OK, that worked. Also, that seemed to remove the errors I had with the EJB's as well. I really appreciate your help!
I am sorry if this seemed trivial to you and others, but the documentation did _not_ seem to be telling me what you mentioned about 'Roles'. I assumed 'Roles' ment I could call the 'Roles' what I understand as 'Roles'. Not the literal 'Roles'. Anyway, thanks very much. -----Original Message----- From: Mikael Eriksson [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 1:19 PM To: Struts Users Mailing List Subject: RE: [OT] EXTREMELY URGENT: JBoss JAAS/Container Security issue >I will try the <module-option ...> in about 30 minutes. Thanks. Ok, Hope that it will work as it should >On the run-as, I do understand that this bean will run other beans "as" >this identity. My Session Facade actually have permission "unchecked" so >anyone should be able to get to my session facade currently. It is not >what I want, but it is a start at least. Then I can get the user Roles >issue resolved. I guess I misunderstood your first mail then. >I am very grateful for your help! >This JAAS has been so difficult! Yes, everything would be much easier without security :-) Regards /Mikael >-----Original Message----- >From: Mikael Eriksson [mailto:[EMAIL PROTECTED] >Sent: Thursday, April 03, 2003 11:17 AM >To: Struts Users Mailing List >Cc: Knutson, Mick >Subject: Re: [OT] EXTREMELY URGENT: JBoss JAAS/Container Security issue > > >Hello! > >Try changing this line in login-config.xml > > <module-option name = "rolesQuery">SELECT user_roles, >user_group FROM USER_ROLES WHERE USERNAME=?</module-option> > >To > > <module-option name = "rolesQuery">SELECT user_roles, 'Roles' FROM >USER_ROLES WHERE USERNAME=?</module-option> > >or change the value of user_group in all rows to "Roles". > >My understanding of the second parameter that the rolesquery should return >is that >you can somhow categorize users in diffent ways, but that the default >user/role handling >should return "Roles". > > >It also sounds like you might have misunderstood how the "run-as" identity >is used. >That identity does not affect the callers of a bean or who can call it, it >says that >when the bean tries to access other beans it will do so with the run-as >identity. >This is so you can define beans that only can be called by "internal" >identities so >that noone can call them directly from the outside. > >Regards >/Mikael --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
