Log in to follow, share, and participate in this community.
Thread Alternative Verifiers instead of AnyCertVerifier
Alternative Verifiers instead of AnyCertVerifierAre there any other Certificate Verifers for BaseCertLoginModule besides the AnyCertVerifier? AnyCertVerifier is the only one I saw in the source code, but it is too permissive. It does not even check the expiration ...
How to fill roles in custom authenticator?Hi all, following the article http://community.jboss.org/wiki/WebAuthenticationUsingHTTPRequestParameters we are trying to implement a custom authenticator which receives username, roles and some other attribu...
Perform Jaas login from ejbHey guys, I want to create a jaas login from my ejb application (named "client ejb") to another ejb application. They are hosted on the same jboss 6 as. The client ejb app contains a "login.config" with the f...
Thread jdbcRealm - ClassCastException when trying to log in
jdbcRealm - ClassCastException when trying to log inhello, i'm currently migrating a webapp from tomcat 4.x to jboss 5.0.0.GA but if i try to login into the webapp i get the following error:
java.lang.ClassCastException: org.apache.catalina.realm.GenericPrincipal can...
Thread Reasons for custom SecurityProxyFactory exception?
Reasons for custom SecurityProxyFactory exception?Hello, I am relatively new to JBoss and have been working on setting up security for an application I work with. I am using JBoss AS 6 and was interested in setting up a custom security pro...
Thread Alternative to SecurityAssociation in AS7 / Picketbox 4
Alternative to SecurityAssociation in AS7 / Picketbox 4I have the following class in a Seam 2 application, which is used in conjunction with SPNEGO to do Kerberos authentication. In AS7 Final (which uses Pickbox 4.0.0.CR1) the SecurityAssociation class has been removed. W...
Invoke Logout - Custom LoginmoduleI've a fat client which has to login to JBoss 6 with a custom loginmodule. On client-side the auth-configuration looks like this. This way the client delegates the credentials to the server. MySecurityDomain {...
Thread Combine FORM and CLIENT-CERT authentication
Combine FORM and CLIENT-CERT authenticationHello, In our application we want to try to authenticate users first with a client certificate and if it isn't possible use a typical user/password form. The problem is that I don't know how to do that in the web.xm...
Thread Siteminder Integration with Jboss portal 2.7
Siteminder Integration with Jboss portal 2.7Hi, I am working on siteminder integration with Jboss portal via Apache reverse proxy.Need to know the approach and if possible sample custom authentication module code for Jboss using siteminder http header t...
Authentication occasionally failingJboss Server 5.1. Our users are occasionally getting 401 error code from the server. This seems to correspond with the following errors in the jboss error log 2011-07-25 10:59:06,091 WARN [org.jb...
Thread Problem loading Web-Console AppletBrowser after Securing Con
Problem loading Web-Console AppletBrowser after Securing ConAll, Ive secured the jmx-console and web-console for Jboss5. Jmx works great, accepts uid/password, and the web-console is accepting my uid/password, but when accessing it, the navtree.AppletBrowser fails to load.......
Configuring JMX Remote AuthenticatonHi, I have a web application running on JBoss AS 5.1.0 that makes some JMX calls. During development I had authentication turned off and everything was working fine. After enabling authentication I'm running i...
Thread Validating login/password AND Client Certificate
Validating login/password AND Client CertificateI want to let the users type in their login & password to log into my system. But at the same time, I would like to validate the client certificate also in addition to the login/password. Currently, if I use only...
Background of JBoss Securityhi guys, i'm not sure that this is the wright place for asking my question, sorry for inconvenience... i want to get very detailed information about jboss security but i could not find the relevant documents on the ...
TomWe have perimeter security for authentication but when the request reaches Tomcat we need to make sure that we have some headers set for all our components work. In the case of weblogic we used the security prov...
Thread JBoss 7: Using encrypted datasource password
JBoss 7: Using encrypted datasource passwordIn JBoss 6 I'm using an encrypted datasource password specified in a file *-jboss-beans.xml. Now I tried the following in standalone/configuration/standalone.xml of JBoss 7: a) Inside the datasource tag: <security&...
Thread @RunAs in JBoss 5 - Caller unauthorized in second call
@RunAs in JBoss 5 - Caller unauthorized in second callHallo, I've noticed the following strange behaviour using the @RunAs annotation in a secured STSB. I've tried JBoss 5.0.1.GA and 5.1.0.GA. Take a look at the following simple scenario: three secured STSBs Caller, A...
Thread Migration from Bea Weblogic => Security roles, users and gro
Migration from Bea Weblogic => Security roles, users and groI'm currently migrating an application from BEA WebLogic 8.1 to JBoss AS 4.2.1. This applications consists of several web apps with configured roles in weblogic.xml and web.xml. For example the HostAccess web app: w...