jaas

问题 If one would to look at JBoss security framework as one possible explanation on how to enable JAAS using JBoss 6 and create this web.xml to configure JAAS security to protect i.e. a Rest api: <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <context-param> <param-name>resteasy.scan

问题 If one would to look at JBoss security framework as one possible explanation on how to enable JAAS using JBoss 6 and create this web.xml to configure JAAS security to protect i.e. a Rest api: <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <context-param> <param-name>resteasy.scan

问题 Here is scenario : I have some web services (JAX-WS) that need to be secured. Currently for authentication needs I providing addition SecurityWService that give authorized user some userid & sessionid that is need to be described in request to other services. It would be more better to use some java security. We have many of them but could not defined what is better to use. Q1 : It is understand that I should use SSL in transport layer, but what should I use for user authorization. Is there

问题 I'd like to know how to combine these two authentication steps : check the user/password in an LDAP add principals (roles) found in a DB to the subject. The LDAP user repository have no idea about application-specific roles and I don't want to manage the passwords in the application DB. So I need both. JAAS configuration file allows to have additional LoginModules : <name used by application to refer to this entry> { <LoginModule> <flag> <LoginModule options>; <optional additional

问题 In javax.faces.webapp.FacesServlet docs, it is mentioned, Allowable HTTP Methods The JSF specification only requires the use of the GET and POST http methods. If your web application does not require any other http methods, such as PUT and DELETE, please consider restricting the allowable http methods using the <http-method> and <http-method-omission> elements. Please see the Security of the Java Servlet Specification for more information the use of these elements. My application indeed does

问题 I'm trying to run code within JBoss Container under a different authentication by programatically logging in a user like that (stripped exception handling): LoginContext ctx = ctx = new LoginContext("MyLoginSchema", new UsernamePasswordCallbackHandler("newuser", "") ); ctx.login(); Subject.doAs(ctx.getSubject(), new PrivilegedAction<T>() { @Override public T run() { Subject.getSubject(AccessController.getContext()); InitialContext ic = new InitialContext(); EJBContext sctxLookup = (EJBContext

问题 I have a Java EE web application which uses an LDAP authentication. I use Spring security to connect to my LDAP with the following code: <bean id="ldapContextSource" class="com.myapp.security.authentication.MySecurityContextSource"> <constructor-arg index="0" value="${ldap.url}" /> <constructor-arg index="1" ref="userConnexion" /> </bean> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="ldapAuthProvider" /> </security:authentication

问题 I have a Java EE web application which uses an LDAP authentication. I use Spring security to connect to my LDAP with the following code: <bean id="ldapContextSource" class="com.myapp.security.authentication.MySecurityContextSource"> <constructor-arg index="0" value="${ldap.url}" /> <constructor-arg index="1" ref="userConnexion" /> </bean> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="ldapAuthProvider" /> </security:authentication

问题 I get a ServeletException: Failed to authenticate a principal when I attempt to login with the DatabaseServerLoginModule. I'm guessing the issue is either how passwords are written to the db or the rolesQuery that is incorrect. I certainly can use suggestions on how to troubleshoot at this point. Here is my setup: login-config.xml <application-policy name = "Avengers"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module

问题 jboss-web.xml <?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain flushOnSessionInvalidation="true">my-aktion </security-domain> <valve> <class-name>utils.MyAuthenticator</class-name> </valve> </jboss-web> standalone.xml <security-domain name="my-aktion" cache-type="default"> <authentication> <login-module code="utils.MyAuthenticator" flag="required"> <module-option name="dsJndiName" value="java:jboss/datasources/MySQLDS"/> <module-option name="principalsQuery" value="SELECT