[Microcontainer] - Re: Autoexplosion of archives
by bob.mcwhirter
"alesj" wrote :
| There might not be the modification type you're looking for.
| But it's easy to add what ever you want. ;-)
|
Yah, I looked at that too. Though, that requires extending the ModificationType enumeration and registering a ModificationAction. Non-trivial to try out a different ModificationAction, it would seem.
Perhaps a ModificationType.ATTACHED and go looking for a ModificationAction.class attachment if set?
"alesj" wrote :
| And I also see types behave as I expected. :-)
|
Yah, I think they all work as expected, just not a complete set from my POV. I did see some examples with an UNPACK on the root, but that seems to be non-tenable. UNPACK only works on child context-infos from the look of it. Else, the isNested() check stops it on the root without doing anything if you point it at the root deployed archive, not a nested archive.
"alesj" wrote :
| You're welcome to impl "top" == 'I effectively want is just a top-level un-jarring'.
| And I'll add it to VFS 2.0.1. ;-)
I'll poke around, but I should be able to tell the difference between foo.jar as a real directory and foo.jar as a mounted vfszip? I can still do a byte-for-byte copy of a vfszip-mounted JAR?
I'll work on an implementation.
Thanks!
-Bob
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193896#4193896
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4193896
16 years, 1 month
[Security & JAAS/JBoss] - Jboss 5 Strange Login Issues with WebAuthenticate
by yoblin
I'm porting a login system from Jboss 4 to Jboss 5 and having a strange issue. When the login credentials are wrong, everything works fine (no exceptions, login fails), but when the login credentials are correct the user is authenticated fine but then an exception is thrown after the user is authenticated:
| java.lang.IllegalStateException: Application Policy is null for the security domain:java:jaas/portal-rsa
| at org.jboss.security.plugins.mapping.JBossMappingManager.getMappingContext(JBossMappingManager.java:74)
| at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:391)
| at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:363)
| at org.jboss.security.plugins.JBossAuthorizationManager.getUserRoles(JBossAuthorizationManager.java:215)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.getUserRoles(JaasSecurityManagerBase.java:457)
| at org.jboss.security.plugins.JaasSecurityManager.getUserRoles(JaasSecurityManager.java:200)
| at org.jboss.web.tomcat.security.JBossWebRealm.getCachingPrincipal(JBossWebRealm.java:662)
| at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:409)
| at org.jboss.web.tomcat.security.login.WebAuthentication.login(WebAuthentication.java:93)
| at com.prod.portal.mvc.servlet.AuthenticateServlet.doPost(AuthenticateServlet.java:86)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:630)
| at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
| at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
| at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
| at com.prod.portal.mvc.servlet.PortalLoginServlet.doGet(PortalLoginServlet.java:18)
| at com.prod.portal.mvc.servlet.PortalLoginServlet.doPost(PortalLoginServlet.java:23)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
|
I don't see how the application policy is possibly null, because the whole thing works great when the credentials are wrong, and I can see my login extension getting called.
Below I have the relevant code and config files.
---------------
jboss-web.xml:
| <jboss-web>
| <context-root>prod</context-root>
| <security-domain>java:jaas/portal</security-domain>
| </jboss-web>
|
web.xml:
|
| <!-- snip -->
|
| <servlet>
| <servlet-name>AuthenticateServlet</servlet-name>
| <servlet-class>
| com.prod.portal.mvc.servlet.AuthenticateServlet
| </servlet-class>
| </servlet>
|
| <servlet-mapping>
| <servlet-name>login-servlet</servlet-name>
| <url-pattern>/auth/servlet/login</url-pattern>
| </servlet-mapping>
|
| <servlet-mapping>
| <servlet-name>AuthenticateServlet</servlet-name>
| <url-pattern>/auth/servlet/AuthenticateServlet</url-pattern>
| </servlet-mapping>
|
| <session-config>
| <session-timeout>30</session-timeout>
| </session-config>
|
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>MVC Application</web-resource-name>
| <url-pattern>/secure/*</url-pattern>
| <url-pattern>/flex/*</url-pattern>
| <http-method>POST</http-method>
| <http-method>GET</http-method>
| </web-resource-collection>
| <auth-constraint>
| <description>
| Only allow Authenticated_users role
| </description>
| <role-name>authenticatedUser</role-name>
| </auth-constraint>
| </security-constraint>
|
| <security-role>
| <role-name>authenticatedUser</role-name>
| </security-role>
|
| <login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/public/login.jsp</form-login-page>
| <form-error-page>/public/login.jsp</form-error-page>
| </form-login-config>
| </login-config>
|
| <welcome-file-list>
| <welcome-file>auth/servlet/login</welcome-file>
| </welcome-file-list>
|
| </web-app>
|
|
LDAP Extension Module:
|
| @Override
| protected void rolesSearch(final InitialLdapContext ctx, final SearchControls constraints, final String user, final String userDN,
| final int recursionMax, final int nesting) throws NamingException {
|
| _log.debug("in rolesSearch in LDAP extension.");
|
| Group[] groups;
| try {
| groups = getRoleSets();
| final SimpleGroup sg = (SimpleGroup) groups[0];
| sg.addMember(new SimplePrincipal("authenticatedUser"));
| } catch (final LoginException e) {
| _log.error("Error");
| }
| }
| }
|
login-config.xml:
| <policy>
| <application-policy name="portal">
| <authentication>
| <login-module code="com.prod.portal.security.loginmodule.ProdLdapExtLoginModule" flag="required">
| <!-- MODULE OPTIONS SNIPPED -->
| </login-module>
| </authentication>
| </application-policy>
| </policy>
|
Authenticate Servlet:
| @Override
| public void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
|
| String view = null;
|
| final String uid = request.getParameter("username");
| final String password = request.getParameter("password");
|
| if (uid == null && password == null && token == null) {
| view = "/public/login.jsp";
| } else {
|
| WebAuthentication pwl = new WebAuthentication();
|
| pwl.login(uid, password);
|
| if(request.getUserPrincipal() == null || !(request.isUserInRole("authenticatedUser"))) {
| view = "/public/login.jsp";
| } else {
| view = "/secure/main.html";
|
| if (! (onUserLogon(request.getSession(), request))) {
| // Error logging in
| view = "/public/login.jsp";
| }
| }
| }
|
| final RequestDispatcher rd = request.getSession().getServletContext().getRequestDispatcher(view);
| rd.forward(request, response);
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193885#4193885
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4193885
16 years, 1 month