Flush security domain cache on sessionInvalidation According to Scott: The current flushOnSessionInvalidation implementation only flushes the security domain cache in the context of a request. If the session expires without any activity the security domain cache will ... 
Call Logout Module on Session Timeout. Will JBOSS call the JAAS LoginModule configured for in specified security domain on Session Expiration. I want a my custom JAAS LoginModule's logout method to be called in order to make required database updates. 
Policy Implementation for VFS Adrian, you wanted to apply Java security permission checks to vfs deployments (deploy, undeploy etc). Some possibilities are: 1) Use the current JACC policy implementation that is keyed in by a context id (which is... Secure Remote Classloading I've started a topic in the Remoting forum about secure remote classloading, which pertains strongly to the security framework of JBossAS. The link is here: http://www.jboss.com/index.html?module=bb&op=viewtopic&... 
JBoss ACL schema We've been talking about an ACL configuration file that would specify the ACL policies for resources. These ACLs would be installed upon deployment and would be available through the ACLProvider that has been configur... 
Quantum Cryptography: As Awesome As It Is Pointless Always good to think about effective security, not just theoretically better security. http://www.wired.com/politics/security/commentary/securitymatters/2008/10/securitymatters_1016 "Bruce Schneier" wrote: Quantum ... 
Error configuring JRMPInvoker with SSL in conf/jboss-service This has to do with https://jira.jboss.org/jira/browse/JBAS-5815. In short, when configuring a JRMPInvoker with a RMISSLServerSocketFactory [1] in conf/jboss-service.xml, a NPE is seen due to a failure to initialize ... JBNAME-8, updates to security in naming server https://jira.jboss.org/jira/browse/JBNAME-8 I have added security permission checks when running under a security manager to the jnpserver project for the 5.0.0.CR3 release. The following RuntimePermissions are requi... Security Certificate Where do I install a security certificate in JBOSS SSO? 
EJBSpecUnitTestCase and the MDB Run As related tests The EJBSpecUnitTestCase has a complex setup and the MDB run as related tests have been failing for a long long time. But debugging the issue has been pretty complex for a long long time now because the MDB tests fail ... SSO inetOrgPerson LoginProvider Hi, I have been implementing a LoginProvider based on RFC2798 (inetOrgPerson), the problem I'm facing is that the standard doesn't include the concept of roles that a user belongs to. So does any know a normal used pr... 
JBoss Negotiation - 2.0.3.Beta2 released, onto 2.0.3.CR1 The Beta2 release is now out https://jira.jboss.org/jira/browse/SECURITY-266, so now onto the tasks for the CR1 release (Which should be a real CR release with the potential to be tagged GA). I think the following ta... 
JACC issue: why is not Policy::implies called on my Policy p Hello, I'm porting home-grown JACC provider from GlassFish to JBoss 5.0 CR1. I've copied all the needed jars into server/all/lib subdirectory. Followed http://wiki.jboss.org/wiki/JACC to enable it. When I start jboss ... 
JBoss Negotiation - SPNEGO I just wanted to start a discussion to see if there are any priorities for the tasks to work on for the Beta2 release of the JBoss Negotiation library. I have just added a new LDAP login module based on the existing ... jboss rules not worked hi everyone in my project , i'm define rules with jboss rules in rules-file and when run project two message [Contexts] starting up: org.jboss.seam.security.identity [RuleBase] parsing rules: /security.drl is shown ... 
security-config schema location I am working on the integration of the ACL (instance-based authorization) project with the AS. For that I need to offer users a way to specify the ACL provider as part of an application-policy, which requires changes ... GSSAPI/Negotiate I was asked to provide input to this forum about the uses of GSSAPI/Negotiate. The source of this was this post: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73418 The usecases I am working with t... 
Legacy client SecurityAssociation This work: http://jira.jboss.com/jira/browse/SECURITY-75 isn't much use without this: http://jira.jboss.com/jira/browse/SECURITY-125 Most clients (if they used the SecurityAssociation api) will be using on the client... 
SecurityContext inherited by threads on the serverside http://anonsvn.jboss.org/repos/jbossas/tags/JBoss_4_0_5_GA/testsuite/src/main/org/jboss/test/security/test/SAThreadLocalUnitTestCase.java The test "testThreadLocal" clearly tests that on the server, SecurityAssociati... Error in org.jboss.security.valve.SSOFederationRouter The lookupPartners() method has "http" hard coded for creating the URL to access the federated resource of partners. When the request comes from a secure connection the method throws a org.apache.commons.httpclient.Pr... 
Log in to follow, share, and participate in this community.