[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-2325) ejb3/seam-gwt-remoting/gwt security integration
10:17 a.m.
ejb3/seam-gwt-remoting/gwt security integration
-----------------------------------------------
Key: JBSEAM-2325
URL: http://jira.jboss.com/jira/browse/JBSEAM-2325
Project: JBoss Seam
Issue Type: Task
Components: Remoting, Security
Affects Versions: 2.0.0.GA
Environment: jboss 4.2.1
seam 2.0.0.GA
win2k
Any security-domain will work with name 'SpringPoweredRealm' with a user having
'security_role' role.
Reporter: darren hartford
Assigned To: Shane Bryzak
Attachments: ejb3-gwt-security-sample.zip
Attached is a sample project showing a problem related to Seam-GWT-Remoting integration
with a GWT app, and security integration challenge.
Error is detailed in forum link, top level server-side error is
"[[/sample-ejb3-gwt-client]] Exception while dispatching incoming RPC call
org.jboss.seam.security.NotLoggedInException "
Not sure what integration method would be the best approach for secured methods for
Seam-GWT-Remoting on the server side to the GWT client side.
Expectations:
*Once logged into web application, use of secured method/services to succeed automatically
with appropriate roles without additional login (role based security assumed with Seam
@Restrict annotation).
*Once logged into web application, use of secured method/services to fail for
insufficient role authorization, with sufficient information to determine it was a
security failure instead of a service failure.
*Anonymous web application login with a GWT widget requesting a secured Seam Remoting
service/method would require either re-routing to web-app login page, or login to ONLY use
the requested secured Seam service/method. This could be managed with GWT code to meet
this expectation.
thanks, learning as best as I can with available documentation. Permission given under
LGPL license to use as an example in future documentation/examples.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:17 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-2325) ejb3/seam-gwt-remoting/gwt security integration
[ http://jira.jboss.com/jira/browse/JBSEAM-2325?page=all ]
darren hartford updated JBSEAM-2325:
------------------------------------
Attachment: ejb3-gwt-security-sample.zip
Seam/GWT-remoting/GWT security example. @WebRemote with @Restrict annotation.
ejb3/seam-gwt-remoting/gwt security integration
-----------------------------------------------
Key: JBSEAM-2325
URL: http://jira.jboss.com/jira/browse/JBSEAM-2325
Project: JBoss Seam
Issue Type: Task
Components: Remoting, Security
Affects Versions: 2.0.0.GA
Environment: jboss 4.2.1
seam 2.0.0.GA
win2k
Any security-domain will work with name 'SpringPoweredRealm' with a user having
'security_role' role.
Reporter: darren hartford
Assigned To: Shane Bryzak
Attachments: ejb3-gwt-security-sample.zip
Attached is a sample project showing a problem related to Seam-GWT-Remoting integration
with a GWT app, and security integration challenge.
Error is detailed in forum link, top level server-side error is
"[[/sample-ejb3-gwt-client]] Exception while dispatching incoming RPC call
org.jboss.seam.security.NotLoggedInException "
Not sure what integration method would be the best approach for secured methods for
Seam-GWT-Remoting on the server side to the GWT client side.
Expectations:
*Once logged into web application, use of secured method/services to succeed
automatically with appropriate roles without additional login (role based security assumed
with Seam @Restrict annotation).
*Once logged into web application, use of secured method/services to fail for
insufficient role authorization, with sufficient information to determine it was a
security failure instead of a service failure.
*Anonymous web application login with a GWT widget requesting a secured Seam Remoting
service/method would require either re-routing to web-app login page, or login to ONLY use
the requested secured Seam service/method. This could be managed with GWT code to meet
this expectation.
thanks, learning as best as I can with available documentation. Permission given under
LGPL license to use as an example in future documentation/examples.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:25 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2325) ejb3/seam-gwt-remoting/gwt security integration
[ http://jira.jboss.com/jira/browse/JBSEAM-2325?page=comments#action_12390010 ]
darren hartford commented on JBSEAM-2325:
-----------------------------------------
High level of existing integration:
GWT client side:
----------------------
web.xml use of <security-constraints>.
jboss-web.xml defines <security-domain> (redundant as also in EAR jboss-app.xml, but
just in case).
components.xml uses "<security:identity
authenticate-method="#{authenticator.authenticate}"
jaas-config-name="SpringPoweredRealm"/>"
------------------
Server side:
-----------------
Use of @WebRemote and @Restrict("#{s:hasRole('security_role')}")
annotations in implementation/interface.
jboss-app.xml with <security-domain>
---------------
ejb3/seam-gwt-remoting/gwt security integration
-----------------------------------------------
Key: JBSEAM-2325
URL: http://jira.jboss.com/jira/browse/JBSEAM-2325
Project: JBoss Seam
Issue Type: Task
Components: Remoting, Security
Affects Versions: 2.0.0.GA
Environment: jboss 4.2.1
seam 2.0.0.GA
win2k
Any security-domain will work with name 'SpringPoweredRealm' with a user having
'security_role' role.
Reporter: darren hartford
Assigned To: Shane Bryzak
Attachments: ejb3-gwt-security-sample.zip
Attached is a sample project showing a problem related to Seam-GWT-Remoting integration
with a GWT app, and security integration challenge.
Error is detailed in forum link, top level server-side error is
"[[/sample-ejb3-gwt-client]] Exception while dispatching incoming RPC call
org.jboss.seam.security.NotLoggedInException "
Not sure what integration method would be the best approach for secured methods for
Seam-GWT-Remoting on the server side to the GWT client side.
Expectations:
*Once logged into web application, use of secured method/services to succeed
automatically with appropriate roles without additional login (role based security assumed
with Seam @Restrict annotation).
*Once logged into web application, use of secured method/services to fail for
insufficient role authorization, with sufficient information to determine it was a
security failure instead of a service failure.
*Anonymous web application login with a GWT widget requesting a secured Seam Remoting
service/method would require either re-routing to web-app login page, or login to ONLY use
the requested secured Seam service/method. This could be managed with GWT code to meet
this expectation.
thanks, learning as best as I can with available documentation. Permission given under
LGPL license to use as an example in future documentation/examples.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
2:02 p.m.
New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2325) ejb3/seam-gwt-remoting/gwt security integration
[ http://jira.jboss.com/jira/browse/JBSEAM-2325?page=comments#action_12390727 ]
darren hartford commented on JBSEAM-2325:
-----------------------------------------
The application is kicking off the following in the logs:
[Contexts] starting up: org.jboss.seam.security.identity
[Contexts] starting up: org.jboss.seam.web.session
However, I do not have an Authenticator class or associated 'authenticate' method
defined in the components.xml <security:identity...> tag, which apparently is the
missing piece. However, examples I've seen all use FacesContext, which in the
GWT/JAAS environment may not work (I haven't been able to yet).
*Is the Authenticator.authenticate class/method the only thing that is missing, and if so,
how to obtain the security from GWT/JAAS to be used within Seam as Identity.
ejb3/seam-gwt-remoting/gwt security integration
-----------------------------------------------
Key: JBSEAM-2325
URL: http://jira.jboss.com/jira/browse/JBSEAM-2325
Project: JBoss Seam
Issue Type: Task
Components: Remoting, Security
Affects Versions: 2.0.0.GA
Environment: jboss 4.2.1
seam 2.0.0.GA
win2k
Any security-domain will work with name 'SpringPoweredRealm' with a user having
'security_role' role.
Reporter: darren hartford
Assigned To: Shane Bryzak
Attachments: ejb3-gwt-security-sample.zip
Attached is a sample project showing a problem related to Seam-GWT-Remoting integration
with a GWT app, and security integration challenge.
Error is detailed in forum link, top level server-side error is
"[[/sample-ejb3-gwt-client]] Exception while dispatching incoming RPC call
org.jboss.seam.security.NotLoggedInException "
Not sure what integration method would be the best approach for secured methods for
Seam-GWT-Remoting on the server side to the GWT client side.
Expectations:
*Once logged into web application, use of secured method/services to succeed
automatically with appropriate roles without additional login (role based security assumed
with Seam @Restrict annotation).
*Once logged into web application, use of secured method/services to fail for
insufficient role authorization, with sufficient information to determine it was a
security failure instead of a service failure.
*Anonymous web application login with a GWT widget requesting a secured Seam Remoting
service/method would require either re-routing to web-app login page, or login to ONLY use
the requested secured Seam service/method. This could be managed with GWT code to meet
this expectation.
thanks, learning as best as I can with available documentation. Permission given under
LGPL license to use as an example in future documentation/examples.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
4:50 a.m.
New subject: [jbossseam-issues] [JBoss JIRA] Updated: (JBSEAM-2325) ejb3/seam-gwt-remoting/gwt security integration
[ http://jira.jboss.com/jira/browse/JBSEAM-2325?page=all ]
Pete Muir updated JBSEAM-2325:
------------------------------
Component/s: GWT
(was: Remoting)
(was: Security)
ejb3/seam-gwt-remoting/gwt security integration
-----------------------------------------------
Key: JBSEAM-2325
URL: http://jira.jboss.com/jira/browse/JBSEAM-2325
Project: JBoss Seam
Issue Type: Task
Components: GWT
Affects Versions: 2.0.0.GA
Environment: jboss 4.2.1
seam 2.0.0.GA
win2k
Any security-domain will work with name 'SpringPoweredRealm' with a user having
'security_role' role.
Reporter: darren hartford
Assigned To: Shane Bryzak
Attachments: ejb3-gwt-security-sample.zip
Attached is a sample project showing a problem related to Seam-GWT-Remoting integration
with a GWT app, and security integration challenge.
Error is detailed in forum link, top level server-side error is
"[[/sample-ejb3-gwt-client]] Exception while dispatching incoming RPC call
org.jboss.seam.security.NotLoggedInException "
Not sure what integration method would be the best approach for secured methods for
Seam-GWT-Remoting on the server side to the GWT client side.
Expectations:
*Once logged into web application, use of secured method/services to succeed
automatically with appropriate roles without additional login (role based security assumed
with Seam @Restrict annotation).
*Once logged into web application, use of secured method/services to fail for
insufficient role authorization, with sufficient information to determine it was a
security failure instead of a service failure.
*Anonymous web application login with a GWT widget requesting a secured Seam Remoting
service/method would require either re-routing to web-app login page, or login to ONLY use
the requested secured Seam service/method. This could be managed with GWT code to meet
this expectation.
thanks, learning as best as I can with available documentation. Permission given under
LGPL license to use as an example in future documentation/examples.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
3:06 p.m.
New subject: [jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2325) ejb3/seam-gwt-remoting/gwt security integration
[ http://jira.jboss.com/jira/browse/JBSEAM-2325?page=comments#action_12421271 ]
darren hartford commented on JBSEAM-2325:
-----------------------------------------
Someone else with similar challenges:
http://seamframework.org/Community/GWTSeamWebRemoteWithSeamSecurityProblem
ejb3/seam-gwt-remoting/gwt security integration
-----------------------------------------------
Key: JBSEAM-2325
URL: http://jira.jboss.com/jira/browse/JBSEAM-2325
Project: Seam
Issue Type: Task
Components: GWT
Affects Versions: 2.0.0.GA
Environment: jboss 4.2.1
seam 2.0.0.GA
win2k
Any security-domain will work with name 'SpringPoweredRealm' with a user having
'security_role' role.
Reporter: darren hartford
Assigned To: Shane Bryzak
Attachments: ejb3-gwt-security-sample.zip
Attached is a sample project showing a problem related to Seam-GWT-Remoting integration
with a GWT app, and security integration challenge.
Error is detailed in forum link, top level server-side error is
"[[/sample-ejb3-gwt-client]] Exception while dispatching incoming RPC call
org.jboss.seam.security.NotLoggedInException "
Not sure what integration method would be the best approach for secured methods for
Seam-GWT-Remoting on the server side to the GWT client side.
Expectations:
*Once logged into web application, use of secured method/services to succeed
automatically with appropriate roles without additional login (role based security assumed
with Seam @Restrict annotation).
*Once logged into web application, use of secured method/services to fail for
insufficient role authorization, with sufficient information to determine it was a
security failure instead of a service failure.
*Anonymous web application login with a GWT widget requesting a secured Seam Remoting
service/method would require either re-routing to web-app login page, or login to ONLY use
the requested secured Seam service/method. This could be managed with GWT code to meet
this expectation.
thanks, learning as best as I can with available documentation. Permission given under
LGPL license to use as an example in future documentation/examples.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5965
days inactive
6192
days old
5 comments
2 participants
participants (2)
-
darren hartford (JIRA) -
Pete Muir (JIRA)