ACL requires Identity, how do I get this? Hi all, I apologize in advance for what is most likely a very newbie-ish question. I'm trying to use the role based ACL support in my JBoss AS 6.1 webapp. I've been loosely following the instructions h... 
Account locking for DatabaseServerLoginModule This is a general question how this common use case should be implemented? We extended DatabaseServerLoginModule by handling locking account inside login() method. So after 3 consecutive authentication failure... 
Failed to resolve any values for urn:oasis:names:tc:xacml:2.0:subject:role Hello everyone, I tried to basically start using PicketBox XACML using the XACML RBAC Locator examples on this page (employee role): https://community.jboss.org/wiki/XACMLRBACLocator#Permission_Policy_Sets_PPS... 
SSO implementation using SPNEGO login module and Credentials cache Hi, We have a J2EE application that has a servlet as an entry point and uses stateless sessions beans for business logic. The application uses JAAS login modules for authentication and authorization. One authenticati... 
[JBoss7] Custom principal I need to create custom princiapl which holds some more data about the user (besides username from org.jboss.security.SimplePrincipal). I use LDAP login module, it is configured and it works for authentication. On the... 
Latest picketbox version ? I see at download page the 3.0.0 is the available version. However Looking in svn the latest tag is 4.0.9.Final. Why there is not a build and download for this version ? Which version is the latest to start working ... 
How to find SSL version JBoss 5.1.0 We are using JBoss 5.1.0 and enable SSL. Now we want to configure Load balancer so we need to know what SSL version is using. Anybody know how to find the SSL version ? Thanks, 
How to determine whether a user logged in via a certificate or password? Our application allows certificate (CAC) authentication or username/password. Is there something in the Security Context or Subject that will tell me which Authentication method was used? Thanks for any pointer... 
BaseCertLoginModule and UsersRolesLoginModule Hi I am running JBoss 4.0.3. Trying to have Client Certificate authentication, here are the configs and steps that I followed jboss-service.xml --------------------- <mbean code="org.jboss.security.plugins.Jaas... 
Problem w/ BASIC web auth Database Having a bit of a problem with BASIC auth using DatabaseServerLoginModule for my web app on JBoss 3.2.1/Jetty: Here's my stuff: web.xml ======== <web-app> ... <security-constraint> <web-resource-col... 
Current status of MS kerberos and JBoss? Hi! I am considering to use Kerberos tickets (service account authentication done by Active directory) to authenticate consumers of web services (not web applications!) to the service hosted in JBoss app serve... SRPLoginModule We've been using SRPLoginModule since it was added to JBossSX by Scott Stark (around 2001-2002?). Unfortunately, it is not present in JBoss 7 and I can't find any information about why it was removed :( Can anyone s... 
SPNEGO, HttpServletRequets.getRemoteUser() vs. EJBContext.getCallerPrincipal().getName() inconsistency Hi, I have to ask this question. I've spend many hours browsing sources and do not know the answer. Suppose I've got here setup FORM based authentication. Then getRemoteUser() on HttpServletRequest ins... 
Delegate authorization role mapping for application: JACC is the answer? Hi, Hope thats the corret place. I'm trying to find an answer to my question, but can't find it directly through web searchs, so I came here to ask the community. I want to know if is possible ... 
JBoss Negotiation 2.0.3.GA Released JBoss Negotiation 2.0.3.GA has now been released and is available for download from: - http://www.jboss.org/jbosssecurity/downloads/JBoss%20Negotiation https://jira.jboss.org/jira/browse/SECURITY-343 The main areas... 
What happened to JBoss OpenSSO A lot of the community ESB documentation refers to OpenSSO, but this project is not listed anywhere on jboss.org. Has this project been discontinued, or has it been incorporated into another project? 
Flushing credential cache from a login module? We have a custom login module that among other things blocks an account once too many login attempts have failed. However this means that after a failed login we have to flush the credential cache in order to protect ... 
Entity Beans & Security: best practice ? hi, I would like some advice on security design, more specifically when applying it on Entity Beans. I am currently developing a J2EE application and everything is going very well, I am now taking the time to fine-t... 
Failed to authenticate Hi, I try to read the version from the jboss.system:type=Server MBean of a remote JBoss server (version 5). The jmx-console authentication is set by <application-policy name="jmx-console">... 
Custom LoginModule sorted in standalone.xml - but one last problem I've managed to implement a custom LoginModule that's deployed to AS7.1.1.Final an working well - with one problem. I can't figure out how to stop the server prompting for a username and password. I don't ... 
Log in to follow, share, and participate in this community.