3 Replies Latest reply on Jul 8, 2004 3:08 AM by phantom

    Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)

    phantom

      Our application work well under JBOSS 3.2.3, but when I try to run our application under 3.2.5 I have got some errors.

      We are using jaas security domain in web application and Security Proxy for handling of invokes of beans. So, beans don't have declared security domain. In some classes we use SecurityAssociations.getPrincipal(). But in 3.2.3 in this classes we obtain real principal, which was used during authorization, but in 3.2.5 this method returns null. What is happen? How I can use SecurityAssociation in 3.2.5.

      Please HELP!

        • 1. Re: Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
          lazybonezz

          I have the same problem on moving from 3.2.3 to 3.2.5 with Tomcat. The principal does not seem to be being set in SecurityAssociations by the ClientLoginModule.

          • 2. Re: Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
            starksm64

            The SecurityAssociation state is controlled by the ejb/web containers. Create an example of how your trying to use it and post a bug report to sourceforge:
            http://sourceforge.net/tracker/?group_id=22866&atid=376685

            • 3. Re: Problems in JBOSS 3.2.5 + Tomcat 5.0(Please HELP!)
              phantom

              It seems that problem was resolved:
              login-config.xml for 3.2.3 was:

               <application-policy name = "%my-security-domain%">
               <authentication>
               <login-module code="%MySecurityLoginModule%" flag = "required">
               </login-module>
               <login-module code = "org.jboss.security.ClientLoginModule"
               flag = "required">
               </login-module>
               </authentication>
               </application-policy>
              


              login-config.xml for 3.2.5 is:

               <application-policy name = "%my-security-domain%">
               <authentication>
               <login-module code = "%MySecurityLoginModule%" flag="required"/>
               <login-module code = "org.jboss.security.ClientLoginModule" flag="required">
               <module-option name = "password-stacking">useFirstPass</module-option>
               <module-option name = "restore-login-identity">true</module-option>
               </login-module>
               </authentication>
               </application-policy>
              


              After this manipulation all is OK.

              Can you explain in detailes changes in 3.2.5?

              Thank you!