Log in to follow, share, and participate in this community.
Thread JAAS Error Handling
JAAS Error HandlingI am using DatabaseServerLoginModule for JAAS Form based authentication. My problem is that, if the data base is down then how can i propagate the error message from the DatabaseServerLoginModule to the error jsp page...
Invalid Issue: SECURITY-340I've opened https://jira.jboss.org/jira/browse/SECURITY-340, rejected by Anil as invalid. What steps do I need to take to avoid: Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePerm...
Security aspect updatesIn going through the current jboss-aspects/security aspects and applying them to the profileservice, I see a few issues we should work on updating to be better mc/pojo citizens. 1. The jndi based dynamic security mak...
JBoss Negotiation - Onto The GA ReleaseApart from some small code areas to tidy up I have one area that still needs to be decided before we can release the first GA. The implementation of the login module requires an LDAP login module to be chained so tha...
Obtaining cookie in LoginModule.As part of implementing a persistent SSO, I need to be able to get a cookie from within a Custom LoginModule. How would I go about this? It seems that many Jaas implementations for App Servers have a callback to obta...
Thread AS5: test targets "jacc-securitymgr" and "tests-security-man
AS5: test targets "jacc-securitymgr" and "tests-security-manI am going to document my attempt to get all the tests passing in these two test targets for AS5GA. The last post on this thread will summarize the tests that had to be disabled (to take a look in the future aka post-...
PrivilegedBlock locationScott, given the following stack trace, where do you think the privileged block should be placed such that appropriate permission ("getClassLoader") can be provided? I feel that it needs to go in the aop project but I...
Thread Security Cache Flush on Http Session Expiration
Security Cache Flush on Http Session Expiration
(10:09:25 AM) anil_msn: hello Remy. When the session expires, the session listener basically gets a tomcat session facade (that implements httpsession). I was interested in the principal being stored as a note...
Thread Flush security domain cache on sessionInvalidation
Flush security domain cache on sessionInvalidationAccording to Scott: The current flushOnSessionInvalidation implementation only flushes the security domain cache in the context of a request. If the session expires without any activity the security domain cache will ...
Call Logout Module on Session Timeout.Will JBOSS call the JAAS LoginModule configured for in specified security domain on Session Expiration. I want a my custom JAAS LoginModule's logout method to be called in order to make required database updates.
Policy Implementation for VFSAdrian, you wanted to apply Java security permission checks to vfs deployments (deploy, undeploy etc). Some possibilities are: 1) Use the current JACC policy implementation that is keyed in by a context id (which is...
Secure Remote ClassloadingI've started a topic in the Remoting forum about secure remote classloading, which pertains strongly to the security framework of JBossAS. The link is here: http://www.jboss.com/index.html?module=bb&op=viewtopic&...
JBoss ACL schemaWe've been talking about an ACL configuration file that would specify the ACL policies for resources. These ACLs would be installed upon deployment and would be available through the ACLProvider that has been configur...
Thread Quantum Cryptography: As Awesome As It Is Pointless
Quantum Cryptography: As Awesome As It Is PointlessAlways good to think about effective security, not just theoretically better security. http://www.wired.com/politics/security/commentary/securitymatters/2008/10/securitymatters_1016 "Bruce Schneier" wrote: Quantum ...
Thread Error configuring JRMPInvoker with SSL in conf/jboss-service
Error configuring JRMPInvoker with SSL in conf/jboss-serviceThis has to do with https://jira.jboss.org/jira/browse/JBAS-5815. In short, when configuring a JRMPInvoker with a RMISSLServerSocketFactory [1] in conf/jboss-service.xml, a NPE is seen due to a failure to initialize ...
Thread JBNAME-8, updates to security in naming server
JBNAME-8, updates to security in naming serverhttps://jira.jboss.org/jira/browse/JBNAME-8 I have added security permission checks when running under a security manager to the jnpserver project for the 5.0.0.CR3 release. The following RuntimePermissions are requi...
Thread EJBSpecUnitTestCase and the MDB Run As related tests
EJBSpecUnitTestCase and the MDB Run As related testsThe EJBSpecUnitTestCase has a complex setup and the MDB run as related tests have been failing for a long long time. But debugging the issue has been pretty complex for a long long time now because the MDB tests fail ...
SSO inetOrgPerson LoginProviderHi, I have been implementing a LoginProvider based on RFC2798 (inetOrgPerson), the problem I'm facing is that the standard doesn't include the concept of roles that a user belongs to. So does any know a normal used pr...