Security Vulnerabilities Notification to Community Page listing all the security vulnerabilities in JBoss community projects, for the benefit of the community. Page listing all the security vulnerabilities in JBoss community projects, for the benefit o... 
custom SecurityIdentityLoginModule Implementation Hi, I am new to JBoss AS and to Jboss user community!! hoping to get a solution/workaround for this issue that I am facing now!! I am looking for more information on configuration an... 
Certificate based authentication in JBoss Hi, Can some one provide some information on implmenting Certificate Based Authentication on JBoss. Any help will be appreciated. Thanks, 
Infinispan integration - unnecessary exception polluting logs? Hi, In JBoss AS 7.1.1, with Infinispan integration (4.0.7) enabled using cache-type="infinispan" on security-domain element in standalone.xml. A horrible exception in the logs (when authentication fail... 
Keystore formats: JKS and PEM cheatsheet General commands 1. create JKS keystore keytool -genkey -alias localhostkey -keystore localhost.keystore -storepass password \ -keypass password -dname "CN=localhost,OU=QE,O=example.com,L=Brno,C=CZ" 2... 
NullPointerException @ DatabaseServerLoginModule.java:141, J Hello, all. I'm having some problems with the DatabaseServerLoginModule and would appreciate any help, as the logged error messages do not tell me much: DataSource <?xml version="1.0" encoding="UTF-8"?> <... 
JBoss Security Changing the role in subject Hi, I've one requirement in which Authenticated Subject role has to be replace with new one once user changes role from drop down. Just want to is it possible or not if yes please help me how to handle this s... 
Encoded username & password in custom server login module JBoss 7.1 CR1 (Picketbox 4.0.6) I'm migrating a client-server application from JBoss 6.1 to JBoss 7.1 CR1 and run into some problems when trying to get my custom server login module to work. (JBoss7.1 CR1 uses PicketBox 4.0.6 Beta2) ... 
Classloading issue with custom LoginModules and Principal implementation deployed in EAR I am migrating a large J2EE application from JBoss 4.2.3 (and JBoss 4.3) to JBoss 6.1. We implemented our own ClientLoginModule along with the matching ServerLoginModule and a custom Principal. I tried to depl... 
java.lang.IllegalStateException: Security Context is null Hi, I'm getting the following error when I was trying to migrate my jboss from 4.0.5 to 5.1. I've a custom LDAP login module. I've noticed in the log warning saying, "You are using deprecated api, please use s... 
How does Picketbox handle session timeout when using Servlet 3.0 programmatic security Regarding Servlet 3.0 programmatic security, when a session times out there is no way to invoke HttpServletRequest#logout(). Upon session destroy, does the user remain logged into JAAS? If so, w... 
JaasSecurityDomain MBean reloadKeyAndTrustStore not working as expected At my site an incoming SSL connection is succesfully created on JBoss 5.1.0 (Tomcat). That works OK. Afterwards the certificate used is removed from the truststore. After that(surprisingly) a new connection can ... 
Trust Association Interceptor in JBoss Hi, I need to know if there is any functionality in JBoss similar to IBM WAS's Trust Association Interceptor. We need to implement the same fuctionality in the design of portal running on JBoss. Pl. p... Integrating Active Directory and JBoss Hi, I am adding a new enterprise app running on JBoss AS 7 to my corporate network which is Windows based and uses Active Directory for authentication. Once a user logs into the windows domain, they shou... 
sharing credentials among multiple threads I'm working with the CallerIdentityLoginModule to passthrough the caller credentials to the database and having some difficulty when the database is hit on another thread. The call sequence goes as follows: &#... 
Vault management Hi all, the server/host level is currently not managable over e.g. DMR. It would make sence to have such a possibility e.g. for refreshing the vault's state by reloading keys from ENC and shared.dat 
AS7: Vault element not fully written back Dmitri, I am going to use this discussion thread on how I plan to test what you reported in https://issues.jboss.org/browse/AS7-3102 I am going to start with a web application with a single servlet that has th... Simple way to lock up your JBoss AS instance JBoss AS is distributed by default as not secured (locked up). If you want to work with locked up version you can try this easy way. Download Groovy script (source code at https://github.com/pskopek/sec-scri... 
JaasAuthenticationProvider and AuthorityGranter I'm trying to get JasperServer to run in JBoss using my JAAS implementation. I can get the authentication to work, but I'm having a problem with the AuthorityGranter bean in my applicationContext-security.xml file. H... 
PicketBox, jBoss SSO or ?? Hi, We are looking at implementing the SAML 2.0 specification as the SSO solution for a company. But we are not sure what jBoss product to use - the jBoss SSO is apparently dead (or?) and what about PicketLink... 
Log in to follow, share, and participate in this community.