jaas

How to the JVM to use a given jaas.conf file?

How to I setup the JVM to use a given jaas.conf I created as JAAS setup? Maybe there is a JAAS picks up a configuration property which I can set on startup with -D? ...

How to setup JAAS (in jaas.conf) to use NTLoginModule?

I guess an example of jaas.conf file that uses the NTLoginModule for authentication would help. ...

Problem with JAAS and DatabaseServerLoginModule

hello: I have a problem with jaas and jboss. I try to authenticate users against a database using form based method but jboss tells me the password are wrong (no, the password is correct), but if i use UsersRolesLoginModule with properties files, no problem. In the pg database in debug mode the query that JBoss does seems ok, The passwo...

JAAS/Tomcat: LoginException with NTLoginModule

I have setup Tomcat to use the NTLoginModule, but when logging in, I get a: javax.security.auth.login.LoginException: java.lang.ArrayIndexOutOfBoundsException at com.sun.security.auth.module.NTSystem.getCurrent(Native Method) at com.sun.security.auth.module.NTSystem.<init>(Unknown Source) at com.sun.security.auth.module.NTLo...

How do I access JAAS roles at arbitrary point in the code?

I want to access the full model of users with their roles in my SOAP app. For example, I might want to know the role of a user called "Fred." How do I reach into some sort of global JAAS registry and do (pseudocode) globalRegistry.getUser("Fred").getPricipals()? (Note that in JAAS, roles are represented by Principals.) I know how to...

Java Security Framework

Security always tends to take the last place in a new project. Or you use a framework like Spring where security is already build-in and can be switched on easily. I try to find an open security framework that can be plugged-in to both Swing and Web applications (and JavaFX?), maybe easy to digest. I looked at plain JAAS, JGuard and JSec...

JBoss WebServices and .NET mobile client

Hi. I have Web Service deployed to JBoss 4.2.2.GA environment and need to consume its methods from .NET application on WindowsCE 5.X. The problem is that I'm not able to consume service's methods when security is turned on (@SecurityDomain("java:/jaas/JBossWS") on class and @RolesAllowed(value={"friend"}) on method declaration. I tried ...

SecurityException when accessing (ejb2-) session bean via local interface in JBoss 5

I have the following problem with an EJB 2 SessionBean when deploying in JBoss 5: The SessionBean (called LVSKeepAliveDispatcher) requires a specific user role (called "LVSUser"), specified by <method-permission > <description></description> <role-name>LVSUser</role-name> <method > <description></descripti...

How to read Java properties file from a JAAS LoginModule

I'd like to read a properties file in my applications WEB-INF folder or my tomcat/apache server from a JAAS loginModule. But I'm not understanding how to properly refer to the location from the LoginModule, in a host name independent manner. ...

How to execute a function immediately after authentication

My question is this: With a web application, after performing a login authentication for a protected resource, how can I run some sort of function (in this case, I want to run a function to initialize some user-dependent session-scope variables) BEFORE the web-app redirects to the protected resource. I am programming a web application ...

JAAS for human beings

I am having a hard time understanding JAAS. It all seems more complicated than it should be (especially the Sun tutorials). I need a simple tutorial or example on how to implement security (authentication + authorization) in java application based on Struts + Spring + Hibernate with custom user repository. Can be implemented using ACEGI....

What's the point of JAAS

What's the point of JAAS if I have to write my own {whatever}LoginModule and everything else? ...

Changing JAAS roles based on software license flags

I've got a pretty ordinary JEE application running on JBOSS. It uses the JBoss DatabaseLoginModule JAAS authentication. It also has application layer users/roles in Hibernate that are exactly the same. I've got an idea ( which I think is pretty useful for me, anyway) to have a capability bit I can set in the software license object (not...

How do I authenticate an application client to EJB 3.0 server

I am very new to the whole J2EE architecture. Could somebody help me out? I have a Swing client with Login, Password fields on machine A. Properties p = new Properties(); p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces"); p.put(Conte...

Java Web Application: Using a custom realm

Hello, I'm writing a java web application which need to perform login through a webservice. Of course, none of the realms supplied with the application server I'm using (glassfish v2) can do the trick. I therefore had to write my own. It seems however, that the realm implementation that I wrote is completely tied to glassfish and cannot...

Customizing login procedure in a java web application

Hello, I'm writing a java application which needs to perform an unusual login procedure. One of my problems is that the user needs to supply more than a simple username/password combination. Specifically, a username/password/domain combination is required. Another problem is that my application enforces some password lifetime rules (eg...

How to forward to j_security_check?

I'm using form based authentication (JBOSS/JAAS) but my form is sending the data to my Servlet so I can perform some checks before trying to login. Now I need to forward to j_security_check but what I tried didn't work (404 error)... How can I redirect/forward to the j_security_check (please note the application is running over https /...

How to connect to HTTPS server using Common Access Card

I need to write a java program to connect to a HTTPS server (DoD website). The website requires CAC (DoD common access card) authentication. If you access this site via browser, you insert your CAC first, and then enter a PIN. I need to accomplish the authentication process programmatically in java (kind of acting like browser). How do ...

JAAS Authentication to Windows Domain

Using a provided username, password, and domain name, how can I retrieve a boolean value indicating if a user has successfully authenticated with a primary domain controller? Authentication should be performed using the Kerberos protocol for windows domain controllers. Thanks in advance, Dan ...

In Java5, how do I get the full name of the user running the application?

In Java5, is there a way to get the full name of the user that is running the application using only JDK APIs? (I know about JAAS and third-party libraries, but they might not be installed on the target system). I know about System.getProperty("user.name") but that returns the user ID not user NAME. ...