Log in to follow, share, and participate in this community.
Thread JASPI ServerAuthModule
JASPI ServerAuthModuleI've a self written JASPI ServerAuthModule, which works great in Glassfish. Now I had to switch to AS 7. I have not found any resources how to configure a JASPI ServerAuthModule in AS 7?! I put my jar in a AS...
DatabaseCertLoginModule can't find securityDomainI've configured a security-domain in subsystem domain:security:1.1 mycertdomain which is displayed in the server profile page under Security/Security Domains. When I reference that securityDomain in a login-module/mo...
PicketBox Development Chat TranscriptAnil and Pedro.
(08:36:43 AM) asaldhan: psilva: discuss status of each project. we then can do checkpoints
(08:36:53 AM) asaldhan: https://docs.jboss.org/author/display/SECURITY/SecurityProjectsArchitec...
Security Context PropagationDiscussion related to https://docs.jboss.org/author/display/SECURITY/Java+Application+Security When there is a need to propagate security context, the following usecases come into my mind: a) Thread level sec...
Thread Get something started with XACML - Requirements Discussion
Get something started with XACML - Requirements DiscussionHello all, I have recently begun participating in this project and I noticed that the discussion on XACML has been fairly quiet, so I thought I would kick off some discussions to see what the interest level is, see ...
Challenge/Response enabled Authentication FrameworkWondering if SASL is the perfect candidate for a challenge/response enabled authentication framework with multiple authentication mechanism support. Wikipedia entry on SASL. Apart from a challenge/resp...
Negotiation protocol broke?I detected a problem with the implementation of the Kerberos login module for JBoss AS 6. It seem's that the negotiation protocol isn't fully implemented. If there are multiple alternatives it stops after the first ...
Thread How-to registering JASPI auth module via AuthConfigFactory?
How-to registering JASPI auth module via AuthConfigFactory?In this article Ron Mozillo hints that an JASPI auth module can be registered via the AuthConfigFactory. Unfortunately no example is given and the API plus Javadoc isn't exactly straightforward. I'm trying to do the p...
Thread How to pass data from valve to login module?
How to pass data from valve to login module?I use AS71.0CR1b I need some http header data in my login module. - But how can I access http header in login modules? My current approach is to read http header in a valve, put it in a thread local an...
Thread How to decrypt the password which was encrypted by picketBox
How to decrypt the password which was encrypted by picketBoxIn JBoss AS7 datasource configuration, I use java org.picketbox.datasource.security.SecureIdentityLoginModule passwordString to encrypt the password. Now I have one requirement that decrypt the password by my app co...
AS7: Sensitive Attributes MaskingWe can extend masking of passwords to all attributes that the user determines to be sensitive and not be displayed in clear text in the configuration files. There are two entities: a) Sensitive Attribute Hold...
XACML Resource ManagementThis is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin...
XACML DeploymentThis is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin...
XACML Audit/ReportingThis is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin...