Hi Peter. Responses inlined.
-Steve [EMAIL PROTECTED] wrote: > On 6 Mar, Stephen Davidson wrote: > >>Hi Peter. >> >>The Application had been checking the information stored in the httpSession to see >if the user had been authenticated. Then the SLSB was checking to see if the >> user was allowed to access the function requested. Btw, the current JAAS >specifications do not currently support the security archictecutre that this >>application needs, so the SLSBs have to do their own. This means that there is no >Authentication for the Container to do, so I had not been using Container >>Authentication/Security. This means that the only subjects/contexts available would >be from the container or application directly. I have not been generating >>them in the past, as they had not been needed on the other application servers. >> >>Btw, the new JBoss security modules may advanced enough that I will be able to >integrate the application's security handling into JBoss (would make life much >>simpler), but right now I am trying to get the current framework ported from Orion >to JBoss. And w/o having to rewrite how security is handled. >> >> > > I don't know about that. From the JMS client perspective nothing has > changed. You loogin via the connection, it is on the JMS server side > that JAAS are used. As far as I can see it the subject will not be > magically propagated. So the bottom line is this: why do your user not > get authenticated. Application authenticates & manages user, not Appserver such as JBoss. So no subject ever created. Does application need to create a User for JMS Server? > > - Have you configured jmsra to use a specific user? Probably not. How do I do so? > - Do you have special destinations for wich that user do not belong to > the correct role. No users configured, and definately no roles configured, as not using JAAS, or Role based security, for that matter. > - Did you happen to refresh you copy in the middle of my commit - > perhaps missing the auth.conf commit, which is verry important. > I was updating when you asked earlier. I checked CVS, and the only thing that was out of date was the messaging/build.sh file and number of files from the Test directory. > I have tested this a million times...it would be typical if the first > that happend to use it stumble om something unexpected. I have this habit of not doing things the way that code was tested for. If I can help come up with testcases, feel free to ask! > > //Peter > >>Thanks, >>Steve >> >> >> -- Stephen Davidson Java Consultant Delphi Consultants, LLC http://www.delphis.com Phone: 214-696-6224 x208 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
