[Security & JAAS/JBoss] - Roles schema
by mad_rug
Hi
I'm developing a web app and I'm tring to define how to handle security and roles. I'm describing how I am planning it, and I'd like some advice.
The app will be accessed by three main types of actors: application vendor staff (will manage the application), the application customers (manufacturers, they use the app to do business, controlled by the app vendor - staff people above) and standard web registered users.
Both former types will have various roles, mostly on customer side: master user, HR user, finance user, production user, etc. But users with higher access levels (master, for instance) should be able to create personalized roles and assign them to users (e.g: a production user that can answer customer questions, change certain production parameters, and also view financial summaries). Standard users will have limited functionality.
User identification will be user/pass with DB login module.
As I understand, security constraints and other XML configured security features are not this fine grained. I guess that I should define these three generic roles, and programaticaly through the app restrict access to the methods, accoring to the permissions of each role. This seems quite an ordinary scheme, does Security provides anything over this?
I also thought of using Portal to develop the app, however it doesn't seem designed to handle this kind of permission scheme. I think I could reproduce the correct behavior if I make every user lower than master unable to configure their own portal (forced to use the template), and maybe place all pages and portlets on the templace (unauthorized portlets would be removed from view). But I don't know if I can block portal customization, nor how to allow such functionalities to certain roles, nor restrict certain roles to exist just for a group of users hierarchically linked.
Can anyone give me some insight on this?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236220#4236220
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4236220
16 years, 10 months
[Installation, Configuration & DEPLOYMENT] - Re:
by alskor
"Wolfgang Knauf" wrote : Hi,
| please describe what you are doing. What is the class "com.starview.support.startup.Startup" used for? Is it a servlet or a JMX bean? Or is it a standalone application client?
|
I have 3 applications (2 EARs and 3 SAR), which I'm trying to deploy. it all worked fine with JBoss 3.2.7, but fails with Jboss 5.1.0GA. "Startup" class inits some stuff :) - it breaks when trying to create an instance of InitialContext.
This "Startup" is a part of the EAR application, it's not a client app.
It's executed on startup when JBoss loads the corresponding xml file (jboss\server\starcore\deploy\sv-dm-service.xml) - so, yeah, it's declared as MBean:
sv-dm-service.xml:
| <?xml version="1.0" encoding="UTF-8"?>
| <server>
| <classpath codebase="lib/ext" archives="discovery.jar"/>
| <mbean code="com.starview.support.startup.Startup" name="starview.startup:type=Manager,name=DM-Startup">
| <depends>jboss:service=Naming</depends>
| <depends>jboss.j2ee:jndiName=ejb/NodeServer,service=EJB</depends>
| <depends>jboss.j2ee:jndiName=ejb/PropertyManagerLocal,service=EJB</depends>
| <attribute name="StartupClasses">
| com.starview.dm.collectionmgt.StarcoreRootNode, com.starview.dm.database.sink.Startup, com.starview.dm.adaptor.core.AdaptorManagerImpl$Startup, com.starview.dm.soap.provider.Startup
| </attribute>
| </mbean>
| </server>
|
I also tried adding
| <classpath codebase="lib" archives="jbossall-client.jar"/>
|
to the libs list for this service, but this didn't help.
"Wolfgang Knauf" wrote :
| Do you have a file "jndi.properties" in your app? If yes: you don't need it if the app is running in the server, because there are default properties which point to the local jndi.
|
| And finally: does your app package any JBoss jar or class, maybe from the old 3.2.7? If yes, those will conflict with the current ones.
|
I do have "jndi.properties" in my jboss/server/starcore/conf folder. without this file, the server startup fails. I'm using the default one, which has:
| # DO NOT EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING
| #
| java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
| java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
|
I also tried another variant, which I copied from "standard" jboss server config:
| # DO NOT EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING
| #
| java.naming.factory.initial=org.jboss.iiop.naming.ORBInitialContextFactory
| java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
|
But there's no difference, the second variant gives the same "class not found" error, the only difference is that org.jboss.iiop.naming.ORBInitialContextFactory is not found instead of org.jnp.interfaces.NamingContextFactory.
about old jboss classes - yes, it's very likely that there are some old jboss classes hidden somewhere because I have tons of WAR files there with a bunch of jars. but I'd expect to get "class cast exception" or "class incompatible" or something similar in this case, and not just "class not found".
so, again- you can see in my example that I can create an instance of that class:
| String className = "org.jnp.interfaces.NamingContextFactory";
| Class c = Class.forName(className);
| System.out.println("loaded class: " + c + " methods: " + c.getMethods().length);
|
- this works FINE. which means that that factory class IS visible to the class loader, which works with this particular class. but in the NEXT (!) line it all breaks
| // old code
| InitialContext ctx = new InitialContext();
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236208#4236208
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4236208
16 years, 10 months