November 2006 - jboss-user - Jboss List Archives

[Security & JAAS/JBoss] - Re: Attempt to get JBoss to call my custom login module

by jcollins914

"bmcgovern" wrote : jcollins. I feel your pain in that most of the docs im reading on SSO are specific to EJB set ups. I don't think I can offer you any help in your problem, but i do get the distinct feeling that you are farther along in fixing your problem than I am in mine and hopefully you, or someone paying attention to this thread can help me. | Hi bmcgovern. I haven't been able to get any JBoss security configuration figured out yet. I have read a lot, and am certainly trying, losing sleep, etc., but as of yet, my knowledge is all theoretical. I read over your forum in hopes that I could help in some way, but it seems to me you are further along than I. :-( I have compiled a list of resources I used to bring myself up to to my current turtle speed on some of the web security details... in the event you or anyone else reading might find them of use. If anyone has any other suggestions, please do share, I would love to read them as well. JBoss Chapter 8 (security on JBoss) : http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch8.chapter.html Some resources that helped me to begin to get a grip on JBoss's implementation of JAAS: JAAS documentation home: http://java.sun.com/products/jaas/reference/docs/index.html JAAS Authentication tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/General... JAAS Authorization tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/General... An explanation for use of JBoss's BaseCertLoginModule: http://wiki.jboss.org/wiki/Wiki.jsp?page=BaseCertLoginModule A site that does a (seemingly) thorough job of explaining how to secure an EJB: http://www.csd.abdn.ac.uk/~bscharla/teaching/mtp_software/jboss/secureJBo... An HP offering that explains how to secure a web app in jboss, --but of course also diverts off to focus on EJB's: http://devresource.hp.com/drc/technical_papers/jaas_jboss/index.jsp http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfiguringAJavaSecurityManager Makes it sound so easy: http://wiki.jboss.org/wiki/Wiki.jsp?page=CreatingACustomLoginModule Some resource that helped me to begin to get a grip on WS-Security: http://www.windowsitlibrary.com/Content/1219/06/1.html http://www.oracle.com/technology/tech/java/newsletter/articles/wsaudit/ws... http://www-128.ibm.com/developerworks/webservices/library/ws-security.html http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurity Some SAML stuff: http://en.wikipedia.org/wiki/SAML http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=securityhttp:/... http://xml.coverpages.org/saml.html http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf http://www.onjava.com/pub/a/onjava/2005/02/09/wssecurity.html A couple of sun tutorials, that provide good information, but be careful, not all of it is applicable to JBoss implementations: http://java.sun.com/javaee/5/docs/tutorial/doc/index.html http://java.sun.com/webservices/docs/2.0/tutorial/doc/ Hope something here helps, Jeff View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985448#3985448 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985448

19 years, 7 months

1
0
0 / 0

[JBoss Portal] - Re: JBoss Portal Stress Results

by walbar

Hi, I've performed the test without the CMS Portlet and I've got similar results (13 pages/sec.). Besides, I have activated a higher level of logging and found that for rendering '/portal' page it makes extensive use of hibernate, many times going beyond the cache and making actual queries to the database (even without the CMS portlet). I guess this could be a performance bottleneck. I believe that after the first page render there aren't reasons to have new accesses to the DB, layout and such can be cached. I wonder how much we can tune JBoss Portal to get better performance in a production environment. In fact, how much can we push it beyond the 13p/s?. Regards, Waldemar View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985447#3985447 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985447

19 years, 7 months

1
0
0 / 0

[JBoss Seam] - Re: i dont get it

by nittm

oh, forgot to add this: we're using jboss as version 4.0.4.GA, seam version 1.0.1.GA and (if it matters) jbpm version 3.1.2. thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985446#3985446 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985446

19 years, 7 months

1
0
0 / 0

[Security & JAAS/JBoss] - Re: Attempt to get JBoss to call my custom login module

by jcollins914

"bmcgovern" wrote : jcollins. I feel your pain in that most of the docs im reading on SSO are specific to EJB set ups. I don't think I can offer you any help in your problem, but i do get the distinct feeling that you are farther along in fixing your problem than I am in mine and hopefully you, or someone paying attention to this thread can help me. | Hi bmcgovern. I haven't been able to get any JBoss security configuration figured out yet. I have read a lot, and am certainly trying, losing sleep, etc., but as of yet, my knowledge is all theoretical. I read over your forum in hopes that I could help in some way, but it seems to me you are further along than I. :-( I have compiled a list of resources I used to bring myself up to to my current turtle speed on some of the web security details... in the event you or anyone else reading might find them of use. If anyone has any other suggestions, please do share, I would love to read them as well. JBoss Chapter 8 (security on JBoss) : http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch8.chapter.html Some resources that helped me to begin to get a grip on JBoss's implementation of JAAS: JAAS documentation home: http://java.sun.com/products/jaas/reference/docs/index.html JAAS Authentication tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/General... JAAS Authorization tutorial: http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/General... An explanation for use of JBoss's BaseCertLoginModule: http://wiki.jboss.org/wiki/Wiki.jsp?page=BaseCertLoginModule A site that does a (seemingly) thorough job of explaining how to secure an EJB: http://www.csd.abdn.ac.uk/~bscharla/teaching/mtp_software/jboss/secureJBo... An HP offering that explains how to secure a web app in jboss, --but of course also diverts off to focus on EJB's: http://devresource.hp.com/drc/technical_papers/jaas_jboss/index.jsp http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfiguringAJavaSecurityManager Makes it sound so easy: http://wiki.jboss.org/wiki/Wiki.jsp?page=CreatingACustomLoginModule Some resource that helped me to begin to get a grip on WS-Security: http://www.windowsitlibrary.com/Content/1219/06/1.html http://www.oracle.com/technology/tech/java/newsletter/articles/wsaudit/ws... http://www-128.ibm.com/developerworks/webservices/library/ws-security.html http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurity Some SAML stuff: http://en.wikipedia.org/wiki/SAML http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=securityhttp:/... http://xml.coverpages.org/saml.html http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0.pdf http://www.onjava.com/pub/a/onjava/2005/02/09/wssecurity.html A couple of sun tutorials, that provide good information, but be careful, not all of it is applicable to JBoss implementations: http://java.sun.com/javaee/5/docs/tutorial/doc/index.html http://java.sun.com/webservices/docs/2.0/tutorial/doc/ Hope something here helps, Jeff View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985445#3985445 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985445

19 years, 7 months

1
0
0 / 0

[JBoss Portal] - Re: Single Signon - Where do I start

by kosmi

Hello bmcgovern, your second question is answered in your errormessage: 13:58:50,015 ERROR [UsersRolesLoginModule] A UserRolesLoginModule sends the message, but you defined the <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" | in ??/web inf/login-config If you want to login at the portal an want to use the DatabaseServerLoginModule, you have to define this login-module in the -portal.sar/conf/login-config Now you have defined the UsersRolesLoginModule at this place, which could not find his required propertie files. Daniel Wasser View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985444#3985444 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985444

19 years, 7 months

1
0
0 / 0

[JBoss jBPM] - Re: hooking JBPM to know when processes and tasks are create

by cpob

It is easy to add action handlers to each event. Process and task create/completion have their own events, and you can add your own custom handlers. Check out the user guide about actions, events, and "Custom action example" View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985442#3985442 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985442

19 years, 7 months

1
0
0 / 0

[JBoss Eclipse IDE (users)] - Re: Cannot start JBoss4 Server from IDE2

by SideWinder

I have an installed 3.2.6 runtime and the EclipseIDE-Bundle. I added a server runtime and a server and now tried to start it. Worked well, but it remained "Starting...". I watched the demos at http://docs.jboss.com/jbosside/jboss-as/demos/create_server.htm and tried the "timeout trick". Now the IDE progress stops but the server still is in Starting-mode. yes, my console output ends with "15:18:57,156 INFO [Server] JBoss (MX MicroKernel) [3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)] Started in 1m:6s:32ms" i dont have a password-protected jboss-server (i use the default-configuration "AS-IS"). Environment: OS: WinXP Prof. SP2 Eclipse: JBossIDE-2.0.0.Beta2-Bundle-win32.zip JBoss: 3.2.6 so what else can i do? interesting: my twiddle launch configuraton says "-S -s localhost:1099 " instead of "-S" as in case of the demo. but i cant delete the other argument. please help :-) best regards, sidewinder View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985441#3985441 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985441

19 years, 7 months

1
0
0 / 0

[JBoss Eclipse IDE (users)] - will this work for all projects?

by sonoerin

I have an existing project wiht this format: project/ -\src (including EJB) -\webapp\ --\webapp1 --\webapp2 My project is pretty old, so it doesn't use XDoclet, will that matter for using the JBoss IDE plugin? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985440#3985440 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985440

19 years, 7 months

1
0
0 / 0

[JBoss Portal] - Re: Single Signon - Where do I start

by bmcgovern

Thanks Kosmi. Your post didnt come through, but i got it by viewing source. Now i get a new message, basically saying the password is wrong. however.. Its not. Does jaas authentication mandate some kind of standard encryption in stored DB passwords? Im 100% sure that my User/ pass combo are right, but i get the following debug in my logs. | 09:24:56,390 DEBUG [[localhost]] Checking for SSO cookie | 09:24:56,390 DEBUG [[localhost]] SSO cookie is not present | 09:24:56,390 DEBUG [AuthenticatorBase] Security checking request GET /myauth/ | 09:24:56,390 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[myauth]' against GET / --> true | 09:24:56,390 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[myauth]' against GET / --> true | 09:24:56,390 DEBUG [AuthenticatorBase] Calling hasUserDataPermission() | 09:24:56,390 DEBUG [RealmBase] User data constraint has no restrictions | 09:24:56,390 DEBUG [AuthenticatorBase] Calling authenticate() | 09:24:56,406 DEBUG [DatabaseServerLoginModule] Bad password for username=1 | 09:24:56,406 DEBUG [AuthenticatorBase] Failed authenticate() test | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985439#3985439 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985439

19 years, 7 months

1
0
0 / 0

[JBoss Portal] - Re: Single Signon - Where do I start

by kosmi

another try... first code snip: |  | <category name="org.jboss.security"> | <priority value="DEBUG"/> | </category> | <category name="org.jboss.web.tomcat.security"> | <priority value="DEBUG"/> | </category> second snip: <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender"> | <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler" /> | <param name="Target" value="System.out" /> | <param name="Threshold" value="DEBUG" /> | | <layout class="org.apache.log4j.PatternLayout"> |  | <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p (%x) [%c{1}] %m%n" /> | </layout> | </appender> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3985438#3985438 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3985438

19 years, 7 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-user November 2006