jaas

问题 While performing JAAS authentication I do not want to use a .config file for LoginModule lookup/configuration. My question is; is there a way to do this with out using a .config file? or can we use javax.security.auth.login.Configuration object for this purpose because it not clear to me after reading Oracle javadoc http://docs.oracle.com/javase/8/docs/api/javax/security/auth/login/Configuration.html 回答1: Pass your Configuration at constructor of LoginContext. See JavaDoc at LoginContext: [..

问题 I've configured JAAS in glassfish 3.0 and used JDBCRealm for authenticating users. It's working properly and URL(s) are restricted. But the method #{facesContext.externalContext.isUserInRole('admin')} always returns false, even when the logged in user is admin.I've set "admin" for both "group name" in my database and for "role name" in the mapping file and the user is admin. What might be the problem? 回答1: In a servlet container, isUserInRole is just a call to the underlying servlet method. I

问题 EI611 with kafka connector latest throwing error : org.apache.kafka.common.KafkaException: Exception while loading Zookeeper JAAS login context 'Client' . . . . Caused by: java.lang.SecurityException: java.io.IOException: C:\WSO2EI~1.1\bin..\repository\conf\identity\jaas.conf (No such file or directory) This error was posted by someone else too : wso2 Inbound endpoint - Kafka consumer Does anybody find the solution? Do you know how to fix? 回答1: If you need to configure Kafka without security,

问题 Is there something like a listener that I can use when JAAS authentication is done successfully, so that I can execute code in that moment? Right now I'm using JBoss AS 7 with the DatabaseLoginModule . One way would be to implement a custom login class extending DatabaseLoginModule , however it feels like overkill for this requirement. I not completely clear about some aspects of the Java EE application life cycle, maybe an application or session listener is fired when login is done. What

问题 I am trying to implement database based JAAS authentication on JBoss 7.1 Application server, but getting below error. Any pointer will be helpful. I have shared configuration details. 14:46:03,807 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-2) Obtained user password 14:46:03,808 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (http-localhost/127.0.0.1:8080-2) AppDS: returnConnection(40c2d8ac, false) [1/9] 14:46:03,808 TRACE

问题 I am working with Java security policies and it's still rather new for me. I will like to be able to run the code directly as a launch configuration, so I have a debugger and all the other nice IDE stuff. I can get it to work until I use the codebase attribute in the policy. I have a class in the package application that creates a LoginContext . The policy file is located in the root of my project. With this content it works fine: grant { permission javax.security.auth.AuthPermission

问题 We are not able to see " AllAuthenticatedInTrustedRealms" option in Map special subjects while we are mapping the security role to users in Websphere 8.0.0.9 where as in Websphere 8.0.0.8 we have it. Is there any configuration needed to see that option for mapping the security roles to users for our web application??? I suspect that there may be some configuration missing. Please help here. Appreciations for your earlier reply. 回答1: The AllAuthenticatedInTrustedRealms is only available if you

问题 I would like to add a Login module to my Java EE 6 application. I've read about JAAS, but I don't understand how I can use it. Do you know some tutorial or snippet that I can use to understand and implement my login module, using JAAS and Java EE 6? I'm using glassfish 3.1.2, eclipselink as JPA implementation and MySQL. 回答1: The Glassfish FAQ about login module is there, but I agree it's not very deep. http://glassfish.java.net/javaee5/security/faq.html#pluglogin Thare two things to

问题 We are trying to use WAFFLE for SSO using a standalone java client with JAAS. We've mentioned waffle.jaas.WindowsLoginModule in our jaas.conf but it is prompting for user name, password which we believe is not an ideal solution for SSO. Can any one suggest how to avoid this? FYI - We aren't using any web/app server. 回答1: I believe you will need both a server and client for SSO. You can have a look at this example, it doesn't use the login module but the underlying WindowsSecurityContext

问题 I'm new to Java EE development however I'm going well in it, I'm a bit confused with the security part of my application. I have read a few articles on how I can implement JAAS security in my Java EE web application. This is what I read & understood, all he others were unclear: http://uaihebert.com/user-login-validation-with-jaas-and-jsf/ The example is great and all but it configures the JBoss server, Im not using JBoss and I'm not intending to. If I were to use JAAS do I need to configure