-
1. Re: AOPSecurity: I have failed to get expected results.
kabirkhan Oct 14, 2005 6:00 AM (in response to russelldb)Our testsuite has tests for security, so it definitely works :-)
Try the injboss tutorial example, to make sure you have got everything set up correctly. In the AOP distribution it is in docs/aspect-framework/examples/injboss/ -
2. Re: AOPSecurity: I have failed to get expected results.
russelldb Oct 14, 2005 6:29 AM (in response to russelldb)I'm havinga look at the example now. Thanks for the advice.
Where can I find the tests in your testsuite ? -
3. Re: AOPSecurity: I have failed to get expected results.
russelldb Oct 14, 2005 6:36 AM (in response to russelldb)Ok. The plot thickens. Now I can't get your examples working either.
The file docs/aspect-framework/misc/running_jboss.html
is missing from the download (jboss-aop_1.3.4) so I cannot figure out what I am doing wrong. Under the AOP menu in the web-console all the deployments are shown as "unbound".
What I have doen is follow the documentation here http://docs.jboss.com/aop/1.3/aspect-framework/reference/en/html/running.html#jboss
and here http://wiki.jboss.org/wiki/Wiki.jsp?page=AOPSecurity to the letter.
Anyone else either had this trouble OR got this working ? -
4. Re: AOPSecurity: I have failed to get expected results.
kabirkhan Oct 14, 2005 6:42 AM (in response to russelldb)We have two sets of tests
*standalone tests
in the main aop/aspects project folder under src/tests
*injboss tests
if you check out jboss-head or the 4.0 branch they are under testsuite/ The source files are under src/main/org/jboss/aop and src/jdk15/org/jboss/aop (if you use Java 5 these files will overwrite the ones in src/main). Note that the testsuite itself does not use any special classloading techinques. It uses a deprecated technique of hooking into the RepositoryClassLoader via the Transformer interface.
The security tests are in the main testssuite -
5. Re: AOPSecurity: I have failed to get expected results.
russelldb Oct 14, 2005 6:45 AM (in response to russelldb)thanks
-
6. Re: AOPSecurity: I have failed to get expected results.
kabirkhan Oct 14, 2005 6:47 AM (in response to russelldb)You need to enable weaving as per sections 10.3.2 or 10.3.3 depending on your JDK
http://docs.jboss.com/aop/1.3/aspect-framework/reference/en/html/running.html#jboss
(The dist contains a newer copy of this guide)
There are a few threads on this forum already where people have asked for this. -
7. Re: AOPSecurity: I have failed to get expected results.
russelldb Oct 14, 2005 6:57 AM (in response to russelldb)Ok.
I'll start again and follow all the steps again as I must have missed something. I have started going back and checking thorugh this forum too.
When I figure out what I have done wrong I'll let you know.
Russell -
8. Re: AOPSecurity: I have failed to get expected results.
russelldb Oct 14, 2005 7:49 AM (in response to russelldb)Ok...I didn't read the jboss-service.xml comments in the jboss-aop-jdk50.deployer/META-INF dir. To enable load time weaving I also had to change the mbean code attribute to org.jboss.aop.deployment.AspectManagerServiceJDK5.
Thanks for all your help.
Russell -
9. Re: AOPSecurity: I have failed to get expected results.
russelldb Oct 14, 2005 8:26 AM (in response to russelldb)Now that I have the general issue of running AOP in jbiss solved I stil have the specific problem of the AOPSecurity aspects.
The user principal obtained by the AuthenticationInterceptor is always "null". How do I associate a principal/credential with a call so that the security aspects can use them ?
Russell -
10. Re: AOPSecurity: I have failed to get expected results.
kabirkhan Oct 14, 2005 8:39 AM (in response to russelldb)The easiest and naughtiest way of doing it is to set
org.jboss.security.SecurityAssociationSecurityAssociation.setPrincipal(new SimplePrincipal("somebody")); org.jboss.security.SecurityAssociationSecurityAssociation.setCredential("password".toCharArray() );
This is done by org.jboss.test.aop.bean.SecurityTester in the testsuite. Note that SecurityAssociation is considered an internal API. The proper way for a standalone client is to use the ClientLoginModule http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html#d0e19522
In the case of integrated tomcat/jboss security information should be propagated automatically from the web layer (again using the SecurityAssociation).
If this doesn't work, describe your setup in a bit more detail. -
11. Re: AOPSecurity: I have failed to get expected results.
russelldb Oct 14, 2005 8:57 AM (in response to russelldb)Doh! Yes I have been testing with web security "switched off".
Thanks for the cheeky hack for testing.
Many thanks again for all your help to get me this far,
Russell