[jboss-user] [Security & JAAS/JBoss] - Re: Attempt to get JBoss to call my custom login module
jcollins914
do-not-reply at jboss.com
Mon Nov 13 09:39:02 EST 2006
"bmcgovern" wrote : jcollins. I feel your pain in that most of the docs im reading on SSO are specific to EJB set ups. I don't think I can offer you any help in your problem, but i do get the distinct feeling that you are farther along in fixing your problem than I am in mine and hopefully you, or someone paying attention to this thread can help me.
|
Hi bmcgovern. I haven't been able to get any JBoss security configuration figured out yet. I have read a lot, and am certainly trying, losing sleep, etc., but as of yet, my knowledge is all theoretical. I read over your forum in hopes that I could help in some way, but it seems to me you are further along than I. :-( I have compiled a list of resources I used to bring myself up to to my current turtle speed on some of the web security details... in the event you or anyone else reading might find them of use. If anyone has any other suggestions, please do share, I would love to read them as well.
JBoss Chapter 8 (security on JBoss) :
http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch8.chapter.html
Some resources that helped me to begin to get a grip on JBoss's implementation of JAAS:
JAAS documentation home: http://java.sun.com/products/jaas/reference/docs/index.html
JAAS Authentication tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
JAAS Authorization tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnAndAzn.html
An explanation for use of JBoss's BaseCertLoginModule: http://wiki.jboss.org/wiki/Wiki.jsp?page=BaseCertLoginModule
A site that does a (seemingly) thorough job of explaining how to secure an EJB: http://www.csd.abdn.ac.uk/~bscharla/teaching/mtp_software/jboss/secureJBoss.shtml
An HP offering that explains how to secure a web app in jboss, --but of course also diverts off to focus on EJB's: http://devresource.hp.com/drc/technical_papers/jaas_jboss/index.jsp
http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfiguringAJavaSecurityManager
Makes it sound so easy: http://wiki.jboss.org/wiki/Wiki.jsp?page=CreatingACustomLoginModule
Some resource that helped me to begin to get a grip on WS-Security:
http://www.windowsitlibrary.com/Content/1219/06/1.html
http://www.oracle.com/technology/tech/java/newsletter/articles/wsaudit/ws_audit.html
http://www-128.ibm.com/developerworks/webservices/library/ws-security.html
http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurity
Some SAML stuff:
http://en.wikipedia.org/wiki/SAML
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=securityhttp://xml.coverpages.org/saml.html
http://xml.coverpages.org/saml.html
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf
http://www.onjava.com/pub/a/onjava/2005/02/09/wssecurity.html
A couple of sun tutorials, that provide good information, but be careful, not all of it is applicable to JBoss implementations:
http://java.sun.com/javaee/5/docs/tutorial/doc/index.html
http://java.sun.com/webservices/docs/2.0/tutorial/doc/
Hope something here helps,
Jeff
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985445#3985445
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985445
More information about the jboss-user
mailing list