WebJASPIOptionalAuthenticator, spec compliant? I "discovered" the valve WebJASPIOptionalAuthenticator in the JBoss AS (7.1.1, 7.1.3) source code. It doesn't seem to be documented anywhere, but judging from the code and from trying out it appears to do authenticati... 
JASPIC module not invoked after request#login I've installed a JASPIC (JASPI/JSR 196) SAM (login module) in JBoss EAP 6.01. It works and is invoked whenever a protected resource is accessed. However, when I call HttpServletRequest#login it's NOT invoked, ... Authentication failed using DatabaseServerLoginModule Hi all. I'm trying to use the DatabaseServerLoginModule, but isn't working. I found many examples like this. What is wrong? I've in my standalone.xml: &... 
LoginModule defined with cached=true, but called between web and ejb container In JBoss 4/5 the JassSecurityManager uses a cache so not reauthentification was requirered if we call a secured ejb from the web-container. In JBoss 7 we defined the loginmodule with the option cache=true, but... 
JBoss AS7 Security Auditing Configure the Domain Model Logging Subsystem <subsystem xmlns="urn:jboss:domain:logging:1.1"> &... 
Security Requirements Document This document will collect the requirements for security for the various JBoss Community projects in one place. Projects Providing RequirementsJBoss Application Server Aerogear JBoss Developer Framework/JBossWay RESTE... 
JASPI ServerAuthModule I've a self written JASPI ServerAuthModule, which works great in Glassfish. Now I had to switch to AS 7. I have not found any resources how to configure a JASPI ServerAuthModule in AS 7?! I put my jar in a AS... 
DatabaseCertLoginModule can't find securityDomain I've configured a security-domain in subsystem domain:security:1.1 mycertdomain which is displayed in the server profile page under Security/Security Domains. When I reference that securityDomain in a login-module/mo... 
PicketBox Security Annotations << Go Back to PicketBox Overview Project: PicketBox Project: PicketBox @SecurityDomain Annotation @Authentication Annotation @Authorization Annotation @SecurityMappin... 
Primer on Web Security in JBoss AS This article is a one stop resource for web security in JBoss Application Server. Even though the configuration may change between major versions of JBoss Application Server, the features should be available sta... PicketBox Development Chat Transcript Anil and Pedro. (08:36:43 AM) asaldhan: psilva: discuss status of each project. we then can do checkpoints (08:36:53 AM) asaldhan: https://docs.jboss.org/author/display/SECURITY/SecurityProjectsArchitec... Can we use vault in authentication/login-module or anthentication/users? Hello all, As the article https://community.jboss.org/wiki/JBossAS7SecuringPasswords describes, we can use vault to secure datasource password. For authentication, can we also use vault to secure sensitive str... 
Security Context Propagation Discussion related to https://docs.jboss.org/author/display/SECURITY/Java+Application+Security When there is a need to propagate security context, the following usecases come into my mind: a) Thread level sec... Alternative for class org.jboss.security.auth.login.DynamicLoginConfig in AS7 How to plug DynamicLoginConfig from AS6 into AS7? In AS6 dynamic JAAS configuration is done using class org.jboss.security.auth.login.DynamicLoginConfig. Is there any posibility to get similar dynamic JAAS configura... 
Authentication API Design <<< Go Back to Security Requirements Document This article will talk about the various design elements involved in an authentication api. Goals to consider:Non-protocol based mechanisms where t... Identity Management Model Requirements <<< Go Back to Security Requirements. Identity Model involves the representation of User, Attributes, Roles, Groups etc. These are stored in a data store such as DB or LDAP. Requirements Requir... [Jboss AS 7] Use Jboss negotiation with JDK 7 and Windows Server 2008 checksum failed Hello everyone, I need your help. I would like to use the technology "SSO" in our application and let me know if this is compatible? and if so, I would like the step I'm missing because I get errors perpetually. Con... 
Get something started with XACML - Requirements Discussion Hello all, I have recently begun participating in this project and I noticed that the discussion on XACML has been fairly quiet, so I thought I would kick off some discussions to see what the interest level is, see ... 
Challenge/Response enabled Authentication Framework Wondering if SASL is the perfect candidate for a challenge/response enabled authentication framework with multiple authentication mechanism support. Wikipedia entry on SASL. Apart from a challenge/resp... Negotiation protocol broke? I detected a problem with the implementation of the Kerberos login module for JBoss AS 6. It seem's that the negotiation protocol isn't fully implemented. If there are multiple alternatives it stops after the first ... 
Log in to follow, share, and participate in this community.