Re: Wrong SecurityManagement/AuthenticationManager

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Wrong SecurityManagement/AuthenticationManager

Dieter Tengelmann
Hi,

is there still no fix or workaround for the AuthenticationManager
problem I reported on November?

Best regards,
Dieter


Message: 3
Date: Wed, 07 Dec 2011 13:01:27 -0600
From: Anil Saldhana <[hidden email]>
Subject: Re: [jboss-as7-dev] Wrong
       SecurityManagement/AuthenticationManager
To: [hidden email]
Message-ID: <[hidden email]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

This may be due to EJB3 security using the SimpleSecurityManager class
that Carlo coded.
https://github.com/anilsaldhana/jboss-as/blob/master/security/src/main/java/org/jboss/as/security/service/SimpleSecurityManager.java

There may be a missing link to the JBossCachedAuthenticationManager
inside the security subsystem.

On 11/28/2011 10:05 AM, Anil Saldhana wrote:

> Ok,  we will check this out.
> We want the JBossCachedAM in all cases.
>
> On 11/27/2011 01:21 PM, Dieter Tengelmann wrote:
>> Hi,
>>
>> I've configured my security-domain with cache-type="default" in the
>> standalone.xml, an instance of JBossCachedAuthenticationManager is
>> initialized correctly via JNDIBasedSecurityManagement, but my
>> application is permanently authenticating via the JAAS login module. I
>> realized that "JBossAuthenticationManager" is used in all EJB parts,
>> only the JBOSS web realm is using the
>> JBossCachedAuthenticationManager...
>>
>> JBossSecurityContext.getAuthenticationManager() delivers via
>> "DefaultSecurityManagement" an instance of
>> JbossAuthenticationManager
>>
>> Is there a workaround for me to receive/set the correct
>> AuthenticationManager till you fix this bug? Not using the cache
>> causes some serious problems in my application...
>>
>> Best regards,
>> Dieter Tengelmann
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Wrong SecurityManagement/AuthenticationManager

Anil Saldhana
https://issues.jboss.org/browse/AS7-4087

You should have a fix soon.

On 03/07/2012 12:29 PM, Dieter Tengelmann wrote:

> Hi,
>
> is there still no fix or workaround for the AuthenticationManager
> problem I reported on November?
>
> Best regards,
> Dieter
>
>
> Message: 3
> Date: Wed, 07 Dec 2011 13:01:27 -0600
> From: Anil Saldhana<[hidden email]>
> Subject: Re: [jboss-as7-dev] Wrong
>         SecurityManagement/AuthenticationManager
> To: [hidden email]
> Message-ID:<[hidden email]>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> This may be due to EJB3 security using the SimpleSecurityManager class
> that Carlo coded.
> https://github.com/anilsaldhana/jboss-as/blob/master/security/src/main/java/org/jboss/as/security/service/SimpleSecurityManager.java
>
> There may be a missing link to the JBossCachedAuthenticationManager
> inside the security subsystem.
>
> On 11/28/2011 10:05 AM, Anil Saldhana wrote:
>> Ok,  we will check this out.
>> We want the JBossCachedAM in all cases.
>>
>> On 11/27/2011 01:21 PM, Dieter Tengelmann wrote:
>>> Hi,
>>>
>>> I've configured my security-domain with cache-type="default" in the
>>> standalone.xml, an instance of JBossCachedAuthenticationManager is
>>> initialized correctly via JNDIBasedSecurityManagement, but my
>>> application is permanently authenticating via the JAAS login module. I
>>> realized that "JBossAuthenticationManager" is used in all EJB parts,
>>> only the JBOSS web realm is using the
>>> JBossCachedAuthenticationManager...
>>>
>>> JBossSecurityContext.getAuthenticationManager() delivers via
>>> "DefaultSecurityManagement" an instance of
>>> JbossAuthenticationManager
>>>
>>> Is there a workaround for me to receive/set the correct
>>> AuthenticationManager till you fix this bug? Not using the cache
>>> causes some serious problems in my application...
>>>
>>> Best regards,
>>> Dieter Tengelmann
>>>
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: Wrong SecurityManagement/AuthenticationManager

Anil Saldhana
Dieter,
   I have put in the pull request. So this should go into AS 7.1.1

Since the discussion happened during my vacation days in Nov/Dec, it
fell through the cracks. Apologies. :(

Regards,
Anil

On 03/07/2012 12:47 PM, Anil Saldhana wrote:

> https://issues.jboss.org/browse/AS7-4087
>
> You should have a fix soon.
>
> On 03/07/2012 12:29 PM, Dieter Tengelmann wrote:
>> Hi,
>>
>> is there still no fix or workaround for the AuthenticationManager
>> problem I reported on November?
>>
>> Best regards,
>> Dieter
>>
>>
>> Message: 3
>> Date: Wed, 07 Dec 2011 13:01:27 -0600
>> From: Anil Saldhana<[hidden email]>
>> Subject: Re: [jboss-as7-dev] Wrong
>>          SecurityManagement/AuthenticationManager
>> To: [hidden email]
>> Message-ID:<[hidden email]>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> This may be due to EJB3 security using the SimpleSecurityManager class
>> that Carlo coded.
>> https://github.com/anilsaldhana/jboss-as/blob/master/security/src/main/java/org/jboss/as/security/service/SimpleSecurityManager.java
>>
>> There may be a missing link to the JBossCachedAuthenticationManager
>> inside the security subsystem.
>>
>> On 11/28/2011 10:05 AM, Anil Saldhana wrote:
>>> Ok,  we will check this out.
>>> We want the JBossCachedAM in all cases.
>>>
>>> On 11/27/2011 01:21 PM, Dieter Tengelmann wrote:
>>>> Hi,
>>>>
>>>> I've configured my security-domain with cache-type="default" in the
>>>> standalone.xml, an instance of JBossCachedAuthenticationManager is
>>>> initialized correctly via JNDIBasedSecurityManagement, but my
>>>> application is permanently authenticating via the JAAS login module. I
>>>> realized that "JBossAuthenticationManager" is used in all EJB parts,
>>>> only the JBOSS web realm is using the
>>>> JBossCachedAuthenticationManager...
>>>>
>>>> JBossSecurityContext.getAuthenticationManager() delivers via
>>>> "DefaultSecurityManagement" an instance of
>>>> JbossAuthenticationManager
>>>>
>>>> Is there a workaround for me to receive/set the correct
>>>> AuthenticationManager till you fix this bug? Not using the cache
>>>> causes some serious problems in my application...
>>>>
>>>> Best regards,
>>>> Dieter Tengelmann
>>>>
>>>>
_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev