I have an WebApplication on WAS 6.1 using JAAS already working. Authenticates and authorizes in a orderly manner. But my logout page is not deauthorizing the principal. This application works correctly on JBoss an on Glasfish but not on WAS. My logout page is just a simple JSP with this content. <%System.out.println("principal is not n...
I am trying to write a LoginModule that authenticates users with Jackrabbit repository. However, I want it to check the credentials that are stored in repository itself. So the problem is, in my LoginModule I have to connect to the repository again, making it an infinite loop. Is there something I can do about it? ...
We're trying to upload a file from a flex client to a JEE app. In a full HTTPS environment JEE server is JBoss 5 Using BlazeDS 'Custom' authentication (username and password are entered trhough a flex form) Using BlazeDS per session authentication In regular AMF calls, we can access user principal and use role mecanism. However, in ...
We're using : JBoss 5 Flex SDK 3.5 BlazeDS 3, with integrated authentication (through JAAS and JBossSX) Failed login are always indicated to the flex client by the same fault code : Client.Authentication However, the underlying JAAS LoginModule throws a specific javax.security.auth.login.LoginException subclass. How can we propagat...
Hi there, we are using JAAS to enable Single Sign On in a Java application using the Windows Kerberos ticket cache. Our jaas.conf config file looks like this: LoginJaas { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true doNotPrompt=true debug=true; }; With this, we can create a Jaas LoginContext and su...
I've looked the web through and through in the search of answer to my problem but with no result so I reckon that's the ultimate place when anybody can have a clue what the solution might be. Long story short: we have a jsf web application running on JBoss 4.2.0 GA server. We are in the process of replicating the application to several ...
Hello everyone, I'm trying to understand JAAS and to use it to authenticate and give authorization for a user to access a method in a class. I've not had problems with the authentication, but I couldn't find a way to give authorization for users to access only some methods in a class. My application has 4 users: User1, User2, User3 and...
I'm using JBoss 4.2.3 and JAAS authentication by Form. Currently if I try to access any of my protected pages, the login page appears and then I'm redirected to the page I wanted to see. What I want is that after the login, the user is always redirected to index.jsp. Currently I only found this solution: http://roneiv.wordpress.com/...
Here's my scenario: I have a JAR within the APP-INF/lib of my EAR, to be deployed within WebLogic 10g Release 3 against which I wish to grant specific permissions. e.g., grant codebase "file:/c:/somedir/my.jar" { permission java.net.SocketPermission "*:-","accept,connect,listen, resolve"; permission java.net.SocketPermission "loca...
I extended the JAAS javax.security.auth.spi.LoginModule, and installed it into a WAS server. It works; all logins go through the code in this new class, and if it says to not let them login, they're prevented from logging in. The root problem: I don't want it to filter logins for the admin console (/ibm/console), but I do want it to f...
Hello guys, We are programming a three tier application with a rich GUI client using swing and we need to add some authentication and authorization control. I'm completely new in this topic so I made a bit research in the web. My first intention was to use JAAS for this feature, but as far as I can see, JAAS only contains functionality...
Hi All, I am totally new to UI programming. I am designing a JSF web application and planning to use JAAS also. I am interested in knowing if there is a way to give on the fly UI for different roles based on the capabilities/permissions a particular Role has. From a brief look my understanding is that JAAS will throw exception if the pe...
I have this code to create a configuration of a java client to connect to a JBoss application server: System.setProperty( "java.security.auth.login.config", "auth.conf" ); LoginContext auth = new LoginContext( "myAuth", new LoginCallbackHandler( username, password ) ); auth.login(); The file auth.conf contains the following lines...
Here is scenario : I have some web services (JAX-WS) that need to be secured. Currently for authentication needs I providing addition SecurityWService that give authorized user some userid & sessionid that is need to be described in request to other services. It would be more better to use some java security. We have many of them but c...
I just went through this tutorial: http://java.sun.com/docs/books/tutorial/security/tour2/index.html And was curios about the basic concept of JAAS... If every applcation needs to be run with the '-Djava.security.manager -Djava.security.policy=...' flags, what is enforcing security? Is it up to the end user to know when any Java applic...
How can I make Grizzly HTTP server allow JaaS for simple HTTP AUTH? I can't see any code/sample out there: There's another post here in StackOverflow that directly assumes that jaaS is available in Grizzly, but doesn't explain how to add it. ...
I've got a custom login module in an ear on jboss. The ear's META-INF has a jboss-app.xml which points at a login-service.xml which contains an mbean that points to a login-config.xml which defines the custom login module. The jboss.xml in the ear's META-INF uses the same security-domain as that defined for the login module in login-con...
Hello, I am trying to use JAAS to authenticate my users. My project is in GWT v2, which runs jetty. I use eclipse for development. From http://code.google.com/p/google-web-toolkit/issues/detail?id=4462 I found out that jetty doesn't like any realm definitions in web.xml, so I moved them to jetty-web.xml. I keep getting ClassNotFound ...
I'm attempting to use JAAS in Glassfish to handle authentication and authorization in my web applications against Active Directory. First off I have written some POJO programs that can successfully connect to my AD and authenticate against the users and groups I have setup. So I am confident that the usernames, passwords, and groups I'm ...
I have been using my own internal custom authorization model which evaluates whether a user has permission to view, edit, delete, or create an item. For instance, one place I use this is to determine if a user has permission to view a resource. I have some restrictions such as whether the item is published, whether the user belongs to ...