Ah ha! So "logging in" to the server doesn't actually perform any
authentication !
That now makes sense (well it makes sense of what's happening, doesn't
necessarily make sense that the server doesn't authenticate on login ;)
Edward
-----Original Message-----
From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
Sent: 06 December 2000 16:12
To: jBoss
Subject: Re[4]: [jBoss-User] Security
Hi Edward,
Kenworthy, Edward wrote:
KE> I can now login using:
KE> try
KE> {
KE> LoginContext yuleLogin = new LoginContext("TestClient", new
KE> ConsoleCallbackHandler());
KE> System.out.println("Created LoginContext.");
KE> yuleLogin.login();
Just put here some code for access to one of your beans, if you
immediately want to know if the authentication succeed.
The authentication is performed on the first bean method invocation.
Or you may add your own client LoginModule after the jBoss one that
reads some info about the current user from the server - it would also
enforce the authentication.
Regards,
Oleg
KE> System.out.println("Login success YAHOO!");
KE> }
KE> catch (LoginException le)
KE> {
KE> System.out.println("Login failed :(");
KE> le.printStackTrace();
KE> }
KE> And this works (ie I get the message "Login success YAHOO!").
KE> The problem I have is that it works even though jBoss isn't running ! It
KE> also works regardless of what I put in for username and password (I
thought
KE> the SimpleServerLoginModule checked they were the same ?)
KE> So, it's still not working, it's just not working in a different way now
:-)
KE> -----Original Message-----
KE> From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
KE> Sent: 06 December 2000 13:02
KE> To: jBoss
KE> Subject: Re[2]: [jBoss-User] Security
KE> Hi Edward,
KE> Have you read the following message?
KE>
http://www.mail-archive.com/[email protected]/msg04170.html
KE> It not, please, read and if you will have any questions after that,
KE> let me know.
KE> Oleg.
KE> Kenworthy, Edward wrote:
KE>> Actually I'll amend this question if I may :-)
KE>> I've read and understood all the JAAS stuff (Although it's not clear to
KE> me
KE>> how my LoginContext is bound to accessing the EJBs, as Rickard has
asked
KE>> before, what is the scope ? Why quesiton is, what is the scope and how
KE> do I
KE>> set it ?).
KE>> So for example I now know that to logon I use:
KE>> Subject edward = new Subject();
KE>> edward.getPrincipals().add(new Principal("Customer"));
KE>> edward.getPublicCredentials().add("mypassword");
KE>> try
KE>> {
KE>> LoginContext edwardLC = new
KE> LoginContext("EdwardKenworthy",
KE>> edward);
KE>> LC.login();
KE>> }
KE>> catch (LoginException le)
KE>> {
KE>> // oops
KE>> }
KE>> However, if all I do is this then I get a "java.lang.SecurityException:
KE>> Unable to locate login configuration".
KE>> Which makes sense, but now we are into the realms of jBoss specifics.
KE> What
KE>> jBoss JAAS login configuration should I be using for my client ? And
how
KE> do
KE>> I set it up ?
KE>> This then leads me onto a related question, for jBoss's implementation
KE> of
KE>> JAAS (org.jboss.security.JaasSecurity*.java), how do I manage (CRUD)
KE> users,
KE>> credentials(passwords) and roles ?
KE>> If there's any sample/test client and admin-client code (presumably you
KE>> wrote such things whilst implementing it) could you make the source
KE>> available so I can dissect it and work out what to do ? (You never know
KE> I
KE>> might even write it up as a HOWTO ;-)
KE>> Quivering in anticipation
KE>> Edward
KE>> -----Original Message-----
KE>> From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
KE>> Sent: 06 December 2000 10:38
KE>> To: 'jBoss'
KE>> Subject: RE: [jBoss-User] Security
KE>> Ah, ok, now I understand. Thanks.
KE>> Just one last question :-)
KE>> If I do what Toby suggested in his original post, ie use JAAS and set
KE> the
KE>> two tags <authentication-module> and <role-mapping-manager> to
KE>> java:/jaas/other then have you any pointers to where I look to find out
KE> how
KE>> the client logs on, and how I manage users/passwords/roles. I'm reading
KE> my
KE>> way through the documentation available on the javasoft site,
KE>> http://java.sun.com/products/jaas/, but so far that seems to be focused
KE> on
KE>> a) general overview and justification and b) implementers of JAAS (but
KE>> perhaps I just haven't found the right bit yet).
KE>> Edward
KE>> -----Original Message-----
KE>> From: Rickard �berg [mailto:[EMAIL PROTECTED]]
KE>> Sent: 05 December 2000 15:30
KE>> To: jBoss
KE>> Subject: Re: [jBoss-User] Security
KE>> Hi!
KE>> "Kenworthy, Edward" wrote:
>>> Really ?
KE>> Really ;-)
>>> Wow and ouch, I thought it worked like this:
>>>
>>> 1/ get initial context, sets up caller principle.
>>> 2/ lookup bean.
>>> 3/ try and invoke a method, app server checks caller principle for
>>> permission.
>>>
>>> If it works like this, then passing around a reference isn't a problem
as
KE>> it
>>> will use your permissions, not any associated with the reference.
KE>> Depends on what you mean by "sets up caller principal" (note spelling
KE>> BTW). What is it's scope? The thread? The JVM? The current context
KE>> classloader? The threadgroup? All valid options, in some sense, but
with
KE>> wildly different semantics.
>>> Anyone, assuming you're right ;-), how do I "log-on" to the app server ?
KE>> 1) Use some proprietary mechanism
KE>> 2) Use J2EE-valid client containers, i.e. servlets, which has a
standard
KE>> authentication method
KE>> 3) Use JAAS
KE>> /Rickard
KE> Best regards,
KE> Oleg
KE> --
KE> --------------------------------------------------------------
KE> To subscribe: [EMAIL PROTECTED]
KE> To unsubscribe: [EMAIL PROTECTED]
KE> Problems?: [EMAIL PROTECTED]
KE> --
KE> --------------------------------------------------------------
KE> To subscribe: [EMAIL PROTECTED]
KE> To unsubscribe: [EMAIL PROTECTED]
KE> Problems?: [EMAIL PROTECTED]
Best regards,
Oleg
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
