[prev in list] [next in list] [prev in thread] [next in thread]
List: jboss-user
Subject: Re: [JBoss-user] application security configuration
From: "Gary S. Cuozzo" <gary.cuozzo () innovationsw ! com>
Date: 2002-07-31 20:30:16
[Download RAW message or body]
Ok, I got my app to work! Had some minor configuration problems on both
client & server side that I had to work through. But, this definately
led me on the right track. Now I just have to formalize my security
policies and implement them 100%.
Thanks for the help. :-)
gary.
Scott M Stark wrote:
>Any methods without permissions are equivalent to defining the methods
>to be in the exclude-list and not invokable by anyone. When a
>security-domain
>is defined the default is no access. You have to explicity define what
>should
>be accessible. You also cannot make calls to unchecked methods from
>an unsecured servlet. There still has to be a principal without roles. See
>the
>security chapter in the admin and devel book.
>
>xxxxxxxxxxxxxxxxxxxxxxxx
>Scott Stark
>Chief Technology Officer
>JBoss Group, LLC
>xxxxxxxxxxxxxxxxxxxxxxxx
>----- Original Message -----
>From: "Gary S. Cuozzo" <gary.cuozzo@innovationsw.com>
>To: <jboss-user@lists.sourceforge.net>
>Sent: Wednesday, July 31, 2002 7:08 AM
>Subject: Re: [JBoss-user] application security configuration
>
>
>>In my ejb-jar.xml file I have:
>>
>> <method-permission >
>> <description>description not supported yet by
>>ejbdoclet</description>
>> <unchecked/>
>> <method >
>> <description>description not supported yet by
>>ejbdoclet</description>
>> <ejb-name>ClientSessionBean</ejb-name>
>> <method-name>*</method-name>
>> </method>
>> </method-permission>
>>
>>and other ones like:
>>
>> <method-permission >
>> <description>description not supported yet by
>>
>ejbdoclet</description>
>
>> <unchecked/>
>> <method >
>> <description><![CDATA[]]></description>
>> <ejb-name>ClientSessionBean</ejb-name>
>> <method-intf>Remote</method-intf>
>> <method-name>authenticate</method-name>
>> <method-params>
>> <method-param>java.lang.String</method-param>
>> <method-param>java.lang.String</method-param>
>> <method-param>java.lang.String</method-param>
>> </method-params>
>> </method>
>> </method-permission>
>>
>>Is my syntax wrong? Oddly enough, I've even tried removing ALL the
>>method permissions but leaving the security domain enabled, and still
>>cannot call into the bean. I'm doing something else wrong I think.
>> Now, to find out what it is! :)
>>
>>gary.
>>
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: Dice - The leading online job board
>for high-tech professionals. Search and apply for tech jobs today!
>http://seeker.dice.com/seeker.epl?rel_code=31
>_______________________________________________
>JBoss-user mailing list
>JBoss-user@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/jboss-user
>
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic