login method, then it works ok,
please give a try with a simple test with login method and you will see the
problem,
Hi,
i didnt test with the login but it seems it works
but please add @RequestScoped to MyNextPageMBean or don't use
postconstrutct otherwise you have a kind of cache effect depending on the
moment when the bean is created.
here a sample:
http://svn.apache.org/repos/asf/openejb/trunk/openejb/exam
Hi Romain, well i have an other problem and i think is related to this same
reported issue.
We talked about if i login using request.login(user,pass) method and if the
credentials and login was successfull then when i get the user i get a
guess user:
request.login(user,pass);
String name = ejbCon
ok
2012/6/1 Romain Manni-Bucau
> deployment in progress:
> http://ci.apache.org/builders/openejb-trunk-deploy/builds/378
>
> - Romain
>
>
> 2012/6/1 José Luis Cetina
>
> > Ok, in what tomee build this will be available?
> >
> > 2012/5/31 Romain Manni-Bucau
> >
> > > yep
> > >
> > > just commit
deployment in progress:
http://ci.apache.org/builders/openejb-trunk-deploy/builds/378
- Romain
2012/6/1 José Luis Cetina
> Ok, in what tomee build this will be available?
>
> 2012/5/31 Romain Manni-Bucau
>
> > yep
> >
> > just commited, a new commit will come where this class will automatical
Ok, in what tomee build this will be available?
2012/5/31 Romain Manni-Bucau
> yep
>
> just commited, a new commit will come where this class will automatically
> be added normally
>
> - Romain
>
>
> 2012/6/1 José Luis Cetina
>
> > im getting a ClassNotFound
> >
> > Caused by: java.lang.ClassNo
yep
just commited, a new commit will come where this class will automatically
be added normally
- Romain
2012/6/1 José Luis Cetina
> im getting a ClassNotFound
>
> Caused by: java.lang.ClassNotFoundException:
> org.apache.tomee.catalina.TomEERealm
>
> 2012/5/31 Romain Manni-Bucau
>
> > my sa
im getting a ClassNotFound
Caused by: java.lang.ClassNotFoundException:
org.apache.tomee.catalina.TomEERealm
2012/5/31 Romain Manni-Bucau
> my sample is working, too late to add test but manually it works
>
> so i guess it should work for you
>
> the question now is should we add it automatical
my sample is working, too late to add test but manually it works
so i guess it should work for you
the question now is should we add it automatically?
- Romain
2012/6/1 José Luis Cetina
> Oooh great, with this i can get the principal user in the first request? or
> this is something that you
Oooh great, with this i can get the principal user in the first request? or
this is something that you gonna fix?
2012/5/31 Romain Manni-Bucau
> that's brand new ;)
>
> just added it, it mainly delegate to the real realm but add the principal
> info to openejb/tomee security service which is use
that's brand new ;)
just added it, it mainly delegate to the real realm but add the principal
info to openejb/tomee security service which is used in ejbcontext impl (to
make it short)
- Romain
2012/6/1 José Luis Cetina
> I have this in my context.xml
>
> dataSourceName="MyDataSource"
> dig
I have this in my context.xml
As you can see i extend the datasource realm, i have this realm config in
the context.xml in my webapp (not context.xml TomEE).
But, as i can see in your example, you surround your realm with TomEERealm,
if this necessary?. I didn't know this
2012/5/31 Romain Ma
here a sample:
http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/
- Romain
2012/6/1 Romain Manni-Bucau
> in my test i used:
>
>
> appName="PropertiesLoginModule"
>
>
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User
in my test i used:
but i guess you can replace the jaasrealm by your dsrealm
- Romain
2012/6/1 José Luis Cetina
> Yes, it seems buggy.
>
> Where i have to replace?
>
> Remember im using DataSourceRealm
>
> 2012/5/31 Romain Manni-Bucau
>
> > this is the current
Yes, it seems buggy.
Where i have to replace?
Remember im using DataSourceRealm
2012/5/31 Romain Manni-Bucau
> this is the current status,
>
> but IMO it is buggy,
>
> i'll commit soon a TomEEJAASRealm to make it working (replace JAASRealm in
> the conf)
>
> - Romain
>
>
> 2012/6/1 José Luis C
this is the current status,
but IMO it is buggy,
i'll commit soon a TomEEJAASRealm to make it working (replace JAASRealm in
the conf)
- Romain
2012/6/1 José Luis Cetina
> i think we are getting confused.
>
> If i resume all, this what i asked (the final of the first post)
>
> I dont know if
i think we are getting confused.
If i resume all, this what i asked (the final of the first post)
I dont know if this is the desire behavior or if this happend becase the
httr request isnt finished?
Then you answer me:
in fact info from ejbcontext are taken in our securitymodule
in tomee we set
i think it should work
- Romain
2012/6/1 José Luis Cetina
> I mean this:
>
> I dont know if this is the desire behaviour or if this happend because the
> http request isnt finished?
>
>
>
> 2012/5/31 José Luis Cetina
>
> > Ok, the what i asked is correct??
> >
> > "I dont know if this is the
I mean this:
I dont know if this is the desire behaviour or if this happend because the
http request isnt finished?
2012/5/31 José Luis Cetina
> Ok, the what i asked is correct??
>
> "I dont know if this is the desire behaviour or if this happend because
> the http request isnt finished?"
>
>
Ok, the what i asked is correct??
"I dont know if this is the desire behaviour or if this happend because the
http request isnt finished?"
2012/5/31 Romain Manni-Bucau
> ok,
>
> in fact info from ejbcontext are taken in our securitymodule
>
> in tomee we set/unset it from a valve so at the begi
ok,
in fact info from ejbcontext are taken in our securitymodule
in tomee we set/unset it from a valve so at the beginning/end of the
request...all between is currently ignored so when you log you need another
request to get the updated information (from the tomcat realm)
- Romain
2012/6/1 Jos
Yes, it work
1) Login (form login) using DataSourceRealm
2) Redirect to page2 from my managedbean
2012/5/31 Romain Manni-Bucau
> so you mean using the flow i described before it works? (sorry, just to be
> sure to understand)
>
> - Romain
>
>
> 2012/6/1 José Luis Cetina
>
> > Hi i can login
so you mean using the flow i described before it works? (sorry, just to be
sure to understand)
- Romain
2012/6/1 José Luis Cetina
> Hi i can login and i can navigate (redirect) to my other page, but i dont
> know why im getting guest user in the login mbean, after that in other
> mbean i get
Hi i can login and i can navigate (redirect) to my other page, but i dont
know why im getting guest user in the login mbean, after that in other
mbean i get my "real" user.
2012/5/31 Romain Manni-Bucau
> maybe
> http://rmannibucau.wordpress.com/2012/05/09/tomee-and-its-ssh-connector/but
> it u
maybe
http://rmannibucau.wordpress.com/2012/05/09/tomee-and-its-ssh-connector/ but
it uses properties file, it just need a custom login module implementation
to use a db.
well,
before can you test it please?
1) login
2) redirect to your page using your bean
- Romain
2012/6/1 José Luis Cetina
I have to read and know how to use this, i always use DataSource or
JDBCRealm. (with glassfish).
im reading now, do you have something for a quickstart? for share me
2012/5/31 Romain Manni-Bucau
> having your password in a db is not an issue but i think you should
> use org.apache.catalina.realm
having your password in a db is not an issue but i think you should
use org.apache.catalina.realm.JAASRealm
for instance:
so simply implement a custom LoginModule instead of a realm
wdyt?
- Romain
2012/6/1 José Luis Cetina
> Sorry, i use DataSourceRealm, i have my user/pass/ro
Sorry, i use DataSourceRealm, i have my user/pass/roles in the DB.
2012/5/31 Romain Manni-Bucau
> can't you do it with an embedded one?
>
> well DataSourceRealm doesn't use JAAS by default i think, maybe that's the
> issue
>
> - Romain
>
>
> 2012/6/1 José Luis Cetina
>
> > OK, i can create a
can't you do it with an embedded one?
well DataSourceRealm doesn't use JAAS by default i think, maybe that's the
issue
- Romain
2012/6/1 José Luis Cetina
> OK, i can create a sample, but i use DataSourceRealm, are you gonna
> configure your database?
>
> 2012/5/31 Romain Manni-Bucau
>
> > ca
OK, i can create a sample, but i use DataSourceRealm, are you gonna
configure your database?
2012/5/31 Romain Manni-Bucau
> can you have a try in an EJB please? (just try to add @Stateless on your
> managed bean for instance)
>
> can you share a sample easy to run?
>
> - Romain
>
>
> 2012/6/1 Jo
can you have a try in an EJB please? (just try to add @Stateless on your
managed bean for instance)
can you share a sample easy to run?
- Romain
2012/6/1 José Luis Cetina
> Yes, im using JAAS
>
> 2012/5/31 Romain Manni-Bucau
>
> > Hi,
> >
> > Do you use jaas?
> >
> > - Romain
> > Le 31 mai 2
Yes, im using JAAS
2012/5/31 Romain Manni-Bucau
> Hi,
>
> Do you use jaas?
>
> - Romain
> Le 31 mai 2012 20:14, "José Luis Cetina" a écrit :
>
> > Hi i have this scenario:
> >
> > I have a page login.xhtml, this page has a ManagedBean (@Named) this
> > managedbean use the request.login(user,pas
Hi,
Do you use jaas?
- Romain
Le 31 mai 2012 20:14, "José Luis Cetina" a écrit :
> Hi i have this scenario:
>
> I have a page login.xhtml, this page has a ManagedBean (@Named) this
> managedbean use the request.login(user,pass) method.
>
> When i do this:
>
> managedbean class:
>
> @Resource
>
41 matches
Mail list logo