guide.
Scott StarkChief Technology
OfficerJBoss Group, LLC
- Original Message -
From:
Sebastien
CHAUSSON
To: [EMAIL PROTECTED]
Sent: Thursday, October 03, 2002 2:42
AM
Subject: [JBoss-user] security in jboss
Hi,
I'm a little bit confused in using tomcat embedded
with jboss
(jboss 3.0.2 + tomcat 4.0.4) : I deploy my web app
in jboss,
and I'd like to add simple security with tomcat : I
just want
user to give a userName and password to access to
everything
in my web-app (seems quite easy !?!)
Tho
I'll look into supporting this use case.
>
> I think JAAS security manager definitely needs some
> change. Let's assume situation, that call comes
> with principal "null" and credential "null" - this can
> be ( and is in my context ) legitimate user, with
> some roles defined.
>
> My login m
--- Scott M Stark <[EMAIL PROTECTED]> wrote:
> The only issue with this is that the
> JaasSecurityManager is not considered
> a public API for which compatability between
> releases is a consideration.
> Your subclass of JaasSecurityManager may not work in
> latter releases.
> The public API for u
module api.
- Original Message -
From: "Konstantin Priblouda" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 29, 2001 9:59 AM
Subject: Re: [JBoss-user] Security in Jboss ( JaasSecurityManager ) - question to
developers. Maybe RFE
>
> --- Sco
--- Scott M Stark <[EMAIL PROTECTED]> wrote:
> What your doing is correct, that is just a bug in
> the handling of the null
> credential. I have fixed this in main.
>
> In 2.4 there is an ability to set the principal of
> an unauthenticated user,
> but you cannot assign roles to it. It is not fo
I am attempting to implement security features in
JBoss. I am reading through the documentation
available online in Chapter 9. However, I think
I am more confused than when I started. Is there
a better source online that explains this? I
have even looked at the stuff on Sun. Thank you
for yo
rom: "Scott Keane" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, June 28, 2001 9:27 PM
> Subject: [JBoss-user] Security in JBoss
>
> > Hello,
> >
> > I am attempting to implement security features in JBoss. I am reading through th
are you using the new jboss 2.2.2? search the
documentation on JAAS. Scott has a very good tutorial on it there.
Al
- Original Message -
From:
Scott
Keane
To: [EMAIL PROTECTED]
Sent: Friday, June 29, 2001 12:27
AM
Subject: [JBoss-user] Security in
JBoss
http://www.jboss.org/documentation/HTML/ch11s83.html
- Original Message -
From: "Scott Keane" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 28, 2001 9:27 PM
Subject: [JBoss-user] Security in JBoss
> Hello,
>
> I am attempting to imple
Hello,
I am attempting to implement security features in JBoss. I am reading through the documentation available online in Chapter 9. However, I think I am more confused than when I started. Is there a better source online that explains this? I have even looked at the stuff on Sun. Thank you f
domain's login configuration when unauthenticated
users should be given default capabilities.
- Original Message -
From: "Konstantin Priblouda" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 28, 2001 11:07 AM
Subject: [JBoss-user] Security in
Hi all,
I try to implement declarative security using Jboss.
Basic idea is to allow unauthenticated access to beans
placed under security domain.
( and those bean have to be secured )
When I attempt access from web context ( or client )
then container tries to authenticate.
( principal and c
Hi all,
I try to implement declarative security using Jboss.
Basic idea is to allow unauthenticated access to beans
placed under security domain.
( and those bean have to be secured )
When I attempt access from web context ( or client )
then container tries to authenticate.
( principal and c
PROTECTED]
Subject: Re: [JBoss-user] Security in JBoss Howto?
> However, the other team members are concentrating on the security aspects,
> and are frustrated that that they cannot find a definitive "howto" on
> security issues.
>
> A couple of their questions are:
> However, the other team members are concentrating on the security aspects,
> and are frustrated that that they cannot find a definitive "howto" on
> security issues.
>
> A couple of their questions are:
>
> How do we ensure only authorised clients can access out SOAP servlet?
> (Apache SOAP 2.
Hi,
At 10:45 1.6.2001 +0100, you wrote:
>How do we ensure that no-one can call our EJB's directly via RMI?
>(I know a firewall helps here, but is there a built-in mechanism?)
Yes.
>They are getting to the point where they feel that they could spend another
>couple of weeks/months experimentin
TECTED]]On Behalf Of Pelle Poluha
Sent: Friday, June 01, 2001 6:27 AM
To: [EMAIL PROTECTED]
Subject: RE: [JBoss-user] Security in JBoss Howto?
There is a HowTo on how to implement security in JBoss:
http://www.jboss.org/documentation/HTML/ch11s78.html
I've recently implemented it and it work
Objet: [JBoss-user] Security in JBoss Howto?
>
> Folks,
>
>
> A couple of people and myself are evaluating JBoss as a production quality
> app server.
> We are new to J2EE, so apologies if these questions have obvious answers
> :-)
>
> The initial proposed intended
There is a HowTo on how to implement security in JBoss:
http://www.jboss.org/documentation/HTML/ch11s78.html
I've recently implemented it and it works well. The EJB security model
allows you to specify which roles are allowed to access each method of the
beans.
Regards,
Pelle Poluha
> How do we
Folks,
A couple of people and myself are evaluating JBoss as a production quality
app server.
We are new to J2EE, so apologies if these questions have obvious answers :-)
The initial proposed intended architecture is:
Client -- (SOAP) -- Servlet -- (RMI) -- EJB (SQLJ/JDBC) -- Oracle
I have got
On Wed, 30 May 2001, Sampsa Ranta wrote:
> On Tue, 29 May 2001, Scott M Stark wrote:
>
> > > As I said don't like the firewall option overall. In past projects I've
> > > been securing RMI by using custom socket factories and doing check in
> > > accept(), but for JNP this option was not an enabl
On Tue, 29 May 2001, Scott M Stark wrote:
> > As I said don't like the firewall option overall. In past projects I've
> > been securing RMI by using custom socket factories and doing check in
> > accept(), but for JNP this option was not an enabled possibility unless
> > defining own RMISocketFac
;[EMAIL PROTECTED]>
Sent: Sunday, May 27, 2001 5:51 PM
Subject: [JBoss-user] Security in JBoss
>
> Hello,
>
> I am just trying to become familiar with the JBoss architecture and what
> I am using. I accidentally browsed the code carefully from the org.jnp
> naming tree. The jnp doc
Hello,
I am just trying to become familiar with the JBoss architecture and what
I am using. I accidentally browsed the code carefully from the org.jnp
naming tree. The jnp documentation explained that a single JNP server is
enough for a network. Yes, and it seems to very willfully give a
Marshal
25 matches
Mail list logo
