[Security & JAAS/JBoss] - Principal and credentials not getting transfered from the we
by sreeraaman
I am trying to integrate jaas into our application. For our purpose, we have used LDAP for authentication / authorization of the users.
I am trying to chain two login modules as follows:
Entries of interest in the login-config.xml are as follows:
<application-policy name="MySecDomain">
<login-module code="org.jboss.security.ClientLoginModule" flag="required">
</login-module>
<login-module code="com.mycom.security.MyLoginModule"
flag="optional">
</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://localhost:389/</module-option>
<module-option name="java.naming.security.authentication">
simple</module-option>
<module-option name="java.naming.security.principal">
cn=Manager,o=mycom.com</module-option>
<module-option name="java.naming.security.credentials">secret
</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,o=mycom.com
</module-option>
<module-option name="rolesCtxDN">o=mycom.com</module-option>
<module-option name="uidAttributeID">uniquemember</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
</login-module>
</application-policy>
I have added the following entry in the jboss-web.xml and jboss.xml :
<security-domain>java:/jaas/MySecDomain</security-domain>
I have created a standalone jar file called mysecurity.jar which contains all the jaas related classes. This is a java jar file which is being referenced both by the web and the ejb components.
I have written two classes which implement the Principal and Group interfaces. However, the content is the same as what is available in the JBoss source code. (Thanks for open Source). This I did to preserve the portability across app servers.
In the login method of my custom login module, I verify the user Id and password by trying to create a directory context from the user id and password. If I succeed, then I try to retrieve the user role information which is later added to the subject (at the time of invocation of the commit method on my custom login module).
However, the problem is that after the commit method is invoked on my custom login module as well as on the ClientLoginModule, if I try to query the SecurityAssociation class to see if the subject has indeed got populated, I find that the following code always returns null for the following code:
Subject subject = SecurityAssociation.getSubject();
Any help would be appreciated.
Thanks in advance.
Sriraman.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974196#3974196
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974196
19 years, 7 months
[JBoss AOP] - Re: EnableLoadtimeWeaving and EnableTransformer
by jimmycallaghan
Thanks Kabir...
the create-pluggable-jboss-classloader.bat file didn't work because it was using "mv" to copy the jar. I edited the bat file and changed it to a cp and got the file in the correct place. However, as I was doing the edit I noticed the following line...
"echo JAVA_HOME: %JAVA_HOME%echo This tool will only work with JDK 1.4!!!"
In true developer style I thought that I'd ignore it and see what happened. After putting the resulting jar into the bin directory of JBoss, editing the run.bat file with the new parameters, and running the server I got...
...NoClassDefFoundError: org/jboss/aop/hook/JDK14TransformerManager
...
So I removed the entry in run.bat and tried again and, after booting up, my test does not cause the interceptor to run.
Then I read section "10.3.3. JBoss 4.x and JDK 5" and curesed my stupidity...
Changed the MBean definition to use org.jboss.aop.deployment.AspectManagerServiceJDK5 and copied all of the AOP for Java5 jars into the lib directory of my deployment.
Then...
HEY...
PRESTO...
My interceptor is working!
Thanks Kabir... Next time I'll read the manual before posting for help!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974190#3974190
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974190
19 years, 7 months
[EJB 3.0] - How to map String[]
by jc7442
I have a String[] in a persistent entity. I've tried to add the @Lob annotation. Unfortunattly it does not works, I have the following exception:
| Caused by: java.lang.ClassCastException: [Ljava.lang.String;
| at org.hibernate.type.StringClobType.nullSafeSet(StringClobType.java:56)
| at org.hibernate.type.CustomType.nullSafeSet(CustomType.java:145)
| at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:1910)
| at org.hibernate.persister.entity.AbstractEntityPersister.dehydrate(AbstractEntityPersister.java:1887)
| at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:2117)
| at org.hibernate.persister.entity.AbstractEntityPersister.insert(AbstractEntityPersister.java:2503)
| at org.hibernate.action.EntityInsertAction.execute(EntityInsertAction.java:51)
| at org.hibernate.engine.ActionQueue.execute(ActionQueue.java:248)
| at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:232)
| at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:139)
| at org.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:297)
| at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:27)
| at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:993)
| at org.hibernate.impl.SessionImpl.managedFlush(SessionImpl.java:340)
The String[] is cast in String. Consequetly we have an exception. Moreover, array is stored in DB as CLOB (maybe a blob will be better).
I used oracle10g, Embedded EJB3 RC9.
Is it possible to map an String[] ?
I have tried with the Basic annotation. It works only if there is few String in the array. When I try to put 200 String in the array I have the exception:
Caused by: org.hibernate.exception.GenericJDBCException: Could not execute JDBC batch update
| at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
| at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
| at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
| at org.hibernate.jdbc.AbstractBatcher.executeBatch(AbstractBatcher.java:249)
| at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:235)
| at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.java:139)
| at org.hibernate.event.def.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:297)
| at org.hibernate.event.def.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:27)
| at org.hibernate.impl.SessionImpl.flush(SessionImpl.java:993)
| at org.hibernate.impl.SessionImpl.managedFlush(SessionImpl.java:340)
| at org.hibernate.ejb.AbstractEntityManagerImpl$1.beforeCompletion(AbstractEntityManagerImpl.java:475)
| ... 20 more
| Caused by: java.sql.BatchUpdateException: ORA-12899: valeur trop grande pour la colonne "ROOT"."TOTOPE"."SS" (réelle : 2134, maximum : 255)
|
| at oracle.jdbc.driver.DatabaseError.throwBatchUpdateException(DatabaseError.java:498)
| at oracle.jdbc.driver.OraclePreparedStatement.executeBatch(OraclePreparedStatement.java:12369)
| at org.jboss.resource.adapter.jdbc.WrappedStatement.executeBatch(WrappedStatement.java:517)INFO 26-09 14:20:28,584 (Log4JLogger.java:info:94) -closing
| INFO 26-09 14:20:28,584 (Log4JLogger.java:info:94) -Running hbm2ddl schema export
| DEBUG 26-09 14:20:28,584 (Log4JLogger.java:debug:84) -import file not found: /import.sql
| INFO 26-09 14:20:28,584 (Log4JLogger.java:info:94) -exporting generated schema to database
| DEBUG 26-09 14:20:28,584 (Log4JLogger.java:debug:84) -drop table Assay cascade constraints
|
| at org.hibernate.jdbc.BatchingBatcher.doExecuteBatch(BatchingBatcher.java:58)
| at org.hibernate.jdbc.AbstractBatcher.executeBatch(AbstractBatcher.java:242)
| ... 27 more
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974189#3974189
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974189
19 years, 7 months
[Security & JAAS/JBoss] - Re: How to marshall principal/credentials from client login
by daviddpark
I found a solution to my problem. I was using xdoclet/ejbdoclet to generate my session interfaces as well as the ejb-jar.xml files for my beans. It turns out that when I annotated the create() methods, I didn't allow for method-permission declarations on the remote HOME method.
The proper annotation would look something like:
| /**
| * @ejb.create-method
| * @ejb.permission unchecked="true" method-intf="Home,LocalHome"
| */
| public void ejbCreate() {
| }
|
And the resulting ejb-jar.xml would have something like:
| <method-permission >
| <description><![CDATA[description not supported yet by ejbdoclet]]></description>
| <unchecked/>
| <method >
| <description><![CDATA[]]></description>
| <ejb-name>MyBeanName</ejb-name>
| <method-intf>LocalHome</method-intf>
| <method-name>create</method-name>
| <method-params>
| </method-params>
| </method>
| </method-permission>
| <method-permission >
| <description><![CDATA[description not supported yet by ejbdoclet]]></description>
| <unchecked/>
| <method >
| <description><![CDATA[]]></description>
| <ejb-name>MyBeanName</ejb-name>
| <method-intf>Home</method-intf>
| <method-name>create</method-name>
| <method-params>
| </method-params>
| </method>
| </method-permission>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974188#3974188
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974188
19 years, 7 months
[EJB 3.0] - Re: slow remote communication
by justkeys
I was able to skip this useless processing of cascades, by clearing the session (entitymanager.clear()) before returning.
Using trace logging, i found out that the 9 seconds were all used to handle about 400 entities. Hibernate, i think you got a little problem here. Note: with trace logging enabled it took over 2 minutes.
2006-09-26 13:01:10,410 TRACE [org.hibernate.transaction.CacheSynchronization] transaction before completion callback
2006-09-26 13:01:10,410 TRACE [org.hibernate.jdbc.JDBCContext] before transaction completion
2006-09-26 13:01:10,410 TRACE [org.hibernate.impl.SessionImpl] before transaction completion
2006-09-26 13:01:10,410 TRACE [org.hibernate.ejb.AbstractEntityManagerImpl] automatically flushing session
2006-09-26 13:01:10,410 TRACE [org.hibernate.impl.SessionImpl] automatically flushing session
2006-09-26 13:01:10,410 TRACE [org.hibernate.event.def.AbstractFlushingEventListener] flushing session
2006-09-26 13:01:10,410 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] processing flush-time cascades
...
2006-09-26 13:03:49,101 TRACE [org.hibernate.event.def.AbstractFlushingEventListener] Processing unreferenced collections
2006-09-26 13:03:49,101 TRACE [org.hibernate.event.def.AbstractFlushingEventListener] Scheduling collection removes/(re)creates/updates
2006-09-26 13:03:49,101 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] Flushed: 0 insertions, 0 updates, 0 deletions to 418 objects
2006-09-26 13:03:49,101 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] Flushed: 0 (re)creations, 0 updates, 0 removals to 417 collections
2006-09-26 13:03:49,101 DEBUG [org.hibernate.pretty.Printer] listing entities:
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974187#3974187
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974187
19 years, 7 months