Jared Krull

Ranch Hand
+ Follow
since Sep 28, 2001
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Jared Krull

Got answer on another forum. Copied here to help future searchers:


Hi,

I think Glassfish v3 ignores "security" properties for InitialContext, and still doesn't support client authentication to remote EJBs with the usual LoginContext class (JAAS API).

But you can still authenticate standalone Java applications to Glassfish v3 server with its propietary "com.sun.appserv.security.ProgrammaticLogin" class (provided in "GF_HOME/glassfish/modules/security.jar" library). For example:

...
import com.sun.appserv.security.ProgrammaticLogin;
...
// System.setProperty("java.security.auth.login.config", "./auth.conf");
ProgrammaticLogin programmaticLogin = new ProgrammaticLogin();
programmaticLogin.login("Dave", "password");

InitialContext ctx = new InitialContext();
BusinessInterfaceRemote bean = (BusinessInterfaceRemote) ctx.lookup("java:global/StDavidEEA/StDavidEJB-ejb/BusinessInterface'");

bean.methodCall1();
bean.methodCall2();

programmaticLogin.logout();
...




The ProgrammaticLogin class requires a "JAAS login configuration file" in the client application, with a "default" login module for user/password authentication (independently of the realm name of the remote EJB). For example, create a file with the name "auth.conf" with the content:

default {
com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=false;
};



And finally, set the "java.security.auth.login.config" system property with the correct "auth.conf" file path. For example, in the application code (as commented before), or in the java command line:

$ java -Djava.security.auth.login.config=./auth.conf -cp $GF_HOME/glassfish/modules/gf-client.jar:TheApplication.jar TheApplicationMainClassName



Good luck.




Full Thread

http://forums.java.net/jive/thread.jspa?threadID=71152&tstart=0
I have an stateless EJB setup on a Glassfish V3 server



I have used the default "file" realm that is configured with Glassfish and setup a user


User ID: Dave
Group List ADMIN
Password: password



Now I added a deployment descriptor to my EJB app wiht the following:



And I am using a swing app outside of the container and addressing the EJB via JNDI



This gives a load of exceptions:

SEVERE: null
javax.naming.NamingException: Lookup failed for 'java:global/StDavidEEA/StDavidEJB-ejb/BusinessInterface' in SerialContext ,orb'sInitialHost=localhost,orb'sInitialPort=3700 [Root exception is javax.naming.NamingException: ejb ref resolution error for remote business interfaceuk.co.swbsystems.BusinessInterfaceRemote [Root exception is java.rmi.AccessException: CORBA NO_PERMISSION 0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack trace----------
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.handle_null_service_context(SecServerRequestInterceptor.java:414)
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:436)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:654)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:752)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:395)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:213)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1841)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1695)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1078)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:221)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:797)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:561)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2558)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:492)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:528)

----------END server-side stack trace---------- vmcid: 0x0 minor code: 0 completed: No]]
at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:442)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at testbareclient.CreateCandidate.main(CreateCandidate.java:32)
Caused by: javax.naming.NamingException: ejb ref resolution error for remote business interfaceuk.co.swbsystems.BusinessInterfaceRemote [Root exception is java.rmi.AccessException: CORBA NO_PERMISSION 0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack trace----------
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.handle_null_service_context(SecServerRequestInterceptor.java:414)
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:436)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:654)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:752)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:395)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:213)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1841)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1695)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1078)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:221)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:797)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:561)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2558)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:492)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:528)

----------END server-side stack trace---------- vmcid: 0x0 minor code: 0 completed: No]
at com.sun.ejb.EJBUtils.lookupRemote30BusinessObject(EJBUtils.java:430)
at com.sun.ejb.containers.RemoteBusinessObjectFactory.getObjectInstance(RemoteBusinessObjectFactory.java:70)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at com.sun.enterprise.naming.impl.SerialContext.getObjectInstance(SerialContext.java:472)
at com.sun.enterprise.naming.impl.SerialContext.lookup(SerialContext.java:437)
... 2 more
Caused by: java.rmi.AccessException: CORBA NO_PERMISSION 0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack trace----------
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.handle_null_service_context(SecServerRequestInterceptor.java:414)
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:436)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:654)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:752)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:395)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:213)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1841)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1695)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1078)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:221)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:797)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:561)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2558)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:492)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:528)

----------END server-side stack trace---------- vmcid: 0x0 minor code: 0 completed: No
at com.sun.corba.ee.impl.javax.rmi.CORBA.Util.mapSystemException(Util.java:276)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:200)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:147)
at com.sun.corba.ee.impl.presentation.rmi.codegen.CodegenStubBase.invoke(CodegenStubBase.java:225)
at com.sun.ejb.codegen._GenericEJBHome_Generated_DynamicStub.create(com/sun/ejb/codegen/_GenericEJBHome_Generated_DynamicStub.java)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.ejb.EJBUtils.lookupRemote30BusinessObject(EJBUtils.java:418)
... 6 more
Caused by: org.omg.CORBA.NO_PERMISSION: ----------BEGIN server-side stack trace----------
org.omg.CORBA.NO_PERMISSION: vmcid: 0x0 minor code: 0 completed: No
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.handle_null_service_context(SecServerRequestInterceptor.java:414)
at com.sun.enterprise.iiop.security.SecServerRequestInterceptor.receive_request(SecServerRequestInterceptor.java:436)
at com.sun.corba.ee.impl.interceptors.InterceptorInvoker.invokeServerInterceptorIntermediatePoint(InterceptorInvoker.java:654)
at com.sun.corba.ee.impl.interceptors.PIHandlerImpl.invokeServerPIIntermediatePoint(PIHandlerImpl.java:752)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.getServantWithPI(CorbaServerRequestDispatcherImpl.java:395)
at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:213)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1841)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1695)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:1078)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:221)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:797)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.dispatch(CorbaMessageMediatorImpl.java:561)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.doWork(CorbaMessageMediatorImpl.java:2558)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.performWork(ThreadPoolImpl.java:492)
at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:528)

----------END server-side stack trace---------- vmcid: 0x0 minor code: 0 completed: No
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.MessageBase.getSystemException(MessageBase.java:913)
at com.sun.corba.ee.impl.protocol.giopmsgheaders.ReplyMessage_1_2.getSystemException(ReplyMessage_1_2.java:129)
at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.getSystemExceptionReply(CorbaMessageMediatorImpl.java:681)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.processResponse(CorbaClientRequestDispatcherImpl.java:510)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(CorbaClientRequestDispatcherImpl.java:369)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:235)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:187)
... 14 more



All was working well until I started adding the authentication (without @RolesAllowed("ADMIN") and passing the username and passwordit worked fine)

Any help would be great.

Java 1.6, Glassfish V3
That's interesting because from my reading I'd thought that a security manager would not be installed on a standard application without that command line addidion. I tested my app without the command line options and wrote a custom Policy class, installing it before invoking the method in the loaded library and sure enough the security then worked fine. So I guess there must have been a seucrity manager present as you said.

14 years ago

Paul Clapham wrote:There was a security manager loaded, just not the one you thought was loaded.



Could you elaborate?
14 years ago
I just figured the problem - didnt load the security manager on the command line!

I needed to add this in and set a policy class giving the loading class the createClassLoader and other file based permissions.

All seems ok now.

Strange that the exception given didnt hint that the security manager wasnt loaded. It just denied access as if it were already loaded. Ah well.
14 years ago
I'm playing around with a custom class loader and granting permissions to the classes loaded (without a policy file)

I have the following class that sets up a custom permission and loads another class with that permission (The "getPermissions" override in my classloader adds this permission to the class being loaded).

Inside the loaded class I check for this permission but it always fails. I have overrided the "implies" method and it looks like the permissions are being checked and the function is returning true (meaning that the permission loaded does "imply" the one I am checking. Nevertheless, the call to AccessController.checkPermission throws an AccessControlException with "access denied".

Can someone kindly look through my code and tell me where I'm going wrong?

First my permission class


Now my loader class (and main entry point)


Here's the class that is loaded and checks the permission


And here's the console output - as you can see the permissions look ok and implies returns true, but an exception is still caught.

Permission granted: (testprotected.MyPermission fooby.runCode)
Permission to check: (testprotected.MyPermission fooby.runCode)
Inside the implies method
This - Name:fooby.runCode - Hash:-1934868025
That - Name:fooby.runCode - Hash:-1934868025
Return from implies - true
Sorry, you dont have permission access denied (testprotected.MyPermission fooby.runCode)
Details (testprotected.MyPermission fooby.runCode)



Any help would be great.>
14 years ago
I'm using JAAS to authenticate my app against an NT domain and would like to use my app to look through the different security groups associated with the user.

I create my LoginContext, then login, then looking through the returned Principal objects:



All's well so far but when the Principal is a group, the only data I can get is the SID reference (looks like "S-1-5-22-534") and not the name that is used to setup the group.

I'd like to find a way to resolve the SID to the actual name of the group.

Is that possible?
14 years ago

Rob Prime wrote:

Hector Floyd wrote:

Ugly.


Ugly and error prone. The constructor signature should be changed to this, should you still want to use this:
Possibly that class can be <? extends T>, but you definitely want to make it bound by T. Otherwise, the following would be allowed:



Noted, though the example I gave was trying to show the inelegance of the method not how best it should be employed.

I've had a play with Guice and it seems to do just what I wanted. Thanks for that David Newton, your a lifesaver

15 years ago

David Newton wrote:I vaguely remember something about Guice 2.0 and the ability to reify type erased doodads--see Guice20. May not be what you want or need, but it's interesting.



Oooh..now that looks promising. I'll have a good play around with that!

Thanks guys.
15 years ago

Hector Floyd wrote:


Yeah... I know about type erasure, but does anyone have any suggestions on methods or patterns that work in Java to help deal with my problem?



Sometime last year, I looked into this. Trying to get info on T into runtime. And failed miserably.

You probably noticed that you can't instantiate based on T. You can't type check T. So, there is no way to figure T out. I couldn't even get info from reflection. At one point, I thought I got it as reflection did return generic type data, but that was for the upper and lower bounds.

Sorry,
Henry



Hmm...seems like to make my original idea work I might have to pass the type twice: one for compile time one for runtime, ala



Ugly.
15 years ago
There, name changed.

David Newton wrote:http://java.sun.com/docs/books/tutorial/java/generics/erasure.html

(And http://java.sun.com/j2se/1.5.0/docs/guide/language/generics.html)



Yeah... I know about type erasure, but does anyone have any suggestions on methods or patterns that work in Java to help deal with my problem?
15 years ago
I have a library that creates an manipulates lots of javabean based objects based on a mysql database (using IBatis).

Each type of object is created and has annotations that are accessible at runtime to give various string commands used to search, update, delete and add objects


I want to generalize manipulation of these objects to a specific class that will take the command annotations at runtime and provide typesafe methods for these commands.


Ideally, this Accessor class would harvest the command annotations at runtime and use them with the framework to manipulate objects. It uses generics to provide typesafe return types that I dont have to recast

The problem I have is that I cannot for the life of me work out how to access these annotations based on the "T" generic type. It seems that I cannot instantiate a class of type "T" or query its properties at runtime. The Generic benefits are locked at compile time and the annotations benefits are locked at runtime and trying to get them to work together is rather hard.

I'm more used to C++ Templates, so please forgive me if there's a simple answer to this.
15 years ago
Many SMTP servers do not allow relaying of messages to other servers.
IE... you are registered with ISP1 and while using their dialup can access their SMTP and send to whoever. If you dialup on ISP2 and try to send a message to an ISP2 address through ISP1's SMTP (through Outlook Express) you will most likely get an error.
This gives you some options,
Get another SMTP server that allows relays (There is a list on this board somewhere), or
Write directly to the relevand SMTP. IE... if you are sending to ISP1, use ISP1's SMTP, if its for ISP2, use ISP2's SMTP (This is a pain, so the first option is best)
22 years ago
Personally, I prefer to use good old JavaScript....
<HTML>
<HEAD>
</HEAD>
<SCRIPT>
<!-- START HIDE
function jmp(){
document.location.href="http://www.Yahoo.com/"
}
// STOP HIDE -->
</SCRIPT>
<BODY onload="setTimeout('jmp()',2000)">
</BODY>
</HTML>
That's set for 2 seconds
------------------
C programmer gone astray
22 years ago