OK
I've done everything described in the mail (taking the simplest/default
option) in each case. This didn't actually require me to do very much _ I
subclassed CallbackHandler and removed the EJBSecurityManagerService and
SimpleRealmMappingService entries from jboss.conf. All the other entries
described we're already there.
I can now login using:
try
{
LoginContext yuleLogin = new LoginContext("TestClient", new
ConsoleCallbackHandler());
System.out.println("Created LoginContext.");
yuleLogin.login();
System.out.println("Login success YAHOO!");
}
catch (LoginException le)
{
System.out.println("Login failed :(");
le.printStackTrace();
}
And this works (ie I get the message "Login success YAHOO!").
The problem I have is that it works even though jBoss isn't running ! It
also works regardless of what I put in for username and password (I thought
the SimpleServerLoginModule checked they were the same ?)
So, it's still not working, it's just not working in a different way now :-)
-----Original Message-----
From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
Sent: 06 December 2000 13:02
To: jBoss
Subject: Re[2]: [jBoss-User] Security
Hi Edward,
Have you read the following message?
http://www.mail-archive.com/[email protected]/msg04170.html
It not, please, read and if you will have any questions after that,
let me know.
Oleg.
Kenworthy, Edward wrote:
KE> Actually I'll amend this question if I may :-)
KE> I've read and understood all the JAAS stuff (Although it's not clear to
me
KE> how my LoginContext is bound to accessing the EJBs, as Rickard has asked
KE> before, what is the scope ? Why quesiton is, what is the scope and how
do I
KE> set it ?).
KE> So for example I now know that to logon I use:
KE> Subject edward = new Subject();
KE> edward.getPrincipals().add(new Principal("Customer"));
KE> edward.getPublicCredentials().add("mypassword");
KE> try
KE> {
KE> LoginContext edwardLC = new
LoginContext("EdwardKenworthy",
KE> edward);
KE> LC.login();
KE> }
KE> catch (LoginException le)
KE> {
KE> // oops
KE> }
KE> However, if all I do is this then I get a "java.lang.SecurityException:
KE> Unable to locate login configuration".
KE> Which makes sense, but now we are into the realms of jBoss specifics.
What
KE> jBoss JAAS login configuration should I be using for my client ? And how
do
KE> I set it up ?
KE> This then leads me onto a related question, for jBoss's implementation
of
KE> JAAS (org.jboss.security.JaasSecurity*.java), how do I manage (CRUD)
users,
KE> credentials(passwords) and roles ?
KE> If there's any sample/test client and admin-client code (presumably you
KE> wrote such things whilst implementing it) could you make the source
KE> available so I can dissect it and work out what to do ? (You never know
I
KE> might even write it up as a HOWTO ;-)
KE> Quivering in anticipation
KE> Edward
KE> -----Original Message-----
KE> From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
KE> Sent: 06 December 2000 10:38
KE> To: 'jBoss'
KE> Subject: RE: [jBoss-User] Security
KE> Ah, ok, now I understand. Thanks.
KE> Just one last question :-)
KE> If I do what Toby suggested in his original post, ie use JAAS and set
the
KE> two tags <authentication-module> and <role-mapping-manager> to
KE> java:/jaas/other then have you any pointers to where I look to find out
how
KE> the client logs on, and how I manage users/passwords/roles. I'm reading
my
KE> way through the documentation available on the javasoft site,
KE> http://java.sun.com/products/jaas/, but so far that seems to be focused
on
KE> a) general overview and justification and b) implementers of JAAS (but
KE> perhaps I just haven't found the right bit yet).
KE> Edward
KE> -----Original Message-----
KE> From: Rickard �berg [mailto:[EMAIL PROTECTED]]
KE> Sent: 05 December 2000 15:30
KE> To: jBoss
KE> Subject: Re: [jBoss-User] Security
KE> Hi!
KE> "Kenworthy, Edward" wrote:
>> Really ?
KE> Really ;-)
>> Wow and ouch, I thought it worked like this:
>>
>> 1/ get initial context, sets up caller principle.
>> 2/ lookup bean.
>> 3/ try and invoke a method, app server checks caller principle for
>> permission.
>>
>> If it works like this, then passing around a reference isn't a problem as
KE> it
>> will use your permissions, not any associated with the reference.
KE> Depends on what you mean by "sets up caller principal" (note spelling
KE> BTW). What is it's scope? The thread? The JVM? The current context
KE> classloader? The threadgroup? All valid options, in some sense, but with
KE> wildly different semantics.
>> Anyone, assuming you're right ;-), how do I "log-on" to the app server ?
KE> 1) Use some proprietary mechanism
KE> 2) Use J2EE-valid client containers, i.e. servlets, which has a standard
KE> authentication method
KE> 3) Use JAAS
KE> /Rickard
Best regards,
Oleg
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
