Log in to follow, share, and participate in this community.
Thread AS7 : Authentication and Authorization
AS7 : Authentication and AuthorizationFor AS7 I'm thinking about rewriting all our login modules to separate authentication (caller principal mapping) from authorization (role mapping) during the JAAS process. Currently the majority of our login modules ...
PicketBox/JbossXACML PDP ConfigurationHi, I want to use JBossXACML/PicketBox XACML in axis2 for securing a web service. However there is no proper documentation how do I configure and call PDP of the JbossXACML. Can someone kindly guide me from...
AS7: Authentication Cache DesignMarcus, let us keep this thread for discussing the Authentication Cache design changes. From what you said: The auth cache has to be: configurable at the security domain level. flushing configuration at the...
SubjectFactory ImplementationFor AS5, we introduced a SubjectFactory interface for use by JCA. An issue that is my fault is that the implementation of this interface was done in the security branch of the AS workspace (http://anonsvn.jboss....
Thread Mapping Application Roles to Declarative Role
Mapping Application Roles to Declarative RoleMany users would like to map the application roles that are derived out of the Jaas authentication process to declarative roles (defined in various deployment descriptors like web.xml). There is a feature request tha...
Thread Make JBossPDP an interface to allow easier insertion of custom PDP.
Make JBossPDP an interface to allow easier insertion of custom PDP.Hi, I have been looking into using my own, custom PDP and have been discovering that the JBossPDP is pretty entwined to the security component. For example it can get created in JBossPolicyRegistration, JBoss...
Problem with custom login modulesOn a recent support case the costumer is using IBM's Kerberos login module which was working fine in JBoss AS 4.0.4. Now he migrated to JBoss AS 4.2.0 and the login module fails with this stack trace: javax.security....
Do Not Post User QuestionsYou should use the "PicketBox User Forum" and not the "PicketBox Development Forum" for your user questions. PicketBox Development Forum is mainly for the developers behind the PicketBox code (the ones w...
Auth Cache is not flushed after logoutHi, can anyone kindly help me? Currently we tried to migrate our project from JBOSS 4.2 to 5.1, however the Authentication Cache is failed to be flushed after the logout method is called which worked fine on JBOSS 4...
JSR-160 connectors securityThis is a design thread that Scott Marlow (SMarlow) and I will be using to discuss the JSR-160 integration that Scott is working on. There are some security aspects to be considered in this integration based on the JS...
Mapping ProvidersPicketBox has a powerful mapping framework as highlighted in here. Particularly, the role mapping functionality is very important for access control decisions. We have a select set of providers availab...
SecurityContextFrom Scott's quote: instead of just a Subject representing the security context, we should have a security context that contains a Subject, trust domain info, authorization info/pointers, etc to allow better integrat...
Thread EJB3 security - Skip authorization for @PermiAll?
EJB3 security - Skip authorization for @PermiAll?I was looking at a thread in the EJB3 forum which was talking about poor performance of a bean method invocation when the bean is marked with a @SecurityDomain, as compared to a similar bean without any @SecurityDomai...
ACL Implementation QuestionsStefan, when you look at the following class: package org.jboss.security.acl.ACLImpl we have
import javax.persistence.OneToMany;
import org.hibernate.annotations.Cascade;
@OneToMany(mappe...
Thread client authentication on a JRMP SSL connection; multiple key
client authentication on a JRMP SSL connection; multiple keyJBoss Security team, I would like to start a discussion concerning several possible improvements in jbosssx; they came up while working with JBoss in an environment that has complex security requirements. While all f...
Thread Client/Server Key Aliases at JBoss Security Domain Level
Client/Server Key Aliases at JBoss Security Domain LevelClient/Server Key Aliases at JBoss Security Domain Level Keystores may contain more than one server or client key. JSSE uses the concept of key alias to differentiate among multiple keys in the same keystore. S...
Thread Support for External Credentials in LdapExtLoginModule
Support for External Credentials in LdapExtLoginModuleSome operational environments require that passwords are read at run time from external processes, and not hardcoded in configuration files, even in encrypted format. As per 4.3.0.GA_CP04, LdapExtLoginModule does not ...
Thread Option for Client Authentication at JBoss Security Domain Level
Option for Client Authentication at JBoss Security Domain LevelOption for Client Authentication at JBoss Security Domain Level Some operational environments require that all SSL connections into a JBoss instance must be mutually authenticated, and that should be a configuration ...
Connection Filter in JBossWe are migrating from Weblogic 6.1 to JBoss 5.1. Currently in weblogic we have ConnectionFilter which filters some addresses and protocalls using weblogic.security.net.ConnectionFilter . How same functionality can b...