Stack Overflow
Stack Overflow

Questions tagged [jaspic]

JASPIC is an SPI for creating portable server authentication modules (aka SAMs or login modules). It was introduced with Java EE 6, but only for the full profile.

50 questions
2
votes
2 answers

Is it possible to identify the presence of server auth module programatically in glassfish

I have enabled a server authentication module (JSR196) in Glassfish . The module works as expected however i need to determine the presence of the authentication module in a servlet programatically. Is there any way i could check the presence of the…
jay
  • 791
  • 8
  • 20
2
votes
1 answer

What "register new user" solution for JASPIC JDBC realm authentication?

I've created my own JDBC realm (using WildFly 8.2) as described at paragraph 50.3 of the JavaEE 7 tutorial. My understanding is that JDBC realm authentication implies that user credentials are read and checked by the server, the application doesn't…
Luigi Cortese
  • 10,841
  • 6
  • 37
  • 48
2
votes
1 answer

Server Authentication Module forwarding in Glassfish

I found this guide for developing your own Server Authentication Module (SAM) for Glassfish: http://docs.oracle.com/cd/E18930_01/html/821-2418/gizel.html It seems pretty straightforward to verify some credentials (in HTTP Auth headers for instance),…
Davio
  • 4,609
  • 2
  • 31
  • 58
2
votes
1 answer

JAAS - How to authenticate user in web tier?

I'm trying to understand how to secure Java EE applications using JAAS. Actually I understand how to work with rules in EJBs, however, I don't understand how to authenticate user in web tier, for example create a simple JSF page with login form,…
xwinus
  • 886
  • 3
  • 12
  • 28
1
vote
0 answers

Is HttpAuthenticationMechanism distributable?

I have e simple questions. We have a JSF application with HttpAuthenticationMechanism. Are Credentials distributable? I mean if put in web.xml and deploy app on 2 nodes (wildfly) are credentials distributed from node to node? Thanks…
Krasi G
  • 36
  • 3
1
vote
1 answer

Jaspic: handle access to a protected resource

I'm (still) studying JASPIC, doing some experiments by simple project: this one. When I call a protected resources ServerAuthModule checks credentials via validateRequest and returns AuthStatus.SUCCESS. HTTP response is 200 but it is empty. I use…
Francesco
  • 1,742
  • 5
  • 44
  • 78
1
vote
1 answer

Implement a custom ServerAuthModule for JBoss

I need to remember the original URL of the Http Request, then redirect this request to a web form for a user authentication. In case of a successful authentication, the user must be redirected to the original URL just remembered above. I am using…
Alex Mi
  • 1,409
  • 2
  • 21
  • 35
1
vote
1 answer

JASPIC Login with Wildfly 9 Send HTTP Return Code

I'm still trying to implement a custom JASPIC login module for Wildfly 9. If the login is successful everything works as expected. But I would expect an HTTP 403 response, if the login is not successful. So I wrote this little test: @Test public…
knoe
  • 644
  • 1
  • 5
  • 16
1
vote
1 answer

custom ServerAuthModule (loginModule), where to hash the password? JASPIC

I'm trying to implement a loginmodule so I can perform a "remember me" feature on my web app as well as hash my password with bcrypt. To build the class I used this tutorial. However I didn't manage to connect after implementing this. The passwords…
Ced
  • 15,847
  • 14
  • 87
  • 146
1
vote
2 answers

JASPIC client login in Wildfly

I have a Java EE web application that is secured with JASPIC and @RolesAllowed annotations on my EJBs. I use a managed executor service to run a number of tasks. However, the tasks are not run as any user so I get permission denied errors while…
Chris Pike
  • 272
  • 2
  • 10
1
vote
1 answer

Session invalidation in weblogic with Jaspic/JSR196 module

We developed a jsf web application with a Jaspic/JSR196 module registered programmatically by the webapp. We followed the instructions in the following blog to achieve this : http://arjan-tijms.blogspot.pt/ The solution works ok for authenticating…
user2160468
  • 21
  • 1
  • 2
1
vote
1 answer

glassfish ldap authorization after spnego authentication

We successfully implemented SSO with Apache mod_proxy_http and SPNEGO. In my Java EE 6 web application I get the authenticated user with request.getRemoteUser(). Now what would be the best way for authorization. Our goal is to check for a specific…
tomtom
  • 56
  • 4
1
vote
2 answers

basic/digest authentication implementation in Java server code/web server

We need to support basic authentication and later digest authentication in Java web project. My doubt is Whether basic/digest authentication is a configuration in web server (tomcat, jboss etc).Our users/password are in a SQL database and we get…
jaks
  • 4,407
  • 9
  • 53
  • 68
0
votes
0 answers

JASPIC Auth Module

we have developed the JASPIC Auth module by implementing the ServerAuthModule interface with the web application, and it is working fine on Tomcat, but when we configure Jaspic on Weblogic (14.1.1), JASPIC behaves unexpectedly. In the case of the…
wakeel malik
  • 1
  • 1
0
votes
0 answers

SAML authentication over JASPIC userPrincipal always NULL

I'm trying to implement SAML authentication over JASPIC using the library OpenSAML by Shibboleth but the principal is always NULL in the first ‘if’ of the validateRequest, even after a successful login in the IDP: public class CustomServerAuthModule…
Maximiliano Durand
  • 1
  • 1
1 2
3
4