October 2007 - jboss-dev-forums - Jboss List Archives

[Design of JBoss Web Services] - Re: JBAS-4890:EJBAccessException: Caller unauthorized

by anil.saldhana＠jboss.com

>From the audit entries for the authorization failures: | 2007-10-24 12:20:22,171 TRACE [org.jboss.security.audit.providers.LogAuditProvid | er] (http-0.0.0.0-8080-1:) [Error]runAsIdentity=[roles=[anonymous],principal=ano | nymous];ejb.principal=kermit;ejb.methodRoles=friend;authorizationManager=[Author | izationManager:class=org.jboss.security.plugins.JBossAuthorizationManager:JBossW | S:];ejb.method=public java.lang.String org.jboss.test.ws.jaxws.samples.context.EndpointEJB.testGetUserPrincipal();Source=org.jboss.security.integration.ejb.EJBA | uthorizationHelper;ejb.name=EndpointEJB;caller.subject=Subject: | Principal: kermit | Principal: Roles(members:friend) | ;Exception:=Authorization Failed;ejb.methodInterface=Local;ejb.codeSource=(vfsfi | le:/C:/cygwin/home/asaldhana/jbossws/stack/native/jbossws-native-2.0.2/output/te | sts/libs/jaxws-samples-context.jar <no signer certificates>);^M | and | 2007-10-24 12:20:22,296 TRACE [org.jboss.security.audit.providers.LogAuditProvid | er] (http-0.0.0.0-8080-1:) [Error]runAsIdentity=[roles=[anonymous],principal=ano | nymous];ejb.principal=kermit;ejb.methodRoles=friend;authorizationManager=[Author | izationManager:class=org.jboss.security.plugins.JBossAuthorizationManager:JBossW | S:];ejb.method=public boolean org.jboss.test.ws.jaxws.samples.context.EndpointEJ | B.testIsUserInRole(java.lang.String);Source=org.jboss.security.integration.ejb.E | JBAuthorizationHelper;ejb.name=EndpointEJB;caller.subject=Subject: | Principal: kermit | Principal: Roles(members:friend) | ;Exception:=Authorization Failed;ejb.methodInterface=Local;ejb.codeSource=(vfsfi | le:/C:/cygwin/home/asaldhana/jbossws/stack/native/jbossws-native-2.0.2/output/te | sts/libs/jaxws-samples-context.jar <no signer certificates>); | I am suspecting that there is a push of RunAsIdentity of anonymous in the pipeline that is creating the issue. I need to look further where this RunAs push is happening. Does that ring any immediate bells? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098450#4098450 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098450

17 years, 2 months

1
0
0 / 0

[Design of JBoss Web Services] - Re: JBAS-4890:EJBAccessException: Caller unauthorized

by anil.saldhana＠jboss.com

For the time being, applied the workaround (commenting out the wsprovide gen) as in http://jira.jboss.org/jira/browse/JBWS-1852 This got me beyond the sax parser error. After uncommenting out the test from the excludes, I am able to reproduce the issue. I will take a look. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098445#4098445 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098445

17 years, 2 months

1
0
0 / 0

[Design of JBoss Web Services] - Re: JBAS-4890:EJBAccessException: Caller unauthorized

by anil.saldhana＠jboss.com

As I said before, if you can give me the log entry for the authorization failure from the audit log of JBAS in the log directory, I can tell right away what the issue is. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098412#4098412 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098412

17 years, 2 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Bringing together an unified security view

by anil.saldhana＠jboss.com

We need to have one unified api for identity (the portal identity api is a good start) for JEMS projects. Please forget about identity stores and other implementation details. The API should take into account aspects such as identity, roles (nested), groups etc. Now how this API maps to the domain of other application servers/containers is an implementation/integration aspect. This is IMHO. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098408#4098408 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098408

17 years, 2 months

1
0
0 / 0

[Design of JBossCache] - Re: Locking tree before setting initial state

by manik.surtani＠jboss.com

This can be a problem. With buddy replication, most messages *are* unicasts, to specific members in a buddy group. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098404#4098404 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098404

17 years, 2 months

1
0
0 / 0

[Design of JBoss ESB] - JBoss ESB HelloWorld and Eclipse IDE

by cavnesss

I've been able to get the ESB 4.2GA server up and running inside Eclipse. I can also create a new JBoss ESB Project, but I can't add/remove the project to the server in the Servers view. I right-click and select the "Add and Remove projects" and a Server dialog pops up saying "no projects can be added or removed from the server". How does a project qualify to be added to the server? Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098402#4098402 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098402

17 years, 2 months

1
0
0 / 0

[Design of JBoss Web Services] - Re: JBAS-4890:EJBAccessException: Caller unauthorized

by anil.saldhana＠jboss.com

For the branch, I am still seeing the following: | BUILD FAILED | C:\cygwin\home\asaldhana\jbossws\stack\native\trunk\ant-import-tests\build-tests | uite.xml:182: org.jboss.xb.binding.JBossXBRuntimeException: Failed to create a new SAX parser | I guess I need to look a little bit further at: http://wiki.jboss.org/wiki/Wiki.jsp?page=JBWSFAQClientJars View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098395#4098395 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098395

17 years, 2 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Bringing together an unified security view

by bdaw

I can't imagine how we could agree on the common identity model. Everyone needs slightly different identity entities structure, relations or even attributes/properties. Look at what Sun has in JES (Java Enterprise Systems). Whatever you deploy (portal, mail server etc.) you always have Access Manager (opensourced as OpenSSO) that acts like a black box to handle all the identity operations. Behind it you can plug a number of different identity stores. If you look at the API you'll see that while it defines few kinds of entities (user, role, group) the relations and attributes are not really strictly defined. So you can query two objects about what the relation can be. And in their scenario AM handles both identity and permissions. IdM is quite huge thing and I don't know if we want to start a home grown solution right now. Its not something easy to implement to have "fit all projects" solution. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098368#4098368 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098368

17 years, 2 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Bringing together an unified security view

by sohil.shah＠jboss.com

anonymous wrote : | n that case it would be wiser if we only go for what was the *initial* requirement that started this thread : something that provides ACL based authorization. | | we leave the identity part out of it, if it does not fit all. | Yes, for common ACL layer to be re-used across all the projects, it needs to be Identity Framework (Identity model/Identity schema) agnostic. As a separate topic of discussion, it would also be nice to standardize an Identity Framework (Identity model/Identity schema) for re-use across different JBoss projects just like the ACL layer being discussed here Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098360#4098360 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098360

17 years, 2 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Bringing together an unified security view

by tom.baeyens＠jboss.com

"julien(a)jboss.com" wrote : in that case it would be wiser if we only go for what was the *initial* requirement that started this thread : something that provides ACL based authorization. | | we leave the identity part out of it, if it does not fit all. | | "tom.baeyens(a)jboss.com" wrote : "mark.proctor(a)jboss.com" wrote : Portal already has a use case driven Identity component, so Julian's requirements and code should be taken into account. | | | | the current layering of the portal identity component is a no go for jbpm. | | | | Julien, correct me if I'm wrong. | | | | The problem is not in the model of the data. I think we can easily find a common datamodel. The problem is in the pluggability layer of the portal component. | | | | ... | | | | | At a minimum, we should have a common DB schema for our identity data. Also I think that we should be able to leverage a common set of classes + hibernate mappings that accommodate for the persistence to that database schema. | | 1) Our data models for identity are almost... well... identical :-) | 2) We both have a configuration in which we use hibernate to go to a relational DB | | That is what we definitely should try to do together. | | What we don't want to reuse from each other are the interfaces. Your pluggability interfaces are too far from mine and vice versa. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098354#4098354 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098354

17 years, 2 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums October 2007