[Security & JAAS/JBoss] - EJB 3 Security in JBoss 5.0.1.GA
by zithuba
Hi,
This is my jboss-beans xml:
<application-policy xmlns="urn:jboss:security-beans:1.0" name="lms-system">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required" >
<module-option name="dsJndiName">java:/lmsDS</module-option>
<module-option name="principalsQuery">
select user_pass from admin_user where username=?
</module-option>
<module-option name="rolesQuery">
select role_name, 'Roles' from security_role where user_name = ?
</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="unauthenticatedIdentity">LMS_USER</module-option>
<module-option name="hashCharset">UTF-8</module-option>
<!--module-option name="password-stacking">useFirstPass</module-option-->
<module-option name="hashEncoding">base64</module-option>
</login-module>
<policy-module code="org.jboss.security.authorization.modules.JACCAuthorizationModule" flag="required"/>
<!--policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/-->
<!--policy-module code="org.jboss.security.authorization.modules.XACMLAuthorizationModule" flag="optional"/ -->
</application-policy>
<!--application-policy xmlns="urn:jboss:security-beans:1.0" name="test-domain2" extends="other">
<policy-module code="org.jboss.security.authorization.modules.XACMLAuthorizationModule" flag="required"/>
</application-policy-->
Client login code:
securityClient.setSimple(userName, password.toCharArray());
// securityClient.setVmwideAssociation(true);
securityClient.login();
context = new InitialContext();
later I then lookup with code:
context.lookup(jndiName);
This is the scurity audit log:
2009-03-30 18:29:06,672 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (WorkerThread#0[127.0.0.1:54686]:) [Success]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=123;method=findUserByName;
2009-03-30 18:29:06,883 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (WorkerThread#0[127.0.0.1:54686]:) [Error]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=Authorization Failed: ;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1168524}:method=public za.gov.housing.domain.model.User za.gov.housing.ejb.service.UserServiceBean.findUserByName(java.lang.String) throws za.gov.housing.common.exception.SystemException,za.gov.housing.common.exception.ApplicationException:ejbMethodInterface=Remote:ejbName=UserServiceBean:ejbPrincipal=123:MethodRoles=Roles(,):securityRoleReferences=null:callerSubject=Subject:
Principal: 123
Principal: Roles(members)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@1168524;
my jboss.xml:
<security-domain>java:/jaas/lms-system</security-domain>
<!--unauthenticated-principal /-->
<missing-method-permissions-excluded-mode>true</missing-method-permissions-excluded-mode>
EJB:
@Stateless
@SecurityDomain("lms-system")
public class UserServiceBean implements UserServiceRemote {
@Override
public User findUserByName(String name) throws SystemException, ApplicationException{
try {
User user = userFacade.findByUserName(name);
I get caller unauthorised exception
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222074#4222074
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222074
15 years, 3 months
[Security & JAAS/JBoss] - SSL problem with JBOSS AS 4.2
by skkuchipudi
I followed the following steps to enable the SSL for my web application in JBoss AS 4.2,
1. Generate the keystore using the command below. For the most part, you can just make up stuff for the responses. However, remember the password you provide and use the same password for the keystore and the key. When it asks for your first and last name, you should enter the hostname used for JBoss AS (i.e., localhost).
|
| keytool -genkey -keyalg RSA -keystore jbossas.keystore -validity NUMBER_OF_DAYS
|
| 2. Move the generated file the conf directory of the JBoss AS default domain (or the one you are using):
|
| mv jbossas.keystore ${jboss.home}/server/default/conf/
|
| 3. Open the file ${jboss.home}/server/default/deploy/jboss-web.deployer/server.xml in your editor, remove the XML comment around the SSL-connector, and modify the attributes to match the configuration shown here:
|
| <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
| maxThreads="150" scheme="https" secure="true"
| clientAuth="false" sslProtocol="TLS" address="${jboss.bind.address}"
| keystoreFile="${jboss.server.home.dir}/conf/jbossas.keystore"
| keystorePass="PASSWORD_FOR_KEYSTORE"/>
|
| 4. Now you should be able to access your application through https. The URL will begin with https instead of http and you need to include the port number if the port you provided in the configuration is anything other than 443:
|
| https://localhost:8443
When directing to the above URL in IE, I get the error page with the message "The security certificate presented by this website was not issued
by a trusted certificate authority."
What I'm doing the above is right way or wrong way, what things do I need to follow to avoid this?
Please help me on this
Thanks,
Sumant K
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222064#4222064
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222064
15 years, 3 months
[Tomcat, HTTPD, Servlets & JSP] - customized error page question
by ndrw_cheung
Hi, all. I have a web application running inside JBOSS Portal (portal version 2.4, app. server version is 4.0.5) inside a portlet. In the web application, I use try/catch to trap the exceptions, and I would like to redirect the page to an error page if those exceptions are caught.
In the myApp.war/WEB-INF/web.xml, I have:
<error-code>500</error-code>
/WEB-INF/jsp/error.jsp
</error-page>
<error-page>
<exception-type>java.lang.Exception</exception-type>
/WEB-INF/jsp/error.jsp
</error-page>
<error-page>
<exception-type>javax.faces.FacesException</exception-type>
/WEB-INF/jsp/error.jsp
</error-page>
<error-page>
<exception-type>javax.faces.el.EvaluationException</exception-type>
/WEB-INF/jsp/error.jsp
</error-page>
On the error page, I have :
<%@ page isErrorPage="true" %>
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h" %>
<%@ taglib uri="http://java.sun.com/jsf/core" prefix="f" %>
this is error page
However, it doesn't seem that the configuration is being picked up. Am I missing something?
Note that I only want the error redirection for this web application to go to the error.jsp page only, so I don't want to put this configuration in the web.xml in the tomcat55 folder.
Any help is appreciated. Thanks.
-Andrew
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222063#4222063
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222063
15 years, 3 months
[Beginners Corner] - Re: JBoss Web Console 4.2.1 on Gentoo Linux OS
by kaushalshriyan
Hi Peter
I have jboss running with all configuration. I have un commented
</security-constraint> in web.xml,still i am unable to login with the user credentials provided in /var/lib/jboss/all/conf/props/web-console-users.properties
| WEB-INF # ps -aef | grep jboss jboss 5023 1 0 Jan29 ? 00:00:00 /bin/sh /usr/share/jboss/bin/run.sh -b 0.0.0.0 -c all
| jboss 5047 5023 0 Jan29 ? 13:47:55 /opt/sun-jdk-1.5.0.12/bin/java -Dprogram.name=run.sh -server -Xmx12000m -XX:MaxPermSize=2000m -Djboss.server.temp.dir=/var/tmp/jboss -Djboss.server.data.dir=/var/cache/jboss -Djboss.server.base.url=file:///var/lib/jboss -Djava.library.path=/usr/lib -Djboss.server.exitonshutdown=true -Djboss.server.blockingshutdown=true -Djboss.partition.name=MobileServerPartition -Xloggc:/tmp/gc.log -XX:+PrintGCTimeStamps -Djava.net.preferIPv4Stack=true -Djava.endorsed.dirs=/usr/share/jboss/lib/endorsed -classpath /usr/share/jboss/bin/run.jar:/opt/sun-jdk-1.5.0.12/lib/tools.jar org.jboss.Main -b 0.0.0.0 -c all
| root 5407 5261 0 08:54 pts/8 00:00:00 grep --colour=auto jboss
| WEB-INF #
|
Am i still missing anything?
Please suggest.
Thanks and Regards
Kaushal
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222062#4222062
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222062
15 years, 3 months