pom.xml cleanup for ejb3
by Dimitris Andreadis
Starting from ejb3/core and while traversing dependencies I performed some pom.xml cleanup
for a few projects, so this will show up in their respective next versions:
EJBTHREE-1341
JBREFLECT-27
JBXB-140
JBMETA-34
I've pointed ejb3/build/pom.xml to latest jboss-metadata 1.0.0.Beta11 (from Beta9)
ejb3/transactions/pom.xml - switched the aspects from snapshot to 1.0.0.Beta1
Changed ejb3/core/pom.xml:
- jboss-vfs 2.0.0.Beta8 -> Beta11
- org.jboss.jbossas:main,system,system-jmx,mbeans,j2se to the previous 5.0.0.Beta4
instead of 5.0.0-SNAPSHOT and created a reminder task:
http://jira.jboss.com/jira/browse/EJBTHREE-1340
Other inconsistencies I've found:
1) A tagged release depending on a snapshot(!) - I excluded the snapshot
[INFO] +- org.jboss.jbossas:jboss-as-mbeans:jar:5.0.0.Beta4:compile
...
[INFO] | \- org.jboss:jboss-test:jar:1.0.5-SNAPSHOT:compile
2) The deprecated jboss-container module is brought in implicitly:
[INFO] +- org.jboss.aop:jboss-aop:jar:2.0.0.CR7:compile
...
[INFO] | +- org.jboss.microcontainer:jboss-container:jar:2.0.0.Beta9:compile (version
managed from 2.0.0.Beta6)
I've excluded this as it comes through AOP, but it keeps popping up. The jboss-container
module is legacy and is replaced by jboss-mdr/jboss-reflect so that should be replaced in
the various projects. I've already done so in jbossxb and jboss-metadata.
/Dimitris
14 years, 10 months
Problem with JAAS and Declarative Security on JBOSS 4.2.1 GA
by fakhreldeen
Hello,
I am trying to implement an integration between Declarative Security and
JAAS. I have specified in my web.xml file that all jsp files under the
directory called "security" are protected and only accessible by the role
"Admin". I also specified in the web.xml file that Authentication is done
by Login FORM. I then created a configuration for the
DatabaseSeverLoginModule in login-config.xml, and created a servlet that
uses the LoginContext to authorize the user. The Login page's form's action
points to this servlet rather than j_security_check. However, it doesn't
seem to work, because I can't access the secure pages, even though I enter
the correct username and password. Here are my files:
*****web.xml*****
loginservlet
loginservlet
loginservlet
/loginservlet
30
index.jsp
Constraint1
Secure Pages
Secure Pages
/security/*
GET
POST
HEAD
PUT
OPTIONS
TRACE
DELETE
Admin
Admin
FORM
Test Realm
/Login.jsp
/Error.jsp
Admin User
Admin
*****login-conf.xml*****
guest
java:/testDB
SELECT password from Principals where PrincipalID =?
SELECT Role, Rolegroup FROM roles WHERE principalid=?
****jboss-web.xml****
java:/jaas/testDB
/testJBOSSsecurity
****Login.jsp*****
****loginservlet.java*****
try {
SecurityAssociationHandler handler = new
SecurityAssociationHandler();
Principal user = new
SimplePrincipal(request.getParameter("j_username"));
handler.setSecurityInfo(user,
request.getParameter("j_password"));
LoginContext loginContext = new
LoginContext("testDB",(CallbackHandler)handler);
loginContext.login();
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
out.println(subject.toString());
//response.sendRedirect("securepage.java");
}
So, those are my files.....What I am trying to do, is integrate JAAS and
Declarative Security, so that I don't have to programatically declare which
pages are accessed by which type of user. However, When I reach the Login
Form and enter the correct username and password, nothing happens....I can
verify that the servlet code is correct, because I can directly visit the
login page with out trying to access it by requesting a secure page, and I
enter the correct username and password, and I get a print line of the
subject's principals as they are in the database from the line
out.println(subject.toString());
Your help is very appreciated
Thank You
Sam
--
View this message in context: http://www.nabble.com/Problem-with-JAAS-and-Declarative-Security-on-JBOSS...
Sent from the JBoss - Dev mailing list archive at Nabble.com.
14 years, 10 months
