[Tomcat, HTTPD, Servlets & JSP] - Re: Problems Accessing Realm (JBossSecurityMgrRealm) from To
by sbiwal
Hi Josh,
Some more information on my problem. I am just implementing a basic custom valve (and not a SSO valve). I am attaching the code for my valve below. Isn't this similar to the authenticator that you talk about in your last post ? If so then the Realm object that I get should have the JNDI namespace correctly set ?
| /*
| * JBoss, Home of Professional Open Source.
| * Copyright 2006, Red Hat Middleware LLC, and individual contributors
| * as indicated by the @author tags. See the copyright.txt file in the
| * distribution for a full listing of individual contributors.
| *
| * This is free software; you can redistribute it and/or modify it
| * under the terms of the GNU Lesser General Public License as
| * published by the Free Software Foundation; either version 2.1 of
| * the License, or (at your option) any later version.
| *
| * This software is distributed in the hope that it will be useful,
| * but WITHOUT ANY WARRANTY; without even the implied warranty of
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
| * Lesser General Public License for more details.
| *
| * You should have received a copy of the GNU Lesser General Public
| * License along with this software; if not, write to the Free
| * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
| * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
| */
| package org.jboss.web.tomcat.security;
|
| import java.io.IOException;
| import java.security.Principal;
| import java.security.acl.Group;
| import java.util.ArrayList;
| import java.util.List;
|
| import javax.security.auth.Subject;
| import javax.servlet.ServletException;
|
| import org.apache.catalina.connector.Request;
| import org.apache.catalina.connector.Response;
| import org.apache.catalina.Context;
| import org.apache.catalina.Session;
|
| import org.apache.catalina.realm.GenericPrincipal;
| import org.apache.catalina.valves.ValveBase;
| import org.jboss.logging.Logger;
| import org.jboss.security.SecurityAssociation;
| import org.jboss.security.SimpleGroup;
|
| //import com.sun.security.auth.UserPrincipal;
|
| //import com.sun.security.auth.UserPrincipal;
|
| /** A valve that provides information on the jaas login exception seen in the
| SecurityAssociation exception data. The useExceptionAsMsg flag indicates if
| the exception message should be set as the http response message. The
| exceptionHeader attribute if set is the header name that should be populated
| with the exception message.
|
| @author Scott.Stark(a)jboss.org
| @version $Revision: 57206 $
| */
| public class BasicAuthValve
| extends ValveBase
| {
| private static Logger log = Logger.getLogger(BasicAuthValve.class);
| private static boolean trace = log.isTraceEnabled();
|
| /** Should the exception message be used as the request status message */
| private boolean useExceptionAsMsg = false;
| /** A flag indicating if the auth exception thread local should be cleared */
| private boolean clearAuthException = true;
| /** The name of the reply header to use to return the exception message */
| private String exceptionHeader = null;
|
| public boolean isUseExceptionAsMsg()
| {
| return useExceptionAsMsg;
| }
| public void setUseExceptionAsMsg(boolean useExceptionAsMsg)
| {
| this.useExceptionAsMsg = useExceptionAsMsg;
| }
|
| public String getExceptionHeader()
| {
| return exceptionHeader;
| }
| public void setExceptionHeader(String exceptionHeader)
| {
| this.exceptionHeader = exceptionHeader;
| }
|
| public void invoke(Request request, Response response)
| throws IOException, ServletException
| {
| // TODO Auto-generated method stub
| List roles = new ArrayList();
| roles.add("Authenticated");
| roles.add("User");
| roles.add("Admin");
| roles.add("CustomRole");
|
| String password = "user";
| String username = "user";
|
| username = request.getRemoteUser();
| if (username != null) {
| Principal p = this.getContainer().getRealm().authenticate(username, (String)null);
| request.setAuthType("FORM");
| request.setUserPrincipal(new GenericPrincipal(request.getContext().getRealm(), username, password, roles));
| }
|
| this.getNext().invoke(request, response);
| if (request.getAttribute("org.jboss.portal.logout") != null) {
| request.getSession().invalidate();
| }
| }
|
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135815#4135815
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135815
18 years, 1 month
[JBoss Portal] - Re: Auto-login on JBoss Portal
by sbiwal
Thanks a lot.
I was able to successfully create a custom tomcat valve (code attached below). This even allowed automatic login to my user and displayed the default page as "User logged in: ". However I think this user is still not authorized to access anything that is below the /auth access.
When I call the this.container.getRealm().authenticate method in the valve I am forwarded to the JBossSecurityMgrRealm.authenticate method. In this method, the securityCtx object is null and so I just get a null from the function. I think this is the problem why my users are not being authorized.
Can you please shed some light as to where I could be going wrong.
So in short all I have changed in the Jboss AS code is adding this custom valve and changing the server.xml
I have not changed anything in the Jboss Portal code at all.
/*
| * JBoss, Home of Professional Open Source.
| * Copyright 2006, Red Hat Middleware LLC, and individual contributors
| * as indicated by the @author tags. See the copyright.txt file in the
| * distribution for a full listing of individual contributors.
| *
| * This is free software; you can redistribute it and/or modify it
| * under the terms of the GNU Lesser General Public License as
| * published by the Free Software Foundation; either version 2.1 of
| * the License, or (at your option) any later version.
| *
| * This software is distributed in the hope that it will be useful,
| * but WITHOUT ANY WARRANTY; without even the implied warranty of
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
| * Lesser General Public License for more details.
| *
| * You should have received a copy of the GNU Lesser General Public
| * License along with this software; if not, write to the Free
| * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
| * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
| */
| package org.jboss.web.tomcat.security;
|
| import java.io.IOException;
| import java.security.Principal;
| import java.security.acl.Group;
| import java.util.ArrayList;
| import java.util.List;
|
| import javax.security.auth.Subject;
| import javax.servlet.ServletException;
|
| import org.apache.catalina.connector.Request;
| import org.apache.catalina.connector.Response;
| import org.apache.catalina.Context;
| import org.apache.catalina.Session;
|
| import org.apache.catalina.realm.GenericPrincipal;
| import org.apache.catalina.valves.ValveBase;
| import org.jboss.logging.Logger;
| import org.jboss.security.SecurityAssociation;
| import org.jboss.security.SimpleGroup;
|
| //import com.sun.security.auth.UserPrincipal;
|
| //import com.sun.security.auth.UserPrincipal;
|
| /** A valve that provides information on the jaas login exception seen in the
| SecurityAssociation exception data. The useExceptionAsMsg flag indicates if
| the exception message should be set as the http response message. The
| exceptionHeader attribute if set is the header name that should be populated
| with the exception message.
|
| @author Scott.Stark(a)jboss.org
| @version $Revision: 57206 $
| */
| public class BasicAuthValve
| extends ValveBase
| {
| private static Logger log = Logger.getLogger(BasicAuthValve.class);
| private static boolean trace = log.isTraceEnabled();
|
| /** Should the exception message be used as the request status message */
| private boolean useExceptionAsMsg = false;
| /** A flag indicating if the auth exception thread local should be cleared */
| private boolean clearAuthException = true;
| /** The name of the reply header to use to return the exception message */
| private String exceptionHeader = null;
|
| public boolean isUseExceptionAsMsg()
| {
| return useExceptionAsMsg;
| }
| public void setUseExceptionAsMsg(boolean useExceptionAsMsg)
| {
| this.useExceptionAsMsg = useExceptionAsMsg;
| }
|
| public String getExceptionHeader()
| {
| return exceptionHeader;
| }
| public void setExceptionHeader(String exceptionHeader)
| {
| this.exceptionHeader = exceptionHeader;
| }
|
| public void invoke(Request request, Response response)
| throws IOException, ServletException
| {
| // TODO Auto-generated method stub
| List roles = new ArrayList();
| roles.add("Authenticated");
| roles.add("User");
| roles.add("Admin");
| roles.add("CustomRole");
|
| String password = "user";
| String username = "user";
|
| Principal p = this.getContainer().getRealm().authenticate(username, (String)null);
| request.setAuthType("FORM");
| request.setUserPrincipal(new GenericPrincipal(request.getContext().getRealm(), username, password, roles));
|
| this.getNext().invoke(request, response);
|
| }
|
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135811#4135811
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135811
18 years, 1 month
[Beginners Corner] - JBoss and i5
by pimm1975
Hello everyone I'm new in the jboss world and having trouble getting iseries and jboss to work toghether.
Our jboss will attend all of our web,mobile,ui client apps they will be transmited to our i5(as400) where they will be procesed by a RPG app, now we have analize 2 methods of getting the data into the i5 one would be thru sockets and the other would be using i5 dataqueues, now socket would implicate using (developing) another process in between so that we wouldn't get into RPG sockets (probably C) and the advantage of dataqueues is that we would write directly to the dataq from our jboss, I've gone as far as writing and reading to the dataq thru jboss but I have to stablish a jdbc conection to the i5 how do I make this jdbc conection always available so when I jboss receives the data i just writes to the dataq and doesn't have to stablish the jdbc conection on demand (would like persistent conection) and what can I do to have a class reading the dataq all the time (thread) for the data that the i5 responds.
I do have a persistence class to my i5 db can I reuse something from there?.
What do i need to look for?
Mbeans ?
how do I set up this service to read from the dataq or setup a thread ? how would I started?,
any ideas or pointers on where to look or what to read would be apreciated, thanks .
- Pedro .
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135810#4135810
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135810
18 years, 1 month
[JBoss Portal] - Re: Problems in doing JAAS login using code
by sbiwal
Hi
I am working on a similar problem. I want to login a special user automatically to the portal the first time a user access it (lets say "user" in the below code).
I created a custom tomcat valve using the code described below. However the user is not authorized to access his dashboard (or any other /auth pages). I know I am missing something but can't put my finger on it.
I am using the standard JAAS IdentityLoginModule. I see that the Principal returned by the JBossSecurityMgrRealm is always null (becuase the security context is null).
Please help me. I have been breaking my head over this for a long time. I have read documentations and other posts on the forum but nothing is working for me.
Thanks,
Swati
| package org.jboss.web.tomcat.security;
|
| import ..
|
| /** A valve that provides information on the jaas login exception seen in the
| SecurityAssociation exception data. The useExceptionAsMsg flag indicates if
| the exception message should be set as the http response message. The
| exceptionHeader attribute if set is the header name that should be populated
| with the exception message.
|
| @author Scott.Stark(a)jboss.org
| @version $Revision: 57206 $
| */
| public class BasicAuthValve
| extends ValveBase
| {
| private static Logger log = Logger.getLogger(BasicAuthValve.class);
| private static boolean trace = log.isTraceEnabled();
|
| /** Should the exception message be used as the request status message */
| private boolean useExceptionAsMsg = false;
| /** A flag indicating if the auth exception thread local should be cleared */
| private boolean clearAuthException = true;
| /** The name of the reply header to use to return the exception message */
| private String exceptionHeader = null;
|
| public boolean isUseExceptionAsMsg()
| {
| return useExceptionAsMsg;
| }
| public void setUseExceptionAsMsg(boolean useExceptionAsMsg)
| {
| this.useExceptionAsMsg = useExceptionAsMsg;
| }
|
| public String getExceptionHeader()
| {
| return exceptionHeader;
| }
| public void setExceptionHeader(String exceptionHeader)
| {
| this.exceptionHeader = exceptionHeader;
| }
|
| public void invoke(Request request, Response response)
| throws IOException, ServletException
| {
| // TODO Auto-generated method stub
| List roles = new ArrayList();
| roles.add("Authenticated");
| roles.add("User");
| roles.add("Admin");
| roles.add("CustomRole");
|
| String password = "user";
| String username = "user";
|
| Principal p = this.getContainer().getRealm().authenticate(username, (String)null);
| request.setUserPrincipal(new GenericPrincipal(request.getContext().getRealm(), username, password, roles));
|
| this.getNext().invoke(request, response);
|
| }
|
| }
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135808#4135808
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135808
18 years, 1 month
[JBoss jBPM] - Re: Signalling Option
by kukeltje
Victor,
Unfortunately this is not a unit test, nor does it have the processdefinition embedded in it. It also does not have the actionhandler as an inner class. You can have a look at the jbpm unit tests to see how this can be done.
The reason I mention this is that making this executable would take way to much of my precious time. I even doubt it will run at all since I do not know which class the actionhandler is and the processdefinition shows more than one. So I will not attempt to run this.
On the other hand you might be lucky. You seem to use jBPM completely wrong, in a way even that is not shown anywhere. In the node enter you *END* the task.... Again... look the the jbpm testcases how you should write unit tests that end tasks....
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135804#4135804
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135804
18 years, 1 month