|-----Original Message-----
|From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
|Sent: Thursday, December 07, 2000 12:20 AM
|To: 'jBoss'
|Subject: RE: Re[4]: [jBoss-User] Security
|
|
|Ah ha! So "logging in" to the server doesn't actually perform any
|authentication !
sure, please fix it!
marc
|
|That now makes sense (well it makes sense of what's happening, doesn't
|necessarily make sense that the server doesn't authenticate on login ;)
|
|Edward
|
|-----Original Message-----
|From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
|Sent: 06 December 2000 16:12
|To: jBoss
|Subject: Re[4]: [jBoss-User] Security
|
|
|Hi Edward,
|
|Kenworthy, Edward wrote:
|KE> I can now login using:
|
|KE> try
|KE> {
|KE> LoginContext yuleLogin = new LoginContext("TestClient", new
|KE> ConsoleCallbackHandler());
|
|KE> System.out.println("Created LoginContext.");
|KE> yuleLogin.login();
|Just put here some code for access to one of your beans, if you
|immediately want to know if the authentication succeed.
|The authentication is performed on the first bean method invocation.
|Or you may add your own client LoginModule after the jBoss one that
|reads some info about the current user from the server - it would also
|enforce the authentication.
|
|Regards,
| Oleg
|
|
|KE> System.out.println("Login success YAHOO!");
|KE> }
|KE> catch (LoginException le)
|KE> {
|KE> System.out.println("Login failed :(");
|KE> le.printStackTrace();
|KE> }
|
|KE> And this works (ie I get the message "Login success YAHOO!").
|
|KE> The problem I have is that it works even though jBoss isn't
|running ! It
|KE> also works regardless of what I put in for username and password (I
|thought
|KE> the SimpleServerLoginModule checked they were the same ?)
|
|KE> So, it's still not working, it's just not working in a
|different way now
|:-)
|
|KE> -----Original Message-----
|KE> From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
|KE> Sent: 06 December 2000 13:02
|KE> To: jBoss
|KE> Subject: Re[2]: [jBoss-User] Security
|
|
|KE> Hi Edward,
|
|KE> Have you read the following message?
|KE>
|http://www.mail-archive.com/[email protected]/msg04170.html
|
|KE> It not, please, read and if you will have any questions after that,
|KE> let me know.
|
|KE> Oleg.
|
|KE> Kenworthy, Edward wrote:
|KE>> Actually I'll amend this question if I may :-)
|
|KE>> I've read and understood all the JAAS stuff (Although it's
|not clear to
|KE> me
|KE>> how my LoginContext is bound to accessing the EJBs, as Rickard has
|asked
|KE>> before, what is the scope ? Why quesiton is, what is the scope and how
|KE> do I
|KE>> set it ?).
|
|KE>> So for example I now know that to logon I use:
|
|KE>> Subject edward = new Subject();
|KE>> edward.getPrincipals().add(new Principal("Customer"));
|KE>> edward.getPublicCredentials().add("mypassword");
|
|KE>> try
|KE>> {
|KE>> LoginContext edwardLC = new
|KE> LoginContext("EdwardKenworthy",
|KE>> edward);
|KE>> LC.login();
|KE>> }
|KE>> catch (LoginException le)
|KE>> {
|KE>> // oops
|KE>> }
|
|KE>> However, if all I do is this then I get a
|"java.lang.SecurityException:
|KE>> Unable to locate login configuration".
|
|KE>> Which makes sense, but now we are into the realms of jBoss specifics.
|KE> What
|KE>> jBoss JAAS login configuration should I be using for my client ? And
|how
|KE> do
|KE>> I set it up ?
|
|KE>> This then leads me onto a related question, for jBoss's implementation
|KE> of
|KE>> JAAS (org.jboss.security.JaasSecurity*.java), how do I manage (CRUD)
|KE> users,
|KE>> credentials(passwords) and roles ?
|
|KE>> If there's any sample/test client and admin-client code
|(presumably you
|KE>> wrote such things whilst implementing it) could you make the source
|KE>> available so I can dissect it and work out what to do ? (You
|never know
|KE> I
|KE>> might even write it up as a HOWTO ;-)
|
|KE>> Quivering in anticipation
|
|KE>> Edward
|
|KE>> -----Original Message-----
|KE>> From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
|KE>> Sent: 06 December 2000 10:38
|KE>> To: 'jBoss'
|KE>> Subject: RE: [jBoss-User] Security
|
|
|KE>> Ah, ok, now I understand. Thanks.
|
|KE>> Just one last question :-)
|
|KE>> If I do what Toby suggested in his original post, ie use JAAS and set
|KE> the
|KE>> two tags <authentication-module> and <role-mapping-manager> to
|KE>> java:/jaas/other then have you any pointers to where I look
|to find out
|KE> how
|KE>> the client logs on, and how I manage users/passwords/roles.
|I'm reading
|KE> my
|KE>> way through the documentation available on the javasoft site,
|KE>> http://java.sun.com/products/jaas/, but so far that seems to
|be focused
|KE> on
|KE>> a) general overview and justification and b) implementers of JAAS (but
|KE>> perhaps I just haven't found the right bit yet).
|
|KE>> Edward
|
|KE>> -----Original Message-----
|KE>> From: Rickard �berg [mailto:[EMAIL PROTECTED]]
|KE>> Sent: 05 December 2000 15:30
|KE>> To: jBoss
|KE>> Subject: Re: [jBoss-User] Security
|
|
|KE>> Hi!
|
|KE>> "Kenworthy, Edward" wrote:
|>>> Really ?
|
|KE>> Really ;-)
|
|>>> Wow and ouch, I thought it worked like this:
|>>>
|>>> 1/ get initial context, sets up caller principle.
|>>> 2/ lookup bean.
|>>> 3/ try and invoke a method, app server checks caller principle for
|>>> permission.
|>>>
|>>> If it works like this, then passing around a reference isn't a problem
|as
|KE>> it
|>>> will use your permissions, not any associated with the reference.
|
|KE>> Depends on what you mean by "sets up caller principal" (note spelling
|KE>> BTW). What is it's scope? The thread? The JVM? The current context
|KE>> classloader? The threadgroup? All valid options, in some sense, but
|with
|KE>> wildly different semantics.
|
|>>> Anyone, assuming you're right ;-), how do I "log-on" to the
|app server ?
|
|KE>> 1) Use some proprietary mechanism
|KE>> 2) Use J2EE-valid client containers, i.e. servlets, which has a
|standard
|KE>> authentication method
|KE>> 3) Use JAAS
|
|KE>> /Rickard
|
|
|
|
|KE> Best regards,
|KE> Oleg
|
|
|
|
|KE> --
|KE> --------------------------------------------------------------
|KE> To subscribe: [EMAIL PROTECTED]
|KE> To unsubscribe: [EMAIL PROTECTED]
|KE> Problems?: [EMAIL PROTECTED]
|
|
|KE> --
|KE> --------------------------------------------------------------
|KE> To subscribe: [EMAIL PROTECTED]
|KE> To unsubscribe: [EMAIL PROTECTED]
|KE> Problems?: [EMAIL PROTECTED]
|
|
|
|
|Best regards,
| Oleg
|
|
|
|
|--
|--------------------------------------------------------------
|To subscribe: [EMAIL PROTECTED]
|To unsubscribe: [EMAIL PROTECTED]
|Problems?: [EMAIL PROTECTED]
|
|
|--
|--------------------------------------------------------------
|To subscribe: [EMAIL PROTECTED]
|To unsubscribe: [EMAIL PROTECTED]
|Problems?: [EMAIL PROTECTED]
|
|
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
