[Security & JAAS/JBoss] - Re: In valve getRemoteUser value returned as NULL always
by sohil.shah@jboss.com
twittemb-
Here is the CustomAuthenticator code that we use in the JBoss Federated SSO project. I am pasting the code for the FormAuthenticator
| /*
| * JBoss, Home of Professional Open Source
| * Copyright 2005, JBoss Inc., and individual contributors as indicated
| * by the @authors tag. See the copyright.txt in the distribution for a
| * full listing of individual contributors.
| *
| * This is free software; you can redistribute it and/or modify it
| * under the terms of the GNU Lesser General Public License as
| * published by the Free Software Foundation; either version 2.1 of
| * the License, or (at your option) any later version.
| *
| * This software is distributed in the hope that it will be useful,
| * but WITHOUT ANY WARRANTY; without even the implied warranty of
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
| * Lesser General Public License for more details.
| *
| * You should have received a copy of the GNU Lesser General Public
| * License along with this software; if not, write to the Free
| * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
| * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
| */
| package org.jboss.security.authenticator;
|
|
| //core java classes
| import java.io.IOException;
| import java.security.Principal;
|
|
| //servlet classes
| import javax.servlet.ServletException;
|
|
| //core jboss specific classes
|
|
| //core catalina classes for tomcat specific functions
| import org.apache.catalina.connector.Request;
| import org.apache.catalina.connector.Response;
| import org.apache.catalina.deploy.LoginConfig;
| import org.apache.catalina.authenticator.FormAuthenticator;
|
|
| //JBoss-SSO Framework classes
| //jboss-sso-saml library
| import org.jboss.security.saml.SingleSignOn;
| import org.jboss.security.saml.SSOException;
| import org.jboss.security.valve.*;
|
| //jboss-identity-management classes
| import org.jboss.security.idm.Identity;
| import org.jboss.security.idm.IdentityManager;
| import org.jboss.security.idm.IdentityProvider;
|
| //jboss-sso-common classes
| import org.jboss.security.util.HTTPUtil;
| import org.jboss.security.util.SSOUtil;
|
|
|
| /**
| * @author Sohil Shah - sohil.shah(a)jboss.com
| *
| * The SSOAutoLogin Tomcat Form Authenticator intercepts requests and checks the presence of an SSOToken domain cookie.
| * If a domain cookie is found it is processed and a Principal is generated resulting in AutoLogin
| */
| public class SSOAutoLoginForm extends FormAuthenticator
| {
|
| //----------------------------------------------------- Instance Variables
|
| /**
| * Descriptive information about this implementation.
| */
| private static final String info = "org.jboss.security.valve.SSOAutoLogin/1.0";
|
|
| // ------------------------------------------------------------- Properties
|
|
| /**
| * Return descriptive information about this Valve implementation.
| */
| public String getInfo()
| {
| return (info);
| }
|
|
| /**
| *
| */
| public void invoke(Request request, Response response)
| throws IOException, ServletException
| {
| try
| {
| boolean wasSSOPerformed = false;
| boolean performSSO = false;
| SSOSession activeSession = SSOSession.getSSOSession(request.getSession(true));
|
| //check for the block on automatic sso login, if one is found, don't perform the automatic login
| //without this, the user is never able to logout, because all dependent requests to "logout usecase",
| //fire up the automatic sso login
| if(activeSession.getTurnOff()==null)
| {
| performSSO = true;
| }
|
|
| if(performSSO)
| {
| wasSSOPerformed = this.performSSO(request,response);
| }
|
| if(!wasSSOPerformed)
| {
| //if I get here then no SSO processing was done. perform the regular form based authentication
| super.invoke(request,response);
| if(
| request.getSessionInternal(false)!=null &&
| request.getSessionInternal(false).getPrincipal()!=null &&
| SSOSession.getSSOSession(request.getSession()).getPrincipal()==null
| )
| {
| SSOSession.getSSOSession(request.getSession()).
| setPrincipal(
| request.getContextPath(),
| request.getSessionInternal(false).getPrincipal());
| }
| return;
| }
|
| //this is only if SSO automated login happened on this request
| this.getNext().invoke(request,response);
| }
| catch(SSOException ssoe)
| {
| ssoe.printStackTrace();
| throw new ServletException(ssoe);
| }
| catch(Exception e)
| {
| e.printStackTrace();
| throw new ServletException(e);
| }
| }
|
|
| /**
| *
| * @param request
| * @param response
| * @return
| */
| private boolean performSSO(Request request,Response response) throws IOException,SSOException,Exception
| {
| boolean wasSSOPerformed = false;
| String ssoToken = null;
| boolean ssoCookieFound = false;
|
| //find the SSOToken cookie and setup the proper state
| ssoToken = HTTPUtil.getSSOToken(request,SingleSignOn.SSO_TOKEN);
| if(ssoToken!=null && ssoToken.trim().length()>0)
| {
| ssoCookieFound = true;
| }
|
|
| if(ssoCookieFound)
| {
| Principal principal = request.getSessionInternal(true).getPrincipal();
| if(principal==null)
| {
| //perform auto login for this principal
| LoginConfig config = this.context.getLoginConfig();
| String username = SSOUtil.getUsername(ssoToken);
| String password = this.getPassword(username);
| request.setAttribute(SingleSignOn.SSO_USERNAME,username);
| request.setAttribute(SingleSignOn.SSO_PASSWORD,password);
|
|
| boolean ssoLogin = this.ssoLogin(request,response,config);
| if(ssoLogin)
| {
| String requestURI = request.getRequestURI();
| String contextPath = request.getContextPath();
| SSOSession ssoSession = SSOSession.getSSOSession(request.getSession());
| ssoSession.setPrincipal(contextPath,
| request.getSessionInternal(true).getPrincipal());
| wasSSOPerformed = true;
| }
| }
| }
| return wasSSOPerformed;
| }
|
| /**
| *
| * @param request
| * @param response
| * @param config
| * @return
| * @throws IOException
| */
| private boolean ssoLogin(Request request,Response response,LoginConfig config)
| throws IOException
| {
| boolean success = false;
|
| Principal principal = null;
|
| // Validate any credentials already included with this request
| String username = (String)request.getAttribute(SingleSignOn.SSO_USERNAME);
| String password = (String)request.getAttribute(SingleSignOn.SSO_PASSWORD);
| principal = this.context.getRealm().authenticate(username, password);
| if (principal != null)
| {
| register(request, response, principal,"FORM",username, password);
| success = true;
| }
| return success;
| }
|
|
| /**
| *
| */
| private String getPassword(String username) throws Exception
| {
| String password = null;
|
| //perform check against JBoss' central identity data (stored in LDAP)
| IdentityProvider provider = IdentityManager.findProvider();
|
| if(
| provider.exists(username)
| )
| {
| Identity identity = provider.read(username);
| password = new String(identity.getPassword());
| }
|
| return password;
| }
| }
|
Hope this helps
Thanks
Sohil
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959707#3959707
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959707
19 years, 9 months
[Clustering/JBoss] - HA Singleton Schedulable not starting!
by honest.length
Hi,
I'm currently migrating to jboss 4.0.4 and have a number of singleton schedulables which where using the old method in the descriptors. I have added the new HASingletonDeployer barrier but the never run at all when this element is present! I am missing something?
<?xml version="1.0" encoding="UTF-8"?> <server> <classpath codebase="lib" archives="scheduler-plugin.jar"/> <mbean code="org.jboss.varia.scheduler.Scheduler" name="eventmanager:service=FrequencyEventScheduler"> <depend>jboss.ha:service=HASingletonDeployer,type=Barrier</depend> <attribute name="StartAtStartup">true</attribute> <attribute name="SchedulableClass">com.transtoll.modules.eventmanager.schedulables.jboss.FrequencyEventSchedulable</attribute> <attribute name="InitialStartDate">NOW</attribute> <attribute name="InitialRepetitions">-1</attribute> <attribute name="SchedulePeriod">60000</attribute> <depends>eventmanager:service=initialisation</depends> </mbean> <mbean code="org.jboss.varia.scheduler.Scheduler" name="eventmanager:service=MetricEventScheduler"> <depend>jboss.ha:service=HASingletonDeployer,type=Barrier</depend> <attribute name="StartAtStartup">true</attribute> <attribute name="SchedulableClass">com.transtoll.modules.eventmanager.schedulables.jboss.MetricEventSchedulable</attribute> <attribute name="InitialStartDate">NOW</attribute> <attribute name="InitialRepetitions">-1</attribute> <attribute name="SchedulePeriod">60000</attribute> <depends>eventmanager:service=initialisation</depends> </mbean> <mbean code="org.jboss.varia.scheduler.Scheduler" name="eventmanager:service=DurationEventScheduler"> <depend>jboss.ha:service=HASingletonDeployer,type=Barrier</depend> <attribute name="StartAtStartup">true</attribute> <attribute name="SchedulableClass">com.transtoll.modules.eventmanager.schedulables.jboss.DurationEventSchedulable</attribute> <attribute name="InitialStartDate">NOW</attribute> <attribute name="InitialRepetitions">-1</attribute> <attribute name="SchedulePeriod">60000</attribute> <depends>eventmanager:service=initialisation</depends> </mbean> <mbean code="org.jboss.varia.scheduler.Scheduler" name="eventmanager:service=MetricPersistenceScheduler"> <depend>jboss.ha:service=HASingletonDeployer,type=Barrier</depend> <attribute name="StartAtStartup">true</attribute> <attribute name="SchedulableClass">com.transtoll.modules.eventmanager.schedulables.jboss.MetricPersistenceSchedulable</attribute> <attribute name="InitialStartDate">NOW</attribute> <attribute name="InitialRepetitions">-1</attribute> <attribute name="SchedulePeriod">60000</attribute> <depends>eventmanager:service=initialisation</depends> </mbean> </server>
Cheers
Mark
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959703#3959703
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959703
19 years, 9 months
[JBoss Seam] - Re: Did somebody make fileupload works with no facelets?
by gus888
Hi Gavin,
Thank you for your reply. I want to try to integrate the tomahawk.jar in JBoss to see whether it works. I plan to copy the tomahawk.jar into "C:\jboss-4.0.4.GA\server\default\deploy\jbossweb-tomcat55.sar\jsf-libs", but I don't know how to modify the web.xml file in the "\jboss-4.0.4.GA\server\default\deploy\jbossweb-tomcat55.sar\conf". The modification seems to be similar to myfaces-impl.jar integration:
web.xml:
| ...
| <init-param>
| <description>MyFaces tlds</description>
| <param-name>tagLibJar0</param-name>
| <param-value>jsf-libs/myfaces-impl.jar</param-value>
| </init-param>
| ...
Could you please give me some guidance on web.xml, which seems like, perhaps: <init-param>
| <description>Tomahawk tlds</description>
| <param-name>????</param-name>
| <param-value>jsf-libs/tomahawk.jar</param-value>
| </init-param>
Thank you so much.
Gus
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959702#3959702
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959702
19 years, 9 months
[JBoss.NET] - Strange problem with MessageContext
by jvandusen
I've written a web service that makes calls out to another web service, and I'm having trouble getting it to work. I'm quite new to using JBoss.net so I'm kind of lost.
The environment is JBoss 3.2.6 with a patch to fix a bug in JBoss.net. When I go to http://localhost/jboss-net/servlet/AxisServlet to view the deployed services, I get this in the log:
2006-07-20 15:45:30,984 ERROR [org.apache.axis.configuration.EngineConfigurationFactoryServlet] Unable to find config file. Creating new servlet engine config file: /WEB-INF/server-config.wsdd
| 2006-07-20 15:45:31,109 ERROR [org.jboss.web.localhost.Engine] StandardWrapperValve[JBossAxisServlet]: Servlet.service() for servlet JBossAxisServlet threw exception
| java.lang.VerifyError: (class: org/jboss/net/jmx/server/MBeanProvider, method: invoke signature: (Lorg/apache/axis/MessageContext;)V) Incompatible argument to function
| at java.lang.Class.forName0(Native Method)
| at java.lang.Class.forName(Class.java:219)
| at org.apache.axis.utils.ClassUtils$2.run(ClassUtils.java:176)
| at java.security.AccessController.doPrivileged(Native Method)
| at org.apache.axis.utils.ClassUtils.loadClass(ClassUtils.java:160)
| at org.apache.axis.utils.ClassUtils.forName(ClassUtils.java:100)
| at org.apache.axis.deployment.wsdd.providers.WSDDHandlerProvider.newProviderInstance(WSDDHandlerProvider.java:49)
| at org.jboss.net.axis.ServiceClassLoaderAwareWSDDHandlerProvider.newProviderInstance(ServiceClassLoaderAwareWSDDHandlerProvider.java:50)
| at org.apache.axis.deployment.wsdd.WSDDProvider.getInstance(WSDDProvider.java:170)
| at org.apache.axis.deployment.wsdd.WSDDService.makeNewInstance(WSDDService.java:437)
| at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getNewInstance(WSDDDeployableItem.java:274)
| at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance(WSDDDeployableItem.java:260)
| at org.apache.axis.deployment.wsdd.WSDDDeployment.getService(WSDDDeployment.java:427)
| at org.jboss.net.axis.Deployment.oldGetService(Deployment.java:259)
| at org.jboss.net.axis.Deployment.getService(Deployment.java:278)
| at org.jboss.net.axis.Deployment.getDeployedServices(Deployment.java:231)
| at org.apache.axis.configuration.FileProvider.getDeployedServices(FileProvider.java:296)
| at org.apache.axis.transport.http.AxisServlet.reportAvailableServices(AxisServlet.java:482)
| at org.jboss.net.axis.server.AxisServiceServlet.reportAvailableServices(AxisServiceServlet.java:99)
| at org.apache.axis.transport.http.AxisServlet.doGet(AxisServlet.java:260)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
| at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
| at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
| at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
| at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:158)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
| at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
| at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
| at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
| at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
| at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
| at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:300)
| at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:374)
| at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:743)
| at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675)
| at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866)
| at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
| at java.lang.Thread.run(Thread.java:534)
|
Any thoughts on what could be causing this?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959701#3959701
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959701
19 years, 9 months
[EJB/JBoss] - Problem reusing an EJB infrastructure layer
by ekrisjo
Example:
A large organization uses ejb's to provide an infrastructure layer (messaging, persistence) to all of its products. Products which are realized as appliction ears. They might choose a buildning tool like Maven. Maven lets each project produce at most one artifact (good practice?), which could be an ejb, war, ear, jar etc. Artifacts are uploaded to a repository to be used by other projects.
JBoss uses a server specific deployment descriptor (or annotation) element that maps the logical JNDI name as used by the module (EJB,WAR) to a global JNDI name. This descriptor is defined and packaged in the module, not in the application (EAR).
Since the binding of global names is done in the ejb-jar module there is no way to deploy an ejb module twice in the application server.
Reading from "Development Roles" http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Overview6.html :
"For example, in the application component development phase, an enterprise bean software developer delivers EJB JAR files. In the application assembly role, another developer combines these EJB JAR files into a J2EE application and saves it in an EAR file. In the application deployment role, a system administrator at the customer site uses the EAR file to install the J2EE application into a J2EE server."
The above statement cannot be true because there is no way for the "application assembly role" to _freely_ pick EJB JAR files from the "enterprise bean software developer". He will be getting global JNDI conflicts if an EJB JAR is assembled inside two EARs and deployed in the same server.
So how can a infrastructure layer ever be realized if the "resource specifics" are bound to the module itself? Also, applications might have diffrent requirements on the infrastructure which are not relevant from the module itself.
Why not make it possible to let the application worry about assign global resources to logical names instead?
I think that the approach of not being required to define a global JNDI name for a SLSB is great because it allows reuse of these modules across applications.
Cheers,
-Kristoffer
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959696#3959696
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959696
19 years, 9 months