JBAS-7010, SecurityContext creation I found an issue with the JndiLoginInitialContextFactory not creating a SecurityContext and hence not being propagated correctly by the org.jboss.ejb3.security.client.SecurityClientInterceptor. Looking at the Security... 
java security in jboss & runtime parsing of java.policy file Hi Decided to move here from mailing. I have been googling and browsing JBoss code in order to see how one can parse java.policy file at runtime and instrument policy collection accordingly. I see some code in jboss ... 
JNDIBasedSecurityManagement ignoring the bean configurations A user has recently found out that JNDIBasedSecurityManagement is ignoring the properties that are set in its configuration (security-jboss-beans.xml). In his particular case, he wanted a specific CallbackHandler to b... 
SimplePrincipal - equals() Implementation I am interested in some thoughts on how valid our implementation of equals is on our SimplePrincipal. The javadoc for Principal described the requirements of the equals method as: - Compares this principal to the s... 
Codesource URL on the embedded jars https://jira.jboss.org/jira/browse/JBAS-6660 There is a potential contribution from the community on setting the code source URL to the embedded jars of an ear/sar such that appropriate permissions may be assigned. ... 
Password masking at the MC level I want to just place some of my thoughts here for future reference. Scott had broached the topic of some aspects to encrypt/decrypt bean properties which is on our TODO list. I also want to handle the issue of passw... XACMLDeployer and ACLDeployer for AS5.1 We have this JIRA issue: https://jira.jboss.org/jira/browse/JBAS-6425 to clean up the XACML, ACL policy file handling for web/ejb deployments via separate deployers. I would like to get these done for AS5.1CR1. JBossSX trunk to be v2.1.x I am thinking that we need to work on the configuration aspects. We currently have JBossXB based configuration and the mc configuration. I am thinking that we need to branch out security projects into Branch_2_0 and ... JBoss Federated SSO : How browsers can send and store a SAML Hi! I miss couple of things in the design of JBoss Federated SSO. As I understand, browser sends the SAML based token to each application that participated in SSO. 1) When the SAML based token is added to browser? Af... 
Custome Authenticators Defined At Web Application Level I know that as custom authenticators are implemented as a valve they can be added to a context.xml deployed with the web application - however looking at the jboss-service.xml of the jboss-web.deployer I see the follo... Help in Jboss security debug Hi. I'm trying to configure security on JBOSS5 in comparsion with JBOSS4 it does not work for my. I'm getting source of JBoss5 and i'm debuging this "monster" :) project. I have one question, is anybody there who ca... 
JAAS Error Handling I am using DatabaseServerLoginModule for JAAS Form based authentication. My problem is that, if the data base is down then how can i propagate the error message from the DatabaseServerLoginModule to the error jsp page... 
Invalid Issue: SECURITY-340 I've opened https://jira.jboss.org/jira/browse/SECURITY-340, rejected by Anil as invalid. What steps do I need to take to avoid: Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePerm... 
Security aspect updates In going through the current jboss-aspects/security aspects and applying them to the profileservice, I see a few issues we should work on updating to be better mc/pojo citizens. 1. The jndi based dynamic security mak... JBoss SSO Please read: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=146716 I really need some feedback from JBoss. Thanks. 
JBoss Negotiation - Onto The GA Release Apart from some small code areas to tidy up I have one area that still needs to be decided before we can release the first GA. The implementation of the login module requires an LDAP login module to be chained so tha... Obtaining cookie in LoginModule. As part of implementing a persistent SSO, I need to be able to get a cookie from within a Custom LoginModule. How would I go about this? It seems that many Jaas implementations for App Servers have a callback to obta... 
AS5: test targets "jacc-securitymgr" and "tests-security-man I am going to document my attempt to get all the tests passing in these two test targets for AS5GA. The last post on this thread will summarize the tests that had to be disabled (to take a look in the future aka post-... PrivilegedBlock location Scott, given the following stack trace, where do you think the privileged block should be placed such that appropriate permission ("getClassLoader") can be provided? I feel that it needs to go in the aop project but I... Security Cache Flush on Http Session Expiration (10:09:25 AM) anil_msn: hello Remy. When the session expires, the session listener basically gets a tomcat session facade (that implements httpsession). I was interested in the principal being stored as a note...
Log in to follow, share, and participate in this community.