[Security & JAAS/JBoss] - Why JAAS authenticate() fails?
by benccit
I am trying to restrict web access on certain web pages. I checked the FAQ, but I couldn't find any clue. I am hoping you can point me in the right direction.
I am having difficulty to configure secured web pages which requires users to login before they can view the content.
I am using the jbossweb-tomcat55.sar/ROOT.war of version JBoss-4.0.3SP1 to host forum and some static web pages. Without the requirement of secured access, the website runs fine. I was then asked to add a login prompt when the first time any user wants to access anything on the application. The login prompt should include user name and password.
I thought that requirement was a piece of cake. So I performed the following steps:
A. I create a security domain, transportation-security, in login-config.xml as follows:
<application-policy name = "transportation-security">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/transportation-security-users.properties</module-option>
<module-option name="rolesProperties">props/transportation-security-roles.properties</module-option>
</login-module>
</application-policy>
B. I then create a testing file, transportation-security-users.properties in the conf/props as follows:
joe1=pass1
and a testing file transportation-security-roles.properties in the conf/props as follows:
joe1=administrator
C. For the web.xml, in ROOT.war/WEB-INF, I added the following security related page to web.xml:
<security-role>
<role-name>administrator</role-name>
</security-role>
<security-role>
<role-name>moderator</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>/About_us/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
<role-name>moderator</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>transportation-security</realm-name>
</login-config>
D. I also created jboss-web.xml in the jbossweb-tomcat55.sar/ROOT.war/WEB-INF as follows:
<jboss-web>
<security-domain>java:/jaas/transportation-security</security-domain>
</jboss-web>
I then re-started the JBoss, and use web browser to test the URL /ABout_us. There was a window pop-up with title "transportation-security" with two entry fields: user name; password. I entered joe1 and pass1 respectively. But the same window was re-display with empty entry fields.
I shut down the JBoss, set the log4j to DEBUG level and re-tested. I noticed that the error message in the log indicated that the authenticate() failed.
Does anyone know what went wrong? Why the files in props weren't used?
By the way, do you know how to customize the login prompt and error page if login fails?
Thanks,
Bensen
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983065#3983065
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983065
19Â years, 6Â months
[JNDI/Naming/Network] - Re: invoking remote session bean NotContextException
by srki
I still didn't solve my problem but I tried to deploy it on my local machine and see I could somehow find what the issue is when deploying it on a remote machine.
Initially deploying it on my local machine everything worked fine
However when I add the following line I see that code breaks.
| String host = "jnp://localhost:1099";
| props.setProperty(Context.PROVIDER_URL, host);
| I started getting the following exception
|
| 2006-11-03 10:17:18,319 ERROR [STDERR] java.lang.ClassCastException
| 2006-11-03 10:17:18,319 ERROR [STDERR] at com.sun.corba.se.impl.javax.rmi.PortableRemoteObject.narrow(PortableRemoteObject.java:229)
| 2006-11-03 10:17:18,319 ERROR [STDERR] at javax.rmi.PortableRemoteObject.narrow(PortableRemoteObject.java:137)
|
As soon as I uncomment that props.setProperty(Context.PROVIDER_URL, host);
line everything works fine.
I have seen this type of exception before when I tried invoking the ejb on a different computer as well. I am not sure how to see what is the wrapper class for the object since the call to object.getClass().getName() prints something like this $Proxy184
This is my code again:
Properties props = new Properties();
props.setProperty(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.security.jndi.JndiLoginInitialContextFactory");
props.setProperty(Context.SECURITY_PRINCIPAL, "admin");
props.setProperty(Context.SECURITY_CREDENTIALS, "admin");
props.put(javax.naming.Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
String host = "jnp://localhost:1099";
props.setProperty(Context.PROVIDER_URL, host);
ctx = new InitialContext( props );
Object object = ctx.lookup( "ejb/com/blah/Manager" );
ManagerRemoteHome home = (ManagerRemoteHome)PortableRemoteObject.narrow ( object, ManagerRemoteHome.class);
ManagerRemote manager = home.create();
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983059#3983059
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983059
19Â years, 6Â months
[JBoss Seam] - Re: Seam 1.1 beta 1
by bpatters
"gavin.king(a)jboss.com" wrote : not going to make a difference.
|
| Why aren't you using ui:repeat??
I tend to flip flop between the two, primarily because a bug somewhere else in my code is causing the ui:repeat to not work or vice versa.
I'll start using ui:repeat instead.
Any pointers to required reading that will help me understand when I can use the parameters and when they won't be able to be resolved?
Seam + facelets +ajax4jsf is really nice, I really started to see the power last night when I was working with tables within tables and optionally rendered drop downs etc. These function parameters really helped simplify the tables within tables scenario versus using @DataModelSelection
.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983057#3983057
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983057
19Â years, 6Â months
[JBoss Seam] - Re: Seam 1.1 beta 1
by bpatters
"gavin.king(a)jboss.com" wrote : Right, the big caveat with this stuff is that the parameter value is evaluated when the form is *submitted*, not when the form is *rendered*. "c" must be a valid context variable available during the form submission.
Thanks, I figured it was probably something like that. I'm not an expert at JSF just yet, so the different between the two isn't obvious to me. So I'm guessing that it essentially means I can't use variable parameters except in certain circumstances.
If I changed it to something like:
<a4j:commandLink action="#{contactManager.deleteContact(c.ID)}"/>
Where ID is a Long and the primary key of the contact would it work
inside a <c:forEarch> ?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983054#3983054
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983054
19Â years, 6Â months