jaas | 易学教程

JAAS - fails to persist Kerberos ticket to cache file, and unable to create cache from scratch.. and other details

阅读更多关于 JAAS - fails to persist Kerberos ticket to cache file, and unable to create cache from scratch.. and other details

I'm developing a Java application that performs authentication with JAAS, should work as follows: (i) when the ticket for user uclient is already in local cache it should authenticate the user without asking credentials, (ii) when no ticket for 'uclient' is in cache it should ask for username/password and save the acquired ticket into the local cache. My application is able to perform 'i' but is not able to perform 'ii', it authenticates correctly the user (creates the Subject/Principal) but it doesn't persist the Krb ticket into the cache. Questions How do I achieve/implement this? And.. is

How to propagate JAAS Subject when calling a remote EJB (RMI over IIOP) from a pure client

阅读更多关于 How to propagate JAAS Subject when calling a remote EJB (RMI over IIOP) from a pure client

I am testing the propagation of JAAS Subject with a custom Principal from a standalone EJB client running on a raw Java runtime to a JavaEE server. I am targeting both JBoss and WebSphere implementations. According to this forum thread I have expected it would work with JBoss easily. Here is my EJB client code code snippet: Subject subject = new Subject(); Principal myPrincipal = new MyPrincipal("me I myself"); subject.getPrincipals().add(myPrincipal); PrivilegedExceptionAction<String> action = new PrivilegedExceptionAction<String>() { public String run() throws Exception { String result;

Using Mockito, how do I intercept a callback object on a void method?

阅读更多关于 Using Mockito, how do I intercept a callback object on a void method?

问题 I'm using mockito to test a legacy JAAS/LDAP login module. The javax.security.auth.callback.CallbackHandler interface defines the function: void handle(javax.security.auth.callback.Callback[] callbacks) I'm expecting callbacks to contain a NameCallback , which is the object that needs to be manipulated to pass the test. Is there a way to mock this effectively, or would I be better off with a stubbed implementation of CallbackHandler ? 回答1: For functions returning void , use doAnswer()

JSF authentication and authorization

阅读更多关于 JSF authentication and authorization

问题 What is the best way to go about implementing authentication and authorization for a JSF web application? Preferrably I'd still want to use container-based security, as I need to call EJBs that require the principal. I realize form-based authentication is a major struggle with JSF, but can I perhaps use a PhaseListener or something similar together with programmatic logon to authenticate the user? Any other methods I should rather have a look at? 回答1: Try to check out the blog for using JAAS

Glassfish 3.1 default principal to role mapping

阅读更多关于 Glassfish 3.1 default principal to role mapping

I am working with glassfish and jaas module. I configured my web.xml in this way. <security-constraint> <web-resource-collection> <web-resource-name>ALL Page for admin</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>file</realm-name> </login-config> <security-role> <description>Administrator</description> <role-name>user</role-name> </security-role> It means all user that want to access my web application need be of the

JAAS - fails to persist Kerberos ticket to cache file, and unable to create cache from scratch.. and other details

阅读更多关于 JAAS - fails to persist Kerberos ticket to cache file, and unable to create cache from scratch.. and other details

问题 I'm developing a Java application that performs authentication with JAAS, should work as follows: (i) when the ticket for user uclient is already in local cache it should authenticate the user without asking credentials, (ii) when no ticket for 'uclient' is in cache it should ask for username/password and save the acquired ticket into the local cache. My application is able to perform 'i' but is not able to perform 'ii', it authenticates correctly the user (creates the Subject/Principal) but

How to save Kerberos Service Ticket using a Windows Java client?

阅读更多关于 How to save Kerberos Service Ticket using a Windows Java client?

问题 I've written a simple Java HTTP Client that is running under Windows. The client communicates with a web server which requires Kerberos authentication through SPNego. I'm experiencing two problems: The service ticket is not stored in my credentials cache. After performing a request, I expected to see a Kerberos Service Ticket stored in my credentials cache under C:\Users\<user>\krb5cc_<user> - was I wrong to assume that Java stores service tickets in the credential cache? I'd like to reuse a

LoginException: Login failed: Security Exception

阅读更多关于 LoginException: Login failed: Security Exception

I am attempting to setup container managed security with GlassFish v3.1.1 Build 12 and JSF 2.1. I keep getting the following exception for some reason and I am unable to login. WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception WARNING: Exception com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception at com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:394) at com.sun.enterprise.security.auth.login.LoginContextDriver.login

Glassfish 3.1 default principal to role mapping

阅读更多关于 Glassfish 3.1 default principal to role mapping

问题 I am working with glassfish and jaas module. I configured my web.xml in this way. <security-constraint> <web-resource-collection> <web-resource-name>ALL Page for admin</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>file</realm-name> </login-config> <security-role> <description>Administrator</description> <role-name

How to propagate JAAS Subject when calling a remote EJB (RMI over IIOP) from a pure client

阅读更多关于 How to propagate JAAS Subject when calling a remote EJB (RMI over IIOP) from a pure client

问题 I am testing the propagation of JAAS Subject with a custom Principal from a standalone EJB client running on a raw Java runtime to a JavaEE server. I am targeting both JBoss and WebSphere implementations. According to this forum thread I have expected it would work with JBoss easily. Here is my EJB client code code snippet: Subject subject = new Subject(); Principal myPrincipal = new MyPrincipal("me I myself"); subject.getPrincipals().add(myPrincipal); PrivilegedExceptionAction<String> action