Has anyone had any experience creating a JAAS LoginModule that uses SAML to authenticate and authorize a user? As I understand JAAS, this would likely require a custom CallbackHandler that understand and can parse a SAML message. In my case, the authorization is defined as a set of roles in a database, but like your typical Database Lo...
Deployment "vfszip:/opt/jboss-5.1.0.GA/server/default/deploy/fizio.ear/" is in error due to the following reason(s): java.lang.IllegalStateException: jboss:service=DynamicLoginConfig is already installed. My war's META-INF contains the following jboss-service.xml: <server> <mbean code="org.jboss.security.auth.login.DynamicLoginC...
Actually I am interested in Java AA framework that supports many types of A&A. I found that exist JAAS, but don't fond any information about OpenId support. Maybe there exists a module to use it? Spring security supports OpenId but I just want to see any alternative. Also I read that Spring Security is a little bit complicated. I think ...
Hi, I was wondering if it was possible to have a Java EE application with multiple JAAS security realms. I'm currently developing an application in which some users need to be authenticated with data stored in a database, while other users need to be authenticated through an LDAP bind. So I created 2 security realms in glassfish 3.1...
I'm trying to get JAAS working with OC4J. I've gotten JAAS working before with JBoss. Using JAAS with JBoss is simple (to me). In the app's jboss-web.xml, put this: <security-domain>java:/jaas/myApp</security-domain> And put the following in JBoss's login-config.xml: <application-policy name = "myApp"> <authentication> <log...
Hi all, I've implemented a Jaas Login Module, in order to perform authentication. I must access database to retrieve user/pass information within this module. In the same project, there exists some DAO bean's implemented, but it's impossible to access Spring context from the jaas login module, to retrieve the DAO bean. ¿Anyone could h...
I have a Java application running on Windows that needs to authenticate to a webapp using Kerberos/SPNEGO. I'm aware of how to configure JAAS to achieve this, but I find the Java (JDK6 and JDK7beta) Kerberos implementation to be lacking a couple important features I need. For example, support for referrals or using the DNS to figure ou...
I'm using mockito to test a legacy JAAS/LDAP login module. The javax.security.auth.callback.CallbackHandler interface defines the function: void handle(javax.security.auth.callback.Callback[] callbacks) I'm expecting callbacks to contain a NameCallback, which is the object that needs to be manipulated to pass the test. Is there a wa...
Java EE 5 / EJB 3 / JSF 1.2, using Facelets / ICEfaces 1.8.2 I'm authenticating my users with JAAS, but I think that simple role-based authorization is insufficient for my needs—my users' permissions need to be computed out of data in JPA entities. I'd like to add to certain pages a check that gets some entities from an EJB, does a litt...
I wrote a custom LoginModule which works just fine in JBoss, however, now I need to deploy it on Websphere 7 and I just can't find the appropriate way to register the LoginModule. Does anybody know how? ...
The subject pretty much sums up the question. Normally a JAAS login module is deployed outside of an EAR application (which uses the authentication service, but doesn't deploy it). Is it possible to deploy it in the EAR, though? There are advantages (code reuse, better integration with the app). I'm only interested in using the module f...
I've got a web application, deployed on GlassFish 3.0.1, which is using container managed security. It's a simple, standard form based implementation using j_security_check against a JDBCRealm. Everything to do with securing the application is fine (and I can't believe I've rolled my own security systems in the past). What I can't seem ...
Hi I am using Bonita5.2 and the Tomcat6.0.19 I exported the application(which gives a war file and some config file and libraries) and deployed in the tomcat. When I run the application, after the login page, I get the error description The server encountered an internal error () that prevented it from fulfilling this request. except...
Hello, I've implemented a LoginModule to perform some custom authentication, and call the authentication using the login() method of the LoginContext class. The login module's login() and commit() methods are called successfully, but instead of being able to use the web app I am being sent back to the login page immediately. request.g...
An application written in Java needs to store passwords to external services per user. Within the application the user itself authenticates against a KDC using Kerberos (basically creating a LoginContext utilizing Jaas). I would like to store the encrypted secrets to other services in some kind of file (XML?) at the applications locatio...
This is a long shot but I thought it was worth a try. We have designed a java servlet running on jboss and authenticating using ldap (edit: via JAAS). Now the customer wants to change to radius authentication for some of the users who uses one-time generated passwords. but still only have the two login fields; username and password. Si...
Hello, I'm running Tomcat 6.0.29 and created a realm and loginmodule of my own. They are defined in server.xml like so: <Realm className="mycompany.tomcat.MyRepositoryRealm" appName="My_Realm" userClassNames="mycompany.tomcat.IdentityPrincipal" roleClassNames="mycompany.tomcat.RolePrincipal" useContextClassLoader="true"/> I have adde...
What is difference, philosophical or otherwise, between calling a web service from Java code using Service and Dispatch classes, vs a SOAPConnection class? For example, something like this: SOAPConnectionFactory scf = SOAPConnectionFactory.newInstance(); SOAPConnection soapConnection = scf.createConnection(); SOAPMessage reply = soapCo...
I would like to have main login page and depending which user has logged-in, to redirect to specific page. At the moment when I perform such action error appears: Invalid direct reference to form login page. Is there a way to redirect straight after login? ...