[Security & JAAS/JBoss] - Unauthorized Access
by paramsevak
I am currently evaluating JBOSS SSO with jboss-epp-4.3. Mainly I need to verify JBossSSO can handle ....
1- Application SSO for applications deployed on the same server
2- Application SSO for applications deployed on different servers
3- SSO for the JBoss Portal
4- SSO for the portlets deployed within the portal
I have tried working with the stable and beta releases, only to run into bugs that have yet to be fixed. Therefore now I moved to the latest source from SVN. I have been able to get further along. However I am currently getting the following error during server startup.
So far, I have used 'build installPortal' command to install the jboss-portal.sar and jboss-sso.sar to the server's deploy directory. Without much documentation, I can only guess this command installs portal-integration resources/classes to the server.
Logging into the portal works fine but when I try to logout I get the following exception.
17:12:33,260 ERROR [SSOAutoLogout] org.jboss.security.valve.SSOAutoLogout[/portal]
| javax.servlet.ServletException: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.portal.PortalSSOTokenManager.invoke(PortalSSOTokenManager.java:221)
| at org.jboss.security.valve.SSOAutoLogout.invoke(SSOAutoLogout.java:190)
| at org.jboss.security.valve.SSOFederationRouter.invoke(SSOFederationRouter.java:148)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:619)
| Caused by: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.saml.JBossSingleSignOn.getTokenSecret(JBossSingleSignOn.java:504)
| at org.jboss.security.saml.JBossSingleSignOn.generateAuthResponse(JBossSingleSignOn.java:209)
| at org.jboss.security.sso.util.SSOUtil.generateToken(SSOUtil.java:183)
| at org.jboss.security.valve.Util.sendSSOTokens(Util.java:29)
| at org.jboss.security.portal.PortalSSOTokenManager.invoke(PortalSSOTokenManager.java:170)
| ... 12 more
| Caused by: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.saml.JBossSingleSignOn.getTokenSecret(JBossSingleSignOn.java:480)
| ... 16 more
| 17:12:33,260 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
| javax.servlet.ServletException: javax.servlet.ServletException: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.valve.SSOAutoLogout.invoke(SSOAutoLogout.java:196)
| at org.jboss.security.valve.SSOFederationRouter.invoke(SSOFederationRouter.java:148)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:619)
| Caused by: javax.servlet.ServletException: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.portal.PortalSSOTokenManager.invoke(PortalSSOTokenManager.java:221)
| at org.jboss.security.valve.SSOAutoLogout.invoke(SSOAutoLogout.java:190)
| ... 11 more
| Caused by: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.saml.JBossSingleSignOn.getTokenSecret(JBossSingleSignOn.java:504)
| at org.jboss.security.saml.JBossSingleSignOn.generateAuthResponse(JBossSingleSignOn.java:209)
| at org.jboss.security.sso.util.SSOUtil.generateToken(SSOUtil.java:183)
| at org.jboss.security.valve.Util.sendSSOTokens(Util.java:29)
| at org.jboss.security.portal.PortalSSOTokenManager.invoke(PortalSSOTokenManager.java:170)
| ... 12 more
| Caused by: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.saml.JBossSingleSignOn.getTokenSecret(JBossSingleSignOn.java:480)
| ... 16 more
| 17:12:33,260 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
| javax.servlet.ServletException: javax.servlet.ServletException: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.valve.SSOAutoLogout.invoke(SSOAutoLogout.java:196)
| at org.jboss.security.valve.SSOFederationRouter.invoke(SSOFederationRouter.java:148)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:619)
| Caused by: javax.servlet.ServletException: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.portal.PortalSSOTokenManager.invoke(PortalSSOTokenManager.java:221)
| at org.jboss.security.valve.SSOAutoLogout.invoke(SSOAutoLogout.java:190)
| ... 11 more
| Caused by: org.jboss.security.saml.SSOException: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.saml.JBossSingleSignOn.getTokenSecret(JBossSingleSignOn.java:504)
| at org.jboss.security.saml.JBossSingleSignOn.generateAuthResponse(JBossSingleSignOn.java:209)
| at org.jboss.security.sso.util.SSOUtil.generateToken(SSOUtil.java:183)
| at org.jboss.security.valve.Util.sendSSOTokens(Util.java:29)
| at org.jboss.security.portal.PortalSSOTokenManager.invoke(PortalSSOTokenManager.java:170)
| ... 12 more
| Caused by: org.jboss.security.saml.SSOException: Unauthorized Access
| at org.jboss.security.saml.JBossSingleSignOn.getTokenSecret(JBossSingleSignOn.java:480)
| ... 16 more
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225779#4225779
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225779
17 years, 3 months
[Persistence, JBoss/CMP, Hibernate, Database] - Inheritance mapping question.
by allanjun
Hi there,
The DB I'm working on has a generic table called REF_CODES to store all types of codes and their descriptions. eg, address type, contact type ect.
schema of REF_CODES:
domain, code, description (domain and code are pk columns)
example data
add_type, P, postal
add_type, R, residential
contact_type,G, general
contact_type,O, other
what I wanted to do is do inheritance mapping as follow:
@Entity
@Table(name = "ref_codes")
@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
@DiscriminatorColumn(name = "domain")
public abstract class RefCodes {
@EmbeddedId
private RefCodesId id;
@Embeddable
private class RefCodesId implements Serializable {
@Column(name = "domain")
private String domain;
@Column(name = "code")
private String code;
}
}
@Entity
@DiscriminatorValue(value = "add_type")
public class AddressType extends RefCodes implements Serializable {
@Column(name = "code")
private String code;
@Column(name = "description")
private String description;
}
And then the AddressType can be used by Address class in ManyToOne mapping as follow;
@Entity
@Table(name = "addresses")
public class Address implements Serializable {
private String name;
@ManyToOne
@Joincolumn(name = "add_type_code")
private AddressType type;
}
The problem I'm having is that in Address class the ManyToOne mapping to AddressType needs to join 2 columns as AddressType(RefCode) has a composite PK, but the Address table only stores address code, how do I let the join query know the value of the domain as 'add_type' then.
Or, is there a way to override the id of AddressType class as 'code'?
Is this mapping doable? Thanks.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225773#4225773
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225773
17 years, 3 months
[JBossWS] - Re: SSL Client truststore
by zurchman
Here's what it took to run a JAX-WS RI SSL client with the JBossWS 3.0.1-native-2.0.4.GA delivered with jbossesb-server-4.5.GA.
The post that made the difference was the one by Alessio at the end of this topic:
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=141843
I don't recommend doing it this way, but all the artifacts were built with the RI. The only class compiled against the JBoss classes was the service mainline.
1) Set the truststore in the javax.net.ssl.trustStore property
2) Include org.jboss.ws.core.StubExt
3) Set the "Config" name to "Standard WSSecurity Client"
| System.setProperty("javax.net.ssl.trustStore",
| "path-to-my-truststore");
| BindingProvider bp = (BindingProvider) default_webservice;
| Map<String, Object> context = bp.getRequestContext();
| context.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
| endpoint);
| System.out.println("new endpoint: " + endpoint);
| ((StubExt)default_webservice).setConfigName("Standard WSSecurity Client");
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225769#4225769
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225769
17 years, 3 months
[Installation, Configuration & DEPLOYMENT] - my enterprise apps deploys in 4.2.1 fine but not 5.0.1
by swyitch
here is the trace, im not sure what its complaining about because there is nothing wrong with the class in question
any thoughts would be appreciated
DEPLOYMENTS MISSING DEPENDENCIES:
Deployment "jboss.j2ee:ear=livestats.ear,jar=livestats-ejb.jar,name=PageDataManagerSlb,service=EJB3" is missing the following dependencies:
Dependency "<UNKNOWN jboss.j2ee:ear=livestats.ear,jar=livestats-ejb.jar,name=PageDataManagerSlb,service=EJB3>" (should be in state "Described", but is actually in state "** UNRESOLVED Demands 'jndi:livestats/PageDataManagerSlb/local-com.buzztime.livestats.pagedata.api.IPageDataManagerLocal' **")
Deployment "jboss.j2ee:ear=livestats.ear,jar=livestats-ejb.jar,name=XmlFeedMessageListenerMdb,service=EJB3" is missing the following dependencies:
Dependency "<UNKNOWN jboss.j2ee:ear=livestats.ear,jar=livestats-ejb.jar,name=XmlFeedMessageListenerMdb,service=EJB3>" (should be in state "Described", but is actually in state "** UNRESOLVED Demands 'jndi:livestats/PageDataManagerSlb/local-com.buzztime.livestats.pagedata.api.IPageDataManagerLocal' **")
DEPLOYMENTS IN ERROR:
Deployment "<UNKNOWN jboss.j2ee:ear=livestats.ear,jar=livestats-ejb.jar,name=PageDataManagerSlb,service=EJB3>" is in error due to the following reason(s): ** UNRESOLVED Demands 'jndi:livestats/PageDataManagerSlb/local-com.buzztime.livestats.pagedata.api.IPageDataManagerLocal' **
Deployment "<UNKNOWN jboss.j2ee:ear=livestats.ear,jar=livestats-ejb.jar,name=XmlFeedMessageListenerMdb,service=EJB3>" is in error due to the following reason(s): ** UNRESOLVED Demands 'jndi:livestats/PageDataManagerSlb/local-com.buzztime.livestats.pagedata.api.IPageDataManagerLocal' **
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225768#4225768
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225768
17 years, 3 months
[Beginners Corner] - Re: Having an issue with Hibernate in JbossAS5
by denstar
I'm pretty sure the problem stems from the dynamic nature of CF + Groovy.
CFGroovy is doing quite a bit of shuffling with the current context classloader, and that's what Hibernate uses to keep track of where it's at, sorta, so...
I'm thinking pre-compiled domain objects will work fine, since theoretically they'll be in the same loader, but I haven't tested yet.
To be clear, I don't think the problem lies with JBoss or Hibernate, as Hibernate is doing (as far as I can tell) the only logical deal, from it's perspective, and JBoss is just using Hibernate.
It's a similar problem to commons-logg'n, IMHO... just the nature of the beast.
FWIW, since CF is dynamical, it probably is pretty easy to compile the domain classes (Groovy or Java) and jar them up even, before loading up the groovy stuff.
Actually, I kind of like the idea of jaring up the domain classes, hbm mappings and whatnot, and deploying that instead... but I digress.
I'm pretty sure that if Barney tweaked his code a little, CFGroovy would work with a classloaded hibernate... you just have to be careful not to use stuff from outside the loader (like a 'different' dom4j, loading resources, etc.).
I've sorta done it, but not with Groovy (just a classloaded Hibernate and JBoss), which is why I think it's possible... but I might very well be mistaken. I'm not infallible. More like fallible... =]
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225767#4225767
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225767
17 years, 3 months
[Persistence, JBoss/CMP, Hibernate, Database] - Re: Setting transaction timeout in JBoss 5.0.1.GA
by prasanthreddy
Thanks for the link.
Seems like the reaperTimeout is the sleep time for the reaper itself.
com.arjuna.ats.arjuna.coordinator.defaultTimeout seems to be the maximum time a transaction can take before getting rolled back by the reaper.
I tried setting the defaultTimeout but didn't see like it worked.
In the deploy folder there is a file called transaction-jboss-beans.xml in this file I have set transactionTimeout that did the trick.
| <bean name="TransactionManager" class="com.arjuna.ats.jbossatx.jta.TransactionManagerService">
| <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss:service=TransactionManager", exposedInterface=com.arjuna.ats.jbossatx.jta.TransactionManagerServiceMBean.class, registerDirectly=true)</annotation>
|
| <property name="transactionTimeout">1800</property>
| <property name="objectStoreDir">${jboss.server.data.dir}/tx-object-store</property>
| <property name="mbeanServer"><inject bean="JMXKernel" property="mbeanServer"/></property>
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4225762#4225762
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4225762
17 years, 3 months