[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Authentication in JBoss?

Those two items would do what I need. I assume that getUserPrincipal() returns the same value as getCallerPrincipal()? I guess you could try playing around with web.xml and see if the authentication allows you to access protected resources. View the original post : http://www.jboss.com/index.

[jboss-user] [Security & JAAS/JBoss] - Re: Unexpected Principal (Security Identity) Propagation Swi

This was a configuration error on my part -- it was actually failing (in a non-obvious way) on the first call as well. Please ignore. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027294#4027294 Reply to the post : http://www.jboss.com/index.html?module=bb

[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Authentication in JBoss?

You guys rock. :-) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027291#4027291 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4027291 ___ jboss-user mailing list jboss-user@

[jboss-user] [Security & JAAS/JBoss] - Unexpected Principal (Security Identity) Propagation Switch

I am experiencing a similar (identical?) bug that was reported in http://jira.jboss.com/jira/browse/JBAS-1852?page=com.cenqua.fisheye.jira:fisheye-tabpanel and reported fixed in JBoss 4.0.3. I access a session bean twice from the web tier, as an unauthenticated user. The session bean functio

[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Authentication in JBoss?

Unfortunately...I don't think there "has" to be a way, that is the problem. The servlet spec does not require it. If you use one of Tomcat's authentication methods -- basic, form, etc. -- the credentials carry through very nicely and it is all wonderful. JBoss provides a way from Tomcat -> EJ

[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Authentication in JBoss?

After a lot of time spent on this, the issue seems to be Tomcat (or arguably the Servlet specification) more than JBoss. A variant on the JassLoginFilter in the How-To works fine for accessing JBoss resources. Also as mentioned in the FAQ, #21. But there seems to be no straightforward way to

[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Authentication in JBoss?

Could you post more details on solving the first part of the question? I have reviewed the documentation many times, and I am comfortable in dealing with MBeans, but I don't see how to get a handle to the Realm involved which I think is what is needed. I know a filter would also work but that

[jboss-user] [Security & JAAS/JBoss] - Re: Calling LoginModule in JBoss

I would be extremely interested in learning this as well. I would prefer to avoid using j_security_check. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4006669#4006669 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=400

[jboss-user] [Security & JAAS/JBoss] - Re: JBoss4.0 and JAAS/Login-config.xml

I decided I should go a little further with this and check that the EJB security domain worked as expected rather than defaulting to "other", even though we aren't using EJB permissions yet. It turns out the steps outlined previously work for securing the web pages of the app -- but to have the

[jboss-user] [Security & JAAS/JBoss] - Re: JBoss4.0 and JAAS/Login-config.xml

And the final fix -- I should have put java:/jaas/webappDomain in jboss.xml rather than java:jaas/webappDomain Both forms actually work for jboss-web.xml, which is a little surprising. Hope this helps someone. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p

[jboss-user] [Security & JAAS/JBoss] - Re: JBoss4.0 and JAAS/Login-config.xml

As usual, after banging my head so long that I finally decide to post, the solution comes shortly afterward. The main problem appears to have been that I had commented out some lines in the Tomcat SAR server.xml that refer to JAAS when JBoss was first installed, over 6 months ago. Not sure *wh

[jboss-user] [Security & JAAS/JBoss] - Re: JBoss4.0 and JAAS/Login-config.xml

I have the identical problem with JBoss 4.0.4, and I do have the correct DTD. The only way I can get JBoss to see my application policy is if I call it jboss.web in login-config.xml -- I noticed that I get a message [JAASRealm] Set JAAS app name jboss.web every time I start my app. Trying t

[jboss-user] [JBoss Getting Started Documentation] - Re: PluggableInstrumentor

That doesn't work. You need to download the AOP package (separate from the main AS), and use the jars from there: This Wiki entry shows how: http://labs.jboss.com/portal/index.html?ctrl:cmd=render&ctrl:window=default.wiki.WikiPortletWindow&page=ConfiguringAopLoadtimeWeaving&language=EN[/url]

[jboss-user] [Installation, Configuration & Deployment] - Re: Web console not present in 4.0.4 ejb3 clustered installa

OK, it isn't installed by default; I ran the "all" installation and was able to copy over the necessary files from there. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960053#3960053 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&m

[jboss-user] [Installation, Configuration & Deployment] - Web console not present in 4.0.4 ejb3 clustered installation

I have been running JBoss for the last few weeks and am quite happy with it. In digging into the management tools further I have run into the following: I cannot see any web-console sars, wars, directories, or files anywhere in this installation. jmx-console and Tomcat status are working fine.