Hi
Have anyone of you noticed that the RoleManager contains no log-out method this raises
the question How do you log out an application (Swing) client?
Randahl
Hi.
I have been using Orion's basic authentication to secure parts of our
website without any problems.
(See
http://kb.atlassian.com/content/atlassian/howto/securingdirectory.html):
We are now going to build the same functionality for WAP but the basic
authentication doesn't work as expected.
I
Hi,
I'm trying to make a very simple authentication with FORM method.
It shows log-in page that is defined at form-login-page tag in web.xml.
However, it doesn't show error page that is defined at form-error-page
tag. Whenever the login is incorrect, it backs to log-in page.
Please tell me why
Hi,
I'm curious to know if there is any possibility to setup my webapp for using
basic authentication without having to code a (simple) user manager (cf
http://www.orionsupport.com/articles/usermanager.html).
It seems that orion is the only app server needing some code to support
basic
j2ee security
constraints in your web.xml file as well as select basic authentication in
the web.xml file. If you aren't doing this, it won't work.
Orion does not require any java coding for j2ee authentication for basic or
form based methods.
If you use a progammatic authentication in your
Etienne,
This article may be of interest to you in setting up basic
authentication on Orion.
http://kb.atlassian.com/content/atlassian/howto/securingdirectory.html
Most of the time you can use the default XMLUserManager, which has the
users and passwords contained in XML files
Can anybody point me to a source where I can find how to use NT
authentication from a custom pluggable UserManager within Orion? Thanks in
advance!
Hi Scott Farquhar :
Thank for your help .
best regard
Mars
- Original Message -
From: Scott Farquhar [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Friday, September 21, 2001 5:13 PM
Subject: Re: about Authentication
Mars,
We have a howto up at on our site regarding
Mars,
We have a howto up at on our site regarding securing a directory using
BASIC authentication.
You can find it here:
http://www.atlassian.com/article/securingdirectory.html
Cheers,
Scott
--
Scott Farquhar :: [EMAIL PROTECTED]
Atlassian :: http://www.atlassian.com
Supporting YOUR
Dear ,
I have a question about use from certificate
I got a problem .I don't know how to set the BASIC Authentication for my web
via the Orion server.
Thank's
mars
Hi,
I am developing an intranet EJB application and
am interested in using the users NT authentication as a means for user
authentication. I know it is possible to do this in IIS, but has anyone ever
tried doing it with a Java Web App?
Any
advice or suggestions would be appreciated
to Orion-Interest
To:Orion-Interest [EMAIL PROTECTED]
cc:
Subject:Using NT Authentication
Hi,
I am developing an intranet EJB application and am interested in using the users NT authentication as a means for user authentication. I know it is possible to do this in IIS
to Orion-Interest
To:
Orion-Interest
[EMAIL PROTECTED] cc:
Subject:Using NT
Authentication Hi,
I am developing an intranet EJB application and am
interested in using the users NT authentication as a means for user
Hi,
I've never tried using FORM based authentication, but if orion uses the forward
mechanism to redirect the request to the login page, I think I remember there is
a method to get the original request URL when you do so... let me see... no, I
can't seem to find it in the spec. I've just found
Here's some starting context for my question
I have a war file that has been configured to use FORM based authentication.
I have set the form-login-page in the web.xml of the war file to point to
a jsp file in my war file. I have setup constraints against different jsps
in the war file
to send the request from the
page specified in FORM based authentication. The regular case would be that
the same page is served (without specifying the ACTION attribute to the
FORM), but Orion nicely processes your request and does the 'appropriate'
thing.
I have not had time to try to look inside
-knows- where to send the request from the
page specified in FORM based authentication. The regular case would be that
the same page is served (without specifying the ACTION attribute to the
FORM), but Orion nicely processes your request and does the 'appropriate'
thing.
I have not had time to try
Hello,
I seem to have a problem with SSL client authentication.
When I use SSL without authentication, everithing works fine, but after
I set needs-client-auth=true attribute, the browser does not receive
any page (just displayes an error message, doesn't ask me about any
certificate to use
UNSUBSCRIBE
PROTECTED]]On Behalf Of Paolo Ramasso
Sent: Monday, July 02, 2001 1:29 AM
To: Orion-Interest
Subject: request for info:ssl and client authentication with orion
Hi guys
i need some more info about ssl and oc4j (orion 1.5.0)
here is the enviroment:
client authentication by SSL 3 using x501
in order to have a standard, flexible and
dynamic authentication/authorization service are:
.- A standard and DYNAMIC way of specifying users/roles that take part
in the system. Right now this job is left to container-specific
implementations, which breaks portability between containers.
.- A standard
it to
the OS user by using proper login modules which can authenticate if a
user is already logged into an OS. However, in a true Java spirit, JAAS
is much more generic. In fact it is just a framework to implement
versatile authentication and authorization schemes. For instance, I
authenticate user's
=
Policy.getPolicy().getPermissions(subject, null);
- User (my implementation) represents a user in a system.
OK, using these concepts the authentication in my system goes:
1. Authenticate user using a configured LoginModules:
LoginContext lc = new LoginContext(DefaultLoginModule
Ok, (finally) got an article up on OrionSupport about implementing a custom
UserManager that authenticates user from your own database (Relational DB,
XML, LDAP, NT Domains, proprietary app, etc).
Provides you with a SimpleUserManager allowing you to hook it up to your
own system by just
Title: SV: unable to configure form-based authentication correctly
No, the distinction between groups and roles are correct.
The mapping should be in the /deploy-dir/orion-application.xml and map the roles to groups, as done.
If you check out the deploy dir of the ATM you will notice
Message -
From: Humphrey Sheil [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Monday, May 14, 2001 10:20 AM
Subject: unable to configure form-based authentication correctly
Hi
I am unable to achieve a basic goal with orion: to force form-based
authentication using
Hi
I am unable to achieve a basic goal with orion: to force form-based
authentication using the simplest form of authentication (userids and
passwords stored in principals.xml).
I have read all the posts on this subject on the mailing list, but to no
avail. I also tried the security primer
To: Orion-Interest
Subject: unable to configure form-based authentication correctly
Hi
I am unable to achieve a basic goal with orion: to force form-based
authentication using the simplest form of authentication (userids and
passwords stored in principals.xml).
I have read all the posts
I 've learned how to get basic authentication going, given Brian's
suggestion, and a little more trial and error.
Things that I would like to add to the authentication-primer at jollem (if I
had the time this week) include:
1. You need the login-config tag in web.xml
2. you need the security
Hi list,
I am starting to design write an Authentication App Server that
can be used by independent, distributed apps - e.g. by Orion Apps (e.g. a
servlet filter) for authentication/login. The app could run on Orion, but in itself be independent. For
each supported platform
I want to implement basic authentication
and used the primer at
http://www.jollem.com/~ernst/orion-security-primer/
as a guide, but have not managed to
password protect page one so far. TheURL I'm trying to protect responds
normally with no login dialog being presented, i.e. my security
wrote:
I want to implement basic authentication and used the primer at
http://www.jollem.com/~ernst/orion-security-primer/
as a guide, but have not managed to password protect page one so far.
The URL I'm trying to protect responds normally with no login dialog
being presented, i.e. my
Thanks Brian.
Yup, authentication probably does need that login-config tag, aargh !
However, I must have other problems because Orion continues to blithely
respond to my supposedly protected URL without a hint of an authentication
dialog. I'll experiment further.
Bill.
- Original Message
) to have exactly the same form displayed in both
cases.
Also after logging in from the form in the errorpage orion directs you
to the original target.
hope it helps,
Peter
Attila Bodis wrote:
Hi, I managed to get forms-based authentication working (Orion
1.4.5/Win2K), but I have a question. Here
Thanks for the suggestion; that's what I ended up doing.
Not pretty, but works for now.
Attila
- Original Message -
From:
cybermaster
To: Orion-Interest
Sent: Thursday, May 03, 2001 6:54
PM
Subject: RE: Form-based authentication:
original request URI
Hi,
I managed to get forms-based authentication working (Orion
1.4.5/Win2K), but I have a question. Here is what happens:
1) user tries to access protected resource
"protected.jsp"
2) Orion redirects user to the login page
"login.jsp" instead
3) user enters *incorr
Hi Attila,
FORM based
authentication is somewhat limited with respect to the use-cases it supports. On
your error page include something like:
a
href="javascript:history.go(-1);Try" again/a
This works
fine for me. Cheers
--peter
650-561-9273
-Origin
Hi all,
I am trying to use FORM authentication method in
Orion, My question is what is the security checking
servlet I should submit the login information to?
Does anybody has any experience with FORM login?
thanks,
Helen
__
Do You Yahoo
/td
/tr
tr
tdbr/td
/tr
tr
td colspan="3" align="center"
/td
/tr
/table
/td
/tr
/table
/form
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Helen Zhao
Hi, a first here
I am new to using the J2EE environment. All previous projects on Weblogic we
have written our own custom authentication
now there is java.security.principal and all that.
The problem I have is I went through an example I found on the archive along
with the one
Title: Customizing the web authentication service
Sun
specifically leaves security mapping to each vendor/platform. The only thing
that's specified is roles, but how do they map really it's up to the vendor and
more than often is platform dependant (especially with Windows Auth)
HTH
JP
Title: Customizing the web authentication service
Thanks,
my passwords in the
database are encrypted by a one way hash algorithm so I don't think this
DataSourceUserManager will do all that I want.
I have found and
read the thread on "Custom UserManager" in this list and have
Title: Customizing the web authentication service
Ben,
Sun
has specified the way security should behave, but not the implementation. Each
j2ee vendor has chosen a different method, so it is truly one pain in the "arse"
(forgive my old english).
Regards,
Elephantwalker
---
Title: Customizing the web authentication service
Hi,
I'm trying to do something simple but I'm frustrated by my lack of success in finding information about it. I have scoured the list, the web, J2EE doco and would appreciate any information that may help me. Thanks in advance.
I'm
Title: Customizing the web authentication service
Take a
look at
http://www.orionsupport.com/articles/datasourceusermanager.html
WR
-Ursprungligt meddelande-Från: Ben Warner
[mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001
20:00Till: Orion-InterestÄmne: Customizing the web
I get a 405 error. "The method POST is not
supported by this URL"
Jonathan
- Original Message -
From:
cybermaster
To: Orion-Interest
Sent: Wednesday, February 28, 2001 10:22
AM
Subject: RE: Form based authentication
problem
Post
works fo
, and Weblogic6.0.
Jonathan
- Original Message -
From:
Jonathan James
To: Orion-Interest
Sent: Tuesday, February 27, 2001 10:49
AM
Subject: Form based authentication
problem
I'm trying to get the Java Petstore 1.1.1 (the
new one) working with Orion. I've read some
Post works
for me in my test code what error do you get? --peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On
Behalf Of Jonathan James
Sent: Tuesday, February 27, 2001
9:50 AM
To: Orion-Interest
Subject: Form based authentication
problem
I'm
ng special attention, but otherwise it is very concise.
HTH,
-
Ernie
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Roland
DongSent: Tuesday, February 27, 2001 3:07 AMTo:
Orion-InterestSubject: RE: jsp form-based
authentication
Has
anyone
I'm trying to get the Java Petstore 1.1.1 (the new
one) working with Orion. I've read some previous posts and the docs and
everything is working except that on my login.jsp I have to use form
action="j_security_check" method=GET instead of form
action="j_security_check" method=POST as it
Tuesday, February 27, 2001 3:07 AM
To: Orion-Interest
Subject: RE: jsp form-based authentication
Has anyone responded to this message? I am also interested in that...
Roland
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Vaskin Kissoyan
Sent: Friday,
staleness" value="0" /
/user-manager
Note that you will also need to define your groups in principals.xml
(either the deployment version or the global version).
Good luck,
Jeff
-Original Message-
From: Roland Dong [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 27, 2001 12
:-)
Jeff
-Original Message-
From: gnoht orion [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 26, 2001 3:41 AM
To: Orion-Interest
Subject: Re: Orion FORM based authentication Configuraton problem
ran into same problem, i think it's a bug in orion.
just remove the j_security_check from
developers who call the shots.
--peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Schnitzer
Sent: Monday, February 26, 2001 8:06 AM
To: Orion-Interest
Subject: RE: Orion FORM based authentication Configuraton problem
If I'm reading the steps
call the shots.
--peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Schnitzer
Sent: Monday, February 26, 2001 8:06 AM
To: Orion-Interest
Subject: RE: Orion FORM based authentication Configuraton problem
If I'm reading the steps correctly
-Original Message-
From: Nick Newman [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 26, 2001 12:26 PM
To: Orion-Interest
Subject: RE: Orion FORM based authentication Configuraton problem
I suppose that you could use the SAME page for login and
error. You could
tell which context it's
authentication
I need a good example of looking up
username/password in a database, how do you override the security so that it
checks a database instead of checking the internal web.xml file and
principals.xml?
When I use % authentication (1.4.5, W2K Server, jdk1.3), I've got a couple
of problems:
(1) Basic setup is: /Home.jsp, link to /secure/loginDummy.jsp
(2) User tries to get to /secure/loginDummy.jsp - Orion redirects to
/login.jsp
(3) login correct works fine with /login.jsp - (browser shows
I need a good example of looking up
username/password in a database, how do you override the security so that it
checks a database instead of checking the internal web.xml file and
principals.xml?
This is a good looking start .
My next question is, if I didn't want to use principles.xml as my user list,
and wanted to use and add to, a data base such as postgres, what API would I
use from within my application, i.e. how do I overide principles.xml.
Regards
see inline
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Gerald
Gutierrez
Sent: Tuesday, February 06, 2001 12:52 AM
To: Orion-Interest
Cc: [EMAIL PROTECTED]
Subject: Form-based authentication not working right
Recently I asked about form
Gerald,
I've been working with Form-based authentication for the past several weeks
on iPlanet 6.0. Looking at your web.xml deployment descriptor, it looks
like that's OK. You aren't using a user-data-constraint, but it's not
required either. Check out the J2EE specs and Blueprints for more
Are you only specifing a partial path, relying on a default page name
(index.jsp, default.jsp)? If so, in your redirect code, be specific
and specify the entire path, including the file name. You should
also be able to turn off directory browsing. I don't know how to do
this with Orion
form-based authentication. I appreciate the help
several people gave, but from the responses I got it seems that I might
have miscommunicated somehow. I'm going to try again, this time explaining
myself better.
snip
FormLogin.zip
ts, close browser
open browser, login INCORRECTLY, note results, close browser
JP
-Original Message-
From: Gerald Gutierrez [mailto:[EMAIL PROTECTED]]
Sent: Lunes, 05 de Febrero de 2001 20:52
To: Orion-Interest
Cc: [EMAIL PROTECTED]
Subject: Form-based authentication not working right
At 09:07 AM 2/6/2001 -0700, you wrote:
Gerald,
I tried your exact example (see attached zipped up web app) and everything
worked just as it should (using orion 1.4.5). Once again I ask, what
happens if you remove the security and simply request the secured page?
Then I get the secured page.
There
is one in progress:
http://www.jollem.com/~ernst/orion-security-primer/
-Ursprungligt meddelande-Från: Dominic Hanlan
[mailto:[EMAIL PROTECTED]]Skickat: den 5 februari 2001
08:45Till: Orion-InterestÄmne: Any tutorials on form
based authentication
Title says it all
Title: SV: Form-based authentication not working right
If nothing else,
the ATM uses form based authentication.
-Ursprungligt meddelande-
Från: Chris Bartling [mailto:[EMAIL PROTECTED]]
Skickat: den 6 februari 2001 04:42
Till: Orion-Interest
Ämne: RE: Form-based authentication
Title says it all, obviously in the context of
Orion, but generally otherwise.
Thanks
Recently I asked about form-based authentication. I appreciate the help
several people gave, but from the responses I got it seems that I might
have miscommunicated somehow. I'm going to try again, this time explaining
myself better.
I'm using Orion 1.4.5 on Windows 2000. The same thing
Hi, Tim
Our servlet has nothing whatsoever to do with Servlet-2.x style
authentication. We only have one servlet, and our application model is not
predicated on having umpteen JSPs and content pages to jump around to and
set security constraints on. We don't use a jndi.properties
You'll understand that we are using 100% programmatic user management. Also,
I think (in your last few paras) that you are close to answering your own
question. If you've got multiple users and you cannot rely on a
jndi.properties, then by exclusion you must rely on the users to supply
their
alongside my ejb application
under Orion. Orion is the app server, web server, and servlet engine. Simple.
I want to handle user authentication within my servlet, so I do not want any
sort of "FORM based login page" or any other mechanism. I would like for the
InitialContex that my se
Although we have a single servlet front-end, and do programmatic
usermanagement (including login), the actual user manager and role manager
stuff all happens down in EJB-land (in a session bean being referenced from
the servlet). So we do not use JNDI properties at all for authentication,
except
Incidentally, the location of jndi.properties, and how it works, is
dictated
by Java (I think starting with JDK 1.2, but it could have been 1.3). If
there exists a jndi.properties in your classpath, it will get read. So
this
behaviour is entirely independent of J2EE.
this might also have to
for authentication,
except for some secondary application clients.
Are you saying that you simply ignore EJB-based permissions, and manage all
of the access internally in your session beans? This is the approach that I
want to take, but I want to be sure that only my servlets can actually get
to the methods
that I am using PostgreSQL as my database for entity
beans? data-sources.xml doesn't seem to "ell Orion what type of database a
data source is.
How do I access the user authentication mechanism? There are "security
adapters" in the J2EE reference implementation. The Orion API has a bun
L.S.
I just don't get it. Still using Orion server version 1.3.8, got a working
account and group set up, but I don't understand how to pass in
authentication information.
When I change the JNDI properties to reflect the new username and password,
they are rejected (using
Have you defined roles in application.xml?
Luciano
-Messaggio originale-
Da: Ben Z. Tels [mailto:[EMAIL PROTECTED]]
Inviato: lunedì 9 ottobre 2000 21.28
A: Orion-Interest
Oggetto: Really basic problem with user authentication
L.S.
I am having the following problem with principals
Hi Esteban,
I already put the lines you added to your web.xml file (as the user if I use
BASIC authentication works fine) but I have the same 403 problem.
Could you send me your actual configuration for principals.xml and web.xml?
Can you attach also the response you get from ssl-user
authentication
My actual configuration for principals.xml and web.xml is:
Principals.xml WEB.XML Application.xml
I send you my application.xml configuration also (for the role mapping).
I didn't use thr ssl-user-registration.jsp. I used the same classes in my
servlet. I sent you how I read
L.S.
I am having the following problem with principals on the Orion server
(version 2.1): I have principals defined in an applicaiton-specific
principals.xml file, like so:
- principals.xml
?xml version="1.0"?
!DOCTYPE principals PUBLIC "//Evermind -
users/role-name
/security-role
I hope this help you.
Esteban Lopez
-Original Message-
From: Montebove Luciano [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, October 04, 2000 4:55 AM
To: Orion-Interest
Cc: [EMAIL PROTECTED]
Subject: Re: Client certificate authentication
originale-
Da: Lopez Esteban [mailto:[EMAIL PROTECTED]]
Inviato: lunedì 2 ottobre 2000 14.57
A: Orion-Interest
Oggetto: Client certificate authentication
Hi
I need to authenticate clients with digital certificates, I have a VeriSign
trial client certificate and I'm using IE 5.0. The certifica
]
Enviado el: Martes, 03 de Octubre de 2000 04:59 a.m.
Para: Orion-Interest
Asunto: R: Client certificate authentication
I can help you partially. I had the same 403 Forbidden problem and I'm
waiting for a response from official support (5 days).
For the Cert ID use the sample pag
Hi
I need to authenticate clients with digital certificates, I have a VeriSign
trial client certificate and I'm using IE 5.0. The certificate is well
installed in IE.
I'm working with Orion 1.2.9 and HTTPS. I'm using
auth-methodCLIENT-CERT/auth-method in de login config of WEB.XML file.
When I
Hi,
I have a question regarding the failure case of user authentication using
Orion security managers. I noticed that the User.authenticate()
method returns a boolean, and does not throw any exceptions at all. This
works
great for many situations. But now consider the case when someone would
Hi,
I have an application running with jsp, how should I do to authenticate
the user with digital certificates ?
How to access from jsp to the user digital certificate?
How and where to specify that the application requieres a digital
certificate?
Where could I found information about j2ee
Authentication does not seem to be working in the Servlets and the EJBs. Here
is the situation:
web.xml:
web-app
servlet
servlet-nameTSIS/servlet-name
display-nameTSIS/display-name
servlet-classcom.tsis.servlets.TSISServlet/servlet-class
Hi,
I have a servlet that is protected by FORM authentication. Whenever
authentication is performed, the servlets doPost() method is invoked, even
though it was accessed through a normal link. Is this intentional (it is
different than JRun, anyway)?
Christian Sell
can anyone tell me what setup I have to perform to have orion
perform BASIC or FORM authentication on certain servlets in my application? I
have tried for quite a while, but to no avail...
thanks,
Christian
00 6:34 AM
To: Orion-Interest
Subject: Taking actions after form-based authentication?
Hi,
I've been wondering how can programmer take some actions (for example to put
things in HttpSession)
after the user had authenticated itself via form? For instance - the user
tries to access some
protected resou
all --
am having a strange problem configuring
authentication. i edited
appname/META-INF/application.xml,
appname/META-INF/principals.xml and
/appname/appname-web/WEB-INF/web.xml files to
insert the appropriate security information. (all
listed below)
as a model i used an exchange about
I have installed the server (Orion/1.0rc1), deployed a test application and all
appears to working well. I would now like to add in basic authentication to a
section of the web site.
When I configure the application deployment descriptor (web.xml) in the usual
way to add in a security
Hi all,
I have a couple questions / misunderstandings that I hope you can help me
with. The first is in regards to http BASIC authentication in a web
application.
Basically, I have done the following:
(this is all within a particular application)
META-INF/principals.xml
principals
groups
that part is working great. Now, if I can only get the
user-manager to configure properly...:P
Thanks for our help,
Jeremy Pierson
-Original Message-
From: Noah Nordrum [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 25, 2000 2:18 AM
To: Jeremy Pierson
Subject: Re: User Authentication and Ses
In my web-application, prior to Orion, I was using Apache with JServ and
GNUjsp - as were many of you I assume! Under that setup, my security
consisted of redirecting users to a login.jsp file or servlet. This file or
servlet would present a form prompting for an email address and password
97 matches
Mail list logo