[JBoss Portal] - Admin role ignored when fetched from LDAP
by olivsch7
Hello together,
I have configured JBoss Portal to use our LDAP's groups as portal roles. As groups don't differ from roles in our LDAP, this works very well except one issue: I created the group "Admin" in the directory and assigned it to the user "olivsch7". When I log in with this user, JBoss Portal doesn't grant him the rights of the "Admin" group although it recognizes that he is its member. In other words, I can see in the portal user management that he is user of the Admin/Administrators group but "olivsch7" cannot access the admin portal. Users in the portal database (who are also member of "Admin") can access the admin portal. Unfortunately, the log files don't give any information about this to me. This is an excerpt:
2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Synchronizing user: olivsch7
| 2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Role Group: Roles
| 2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Principal in group: admin; admin
| 2009-01-13 13:35:26,890 DEBUG [org.hibernate.jdbc.JDBCContext] successfully registered Synchronization
| 2009-01-13 13:35:26,890 DEBUG [org.hibernate.impl.SessionImpl] opened session at timestamp: 5045658119741440
| 2009-01-13 13:35:26,890 DEBUG [org.hibernate.engine.query.QueryPlanCache] unable to locate HQL query plan in cache; generating (from HibernateUserImpl where userName=:userName)
| 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.QueryTranslatorImpl] parse() - HQL: from org.jboss.portal.identity.db.HibernateUserImpl where userName=:userName
| 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.AST] --- HQL AST ---
| \-[QUERY] 'query'
| +-[SELECT_FROM] 'SELECT_FROM'
| | \-[FROM] 'from'
| | \-[RANGE] 'RANGE'
| | \-[DOT] '.'
| | +-[DOT] '.'
| | | +-[DOT] '.'
| | | | +-[DOT] '.'
| | | | | +-[DOT] '.'
| | | | | | +-[IDENT] 'org'
| | | | | | \-[IDENT] 'jboss'
| | | | | \-[IDENT] 'portal'
| | | | \-[IDENT] 'identity'
| | | \-[IDENT] 'db'
| | \-[IDENT] 'HibernateUserImpl'
| \-[WHERE] 'where'
| \-[EQ] '='
| +-[IDENT] 'userName'
| \-[COLON] ':'
| \-[IDENT] 'userName'
|
| 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.ErrorCounter] throwQueryException() : no errors
I'm really clueless about this because when I configure the portal to use our LDAP's roles (instead of groups), it works. Do you have a clue?
Thank you very much in advance!
Kind regards
Oliver
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4201366#4201366
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4201366
17 years, 6 months
[Installation, Configuration & DEPLOYMENT] - JBoss 5 SSL
by venuwin
Hi,
We have a simple war file deployed on Jboss 5.
It runs on default configuration.
The issue is that when i switch from HTTP page to HTTPS page, it is not able to connect and throws "Data transfer interrupted". From the failed URL, i can see that it tries to connect to 8443 when i had configured for 443.
Server.xml code block:
| <!-- A HTTP/1.1 Connector on port 8080 -->
| <Connector protocol="HTTP/1.1" port="80" address="${jboss.bind.address}"
| connectionTimeout="20000" redirectPort="443" />
|
| <!-- Add this option to the connector to avoid problems with
| .NET clients that don't implement HTTP/1.1 correctly
| restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"
| -->
|
| <!-- A AJP 1.3 Connector on port 8009 -->
| <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"
| redirectPort="8443" />
|
| <!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
| <Connector protocol="HTTP/1.1" SSLEnabled="true"
| port="443" address="${jboss.bind.address}"
| scheme="https" secure="true" clientAuth="false"
| keystoreFile="/mnt/opt/jboss-5.0.0.GA/server/default/conf/chap8.keystore"
| keystorePass="rmi+ssl" sslProtocol = "TLS" />
When i alter the URL in the browser to point to 443 for the same HTTPs url, it works.
Please help
Thanks
Venu
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4201360#4201360
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4201360
17 years, 6 months
[JBoss jBPM] - JBPM 3 or 4
by tbeernot
Ok. JBPM 4 alpha is out. Compliments to the team!
But as a newcomer, I'm facing a decision now. I've just finished embedding jBMP 3.2.3 into our internal framework. I've solved all the issues and am ready to present it internally. Nothing has been done with it, apart from me writing unit tests.
I know jBPM 4 will have a new API, so I isolated all API code and I should be able to migrate fairly easy.
So just now I took a peek at jBPM 4 and noticed that the XML has changed seriously. And with that I'm less pleased, because the XML I cannot isolate! My user are supposed to write XML, using the designer or not.
My questions:
- Will jBPM 4.0 still be able to interprete the 3.2.3 XML process definitions?
- How stable is the 4.0 alpha? Can I migrate and demo?
- Is jBPM 4.0 getting along quickly enough to left me hold off on this until it is stable? (Are we talking weeks or months?)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4201358#4201358
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4201358
17 years, 6 months
[Security & JAAS/JBoss] - Problem with css files in login.jsp page
by misqu23
Hi
In my webapp I have configured form-based authentication. Here is my the code snippet of my web.xml file :
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>Protected resources</web-resource-name>
| <url-pattern>/restricted/*</url-pattern>
| </web-resource-collection>
| <auth-constraint>
| <role-name>user</role-name>
| </auth-constraint>
| <user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
| <login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/login.jsp</form-login-page>
| <form-error-page>/error.html</form-error-page>
| </form-login-config>
| </login-config>
|
| <security-role>
| <description>The role required to login to application</description>
| <role-name>user</role-name>
| </security-role>
|
Authentication works ok.
But when I wan't to customize look of the login.jsp page with css and use javascript, insted of css file or js file I get always login.jsp file. It looks like all the resources are protected event outside of the restricted area when I get redirected to the login.jsp.
When I hit css or js file in the browser I get the correct value. Also when I hit login.jsp directly not through redirect.
Here is the login.jsp :
| <%@ page language="java" contentType="text/html; charset=UTF-8"
| pageEncoding="UTF-8"%>
| <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
| <html>
| <head>
| <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
| <title>Insert title here</title>
| <link rel="stylesheet" type="text/css" href="login.css" />
| </head>
| <body>
| <form method="POST" action="<%=request.getContextPath()%>/j_security_check">
| User: <input type="text" name="j_username" size="15"><br>
| Password: <input type="password" name="j_password" maxlength="20" size="15"><br>
| <INPUT TYPE="SUBMIT" VALUE="Send" >
| </form>
| </body>
| </html>
|
Does anybody had similar problem. What am I doing wrong ?
Thanks
Martin
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4201345#4201345
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4201345
17 years, 6 months
[JBoss jBPM] - Re: ProcessInstance ending changed
by Olivier_Debels
Here is a unit test.
When aborting a child token, the child token is triggered to go to the next node (task node).
So we create an additional task instance. Something we certainly don't want when aborting the token.
public class AbortTokenTest {
|
| public static final String MAIN_PROCESS =
| "<process-definition name='MainProcess'>" +
| " <start-state>" +
| " <transition to='fork' />" +
| " </start-state>" +
| " <fork name='fork'>" +
| " <transition name='transition1' to='subProcess1' />" +
| " <transition name='transition2' to='subProcess2' />" +
| " </fork>" +
| " <process-state name='subProcess1'>" +
| " <sub-process name='SubProcess'/>" +
| " <transition to='taskNode1' />" +
| " </process-state>" +
| " <task-node name='taskNode1'>" +
| " <task name='generic' />" +
| " <transition to='join' />" +
| " </task-node>" +
| " <process-state name='subProcess2'>" +
| " <sub-process name='SubProcess'/>" +
| " <transition to='taskNode2' />" +
| " <task-node name='taskNode2'>" +
| " <task name='generic' />" +
| " <transition to='join' />" +
| " </task-node>" +
| " </process-state>" +
| " <join name='join' lock='UPGRADE'>" +
| " <transition to='end' />" +
| " </join>" +
| " <end-state name='end' />" +
| "</process-definition>";
|
| /**
| * Process definition with single root token and task node.
| */
| public static final String SUB_PROCESS =
| "<process-definition name='SubProcess'>" +
| " <start-state>" +
| " <transition to='taskNode' />" +
| " </start-state>" +
| " <task-node name='taskNode'>" +
| " <task name='generic' />" +
| " <transition to='end' />" +
| " </task-node>" +
| " <end-state name='end' />" +
| "</process-definition>";
|
| private JbpmContext jbpmContext;
|
| @Before
| public void initialize() {
| jbpmContext = JbpmConfiguration.getInstance().createJbpmContext();
|
| // Deploy sub process and main process
| jbpmContext.deployProcessDefinition(ProcessDefinition.parseXmlString(SUB_PROCESS));
| jbpmContext.deployProcessDefinition(ProcessDefinition.parseXmlString(MAIN_PROCESS));
| }
|
| @After
| public void uninitialize() {
| jbpmContext.close();
| }
|
| @Test
| public void cancelToken() {
| ProcessInstance processInstance = jbpmContext.newProcessInstance("MainProcess");
| processInstance.signal();
| assertNull(processInstance.getTaskMgmtInstance().getTaskInstances());
|
| // Abort one of the child token's
| processInstance.getRootToken().getChild("transition1").end(false);
|
| // Unit test fails -> a task instance is created in the main process
| // This because the child token is signalled and is in taskNode1 now...
| assertNull(processInstance.getTaskMgmtInstance().getTaskInstances());
| }
| }
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4201344#4201344
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4201344
17 years, 6 months