JAAS « security « Java Enterprise Q&A





1. j_security_check and JAAS    stackoverflow.com

I have been given the task of implementing a login handler. The only detail the handler captures is username and password. Initially I was going to use a JSP ...

2. What's the point of JAAS    stackoverflow.com

What's the point of JAAS if I have to write my own {whatever}LoginModule and everything else?

3. How do I authenticate an application client to EJB 3.0 server    stackoverflow.com

I am very new to the whole J2EE architecture. Could somebody help me out? I have a Swing client with Login, Password fields on machine A.

Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
p.put(Context.PROVIDER_URL, ...

4. How to forward to j_security_check?    stackoverflow.com

I'm using form based authentication (JBOSS/JAAS) but my form is sending the data to my Servlet so I can perform some checks before trying to login. Now I need to forward to ...

5. How to connect to HTTPS server using Common Access Card    stackoverflow.com

I need to write a java program to connect to a HTTPS server (DoD website). The website requires CAC (DoD common access card) authentication. If you access this site via browser, ...

6. Is there a reason why software developers aren't externalizing authorization?    stackoverflow.com

The value proposition of externalizing identity is starting to increase where many sites now accept OpenID, CardSpace or federated identity. However, many developers haven't yet taken the next step to externalize ...

7. Sending Complete Chain from Common Access Card (CAC)?    stackoverflow.com

I'm attempting to enable SSL communication from a web service client (Axis2) using the certificate on the user's CAC card. Works like a charm....UNTIL the web server is CAC enabled. ...

8. Java Application with Multiple JAAS Security Realms    stackoverflow.com

I was wondering if it was possible to have a Java EE application with multiple JAAS security realms. I'm currently developing an application in which some users need to be authenticated with ...

9. Retrieving the Subject executing a java.security.PrivilegedAction at runtime    stackoverflow.com

I am trying to retrieve the Subject that is currently executing a Privileged Action under the JAAS framework, in order to be able to extract its principals. Basically, I need to ...





10. How to authenticate an enterprise application with JBoss/Java EE? JAAS?    stackoverflow.com

I cant find documentation on where and how an enterprise application authenticates itself with JBoss, so that JBoss allows/denies access to the EJBs according to roles? Thanks

11. How to use md5 hashing in Jboss 6 for JAAS WebAuthentication?    stackoverflow.com

writing a Java EE 6 application i need some help using the DatabaseServerLoginModule with md5 hashing. Setup: login-config.xml:

 <application-policy name = "app">
      <authentication>
      ...

12. How to implement EAR-wide JAAS    stackoverflow.com

I'd like to implement JAAS across the whole of my EAR file containing multiple wars. I have successfuly set it up on each war, but that means when the user is ...

13. Attribute/Domain security with JavaEE/JaaS?    stackoverflow.com

RBAC is well understood, so this is beyond RBAC. Looking for an efficient/tested approach to deal with attribute, or domain, based security such that a principal may have N attributes (with N ...

14. Why should i use JAAS against hand-written security?    stackoverflow.com

I got hand-written security, simple servlet-filter which redirect not-authorized user to their login pages. Login controller redirect them to the requested URL after successfull authentication or their main page. This approach ...

15. How to propagate JAAS security credential to server side?    stackoverflow.com

The J2EE Application implementation will propagate credential to EJBContext automatically. It only includes user name instead of password, right? What's the standard way to propagate for non-J2EE system? I ...

16. security constraints with JAAS    stackoverflow.com

i decided to write my own JAAS login module. So far everything works fine, yet there is something i can't google out. Assume the login function by LoginContext has successfuly authenticated ...





17. User managed security in Java EE    stackoverflow.com

I want to protect my JSF pages in a Java EE 6 app. I want to store users and roles in the DB and have privileged users administer them via ...

18. How does the call to the hashing algorithm work, particularly the use of bit shifting 0xff?    stackoverflow.com

The following code snippet, sourced from Core Java Vol 2 (7th Ed), shows how to create an SHA1 and an MD5 fingerprint using Java. It turns out that the only ...

19. Multiple security domains not supported by Jboss 5.0.0?    stackoverflow.com

I have two Web services based on SLSB, and I want to access one with encrypted password and second with not encrypted password. I'm using JAAS for authentication. In Jboss 5.0.0 there ...

20. JBoss AS: No valid security context for the caller identity    stackoverflow.com

I need to get the caller's user name in a SLSB using JBoss AS 6. Therefore, I passed it to the InitialContext like this:

Context ctx = new InitialContext();
String userName = System.getProperty("user.name");
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ...

21. Passing additional parameters to j_security_check    stackoverflow.com

In our application we need to let user select the desired datasource when logging in with form-based authentication, and I'm not sure if it's at all possible when using standard form-based ...

22. Web App Security with JAAS    coderanch.com