Hi Mark,
On Saturday 09 December 2000 05:21, marc fleury wrote:
> |-----Original Message-----
> |From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
> |Sent: Thursday, December 07, 2000 12:20 AM
> |To: 'jBoss'
> |Subject: RE: Re[4]: [jBoss-User] Security
> |
> |
> |Ah ha! So "logging in" to the server doesn't actually perform any
> |authentication !
>
> sure, please fix it!
Please, don't!
How about the idea to have a stateless server?
If a user "logs in" in the common sense, the server becomes stateful.
Now authentication is performed on each method call,
and this is good IMHO.
Regards,
Oleg
> |That now makes sense (well it makes sense of what's happening, doesn't
> |necessarily make sense that the server doesn't authenticate on login ;)
> |
> |Edward
> |
> |-----Original Message-----
> |From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
> |Sent: 06 December 2000 16:12
> |To: jBoss
> |Subject: Re[4]: [jBoss-User] Security
> |
> |
> |Hi Edward,
> |
> |Kenworthy, Edward wrote:
> |KE> I can now login using:
> |
> |KE> try
> |KE> {
> |KE> LoginContext yuleLogin = new LoginContext("TestClient", new
> |KE> ConsoleCallbackHandler());
> |
> |KE> System.out.println("Created LoginContext.");
> |KE> yuleLogin.login();
> |Just put here some code for access to one of your beans, if you
> |immediately want to know if the authentication succeed.
> |The authentication is performed on the first bean method invocation.
> |Or you may add your own client LoginModule after the jBoss one that
> |reads some info about the current user from the server - it would also
> |enforce the authentication.
> |
> |Regards,
> | Oleg
> |
> |
> |KE> System.out.println("Login success YAHOO!");
> |KE> }
> |KE> catch (LoginException le)
> |KE> {
> |KE> System.out.println("Login failed :(");
> |KE> le.printStackTrace();
> |KE> }
> |
> |KE> And this works (ie I get the message "Login success YAHOO!").
> |
> |KE> The problem I have is that it works even though jBoss isn't
> |running ! It
> |KE> also works regardless of what I put in for username and password (I
> |thought
> |KE> the SimpleServerLoginModule checked they were the same ?)
> |
> |KE> So, it's still not working, it's just not working in a
> |different way now
> |
> |:-)
> |
> |KE> -----Original Message-----
> |KE> From: Oleg Nitz [mailto:[EMAIL PROTECTED]]
> |KE> Sent: 06 December 2000 13:02
> |KE> To: jBoss
> |KE> Subject: Re[2]: [jBoss-User] Security
> |
> |
> |KE> Hi Edward,
> |
> |KE> Have you read the following message?
> |KE>
> |http://www.mail-archive.com/[email protected]/msg04170.html
> |
> |KE> It not, please, read and if you will have any questions after that,
> |KE> let me know.
> |
> |KE> Oleg.
> |
> |KE> Kenworthy, Edward wrote:
> |KE>> Actually I'll amend this question if I may :-)
> |
> |KE>> I've read and understood all the JAAS stuff (Although it's
> |not clear to
> |KE> me
> |KE>> how my LoginContext is bound to accessing the EJBs, as Rickard has
> |asked
> |KE>> before, what is the scope ? Why quesiton is, what is the scope and
> | how KE> do I
> |KE>> set it ?).
> |
> |KE>> So for example I now know that to logon I use:
> |
> |KE>> Subject edward = new Subject();
> |KE>> edward.getPrincipals().add(new Principal("Customer"));
> |KE>> edward.getPublicCredentials().add("mypassword");
> |
> |KE>> try
> |KE>> {
> |KE>> LoginContext edwardLC = new
> |KE> LoginContext("EdwardKenworthy",
> |KE>> edward);
> |KE>> LC.login();
> |KE>> }
> |KE>> catch (LoginException le)
> |KE>> {
> |KE>> // oops
> |KE>> }
> |
> |KE>> However, if all I do is this then I get a
> |"java.lang.SecurityException:
> |KE>> Unable to locate login configuration".
> |
> |KE>> Which makes sense, but now we are into the realms of jBoss specifics.
> |KE> What
> |KE>> jBoss JAAS login configuration should I be using for my client ? And
> |how
> |KE> do
> |KE>> I set it up ?
> |
> |KE>> This then leads me onto a related question, for jBoss's
> | implementation KE> of
> |KE>> JAAS (org.jboss.security.JaasSecurity*.java), how do I manage (CRUD)
> |KE> users,
> |KE>> credentials(passwords) and roles ?
> |
> |KE>> If there's any sample/test client and admin-client code
> |(presumably you
> |KE>> wrote such things whilst implementing it) could you make the source
> |KE>> available so I can dissect it and work out what to do ? (You
> |never know
> |KE> I
> |KE>> might even write it up as a HOWTO ;-)
> |
> |KE>> Quivering in anticipation
> |
> |KE>> Edward
> |
> |KE>> -----Original Message-----
> |KE>> From: Kenworthy, Edward [mailto:[EMAIL PROTECTED]]
> |KE>> Sent: 06 December 2000 10:38
> |KE>> To: 'jBoss'
> |KE>> Subject: RE: [jBoss-User] Security
> |
> |
> |KE>> Ah, ok, now I understand. Thanks.
> |
> |KE>> Just one last question :-)
> |
> |KE>> If I do what Toby suggested in his original post, ie use JAAS and set
> |KE> the
> |KE>> two tags <authentication-module> and <role-mapping-manager> to
> |KE>> java:/jaas/other then have you any pointers to where I look
> |to find out
> |KE> how
> |KE>> the client logs on, and how I manage users/passwords/roles.
> |I'm reading
> |KE> my
> |KE>> way through the documentation available on the javasoft site,
> |KE>> http://java.sun.com/products/jaas/, but so far that seems to
> |be focused
> |KE> on
> |KE>> a) general overview and justification and b) implementers of JAAS
> | (but KE>> perhaps I just haven't found the right bit yet).
> |
> |KE>> Edward
> |
> |KE>> -----Original Message-----
> |KE>> From: Rickard �berg [mailto:[EMAIL PROTECTED]]
> |KE>> Sent: 05 December 2000 15:30
> |KE>> To: jBoss
> |KE>> Subject: Re: [jBoss-User] Security
> |
> |
> |KE>> Hi!
> |
> |KE>> "Kenworthy, Edward" wrote:
> |>>> Really ?
> |
> |KE>> Really ;-)
> |
> |>>> Wow and ouch, I thought it worked like this:
> |>>>
> |>>> 1/ get initial context, sets up caller principle.
> |>>> 2/ lookup bean.
> |>>> 3/ try and invoke a method, app server checks caller principle for
> |>>> permission.
> |>>>
> |>>> If it works like this, then passing around a reference isn't a problem
> |
> |as
> |KE>> it
> |
> |>>> will use your permissions, not any associated with the reference.
> |
> |KE>> Depends on what you mean by "sets up caller principal" (note spelling
> |KE>> BTW). What is it's scope? The thread? The JVM? The current context
> |KE>> classloader? The threadgroup? All valid options, in some sense, but
> |with
> |KE>> wildly different semantics.
> |
> |>>> Anyone, assuming you're right ;-), how do I "log-on" to the
> |
> |app server ?
> |
> |KE>> 1) Use some proprietary mechanism
> |KE>> 2) Use J2EE-valid client containers, i.e. servlets, which has a
> |standard
> |KE>> authentication method
> |KE>> 3) Use JAAS
> |
> |KE>> /Rickard
> |
> |
> |
> |
> |KE> Best regards,
> |KE> Oleg
> |
> |
> |
> |
> |KE> --
> |KE> --------------------------------------------------------------
> |KE> To subscribe: [EMAIL PROTECTED]
> |KE> To unsubscribe: [EMAIL PROTECTED]
> |KE> Problems?: [EMAIL PROTECTED]
> |
> |
> |KE> --
> |KE> --------------------------------------------------------------
> |KE> To subscribe: [EMAIL PROTECTED]
> |KE> To unsubscribe: [EMAIL PROTECTED]
> |KE> Problems?: [EMAIL PROTECTED]
> |
> |
> |
> |
> |Best regards,
> | Oleg
> |
> |
> |
> |
> |--
> |--------------------------------------------------------------
> |To subscribe: [EMAIL PROTECTED]
> |To unsubscribe: [EMAIL PROTECTED]
> |Problems?: [EMAIL PROTECTED]
> |
> |
> |--
> |--------------------------------------------------------------
> |To subscribe: [EMAIL PROTECTED]
> |To unsubscribe: [EMAIL PROTECTED]
> |Problems?: [EMAIL PROTECTED]
>
> --
> --------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
