[JBoss Portal] - Re: login portlet and CMS admin
by noicangi
Sohil-
ok, correct me if i'm wrong please:
!!!! this is the original DB file (example)
| <?xml version="1.0" encoding="UTF-8"?>
| <datasources>
| <local-tx-datasource>
| <jndi-name>PortalDS</jndi-name>
| <connection-url>jdbc:mysql://localhost:3306/jbossportal?useServerPrepStmts=false</connection-url>
| <driver-class>org.gjt.mm.mysql.Driver</driver-class>
| <user-name>root</user-name>
| <password>admin</password>
| </local-tx-datasource>
|
| ------here i add my other DB config -----
|
| <datasources>
| <local-tx-datasource>
| <jndi-name>PortalDS</jndi-name>
| <connection-url>jdbc:mysql://localhost:3306/nicolas?useServerPrepStmts=false</connection-url>
| <driver-class>org.gjt.mm.mysql.Driver</driver-class>
| <user-name>nicolas</user-name>
| <password>nicolas</password>
| </local-tx-datasource>
| </datasources>
here i add all DB i want to connect
now the login-config.xml:
| <application-policy name="portal">
| <authentication>
| <login-module code="org.jboss.portal.core.security.jaas.ModelLoginModule" flag="required">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="hashAlgorithm">MD5</module-option>
| <module-option name="hashEncoding">HEX</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
now i have to change java:/portal/UserModule by java:/myportal , thats all?
and every time i create a portal and i want a unique database for this portal i do this?
about the CMS repository i tried to change the cms by the portal instances without result, i download the portal source to modify cms managaer portlet and force it to change root folder by an xml file but where its the code? i found many java files.
thanks for your time and for helping this noob
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974103#3974103
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974103
19 years, 7 months
[Security & JAAS/JBoss] - LoginModule to Perform User-Specific Cache Removal?
by jiwils
We have some web/webservice applications whose users are unhappy that login information is cached because it can (in certain situations) allow for brute force attempts to guess the password. Our security environment utilizes JPAM/PAM-based account locking rules + LDAP, so this means that by locking the account via JPAM/PAM when multiple bad credential combinations are entered repetitively, we have to wait for the cache to timeout for the account to really be "locked".
Would it be feasible (a good idea) to write a LoginModule that by being first in the stack for a given domain would only drop users from the cache (using the JMX interface) if a LoginModule further down the stack rejected the supplied credentials? That would seemingly allow us to enjoy the benefits of caching while letting the account locking rules work as expected.
Is this a proper approach to the problem, or might there be a better way to go about this? It seems a bit untidy when this is almost a caching function rather than a LoginModule type of use case, but in the end it seems to resolve the issue.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3974101#3974101
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3974101
19 years, 7 months