JBoss Negotiation - 2.0.3.Beta2 released, onto 2.0.3.CR1 The Beta2 release is now out https://jira.jboss.org/jira/browse/SECURITY-266, so now onto the tasks for the CR1 release (Which should be a real CR release with the potential to be tagged GA). I think the following ta... 
JACC issue: why is not Policy::implies called on my Policy p Hello, I'm porting home-grown JACC provider from GlassFish to JBoss 5.0 CR1. I've copied all the needed jars into server/all/lib subdirectory. Followed http://wiki.jboss.org/wiki/JACC to enable it. When I start jboss ... 
JBoss Negotiation - SPNEGO I just wanted to start a discussion to see if there are any priorities for the tasks to work on for the Beta2 release of the JBoss Negotiation library. I have just added a new LDAP login module based on the existing ... jboss rules not worked hi everyone in my project , i'm define rules with jboss rules in rules-file and when run project two message [Contexts] starting up: org.jboss.seam.security.identity [RuleBase] parsing rules: /security.drl is shown ... 
security-config schema location I am working on the integration of the ACL (instance-based authorization) project with the AS. For that I need to offer users a way to specify the ACL provider as part of an application-policy, which requires changes ... 
GSSAPI/Negotiate I was asked to provide input to this forum about the uses of GSSAPI/Negotiate. The source of this was this post: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73418 The usecases I am working with t... 
Legacy client SecurityAssociation This work: http://jira.jboss.com/jira/browse/SECURITY-75 isn't much use without this: http://jira.jboss.com/jira/browse/SECURITY-125 Most clients (if they used the SecurityAssociation api) will be using on the client... 
SecurityContext inherited by threads on the serverside http://anonsvn.jboss.org/repos/jbossas/tags/JBoss_4_0_5_GA/testsuite/src/main/org/jboss/test/security/test/SAThreadLocalUnitTestCase.java The test "testThreadLocal" clearly tests that on the server, SecurityAssociati... 
Error in org.jboss.security.valve.SSOFederationRouter The lookupPartners() method has "http" hard coded for creating the URL to access the federated resource of partners. When the request comes from a secure connection the method throws a org.apache.commons.httpclient.Pr... 
Security aspects failing in AS trunk When running the org.jboss.test.aop.test.SecurityUnitTestCase testcase in AS trunk I get the following error: <testcase classname="org.jboss.test.aop.test.SecurityUnitTestCase" name="testAnnotated" time="0.984"&... 
Combining BaseCertLoginModule with LdapExtLoginModule doesn' On the following wiki page http://wiki.jboss.org/wiki/BaseCertLoginModule you'll find the following example: <application-policy name = "jmx-console"> <authentication> <login-module code="org.jboss.s... 
Security and JCA I've just reinstated org.jboss.security.Util which is used by a JCA login module (PBE) that hadn't been ported to jboss-head. On a more general note: We've had this discussion on the jca forum and basically we don't... Security Injection in AS5 this design thread is to discuss Adrian's subtask for me to tidy up some of the security injection in AS5. http://jira.jboss.com/jira/browse/JBAS-5309 Adrian: There's no real way to depend upon a specific login modul... Security EJB2 and dependencies If you run the pooled tests in JBoss5 ./build.sh test -Dtest=pooled -Dnojars=t you will see it fails with 16:20:26,857 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOExceptio... The jacc is not running; it cannot be stopped. While this is a hilarious error message, it basically means the testsuite is broken at the moment. See: http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146144#4146144 shared LoginModule between multiple applications We have a couple of applications that are going to be deployed by jboss. I'm looking for a primer that will help me configure jboss so that both applications can use the same custom LoginModule that I have created. B... 
Encrypting attributes/properties of beans Scott, you have mentioned this topic in the passing, a few times. Could you elaborate on your thoughts here? I can start thinking about this a bit over time. I am guessing that you meant securing the bean properties ... Why do we need a security context to access a local ejb? With the old SecurityAssociation we didn't need to login to access a local EJB. If the ejb was secured, it just failed because of the null principal, otherwise the request was allowed. 21:00:26,618 ERROR [AbstractK... JSR-196 [Java Authentication SPI for Containers] Discussion I would like to dedicate this thread for discussion on JSR-196 (JASPI). As you know the container issue for JSR-196 implementation in JBoss 5.0 is: http://jira.jboss.com/jira/browse/JBAS-2525 Once the prototype stabi... SSO LdapLoginProvider activates an identity based on the Sur Hi, At the Federated SSO I'm wondering if its intentionally that the Surname in the LDAP is used to define that an Identity is active. String cour = rs.getString("sn"); boolean active = (new Boolean(cour)).booleanV... 
Log in to follow, share, and participate in this community.