3 Replies Latest reply on Oct 18, 2001 4:12 PM by starksm64

JBossSecurityMgrRealm problems

maximus Oct 17, 2001 1:10 PM

Hi

I'm running JBoss-2.4.3 with embedded Tomcat-3.2.3 and want to secure a particular JSP page using the default JBossSecurityMgrRealm (hence integrating with JBossSX security api for authentication and authorization).

When I visit the protected page I am presented with a login dialog as I would expect. I have two related problems:

1) Running in debug I break in JBossSecurityMgrRealm.authenticate(req,res). The call to getSecurityContext() does a lookup against the embedded JNP service for "java:comp/env/security", which returns null. Hence authenticate fails by default without getting as far as checking the credentials. Can anyone tell me how to configure JBoss so that a valid security context is returned?

2) Given that point 1 is sorted, where does the JNP service get its data from? i.e. How do I specify users and their roles.

Regards
Max

1. Re: JBossSecurityMgrRealm problems

starksm64 Oct 18, 2001 12:15 AM (in response to maximus)

Read this: http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html
Actions
2. Re: JBossSecurityMgrRealm problems

ko5tik Oct 18, 2001 6:26 AM (in response to maximus)

1. Did you checked your DD's? Were there any errors during deployment? I found that jboss/tomcat is very sensitive to this and may ( as side effect )
do not bind security context.

2. JbossSecurityMgrRealm stores auth data in
SecurityAssociation ( which is ThreadLocal etc. pp. )
Client side proxies pull those data from there on invocation of ejb's

( BTW, nothing prevents you to setup
SecurityAssociation without JbossSecurityMgrRealm... )
Actions
3. Re: JBossSecurityMgrRealm problems

starksm64 Oct 18, 2001 4:12 PM (in response to maximus)

Nothing yet. Future versions running under a Java2 SecurityManager will not allow access to the SecurityAssociation from client code.
Actions

Go to original post