And a second question :-)
What's the scope of the login ?
With logging into the appserver using the InitialContext it's reasonably
obvious - any lookups I perform using the InitialContext (and any methods I
invoke on those things I look up etc etc).
But what's the scope of the JAAS login ? I can't see how it could be
anything other than the entire JVM (which appears to be far, far, worse than
the InitialContext approach so-called kludge).
-----Original Message-----
From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
Sent: 06 December 2000 13:02
To: jBoss
Subject: Re[2]: [jBoss-User] Security
Hi Edward,
Have you read the following message?
http://www.mail-archive.com/[email protected]/msg04170.html
It not, please, read and if you will have any questions after that,
let me know.
Oleg.
Kenworthy, Edward wrote:
KE> Actually I'll amend this question if I may :-)
KE> I've read and understood all the JAAS stuff (Although it's not clear to
me
KE> how my LoginContext is bound to accessing the EJBs, as Rickard has asked
KE> before, what is the scope ? Why quesiton is, what is the scope and how
do I
KE> set it ?).
KE> So for example I now know that to logon I use:
KE> Subject edward = new Subject();
KE> edward.getPrincipals().add(new Principal("Customer"));
KE> edward.getPublicCredentials().add("mypassword");
KE> try
KE> {
KE> LoginContext edwardLC = new
LoginContext("EdwardKenworthy",
KE> edward);
KE> LC.login();
KE> }
KE> catch (LoginException le)
KE> {
KE> // oops
KE> }
KE> However, if all I do is this then I get a "java.lang.SecurityException:
KE> Unable to locate login configuration".
KE> Which makes sense, but now we are into the realms of jBoss specifics.
What
KE> jBoss JAAS login configuration should I be using for my client ? And how
do
KE> I set it up ?
KE> This then leads me onto a related question, for jBoss's implementation
of
KE> JAAS (org.jboss.security.JaasSecurity*.java), how do I manage (CRUD)
users,
KE> credentials(passwords) and roles ?
KE> If there's any sample/test client and admin-client code (presumably you
KE> wrote such things whilst implementing it) could you make the source
KE> available so I can dissect it and work out what to do ? (You never know
I
KE> might even write it up as a HOWTO ;-)
KE> Quivering in anticipation
KE> Edward
KE> -----Original Message-----
KE> From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
KE> Sent: 06 December 2000 10:38
KE> To: 'jBoss'
KE> Subject: RE: [jBoss-User] Security
KE> Ah, ok, now I understand. Thanks.
KE> Just one last question :-)
KE> If I do what Toby suggested in his original post, ie use JAAS and set
the
KE> two tags <authentication-module> and <role-mapping-manager> to
KE> java:/jaas/other then have you any pointers to where I look to find out
how
KE> the client logs on, and how I manage users/passwords/roles. I'm reading
my
KE> way through the documentation available on the javasoft site,
KE> http://java.sun.com/products/jaas/, but so far that seems to be focused
on
KE> a) general overview and justification and b) implementers of JAAS (but
KE> perhaps I just haven't found the right bit yet).
KE> Edward
KE> -----Original Message-----
KE> From: Rickard �berg [mailto:[EMAIL PROTECTED]]
KE> Sent: 05 December 2000 15:30
KE> To: jBoss
KE> Subject: Re: [jBoss-User] Security
KE> Hi!
KE> "Kenworthy, Edward" wrote:
>> Really ?
KE> Really ;-)
>> Wow and ouch, I thought it worked like this:
>>
>> 1/ get initial context, sets up caller principle.
>> 2/ lookup bean.
>> 3/ try and invoke a method, app server checks caller principle for
>> permission.
>>
>> If it works like this, then passing around a reference isn't a problem as
KE> it
>> will use your permissions, not any associated with the reference.
KE> Depends on what you mean by "sets up caller principal" (note spelling
KE> BTW). What is it's scope? The thread? The JVM? The current context
KE> classloader? The threadgroup? All valid options, in some sense, but with
KE> wildly different semantics.
>> Anyone, assuming you're right ;-), how do I "log-on" to the app server ?
KE> 1) Use some proprietary mechanism
KE> 2) Use J2EE-valid client containers, i.e. servlets, which has a standard
KE> authentication method
KE> 3) Use JAAS
KE> /Rickard
Best regards,
Oleg
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
