JBossCachedAuthenticationManager caching and JAAS modules returning different Principal I have been trying to run two applications with EJB remoting on JBoss 7.1.x. My main problem is that currently JBoss only allows one authentication method by remoting port (one realm per port) and the EJB3 subsystem o... 
WebJASPIAuthenticator ignores GroupPrincipalCallback but requires PasswordValidationCallback In JBoss AS 7.1.1, if a user provided ServerAuthModule provides a GroupPrincipalCallback, this is ignored by WebJASPIAuthenticator. The provider handler copies the GroupPrincipalCallback, but the authenticator then do... 
JBoss AS7: Enabling JASPI Authentication for Web Applications This document describes the steps needed to enable JASPI authentication for Web applications on JBoss AS7. Application Server Configuration The first step to enable JASPI is to configure a security domai... 
How-to registering JASPI auth module via AuthConfigFactory? In this article Ron Mozillo hints that an JASPI auth module can be registered via the AuthConfigFactory. Unfortunately no example is given and the API plus Javadoc isn't exactly straightforward. I'm trying to do the p... JBoss AS7: securing subsystem web applications In JBoss AS7 it is possible for extension subsystems to publish web applications programmatically (i.e. without going through the deployer). This, for example, is how the default "welcome" web app in AS7 works (look a... 
How to pass data from valve to login module? I use AS71.0CR1b I need some http header data in my login module. - But how can I access http header in login modules? My current approach is to read http header in a valve, put it in a thread local an... 
How to decrypt the password which was encrypted by picketBox In JBoss AS7 datasource configuration, I use java org.picketbox.datasource.security.SecureIdentityLoginModule passwordString to encrypt the password. Now I have one requirement that decrypt the password by my app co... 
JBoss AS7: Configuring SSL on JBoss Web There are 3 sets of connectors that one can configure with JBossWeb. AJP Connectors HTTP/HTTPS Connectors Native Connectors AJP Connectors are primarily used to service requests coming from a web server such as... 
Injection in LoginModules Could any of you guys shed some light on this? https://community.jboss.org/thread/177900?tstart=0 
AS7: Utilising masked passwords via the vault Background: JBoss AS7.1 includes a vault facility to secure attributes (such as passwords). You can get more information at https://community.jboss.org/wiki/JBossAS7SecuringPasswords Example: Assume tha... Anil's CheatSheet for AS7 Development Objective: Set up Marcus's GIT master as a remote repository git remote add marcus https://github.com/mmoyses/jboss-as.git Objective: Sync my branch with Marcus on a regular basis. git fetc... JBoss AS7: Security : Running under a Java Security Manager This article will discuss ways by which you can run a JBoss AS 7.1 instance under the Java Security Manager. Prerequisites A general understanding about configuring security permissions in a Java Securit... AS7: Sensitive Attributes Masking We can extend masking of passwords to all attributes that the user determines to be sensitive and not be displayed in clear text in the configuration files. There are two entities: a) Sensitive Attribute Hold... XACML Resource Management This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... 
XACML Deployment This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... XACML Audit/Reporting This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... XACML Administration This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... XACML Enforcement This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... XACML Performance This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharin... JBoss AS7: Security : EJB3 Security Some things to remember are: Use the @org.jboss.ejb3.annotation.SecurityDomain on your EJB3 beans. Unless they are present, the security system is not enabled for the EJBs. You can also ...
Log in to follow, share, and participate in this community.