[JBoss-dev] CVS update: manual/src/docs howtojaas.xml
User: starksm Date: 01/06/19 07:22:55 Modified:src/docs howtojaas.xml Log: Update the examples archive link Revision ChangesPath 1.9 +4 -4 manual/src/docs/howtojaas.xml Index: howtojaas.xml === RCS file: /cvsroot/jboss/manual/src/docs/howtojaas.xml,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- howtojaas.xml 2001/05/31 04:50:35 1.8 +++ howtojaas.xml 2001/06/19 14:22:55 1.9 @@ -417,7 +417,7 @@ are going to secure, along with a simple client that accesses instances of the session beans. Also shown is a simple servlet that accesses one of the EJBs. The complete source code along with deployment descriptors and -an Ant build script is available ulink url = http://www.jboss.org/documentation/files/jaas-howto.zip;JAAS-Howto Files/ulink. +an Ant build script is available ulink url = http://www.jboss.org/doco_files/jaas-howto.zip;JAAS-Howto Files/ulink. /para figure id = Session.java titleThe Session Beans Remote Interface/title @@ -650,7 +650,7 @@ passed in on the command line. @author [EMAIL PROTECTED] -@version $Revision: 1.8 $ +@version $Revision: 1.9 $ */ public class SessionClient { @@ -900,7 +900,7 @@ a secured J2EE ear made up of the EJBs and servlet shown in the preceeding figures. I'll walk you through the build of two different versions of the ears using Ant and the build.xml file contained in the tutorial files bundle. -The files bundle is available from ulink url = http://www.jboss.org/documentation/files/jaas-howto.zip;JAAS-Howto Files/ulink./para +The files bundle is available from ulink url = http://www.jboss.org/doco_files/jaas-howto.zip;JAAS-Howto Files/ulink./para procedure titleDeployment Steps/title step @@ -922,7 +922,7 @@ /step step paraDownload the tutorial files bundle. If you have not already, download -the tutorial files from here: ulink url = http://www.jboss.org/documentation/files/jaas-howto.zip;JAAS-Howto Files/ulink. +the tutorial files from here: ulink url = http://www.jboss.org/doco_files/jaas-howto.zip;JAAS-Howto Files/ulink. Unpack the archive to create a jaas directory with the contents shown in xref linkend = jaas.files/.figure id = jaas.files titleJAAS Tutorial Files/title mediaobject ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: manual/src/docs howtojaas.xml
User: starksm Date: 01/05/01 11:21:45 Modified:src/docs howtojaas.xml Log: Update the tutorial to better demonstrate the method permission usage Revision ChangesPath 1.7 +227 -73 manual/src/docs/howtojaas.xml Index: howtojaas.xml === RCS file: /cvsroot/jboss/manual/src/docs/howtojaas.xml,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- howtojaas.xml 2001/05/01 01:33:24 1.6 +++ howtojaas.xml 2001/05/01 18:21:45 1.7 @@ -403,6 +403,7 @@ public interface Session extends EJBObject { public String echo(String arg) throws RemoteException; +public void noop() throws RemoteException; }/programlisting /figure figure id = SessionHome.java @@ -461,6 +462,12 @@ System.out.println(StatelessSessionBean.echo, callerPrincipal=+p); return arg; } +public void noop() throws RemoteException +{ +System.out.println(StatelessSessionBean.noop); +Principal p = sessionContext.getCallerPrincipal(); +System.out.println(StatelessSessionBean.noop, callerPrincipal=+p); +} }/programlisting /figure @@ -510,6 +517,13 @@ System.out.println(StatefulSessionBean.echo, callerPrincipal=+p); return arg; } +public void noop() throws RemoteException +{ +System.out.println(StatefulSessionBean.noop); +Principal p = sessionContext.getCallerPrincipal(); +System.out.println(StatefulSessionBean.noop, callerPrincipal=+p); +} + }/programlisting /figure figure id = ejb-jar.xml @@ -554,15 +568,28 @@ ejb-nameStatelessSession/ejb-name method-name*/method-name /method +method +ejb-nameStatefulSession/ejb-name +method-name*/method-name +/method /method-permission method-permission -role-nameEcho/role-name +role-nameCoder/role-name method ejb-nameStatefulSession/ejb-name -method-name*/method-name +method-namecreate/method-name +/method +method +ejb-nameStatefulSession/ejb-name +method-nameremove/method-name +/method +method +ejb-nameStatefulSession/ejb-name +method-namenoop/method-name /method /method-permission + /assembly-descriptor /ejb-jar ]]/programlisting @@ -580,7 +607,7 @@ where ${jboss_home} is the location of your JBoss distribution. @author [EMAIL PROTECTED] -@version $Revision: 1.6 $ +@version $Revision: 1.7 $ */ public class SessionClient { @@ -647,11 +674,21 @@ System.out.println(Created StatelessSession); System.out.println(Bean.echo('Hello') - +bean.echo(Hello)); bean.remove(); +} +catch(Exception e) +{ +e.printStackTrace(); +} -home = (SessionHome) iniContext.lookup(StatefulSession); +try +{ +InitialContext iniContext = new InitialContext(); +SessionHome home = (SessionHome) iniContext.lookup(StatefulSession); System.out.println(Found StatefulSessionHome); -bean = home.create(); +Session bean = home.create(); System.out.println(Created StatefulSession); +bean.noop(); +System.out.println(Bean.noop() called); System.out.println(Bean.echo('Hello') - +bean.echo(Hello)); bean.remove(); } @@ -669,6 +706,7 @@ establishes the username and password that is sent to JBoss. Now, finally let's put everything together and deploy the session bean./para /section + section id = jaas5 titleDeploying a Bean with Security/title paraThis section details the procedure for building, deploying and testing @@ -761,7 +799,8 @@ fresh build from cvs and jboss_home=/tmp/cvs/jboss/dist. /para literallayout - commandhowto-jaas 1055export jboss_home=/tmp/cvs/jboss/dist + command![CDATA[ +howto-jaas 1055export jboss_home=/tmp/cvs/jboss/dist howto-jaas 1056export CLASSPATH=${jboss_home}/client/jaas.jar howto-jaas 1057CLASSPATH=${CLASSPATH};${jboss_home}/client/ejb.jar howto-jaas 1058CLASSPATH=${CLASSPATH};${jboss_home}/client/jnp-client.jar @@ -770,13 +809,14 @@
[JBoss-dev] CVS update: manual/src/docs howtojaas.xml
User: starksm Date: 01/04/30 18:33:24 Modified:src/docs howtojaas.xml Log: Fix typos in ejb-jar.xml descriptor and StatefulSessionBean.java Add a link to the tutorial files bundle. Revision ChangesPath 1.6 +11 -7 manual/src/docs/howtojaas.xml Index: howtojaas.xml === RCS file: /cvsroot/jboss/manual/src/docs/howtojaas.xml,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- howtojaas.xml 2001/04/25 12:39:29 1.5 +++ howtojaas.xml 2001/05/01 01:33:24 1.6 @@ -1,5 +1,5 @@ ?xml version = 1.0 encoding = UTF-8? -section id=howtojaas +section id = howtojaas titleJAAS Based Security in JBoss/title subtitleCustom Security in JBoss Using the JBossSX Framework/subtitle paraAuthor:author @@ -11,7 +11,7 @@ para note paraThe JBossSX framework is a new addition to JBoss that requires a -cvs snapshot that is latter than March 4 2001, or the JBoss-2.1 final binary./para +cvs snapshot that is latter than March 4 2001, or the JBoss-2.2.1 or later binary release./para /note /para section id = Introduction @@ -485,7 +485,7 @@ public void ejbActivate() throws RemoteException { -System.out.println(StatelessSessionBean.ejbActivate() called); +System.out.println(StatefulSessionBean.ejbActivate() called); } public void ejbPassivate() throws RemoteException @@ -537,7 +537,7 @@ ejb-nameStatefulSession/ejb-name homeSessionHome/home remoteSession/remote -ejb-classStatelessSessionBean/ejb-class +ejb-classStatefulSessionBean/ejb-class session-typeStateful/session-type transaction-typeContainer/transaction-type /session @@ -580,7 +580,7 @@ where ${jboss_home} is the location of your JBoss distribution. @author [EMAIL PROTECTED] -@version $Revision: 1.5 $ +@version $Revision: 1.6 $ */ public class SessionClient { @@ -675,7 +675,11 @@ the secured ejb-jar. The steps I'll go through are on a windows 2000 box using the cygwin port of the GNU tools, so most things will look like unix with the exception of -the ';' path separator used in the java classpath./para +the ';' path separator used in the java classpath. The steps are shown in some detail +using the source presented in this howto document's figures. If you not interested in +this level of detail you can download a bundle of the source files that includes an Ant +build script that performs the steps detailed in the following sections. The files bundle is +available from ulink url = http://www.jboss.org/documentation/files/jaas-howto.zip;JAAS-Howto Files/ulink./para procedure titleDeployment Steps/title step @@ -859,7 +863,7 @@ [Service Control] Registered with server [Service Control] Initializing 24 MBeans .../computeroutput -emphasis[Auto deploy] Starting + emphasis[Auto deploy] Starting [Auto deploy] Watching D:\tmp\cvs\jboss\dist\deploy [Auto deploy] Auto deploy of file:/D:/tmp/cvs/jboss/dist/deploy/ssbean.jar [J2EE Deployer Default] Deploy J2EE application: file:/D:/tmp/cvs/jboss/dist/deploy/ssbean.jar ___ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
[JBoss-dev] CVS update: manual/src/docs howtojaas.xml
User: alborini Date: 01/04/25 05:39:29 Modified:src/docs howtojaas.xml Log: - added section id for xref - corrected a few typos Revision ChangesPath 1.5 +22 -20manual/src/docs/howtojaas.xml Index: howtojaas.xml === RCS file: /cvsroot/jboss/manual/src/docs/howtojaas.xml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- howtojaas.xml 2001/03/22 19:58:56 1.4 +++ howtojaas.xml 2001/04/25 12:39:29 1.5 @@ -1,5 +1,5 @@ ?xml version = 1.0 encoding = UTF-8? -section +section id=howtojaas titleJAAS Based Security in JBoss/title subtitleCustom Security in JBoss Using the JBossSX Framework/subtitle paraAuthor:author @@ -21,7 +21,7 @@ for both the standard declarative J2EE security model as well as custom JAAS Subject based security. It should be sufficient to allow you to configure a simple security setup for testing and also give you a good start to being -able to inegrate your own custom security implementation into JBoss. For +able to integrate your own custom security implementation into JBoss. For a more detailed description of the JBossSX framework see the JBossSX chapter./para @@ -62,13 +62,13 @@ titleSecurity Model Overview/title paraThe security model in JBoss is based on the server container architecture's pluggable method interceptors and the fact that the container factory always -inserts security interceptor(org.jboss.ejb.plugins.SecurityInterceptor). +inserts the security interceptor (org.jboss.ejb.plugins.SecurityInterceptor). The SecurityInterceptor delegates the tasks of principal authentication -and and principal role mapping to two different security interfaces; +and principal role mapping to two different security interfaces: org.jboss.security.EJBSecurityManager and org.jboss.security.RealmMapping. JBoss includes a number of sample implementations of both interfaces which can be found in the org.jboss.security.plugins.samples package./para - paraThe default security implementation that comes pre-configured is JMX service + paraThe default security implementation that comes pre-configured consists of a JMX service bean and a JAAS based implementation of both interfaces. The JMX bean is org.jboss.security.plugins.JaasSecurityManagerService and the security interfaces implementation is org.jboss.security.plugins.JaasSecurityManager. @@ -116,7 +116,7 @@ /itemizedlist section titlesecurity-domain/title - paraThe security-domain element specifies the an implementation of both the + paraThe security-domain element specifies an implementation of both the org.jboss.security.RealmMapping and org.jboss.security.EJBSecurityManager interfaces to use for all J2EE deployment units in the ear or ejb-jar. The value is specified as the JNDI name where the object is located. @@ -173,7 +173,7 @@ /calloutlist paraHere we are assigning a global security manager for all beans to the the object located at java:/jaas/other and we are setting a different -role mapping manager for the quoteStandard Stateless SessionBean/quotecontainer. This means that any stateless session beans bundled in the +role mapping manager for the quoteStandard Stateless SessionBean/quote container. This means that any stateless session beans bundled in the ear or jar will use the RealmMapper located at java:/jaas/session-roles rather the the security-domain element setting. We will see the reason for choosing JNDI names of the form java:/jaas/XXX @@ -224,7 +224,7 @@ /section section id = jaas3 titleUsing JaasSecurityManager/title - paraAs you would expect, the JaasSecurityManager uses JAAS(Java Authentication and + paraAs you would expect, the JaasSecurityManager uses JAAS (Java Authentication and Authorization Service) to implement both the user authentication and role mapping function of the RealmMapping and EJBSecurityManager interfaces. It does this by creating a JAAS Subject using the javax.security.auth.login.LoginContext mechanism. When @@ -264,18 +264,18 @@ configured LoginModules for the security domain./para /callout /calloutlist - paraIf your familiar JAAS, you'll see that the name that was used in the creation of + paraIf you are familiar JAAS, you'll see that the name that was used in the creation of the JaasSecurityManager correlates with the LoginContext Configuration name. The JAAS LoginContext object looks to a
[JBoss-dev] CVS update: manual/src/docs howtojaas.xml
User: starksm Date: 01/03/22 11:58:56 Modified:src/docs howtojaas.xml Log: Make a clear distinction between the server and client versions of the auth.conf file. Revision ChangesPath 1.4 +52 -11manual/src/docs/howtojaas.xml Index: howtojaas.xml === RCS file: /cvsroot/jboss/manual/src/docs/howtojaas.xml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- howtojaas.xml 2001/03/21 08:30:20 1.3 +++ howtojaas.xml 2001/03/22 19:58:56 1.4 @@ -230,7 +230,10 @@ a JAAS Subject using the javax.security.auth.login.LoginContext mechanism. When the JaasSecurityManager needs to authenticate a user, it does a JAAS login using the following programmatic steps:/para - programlistingPrincipal principal = ... passed in by SecurityInterceptor;co id = "jaas.principal"/Object credential = ... passed in by SecurityInterceptor;co id = "jaas.credential"//* Access the security domain to which the security manager is bound. This is + programlisting![CDATA[ +Principal principal = ... passed in by SecurityInterceptor;]]co id = "jaas.principal"/![CDATA[ +Object credential = ... passed in by SecurityInterceptor;]]co id = "jaas.credential"/![CDATA[ +/* Access the security domain to which the security manager is bound. This is the xyz component of java:/jaas/xyz name used when defining the security-domain or role-mapping-manager config elements. */ String name = getSecurityDomain(); @@ -242,7 +245,9 @@ Subject subject = lc.getSubject(); Set subjectGroups = subject.getPrincipals(Group.class); // Get the Group whose name is 'Roles' -Group roles = getGroup(subjectGroups, "Roles");/programlisting +Group roles = getGroup(subjectGroups, "Roles"); + + ]]/programlisting calloutlist callout arearefs = "jaas.principal" paraA Principal is an identity object. Often it represents the username string, @@ -305,11 +310,12 @@ [options] ; };/synopsisSee the JAAS documentation for the complete syntax description. In the JBoss server -auth.conf file there should be an entry like 'other' in the figure below. +auth.conf file there should be an entry like 'other' in xref linkend = "server.auth.conf"/ below. Also shown is a 'session-roles' entry that we have added that specfies two login modules./para - figure id = "auth.conf" - titleThe JBoss Server JAAS Login Config File/title + figure id = "server.auth.conf" + titleThe JBoss Server JAAS Login Config File + ($jboss_home/conf/default/auth.conf)/title programlisting// The default server login module other { // A realistic server login module... @@ -335,7 +341,40 @@ stateless session bean, they will be authenticated by the login modules configured for the 'session-roles' domain. Referring to Figure 1 shows that both the JaasServerLoginModule and RolesLoginModule login modules -will be executed for perform the authentication in this domain.note +will be executed for perform the authentication in this domain./para + paraThere is also a client side version of the auth.conf that is used by the client +connecting to JBoss. It is located in ${jboss_home}/client/auth.conf and the default version contents +are given in xref linkend = "client.auth.conf"/. The key entry here is the 'other' entry that contains +the 'org.jboss.security.ClientLoginModule required;' setting.figure id = "client.auth.conf" + titleThe JBoss Client JAAS Login Config File + ($jboss_home/client/auth.conf)/title + programlistingsrp { +// Example client auth.conf for using the SRPLoginModule +org.jboss.srp.jaas.SRPLoginModule required +password-stacking="useFirstPass" +principalClassName="org.jboss.security.SimplePrincipal" +srpServerJndiName="SRPServerInterface" +debug=true +; + +// jBoss LoginModule +org.jboss.security.ClientLoginModule required +password-stacking="useFirstPass" +; + +// Put your login modules that need jBoss here +}; + +other { +// Put your login modules that work without jBoss here + +// jBoss LoginModule +org.jboss.security.ClientLoginModule required; + +// Put your login modules that need jBoss here +};/programlisting + /figure + note