'Re: [JBoss-user] application security configuration'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jboss-user
Subject:    Re: [JBoss-user] application security configuration
From:       "Gary S. Cuozzo" <gary.cuozzo () innovationsw ! com>
Date:       2002-07-31 20:30:16
[Download RAW message or body]

Ok, I got my app to work!  Had some minor configuration problems on both 
client & server side that I had to work through.  But, this definately 
led me on the right track.  Now I just have to formalize my security 
policies and implement them 100%.

Thanks for the help.  :-)
gary.


Scott M Stark wrote:

>Any methods without permissions are equivalent to defining the methods
>to be in the exclude-list and not invokable by anyone. When a
>security-domain
>is defined the default is no access. You have to explicity define what
>should
>be accessible. You also cannot make calls to unchecked methods from
>an unsecured servlet. There still has to be a principal without roles. See
>the
>security chapter in the admin and devel book.
>
>xxxxxxxxxxxxxxxxxxxxxxxx
>Scott Stark
>Chief Technology Officer
>JBoss Group, LLC
>xxxxxxxxxxxxxxxxxxxxxxxx
>----- Original Message -----
>From: "Gary S. Cuozzo" <gary.cuozzo@innovationsw.com>
>To: <jboss-user@lists.sourceforge.net>
>Sent: Wednesday, July 31, 2002 7:08 AM
>Subject: Re: [JBoss-user] application security configuration
>
>
>>In my ejb-jar.xml file I have:
>>
>>      <method-permission >
>>         <description>description not supported yet by
>>ejbdoclet</description>
>>         <unchecked/>
>>         <method >
>>            <description>description not supported yet by
>>ejbdoclet</description>
>>            <ejb-name>ClientSessionBean</ejb-name>
>>            <method-name>*</method-name>
>>         </method>
>>      </method-permission>
>>
>>and other ones like:
>>
>>   <method-permission >
>>      <description>description not supported yet by
>>
>ejbdoclet</description>
>
>>      <unchecked/>
>>      <method >
>>         <description><![CDATA[]]></description>
>>         <ejb-name>ClientSessionBean</ejb-name>
>>         <method-intf>Remote</method-intf>
>>         <method-name>authenticate</method-name>
>>         <method-params>
>>            <method-param>java.lang.String</method-param>
>>            <method-param>java.lang.String</method-param>
>>            <method-param>java.lang.String</method-param>
>>         </method-params>
>>      </method>
>>   </method-permission>
>>
>>Is my syntax wrong?  Oddly enough, I've even tried removing ALL the
>>method permissions but leaving the security domain enabled, and still
>>cannot call into the bean.  I'm doing something else wrong I think.
>> Now, to find out what it is!  :)
>>
>>gary.
>>
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: Dice - The leading online job board
>for high-tech professionals. Search and apply for tech jobs today!
>http://seeker.dice.com/seeker.epl?rel_code=31
>_______________________________________________
>JBoss-user mailing list
>JBoss-user@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/jboss-user
>




-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic