Ahha! Thankyou (scrambles away to start coding;)
-----Original Message-----
From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
Sent: 08 December 2000 13:20
To: jBoss
Subject: Re[6]: [jBoss-User] Security
Hi Edward,
Kenworthy, Edward wrote:
KE> DOH! Of course, I mis-read your post. OK I'll try that.
KE> One more question ;) So to change this and do proper principal to role
KE> mapping I would have to implement a replacement for
SimpleServerLoginModule
KE> ?
Yes, replacement or addition. You can implement LoginModule that
doesn't authenticate, but just maps roles. Then insert new line for
it to auth.conf after SimpleServerLoginModule line.
Best regards,
Oleg
KE> -----Original Message-----
KE> From: Maddison, David [mailto:[EMAIL PROTECTED]]
KE> Sent: 08 December 2000 12:03
KE> To: jBoss
KE> Subject: RE: Re[4]: [jBoss-User] Security
>>> Ah ok, well that leaves me with a puzzle then. I log in as me,
>>> EdwardKenworthy, and my beans have access set to allow the role of
>>> EdwardKenworthy - but I get a security exception when I try. (If I
remove
>>> the security entries from the ejb-jar.xml then, as you would expect, I
KE> can
>>> access them).
>>> This is what led me to the conclusion that username != role. But you're
>>> saying it does ? (I am using username == password).
KE> The only roles you can map to are 'user' and 'guest' therefore the
mapping
KE> to the role of EdwardKenworthy would give a security exception. For
KE> example, my ejb-jar looks like this :
KE> <assembly-descriptor>
KE> <security-role>
KE> <description>gives users access</description>
KE> <role-name>user</role-name>
KE> </security-role>
KE> <method-permission>
KE> <role-name>user</role-name>
KE> <method>
KE> <ejb-name>Module</ejb-name>
KE> <method-name>*</method-name>
KE> </method>
KE> </method-permission>
KE> <container-transaction>
KE> <method>
KE> <ejb-name>Module</ejb-name>
KE> <method-name>*</method-name>
KE> </method>
KE> <trans-attribute>NotSupported</trans-attribute>
KE> </container-transaction>
KE> </assembly-descriptor>
KE> which only gives access to the bean from the guest user. If your using
the
KE> default JAAS security manager with jBoss, then you would log in as
Username
KE> = EdwardKenworthy and password = EdwardKenworthy. This would give you
KE> access to this bean.
KE> BTW as an aside, you can quickly set the login credentials on the client
by
KE> using the following code :
KE> SecurityAssociation.setPrincipal(new
KE> SimplePrincipal("EdwardKenworthy"));
KE> SecurityAssociation.setCredential("EdwardKenworthy".toCharArray());
KE> ...SNIP (Bean access as normal) ....
KE> To use this code you must include the package org.jboss.system.* which
of
KE> course is in the jboss-client.jar.
KE> Not recommended for a production environment though!
KE> David Maddison
KE> << jBoss Evangelist >>
KE> --
KE> --------------------------------------------------------------
KE> To subscribe: [EMAIL PROTECTED]
KE> To unsubscribe: [EMAIL PROTECTED]
KE> Problems?: [EMAIL PROTECTED]
KE> --
KE> --------------------------------------------------------------
KE> To subscribe: [EMAIL PROTECTED]
KE> To unsubscribe: [EMAIL PROTECTED]
KE> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
