AS7 : Authentication and Authorization For AS7 I'm thinking about rewriting all our login modules to separate authentication (caller principal mapping) from authorization (role mapping) during the JAAS process. Currently the majority of our login modules ... 
PicketBox/JbossXACML PDP Configuration Hi, I want to use JBossXACML/PicketBox XACML in axis2 for securing a web service. However there is no proper documentation how do I configure and call PDP of the JbossXACML. Can someone kindly guide me from... 
AS7: Authentication Cache Design Marcus, let us keep this thread for discussing the Authentication Cache design changes. From what you said: The auth cache has to be: configurable at the security domain level. flushing configuration at the... 
SubjectFactory Implementation For AS5, we introduced a SubjectFactory interface for use by JCA. An issue that is my fault is that the implementation of this interface was done in the security branch of the AS workspace (http://anonsvn.jboss.... Mapping Application Roles to Declarative Role Many users would like to map the application roles that are derived out of the Jaas authentication process to declarative roles (defined in various deployment descriptors like web.xml). There is a feature request tha... Make JBossPDP an interface to allow easier insertion of custom PDP. Hi, I have been looking into using my own, custom PDP and have been discovering that the JBossPDP is pretty entwined to the security component. For example it can get created in JBossPolicyRegistration, JBoss... 
Problem with custom login modules On a recent support case the costumer is using IBM's Kerberos login module which was working fine in JBoss AS 4.0.4. Now he migrated to JBoss AS 4.2.0 and the login module fails with this stack trace: javax.security.... Do Not Post User Questions You should use the "PicketBox User Forum" and not the "PicketBox Development Forum" for your user questions. PicketBox Development Forum is mainly for the developers behind the PicketBox code (the ones w... Auth Cache is not flushed after logout Hi, can anyone kindly help me? Currently we tried to migrate our project from JBOSS 4.2 to 5.1, however the Authentication Cache is failed to be flushed after the logout method is called which worked fine on JBOSS 4... 
JSR-160 connectors security This is a design thread that Scott Marlow (SMarlow) and I will be using to discuss the JSR-160 integration that Scott is working on. There are some security aspects to be considered in this integration based on the JS... Mapping Providers PicketBox has a powerful mapping framework as highlighted in here. Particularly, the role mapping functionality is very important for access control decisions. We have a select set of providers availab... SecurityContext From Scott's quote: instead of just a Subject representing the security context, we should have a security context that contains a Subject, trust domain info, authorization info/pointers, etc to allow better integrat... EJB3 security - Skip authorization for @PermiAll? I was looking at a thread in the EJB3 forum which was talking about poor performance of a bean method invocation when the bean is marked with a @SecurityDomain, as compared to a similar bean without any @SecurityDomai... 
ACL Implementation Questions Stefan, when you look at the following class: package org.jboss.security.acl.ACLImpl we have import javax.persistence.OneToMany; import org.hibernate.annotations.Cascade; @OneToMany(mappe... client authentication on a JRMP SSL connection; multiple key JBoss Security team, I would like to start a discussion concerning several possible improvements in jbosssx; they came up while working with JBoss in an environment that has complex security requirements. While all f... 
Client/Server Key Aliases at JBoss Security Domain Level Client/Server Key Aliases at JBoss Security Domain Level Keystores may contain more than one server or client key. JSSE uses the concept of key alias to differentiate among multiple keys in the same keystore. S... Support for External Credentials in LdapExtLoginModule Some operational environments require that passwords are read at run time from external processes, and not hardcoded in configuration files, even in encrypted format. As per 4.3.0.GA_CP04, LdapExtLoginModule does not ... Configurable keyStoreProvider, trustStoreProvider, etc. at JaasSecurityDomain level It should be possible to configure a JaasSecurityDomain instance with a custom keystore provider, truststore provider, keyManagerFactory provider, trustManagerFactory provider, keyManagerFactory algorithm and trustMan... Option for Client Authentication at JBoss Security Domain Level Option for Client Authentication at JBoss Security Domain Level Some operational environments require that all SSL connections into a JBoss instance must be mutually authenticated, and that should be a configuration ... Connection Filter in JBoss We are migrating from Weblogic 6.1 to JBoss 5.1. Currently in weblogic we have ConnectionFilter which filters some addresses and protocalls using weblogic.security.net.ConnectionFilter . How same functionality can b...
Log in to follow, share, and participate in this community.