Hi Oleg !
This information was great. Now I just wonder what to put in my jboss.xml.
I'm also curious pn how the Login Information is passed from the client side to the server side. Is the SecurityAssociation still used?
Gustav
-----Original Message-----
From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
Sent: den 6 december 2000 14:02
To: jBoss
Subject: Re[2]: [jBoss-User] Security
Hi Edward,
Have you read the following message?
http://www.mail-archive.com/[email protected]/msg04170.html
It not, please, read and if you will have any questions after that,
let me know.
Oleg.
Kenworthy, Edward wrote:
KE> Actually I'll amend this question if I may :-)
KE> I've read and understood all the JAAS stuff (Although it's not clear to me
KE> how my LoginContext is bound to accessing the EJBs, as Rickard has asked
KE> before, what is the scope ? Why quesiton is, what is the scope and how do I
KE> set it ?).
KE> So for example I now know that to logon I use:
KE> Subject edward = new Subject();
KE> edward.getPrincipals().add(new Principal("Customer"));
KE> edward.getPublicCredentials().add("mypassword");
KE> try
KE> {
KE> LoginContext edwardLC = new LoginContext("EdwardKenworthy",
KE> edward);
KE> LC.login();
KE> }
KE> catch (LoginException le)
KE> {
KE> // oops
KE> }
KE> However, if all I do is this then I get a "java.lang.SecurityException:
KE> Unable to locate login configuration".
KE> Which makes sense, but now we are into the realms of jBoss specifics. What
KE> jBoss JAAS login configuration should I be using for my client ? And how do
KE> I set it up ?
KE> This then leads me onto a related question, for jBoss's implementation of
KE> JAAS (org.jboss.security.JaasSecurity*.java), how do I manage (CRUD) users,
KE> credentials(passwords) and roles ?
KE> If there's any sample/test client and admin-client code (presumably you
KE> wrote such things whilst implementing it) could you make the source
KE> available so I can dissect it and work out what to do ? (You never know I
KE> might even write it up as a HOWTO ;-)
KE> Quivering in anticipation
KE> Edward
KE> -----Original Message-----
KE> From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
KE> Sent: 06 December 2000 10:38
KE> To: 'jBoss'
KE> Subject: RE: [jBoss-User] Security
KE> Ah, ok, now I understand. Thanks.
KE> Just one last question :-)
KE> If I do what Toby suggested in his original post, ie use JAAS and set the
KE> two tags <authentication-module> and <role-mapping-manager> to
KE> java:/jaas/other then have you any pointers to where I look to find out how
KE> the client logs on, and how I manage users/passwords/roles. I'm reading my
KE> way through the documentation available on the javasoft site,
KE> http://java.sun.com/products/jaas/, but so far that seems to be focused on
KE> a) general overview and justification and b) implementers of JAAS (but
KE> perhaps I just haven't found the right bit yet).
KE> Edward
KE> -----Original Message-----
KE> From: Rickard �berg [mailto:[EMAIL PROTECTED]]
KE> Sent: 05 December 2000 15:30
KE> To: jBoss
KE> Subject: Re: [jBoss-User] Security
KE> Hi!
KE> "Kenworthy, Edward" wrote:
>> Really ?
KE> Really ;-)
>> Wow and ouch, I thought it worked like this:
>>
>> 1/ get initial context, sets up caller principle.
>> 2/ lookup bean.
>> 3/ try and invoke a method, app server checks caller principle for
>> permission.
>>
>> If it works like this, then passing around a reference isn't a problem as
KE> it
>> will use your permissions, not any associated with the reference.
KE> Depends on what you mean by "sets up caller principal" (note spelling
KE> BTW). What is it's scope? The thread? The JVM? The current context
KE> classloader? The threadgroup? All valid options, in some sense, but with
KE> wildly different semantics.
>> Anyone, assuming you're right ;-), how do I "log-on" to the app server ?
KE> 1) Use some proprietary mechanism
KE> 2) Use J2EE-valid client containers, i.e. servlets, which has a standard
KE> authentication method
KE> 3) Use JAAS
KE> /Rickard
Best regards,
Oleg
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
