Security aspects failing in AS trunk When running the org.jboss.test.aop.test.SecurityUnitTestCase testcase in AS trunk I get the following error: <testcase classname="org.jboss.test.aop.test.SecurityUnitTestCase" name="testAnnotated" time="0.984"&... 
Combining BaseCertLoginModule with LdapExtLoginModule doesn' On the following wiki page http://wiki.jboss.org/wiki/BaseCertLoginModule you'll find the following example: <application-policy name = "jmx-console"> <authentication> <login-module code="org.jboss.s... 
Security and JCA I've just reinstated org.jboss.security.Util which is used by a JCA login module (PBE) that hadn't been ported to jboss-head. On a more general note: We've had this discussion on the jca forum and basically we don't... 
Security Injection in AS5 this design thread is to discuss Adrian's subtask for me to tidy up some of the security injection in AS5. http://jira.jboss.com/jira/browse/JBAS-5309 Adrian: There's no real way to depend upon a specific login modul... 
Security EJB2 and dependencies If you run the pooled tests in JBoss5 ./build.sh test -Dtest=pooled -Dnojars=t you will see it fails with 16:20:26,857 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOExceptio... The jacc is not running; it cannot be stopped. While this is a hilarious error message, it basically means the testsuite is broken at the moment. See: http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146144#4146144 shared LoginModule between multiple applications We have a couple of applications that are going to be deployed by jboss. I'm looking for a primer that will help me configure jboss so that both applications can use the same custom LoginModule that I have created. B... 
Encrypting attributes/properties of beans Scott, you have mentioned this topic in the passing, a few times. Could you elaborate on your thoughts here? I can start thinking about this a bit over time. I am guessing that you meant securing the bean properties ... Why do we need a security context to access a local ejb? With the old SecurityAssociation we didn't need to login to access a local EJB. If the ejb was secured, it just failed because of the null principal, otherwise the request was allowed. 21:00:26,618 ERROR [AbstractK... JSR-196 [Java Authentication SPI for Containers] Discussion I would like to dedicate this thread for discussion on JSR-196 (JASPI). As you know the container issue for JSR-196 implementation in JBoss 5.0 is: http://jira.jboss.com/jira/browse/JBAS-2525 Once the prototype stabi... SSO LdapLoginProvider activates an identity based on the Sur Hi, At the Federated SSO I'm wondering if its intentionally that the Surname in the LDAP is used to define that an Identity is active. String cour = rs.getString("sn"); boolean active = (new Boolean(cour)).booleanV... 
Federated SSO + OpenDS integration Hi, I'm starting to work on issue JBSSO-26, and would like to know if you have something i mind related to this. At this moment I have created an IndetityProvider for OpenDS, that works :D, and are now thinking about ... JBoss Rules/Drools based Authorization Module for JBAS5 I think for future iterations of AS5, there is a possibility of providing an external library for integration, that will provide a Rules based authorization implementation for the containers. For the current iteratio... U Prove, sso holy grail? From http://www.wired.com/techbiz/it/news/2008/04/microsoft, never heard of it, can't seem to find much about it. In a move that could extend its already substantial presence in the realm of identity access and man... 
Adding the HttpOnly cookie flag to the core of JBoss Hello - are there any development plans to add the HttpOnly cookie flag to the JBoss session handing cookie? When the HttpOnly flag is added to the session cookie, it prevents JavaScript from reading cookie data. This... 
Broken object names in jacc I've done a basic fix to this, but I'm still seeing other problems. The first I saw was object names without values, e.g. jboss.jacc:id=,service=jacc which is not a valid JMX object name. Since you can't guarantee t... PolicyConfiguration commit and linkConfiguration API Redoing the security deployers, I came across this thing which I had not given a lot of thought before. * You can link a child PolicyConfiguration to a parent only if it is not committed (or inService). * A commit on... Issue with request.getUserPrincipal() Hi, I am developing an web application with JAAS, Spring and JPA. I will be validating the authentication of services by using following methods. 1. request.getUserPrincipal() 2. request.isUserInRole(). Both are wo... 
OpenID beta http://developer.yahoo.net/blog/archives/2008/01/yahoo-openid-beta.html Today, we are launching the public beta of the much-anticipated Yahoo! OpenID Provider service. This means that users with a Yahoo! account - a... AS 4.2.0 binding to localhost In an effort to make JBoss more secure by default, the following issue was addressed in 4.2.0.CR1: http://jira.jboss.com/jira/browse/JBAS-4119 Now if you just type "run.sh", JBoss will default to binding to localhos...
Log in to follow, share, and participate in this community.