JAAS Error Handling I am using DatabaseServerLoginModule for JAAS Form based authentication. My problem is that, if the data base is down then how can i propagate the error message from the DatabaseServerLoginModule to the error jsp page... 
Invalid Issue: SECURITY-340 I've opened https://jira.jboss.org/jira/browse/SECURITY-340, rejected by Anil as invalid. What steps do I need to take to avoid: Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePerm... 
Security aspect updates In going through the current jboss-aspects/security aspects and applying them to the profileservice, I see a few issues we should work on updating to be better mc/pojo citizens. 1. The jndi based dynamic security mak... 
JBoss SSO Please read: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=146716 I really need some feedback from JBoss. Thanks. 
JBoss Negotiation - Onto The GA Release Apart from some small code areas to tidy up I have one area that still needs to be decided before we can release the first GA. The implementation of the login module requires an LDAP login module to be chained so tha... 
Obtaining cookie in LoginModule. As part of implementing a persistent SSO, I need to be able to get a cookie from within a Custom LoginModule. How would I go about this? It seems that many Jaas implementations for App Servers have a callback to obta... 
AS5: test targets "jacc-securitymgr" and "tests-security-man I am going to document my attempt to get all the tests passing in these two test targets for AS5GA. The last post on this thread will summarize the tests that had to be disabled (to take a look in the future aka post-... 
PrivilegedBlock location Scott, given the following stack trace, where do you think the privileged block should be placed such that appropriate permission ("getClassLoader") can be provided? I feel that it needs to go in the aop project but I... Security Cache Flush on Http Session Expiration (10:09:25 AM) anil_msn: hello Remy. When the session expires, the session listener basically gets a tomcat session facade (that implements httpsession). I was interested in the principal being stored as a note... Flush security domain cache on sessionInvalidation According to Scott: The current flushOnSessionInvalidation implementation only flushes the security domain cache in the context of a request. If the session expires without any activity the security domain cache will ... Call Logout Module on Session Timeout. Will JBOSS call the JAAS LoginModule configured for in specified security domain on Session Expiration. I want a my custom JAAS LoginModule's logout method to be called in order to make required database updates. 
Policy Implementation for VFS Adrian, you wanted to apply Java security permission checks to vfs deployments (deploy, undeploy etc). Some possibilities are: 1) Use the current JACC policy implementation that is keyed in by a context id (which is... Secure Remote Classloading I've started a topic in the Remoting forum about secure remote classloading, which pertains strongly to the security framework of JBossAS. The link is here: http://www.jboss.com/index.html?module=bb&op=viewtopic&... 
JBoss ACL schema We've been talking about an ACL configuration file that would specify the ACL policies for resources. These ACLs would be installed upon deployment and would be available through the ACLProvider that has been configur... 
Quantum Cryptography: As Awesome As It Is Pointless Always good to think about effective security, not just theoretically better security. http://www.wired.com/politics/security/commentary/securitymatters/2008/10/securitymatters_1016 "Bruce Schneier" wrote: Quantum ... Error configuring JRMPInvoker with SSL in conf/jboss-service This has to do with https://jira.jboss.org/jira/browse/JBAS-5815. In short, when configuring a JRMPInvoker with a RMISSLServerSocketFactory [1] in conf/jboss-service.xml, a NPE is seen due to a failure to initialize ... JBNAME-8, updates to security in naming server https://jira.jboss.org/jira/browse/JBNAME-8 I have added security permission checks when running under a security manager to the jnpserver project for the 5.0.0.CR3 release. The following RuntimePermissions are requi... Security Certificate Where do I install a security certificate in JBOSS SSO? 
EJBSpecUnitTestCase and the MDB Run As related tests The EJBSpecUnitTestCase has a complex setup and the MDB run as related tests have been failing for a long long time. But debugging the issue has been pretty complex for a long long time now because the MDB tests fail ... SSO inetOrgPerson LoginProvider Hi, I have been implementing a LoginProvider based on RFC2798 (inetOrgPerson), the problem I'm facing is that the standard doesn't include the concept of roles that a user belongs to. So does any know a normal used pr... 
Log in to follow, share, and participate in this community.