[jboss-user] [Security & JAAS/JBoss] - Problem securing NamingService, InvokerAdaptorService on 4.2

kasimier do-not-reply at jboss.com
Wed Oct 24 05:31:19 EDT 2007


I really tried everything and earned just kidding. Please can anyone help ??

I tried to secure NamingService with AuthenticationInterceptor and UsersRolesLoginModule as described in docs and wiki (including JRMPProxyFactory config for NamingService). It has no effect at all. 
Then I tried to secure InvokerAdaptorService with AuthenticationInterceptor and UsersRolesLoginModule. The same problem occured.

 I still can retrieve the Naming Proxy, the JRMPInvokerProxy and of course can call invoke() without authentication. There are no log messages or Exceptions about the problem (org.jboss is on DEBUG level). 

Sending login information via LoginInitialContextFactory has no effect too. I also have configured SecureConfig, XMLLoginConfig, and JaasSecurityManager in a own SAR and server.log says that they are started successfully. MBean attributes of those services look fine.

Maybe I have not configured depending MBeans?
My server is configured with the following service:

AttributePersistenceService
ThreadPool
Log4jService
NamingBeanImpl
NamingService
JRMPInvoker
JRMPProxyFactory for InvokerAdaptorService
JRMPProxyFactory for NamingService
MBeanProxyRemote
NamingAlias
InvokerAdaptorService
URLDeploymentScanner
TransactionManagerService
WorkManagerThreadPool
WorkManager
RARDeployer
XSLSubDeployer
CachedConnectionManager

WebServer

SecurityConfig
XMLLoginConfig
JaasSecurityManager

one MailService
jboss-local-jdbc.rar
one DataSource


any idea ??

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4098192#4098192

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4098192



More information about the jboss-user mailing list