Alternative Verifiers instead of AnyCertVerifier Are there any other Certificate Verifers for BaseCertLoginModule besides the AnyCertVerifier? AnyCertVerifier is the only one I saw in the source code, but it is too permissive. It does not even check the expiration ... 
How to fill roles in custom authenticator? Hi all, following the article http://community.jboss.org/wiki/WebAuthenticationUsingHTTPRequestParameters we are trying to implement a custom authenticator which receives username, roles and some other attribu... 
Perform Jaas login from ejb Hey guys, I want to create a jaas login from my ejb application (named "client ejb") to another ejb application. They are hosted on the same jboss 6 as. The client ejb app contains a "login.config" with the f... 
jdbcRealm - ClassCastException when trying to log in hello, i'm currently migrating a webapp from tomcat 4.x to jboss 5.0.0.GA but if i try to login into the webapp i get the following error: java.lang.ClassCastException: org.apache.catalina.realm.GenericPrincipal can... 
Reasons for custom SecurityProxyFactory exception? Hello, I am relatively new to JBoss and have been working on setting up security for an application I work with. I am using JBoss AS 6 and was interested in setting up a custom security pro... 
Alternative to SecurityAssociation in AS7 / Picketbox 4 I have the following class in a Seam 2 application, which is used in conjunction with SPNEGO to do Kerberos authentication. In AS7 Final (which uses Pickbox 4.0.0.CR1) the SecurityAssociation class has been removed. W... 
Invoke Logout - Custom Loginmodule I've a fat client which has to login to JBoss 6 with a custom loginmodule. On client-side the auth-configuration looks like this. This way the client delegates the credentials to the server. MySecurityDomain {... 
Combine FORM and CLIENT-CERT authentication Hello, In our application we want to try to authenticate users first with a client certificate and if it isn't possible use a typical user/password form. The problem is that I don't know how to do that in the web.xm... 
Siteminder Integration with Jboss portal 2.7 Hi, I am working on siteminder integration with Jboss portal via Apache reverse proxy.Need to know the approach and if possible sample custom authentication module code for Jboss using siteminder http header t... 
Authentication occasionally failing Jboss Server 5.1. Our users are occasionally getting 401 error code from the server. This seems to correspond with the following errors in the jboss error log 2011-07-25 10:59:06,091 WARN [org.jb... 
Problem loading Web-Console AppletBrowser after Securing Con All, Ive secured the jmx-console and web-console for Jboss5. Jmx works great, accepts uid/password, and the web-console is accepting my uid/password, but when accessing it, the navtree.AppletBrowser fails to load....... 
Configuring JMX Remote Authenticaton Hi, I have a web application running on JBoss AS 5.1.0 that makes some JMX calls. During development I had authentication turned off and everything was working fine. After enabling authentication I'm running i... 
Validating login/password AND Client Certificate I want to let the users type in their login & password to log into my system. But at the same time, I would like to validate the client certificate also in addition to the login/password. Currently, if I use only... 
Background of JBoss Security hi guys, i'm not sure that this is the wright place for asking my question, sorry for inconvenience... i want to get very detailed information about jboss security but i could not find the relevant documents on the ... 
Tom We have perimeter security for authentication but when the request reaches Tomcat we need to make sure that we have some headers set for all our components work. In the case of weblogic we used the security prov... 
SecurityAssociation values are null when called from authenticating EJB Hi All, I have a web applciation and an EJB component. I am using GenericHeaderAuthenticator and SSOLoginModule for the authentication. In GenericHeaderAuthenticator, I am getting the roles from siteminder an... 
JBoss 7: Using encrypted datasource password In JBoss 6 I'm using an encrypted datasource password specified in a file *-jboss-beans.xml. Now I tried the following in standalone/configuration/standalone.xml of JBoss 7: a) Inside the datasource tag: <security&... 
@RunAs in JBoss 5 - Caller unauthorized in second call Hallo, I've noticed the following strange behaviour using the @RunAs annotation in a secured STSB. I've tried JBoss 5.0.1.GA and 5.1.0.GA. Take a look at the following simple scenario: three secured STSBs Caller, A... 
Migration from Bea Weblogic => Security roles, users and gro I'm currently migrating an application from BEA WebLogic 8.1 to JBoss AS 4.2.1. This applications consists of several web apps with configured roles in weblogic.xml and web.xml. For example the HostAccess web app: w... 
Concurrent authentication failure after startup caused by misplaced LoginModule logout??? I am experiencing an authentication failure in JBoss 6.0 Final. It only happens if I hit the server with concurrent HTTPS requests immediately after starting up JBoss. If I hit the server with serialized requests afte... 
Log in to follow, share, and participate in this community.