3 Replies Latest reply on Jul 8, 2004 3:08 AM by phantom

    Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)

    phantom
    phantom Jul 7, 2004 9:43 AM

      Our application work well under JBOSS 3.2.3, but when I try to run our application under 3.2.5 I have got some errors.

      We are using jaas security domain in web application and Security Proxy for handling of invokes of beans. So, beans don't have declared security domain. In some classes we use SecurityAssociations.getPrincipal(). But in 3.2.3 in this classes we obtain real principal, which was used during authorization, but in 3.2.5 this method returns null. What is happen? How I can use SecurityAssociation in 3.2.5.

      Please HELP!

      • 3136 Views
      • Tags:
        • 1. Re: Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
          lazybonezz
          lazybonezz Jul 7, 2004 1:47 PM (in response to phantom)

          I have the same problem on moving from 3.2.3 to 3.2.5 with Tomcat. The principal does not seem to be being set in SecurityAssociations by the ClientLoginModule.

            • Actions
          • 2. Re: Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
            starksm64
            starksm64 Jul 7, 2004 4:23 PM (in response to phantom)

            The SecurityAssociation state is controlled by the ejb/web containers. Create an example of how your trying to use it and post a bug report to sourceforge:
            http://sourceforge.net/tracker/?group_id=22866&atid=376685

              • Actions
            • 3. Re: Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
              phantom
              phantom Jul 8, 2004 3:08 AM (in response to phantom)

              It seems that problem was resolved:
              login-config.xml for 3.2.3 was:

               <application-policy name = "%my-security-domain%">
 <authentication>
 <login-module code="%MySecurityLoginModule%" flag = "required">
 </login-module>
 <login-module code = "org.jboss.security.ClientLoginModule"
 flag = "required">
 </login-module>
 </authentication>
 </application-policy>


              login-config.xml for 3.2.5 is: 

               <application-policy name = "%my-security-domain%">
 <authentication>
 <login-module code = "%MySecurityLoginModule%" flag="required"/>
 <login-module code = "org.jboss.security.ClientLoginModule" flag="required">
 <module-option name = "password-stacking">useFirstPass</module-option>
 <module-option name = "restore-login-identity">true</module-option>
 </login-module>
 </authentication>
 </application-policy>


              After this manipulation all is OK.

              Can you explain in detailes changes in 3.2.5?

              Thank you!



                • Actions