JBoss Negotiation Documentation The JBoss Negotiation document has become quite cumbersome to maintain using docbook, would there be any objections to moving it as a set of wiki documents instead? This should hopefully make it much ea... 
AS7 Property File Based Login Modules Within the previous AS releases there are a few login modules that make use of properties files to store the users and roles, has there been any consideration yet as to how the equivalent capabilities will be provided... AS7 Plugability for Dependencies For the AS7 managament API security we are currently discussing how to re-use as much as possible of the already integrated PicketBox project. One requirement that we have is that the security of the managemen... AS7 : Authentication and Authorization For AS7 I'm thinking about rewriting all our login modules to separate authentication (caller principal mapping) from authorization (role mapping) during the JAAS process. Currently the majority of our login modules ... 
PicketBox/JbossXACML PDP Configuration Hi, I want to use JBossXACML/PicketBox XACML in axis2 for securing a web service. However there is no proper documentation how do I configure and call PDP of the JbossXACML. Can someone kindly guide me from... 
AS7: Authentication Cache Design Marcus, let us keep this thread for discussing the Authentication Cache design changes. From what you said: The auth cache has to be: configurable at the security domain level. flushing configuration at the... 
SubjectFactory Implementation For AS5, we introduced a SubjectFactory interface for use by JCA. An issue that is my fault is that the implementation of this interface was done in the security branch of the AS workspace (http://anonsvn.jboss.... Mapping Application Roles to Declarative Role Many users would like to map the application roles that are derived out of the Jaas authentication process to declarative roles (defined in various deployment descriptors like web.xml). There is a feature request tha... Make JBossPDP an interface to allow easier insertion of custom PDP. Hi, I have been looking into using my own, custom PDP and have been discovering that the JBossPDP is pretty entwined to the security component. For example it can get created in JBossPolicyRegistration, JBoss... 
Problem with custom login modules On a recent support case the costumer is using IBM's Kerberos login module which was working fine in JBoss AS 4.0.4. Now he migrated to JBoss AS 4.2.0 and the login module fails with this stack trace: javax.security.... Do Not Post User Questions You should use the "PicketBox User Forum" and not the "PicketBox Development Forum" for your user questions. PicketBox Development Forum is mainly for the developers behind the PicketBox code (the ones w... PicketBox Overview What is PicketBox? Environment Needed Download Releases Relationship between PicketBox and PicketLink Advanced Information ( PicketBox FAQ) Latest Information What is PicketBox? PicketBox (for... PicketBox: JSR-196 Callback Handler Mainly for JCA 1.6 integration needs, there was a requirement for PicketBox to provide a JSR-196 call back handler. JASPICallbackHandler Source Code: Link Test: JASPICallbackHandlerUnitTestCase PicketBox Code Release Procedure Reference: Maven Developer Guide at JBoss. Pre-requisites: 1) Ensure that the parent pom of the project has atleast version 5 of the JBoss Parent pom. 2) You have done the settings.xml in your local home... Auth Cache is not flushed after logout Hi, can anyone kindly help me? Currently we tried to migrate our project from JBOSS 4.2 to 5.1, however the Authentication Cache is failed to be flushed after the logout method is called which worked fine on JBOSS 4... 
JSR-160 connectors security This is a design thread that Scott Marlow (SMarlow) and I will be using to discuss the JSR-160 integration that Scott is working on. There are some security aspects to be considered in this integration based on the JS... PicketBox Authentication << Go Back To PicketBox Overview PicketBox (formely JBoss Security) provides JAAS based authentication facilities for Java applications. Pre-requisites Authentication Simple Examp... Mapping Providers PicketBox has a powerful mapping framework as highlighted in here. Particularly, the role mapping functionality is very important for access control decisions. We have a select set of providers availab... SecurityContext From Scott's quote: instead of just a Subject representing the security context, we should have a security context that contains a Subject, trust domain info, authorization info/pointers, etc to allow better integrat... EJB3 security - Skip authorization for @PermiAll? I was looking at a thread in the EJB3 forum which was talking about poor performance of a bean method invocation when the bean is marked with a @SecurityDomain, as compared to a similar bean without any @SecurityDomai... 
Log in to follow, share, and participate in this community.