[Security & JAAS/JBoss] - Issue matching desired web app with security domain (JBoss 4
by andrewe
We have an existing project with security domains for our EJB3s. We are trying to use a similar (or the same) security domain/policy for some of our web applications. I have it working, but it's sort of ugly and I'm trying to figure out what I'm missing.
The main issue is that the security domain will only match the 'other' domain that comes with the JBoss install. For whatever reason, after I decided to use a custom authenticator, the security domain I created will not 'match'.
The goal is to use the SSL_CLIENT_CERT that we receive via HTTP Header and to authenticate/authorize that with our existing policy. This works for EJBs, but not the web app I have tried.
Backstory:
I originally set up the web application (i.e. http://jboss/secure/index.jsp) to have a simple FORM based policy. This worked - when I would attempt to hit that URL I would get prompted for a username/password. Assuming I entered the username/password in my users.properties file, I was able to get to that url.
I then created my own authenticator, based on instructions I found on creating a GenericHeaderBasedAuthenticator.
This also seemed to work okay, provided my authenticator passed in the username/properties from the user.properties file.
I then created my own login module based on instructions I found here. My CustomWebAppLoginModule extends AbstractServerLoginModule.
When I tried to change the login-module.xml to use this login module instead of the generic one, I couldn't seem to 'match' the security domain I created. I toyed around with it and eventually realized it would match 'other', but not the one I created.
Any ideas on why this is so?
login-module.xml:
| <application-policy name="securewebapp">
| <authentication>
| <login-module code="com.ist.security.CustomWebAppLoginModule" flag=
| "required">
| </login-module>
| </authentication>
| </application-policy>
|
| ...
|
Note that I had to change the "other" application-policy to use my CustomWebAppLoginModule to get it to work...otherwise it would just skip this policy and never call CustomWebAppLoginModule.
jboss-service.xml in jboss-web.deploy/META-INF:
| <java:property>
| <java:key>FORM</java:key>
| <java:value>com.ist.security.authenticators.GenericWebAppHeaderAuthenticator</java:value?
| </java:property>
|
| ...
|
| <!-- JBAS-2283: Custom header based authentication
| Pass SSL_CLIENT_CERT field from http header through to JAAS...
| -->
| <attribute name="HttpHeaderForSSOAuth">SSL_CLIENT_CERT</attribute>
|
In my GenericWebAppHeaderAuthenticator.java, this call is made:
| register(request, response, principal, Constants.FORM_METHOD, username, sslClientCert);
|
Pertinent parts of my web.xml:
| <!-- authentication using securewebapp security domain -->
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>Secure resources</web-resource-name>
| <description>Protects the secure area in Quartz GUI</description>
| <url-pattern>/secure/*</url-pattern>
| </web-resource-collection>
| <auth-constraint>
| <role-name>admin</role-name>
| <auth-constraint>
| </security-constraint>
|
| <security-role>
| <role-name>admin</role-name>
| </security-role>
|
| <login-config>
| <auth-method>FORM</auth-method>
| <realm-name>securewebapp</realm-name>
| <form-login-config>
| <form-login-page>/jsp/login.jsp</form-login-page>
| <form-error-page>/jsp/loginfail.jsp</form-error-page>
| </form-login-config>
| </login-config>
|
Any thoughts?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227290#4227290
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227290
15 years, 7 months
[JBoss Tools (users)] - Minor code change causes complete WAR redeploy, how to fix i
by sbarkdull
I am developing a jsp/servlet app using Eclipse 3.4.2 with the Web Tools Platform (JBoss Tools) and jboss 4.2.3.
I have configured the JBoss server, in Eclipse, to "Never publish Automatically".
After I have JBoss started from Eclipse's "Server View", if I change a file (a .jsp, .html, .js or .java), and tell Eclipse to publish the changes by right clicking on the server in the server view and selecting "publish", Eclipse (or JBoss Tools?) rebuilds the entire war, copies it down to JBoss's "server/default/deploy" directory, and then explodes the WAR.
It seems it would be faster to simply copy the changed files down to the exploded WAR. I believe that this is exactly what Tomcat does when running inside of Eclipse / WTP, and file chages are lightening fast. Even with moderately sized apps, JBoss/Eclipse/JBoss Tools takes over a minute to redeploy a trivial change to an html file.
Can anyone explain how to get JBoss to publish changes FAST like Tomcat/WTP?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227287#4227287
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227287
15 years, 7 months
Mandragora framework provides 100 Business methods in a well done J2ee infrastructure
by Alessandro Colantoni
Mandragora (http://mandragora.sourceforge.net/) is an opensource framework
that provides a pre-built infrastructure for every kind of java application.
Mandragora is a generic business layer highly configurable and easily
extensible, suitable for distributed applications as well, that come with
more than 100 generic business methods , and that allows you to reuse the
methods you write, keeping the infrastructure that implements the J2ee
patterns. It has been fully tested for JBOSS, and it can be considered a
component of the middleware.
If you use a MVC pattern in the application that you have to design and
implement, Mandragora provides you the infrastructure for the Model.
Typically, with MVC, the controller has to update or query the model, and
the view can query the model as well. The model should be decoupled from
controller or view by a business delegate layer. So all access to the model
should pass trough the BD.
Mandragora provides more than one hundred of business methods, that your
controller for example, has just to call, without worrying about their
implementation (IoC). So How such methods call service facade, application
services ,and DAO methods, is not about your care. Just do
bd.findByPrimarykey(....) or bd. storePathsCascade(...) and much more, to
execute very complex operations and queries such storing or modifying very
complex objects in the DB. Then you can extend the service facade,
application services and Dao implementation very easily, to better fit your
requirements, as Mandragora porvides a very easy to use IoC mechanism, to
allow you to choose which implementation of BD, ApplicationService, Service
FAcade or DAO interface to use, even at runtime.
You should spend some minutes downloading and trying it, to see, how much
time you can save, having yet ready to use the most common operations (many
crud methods and much more complex business methods), so in your work you
have just to focus on the particular Business Intelligence of your concrete
project, as all such bothering operations that you have to repeat project
after project, are already done, once for ever, and if you improve them,
such work is done for all your projects. Moreover all of that is implemented
using a well done infrastructure using the J2ee patterns, so extending
Mandragora (http://mandragora.sourceforge.net/) for the business method
that you have to implement because you don't find in the provided ones, you
are guaranteed to implement a well done architecture.
If you wish to write new BD methods, you can do in terms of the already
existing Servcice Facade methods, or mixing with new SF methods written by
your own, that in turn ca be implemented in terms of existing Application
Service or DAO methods, or in terms of new ones that you write. All this is
very easy to use. Download and spend 30 minutes. You will save week of
work.
I hope you will appreciate this work , and come with new idea and methods to
make it grow up. Any kind of critic is of course welcome.
Best regards
Alessandro Colantoni
http://mandragora.sourceforge.net/
15 years, 7 months
[EJB/JBoss] - Handling Application Exceptions within MDBs and EJBs
by idhira
I am running JBoss 4.2.3 with JBoss Messaging 1.4.2.GA-SP1
This is related to Container Managed Transactions and handling Application Exceptions within EJBs and MDBs.
The following are the exceptions I use:
MyRetryException - Extends Exception
MyEJBRetryRuntimeException - Extends Runtime Exception. Annotated with @ApplicationException ( rollback = false )
The following represents a scenario I am testing.
public class myMDB implements MessageListener
| {
| @EJB
| MyEJB myEJB;
|
| public void onMessage( Message msg )
| {
|
| try
| {
| myEJB.process(); // uses the transaction from the MDB
| }
| catch ( MyEJBRetryRuntimeException e )
| {
| myEJB.handleException( e ); // starts a new transaction
| throw e; // I want this message to be redelivered
| }
| }
| }
In myEJB...
@TransactionAttribute( TransactionAttributeType.SUPPORTS )
| public void process()
| {
| try
| {
| throw new MyRetryException ("test");
| }
| catch ( MyRetryException e )
| {
| throw new MyEJBRetryRuntimeException(e);
| }
| }
|
| @TransactionAttribute( TransactionAttributeType.REQUIRES_NEW )
| public void handleException( Exception ex )
| {
| Connection conn = datasource.getConnection(); <-- throws an exception.
|
| }
The handleException method tries to obtain a jdbc connection but throws the exception: javax.resource.ResourceException: Interrupted while requesting permit! Waited 0 ms.
According to http://www.jboss.org/community/docs/DOC-10001 it seems that i would get this error when a transaction is rolled back but I am throwing an ApplicationException with rollback = false. Is there something I'm not doing right? Any help would be appreciated.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227276#4227276
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227276
15 years, 7 months
[JBoss Tools (users)] - Re: Load Seam example into Eclipse JBoss Tools?
by oneworld95
Thanks, snjeza. After having pulled my hair out for more than a month, I'm giving up on Seam... for now. Haven't been able to make any headway with it. I've found tutorials, try to implement them in Eclipse as a new Seam Project, get to a certain point, and have 10,000 Java exceptions thrown in my face.
This is true of the tutorial here: http://docs.jboss.com/seam/latest/reference/en-US/html/tutorial.html
Got the Registration example working by building it manually in Eclipse using the JBoss Tools. Couldn't find a way to import it successfully and run it.
The app worked for one day. Came back the next day, added another project, now the Registration project was choking too. Hadn't even touched it. It worked one day, not the next. Very brittle technology, and that's why I'm not going to use it right now. Going with JSF and AJAX. That's sufficiently painful.
Someday Seam will be an easy-to-use, pain-free tech, but not right now. It got so bad, I even thought about quitting this job and going back to the dreaded .NET world! I think if I get my Ph.D. in computer science along with some post doctoral research, have a dozen Red Hat consultants sitting next to me, I might actually be able to get Seam to work. In the meantime, I need to get some actual work done before they fire me.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227263#4227263
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227263
15 years, 7 months