There is an easier way to acomplish this with JBoss 4.0.3+:
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
View the original post :
http://staging.jboss.com/index.html?module=bbop=viewtopicp=3890810#3890810
Reply to the post :
There is an easier way to acomplish this with JBoss 4.0.3+:
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3944731#3944731
Reply to the post :
You should check the ExtendedFormAuthenticator, available in JBoss 4.0.3+:
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
It's more flexible than the FormAuthValve trick.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3944763#3944763
Reply
You should check the ExtendedFormAuthenticator, available in JBoss 4.0.3+
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3944764#3944764
Reply to the post :
You could use the Wayback Machine (http://www.archive.org) to search for older
versions of these files:
fast_bw.txt
fast_md5.txt
If you have time, please create a SF.net project to keep mantain a version of
this website, thanks:
PL/SQL Cellar
Ricardo
View the original post :
Try Eclipse 3.1 M7 (milestone 7)
www.eclipse.org
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3878470#3878470
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3878470
---
jaejong wrote : When I call IsUserInRole(admin), it returns true on 3.2.6
but false on 4.0.0.
| Are there deferences between two versions?
That's a known 4.0.0 bug, please try 4.0.1 or 4.0.1SP1, the latest release.
Ricardo Arguello
View the original post :
After authenticating with JAAS (posting to j_security_check) Tomcat redirects
you to the page you intended to go in the first place. You can't control which
page to go after you authenticate, If you try to go to /home.jsp and you have
not authenticated yet, you get a login prompt. If you
http://unc.dl.sourceforge.net/sourceforge/jboss/jboss-4.0.1sp1.zip
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3870860#3870860
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3870860
Don't edit the server.xml file. Create a WEB-INF/context.xml file instead, and
define the valve there.
Ricardo Arguello
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3869724#3869724
Reply to the post :
Caching Login Credentials:
http://www.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials
Ricardo Arguello
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3869046#3869046
Reply to the post :
JAVA_HOME should point to the Java SDK path, not to the JBoss path!
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868983#3868983
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3868983
From the docs:
1.1. Downloading and Installing JBoss
http://docs.jboss.org/jbossas/getting_started/startguide40/install.html#d0e60
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868984#3868984
Reply to the post :
Maybe is this bug?
http://bugs.mysql.com/bug.php?id=3611
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868737#3868737
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3868737
JBoss-4.0.1SP1 is the latest release.
Release Notes - JBoss Application Server - Version JBossAS-4.0.1 SP1
http://sourceforge.net/docman/display_doc.php?docid=27004group_id=22866
SP1 Means Service Pack 1.
It's the next release after JBoss 4.0.1
Read more here:
Are you sure it's a SDK?
It looks like you installed a JRE.
Try javac from your command line?
Ricardo
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868808#3868808
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3868808
request.userInRole() only works if your JSP or Servlet is defined as a
protected resource in web.xml
Try to print request.getRemoteUser() in your JSP. If your JSP is not defined as
protected in your web.xml file, it should return null.
Ricardo Arguello
View the original post :
It looks like a known 4.0.0 bug:
http://sourceforge.net/project/shownotes.php?release_id=254646
Try with JBoss 4.0.1 or 4.01SP1
Ricardo Arguello
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868831#3868831
Reply to the post :
Because an oracle.jdbc.pool.OracleDataSource is not a java.sql.Driver!
You don't have to use an OracleDataSource to have a connection pool. JBoss
provides one for you when you define a DataSource. You could change the max and
min size of this pool too. Read the JCA docs.
View the original
I have never used the DBMS_OBFUSCATION_TOOLKIT.
In the past I have created MD5 hashes using this store procedure:
http://cellar.sourceforge.net/plsql/
You just need these 2 files:
http://cellar.sourceforge.net/plsql/fast_bw.txt
http://cellar.sourceforge.net/plsql/fast_md5.txt
Give it a try.
I think your problem is that the DBMS_OBFUSCATION_TOOLKIT.MD5 generates RAW
output.
The string you posted is not HEX. You need to transform from RAW to HEX.
Read more:
http://asktom.oracle.com/pls/ask/f?p=4950:8:F4950_P8_DISPLAYID:95412348059
View the original post :
Yet another example:
http://www.orbwave.com/cfjboss/2005/02/role-based-security-for-your-web.html
Ricardo
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868213#3868213
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3868213
You need to copy the JDBC driver to server/default/lib.
Use the ojdbc14.jar instead of the classes12.zip one.
Ricardo
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868221#3868221
Reply to the post :
Try to raise the logging level for org.jboss.resource and
org.jboss.ejb.plugins.cmp to TRACE. Then check the
server/default/log/server.log file for some clues.
Read the server/default/conf/log4j.xml file for examples.
Also http://www.jboss.org/wiki/Wiki.jsp?page=Logging
View the original
Don't run Ant on the build.xml file. You just need to run build/build.bat or
build/build.sh to build the whole server.
If you are on a module directory, run ./build.sh or build.bat to build just the
module.
Read this
http://www.jboss.org/wiki/Wiki.jsp?page=JBossInstallation
Ricardo
View the
Read this:
Encrypting DataSource Passwords
http://www.jboss.org/wiki/Wiki.jsp?page=EncryptingDataSourcePasswords
Ricardo
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867849#3867849
Reply to the post :
This could also be helpful:
http://www.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves
Ricardo
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867852#3867852
Reply to the post :
You need to hash the password only, not the username concatenated with the
password.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867965#3867965
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3867965
If you want to throw custom LoginExceptions you should code your LoginModule to
extend org.jboss.security.auth.spi.AbstractServerLoginModule instead of using
the org.jboss.security.auth.spi.UsernamePasswordLoginModule.
Use the UsernamePasswordLoginModule as an example of how to code your
You need to add a login page for your web application:
http://www.onjava.com/pub/a/onjava/2002/06/12/form.html
Note that the Realm references don't apply. You need to configure JAAS instead.
Ricardo
View the original post :
The UsernamePasswordLoginModule has to be changed for it to be able to throw
LoginExceptions in the validatePassword() method.
You could create a Request For Enhancement in JIRA:
http://jira.jboss.org/
Read this post:
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867976#3867976
View
I just found this on the Wiki
http://www.jboss.org/wiki/Wiki.jsp?page=Security
Secure EJB and Web Applications:
http://www.csd.abdn.ac.uk/~bscharla/teaching/mtp_software/jboss/secureJBoss.shtml
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3868024#3868024
Please read this post:
http://www.jboss.org/index.html?module=bbop=viewtopicp=3865274
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867848#3867848
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3867848
You need to cast the Connection to
org.jboss.resource.adapter.jdbc.WrappedConnection fist.
Then invoke the getUnderlyingConnection() method to obtain the original
OracleConnection.
If you don't want to import org.jboss.* classes into your project, you could
use the Reflection API to invoke
You could find an example for obtaining the original Connection using the
Reflection API here (Spring Framework's CVS):
http://cvs.sourceforge.net/viewcvs.py/springframework/spring/src/org/springframework/jdbc/support/nativejdbc/JBossNativeJdbcExtractor.java?rev=1.12view=auto
Ricardo
View the
request.getUserPrincipal()
This only works on a secured page
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867333#3867333
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3867333
It look like a problem with your operating system charset.
My last name includes an umlat, and your encoding (EUC_CN) does not support
it.
try this at your command prompt and then build it again:
export LANG=en_US.UTF-8
I'll change the umlats to a normal u if this is a problem for more people.
We use a Cisco 11150:
http://www.cisco.com/en/US/products/hw/contnetw/ps789/ps791/
in front of a couple of Apache HTTP servers, proxying 4 Tomcat instances via
AJP.
Ricardo
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867179#3867179
Reply to the post :
Do you have an Apache Server connecting through AJP to JBoss?
I had a 408 yesterday, it was because of a misconfigured setting using AJP.
Ricardo
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3867081#3867081
Reply to the post :
The window.location trick worked!
I only had to define the error page as not protected.
This is my web.xml:
| ?xml version=1.0 encoding=UTF-8?
|
| !DOCTYPE web-app PUBLIC
|-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN
|http://java.sun.com/dtd/web-app_2_3.dtd;
|
The problem with that aproach is that ALL my application is protected: /*
/login-error.jsp wont be displayed since it is protected also.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3865389#3865389
Reply to the post :
Since the Valve executes around the j_security_check page it cannot have
acces to the Throwable before the j_security_check page is invoked.
I was also looking for a solution, since I'd like to present the error mesage
in the error page, not in another page linked from the error page.
Any
Scott,
I found all the needed code in Apache's CVS. It looks like we have to
copy-paste the org/apache/catalina/authenticator/FormAuthenticator.java code
into a new Authenticator, and then configure Tomcat to use it. It looks like
this is done in the
FIXED:
http://sourceforge.net/tracker/?group_id=22866atid=376685func=detailaid=1067726
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3859652#3859652
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3859652
This bug was fixed in the 3.2.4 version, please upgrade.
[ 864871 ] CMP evals java.sql.Date and java.sql.Timestamp as dirty:
http://sourceforge.net/tracker/?group_id=22866atid=376685func=detailaid=864871
View the original post :
Read the Caller Identity section here:
http://www.jboss.org/wiki/Wiki.jsp?page=ConfigJCALoginModule
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3848315#3848315
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3848315
You are probably using Tomcat's embedded JNDI server without knowing it!
Read this:
http://www.amitysolutions.com.au/documents/JBossTomcatJNDI-technote.pdf
You might start Tomcat with the -nonaming option to disable their JNDI server.
Or you could programatically create an InitialContext with
You don't have to copy ALL the jars!
You just need jboss-3.2.3/client/jbossall-client.jar, but copy it in WEB-INF/lib, not
in %JRE_HOME%/lib/ext
Ricardo Arguello
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3835416#3835416
Reply to the post :
The Oracle JDBC Thin driver is not spec complaint!
They expect you to use the OCI driver, which is a PITA because of the Oracle Client
installation you must do, and horrible TNS configuration headaches. I've had some
problems with hot redeployment when using the OCI driver For me the OCI
DarkLord,
Read this:
Asynchronous queries in J2EE:
http://www.javaranch.com/newsletter/200403/AsynchronousProcessingFromServlets.html
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=3830970#3830970
Reply to the post :
50 matches
Mail list logo