All,
I have included one of the Server's log. Three things I do not understand
are these:
1. why is there file:/ep/ep <no signer certificates> I thot GF comes
with a pre-installed CERT. SSL seems to be working fine between the browser
and the Jersey service.
2. why am I seeing "java.io.FilePermission
G:\glassfishv3.01\glassfish\domains\domain1\lib\databases\- delete)
(java.io.FilePermission C:\Users\ARTHUR~1\AppData\Local\Temp\\- delete)" in
there? I thot stuffs are stored in the DB, why is there a File operation?
3. why is there a security.CORBAObjectPermission in there? Is CORBA used
internally to implement the security component?
------------------ Error message --------------------------------
Message ID
JACC Policy Provider
Complete Message
PolicyWrapper.getPermissions(cs), context (ep/ep) codesource ((file:/ep/ep
<no signer certificates>)) permissions: java.security.Permissions_at_54a96023 (
(javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
(java.util.PropertyPermission line.separator read)
(java.util.PropertyPermission java.vm.version read)
(java.util.PropertyPermission java.vm.specification.version read)
(java.util.PropertyPermission java.vm.specification.vendor read)
(java.util.PropertyPermission java.vendor.url read)
(java.util.PropertyPermission java.vm.name read)
(java.util.PropertyPermission * read,write) (java.util.PropertyPermission
os.name read) (java.util.PropertyPermission java.vm.vendor read)
(java.util.PropertyPermission path.separator read)
(java.util.PropertyPermission java.specification.name read)
(java.util.PropertyPermission os.version read) (java.util.PropertyPermission
os.arch read) (java.util.PropertyPermission java.class.version read)
(java.util.PropertyPermission java.version read)
(java.util.PropertyPermission file.separator read)
(java.util.PropertyPermission java.vendor read)
(java.util.PropertyPermission java.vm.specification.name read)
(java.util.PropertyPermission java.specification.version read)
(java.util.PropertyPermission java.specification.vendor read)
(javax.management.MBeanTrustPermission register)
(javax.security.auth.PrivateCredentialPermission
javax.resource.spi.security.PasswordCredential * "*" read)
(java.lang.RuntimePermission getClassLoader) (java.lang.RuntimePermission
loadLibrary.*) (java.lang.RuntimePermission accessDeclaredMembers)
(java.lang.RuntimePermission getProtectionDomain)
(java.lang.RuntimePermission modifyThreadGroup) (java.lang.RuntimePermission
stopThread) (java.lang.RuntimePermission setContextClassLoader)
(java.lang.RuntimePermission queuePrintJob) (java.io.FilePermission <<ALL
FILES>> read,write) (java.io.FilePermission
G:\glassfishv3.01\glassfish\domains\domain1\lib\databases\- delete)
(java.io.FilePermission C:\Users\ARTHUR~1\AppData\Local\Temp\\- delete)
(unresolved javax.security.jacc.WebUserDataPermission /* !GET,POST)
(unresolved javax.security.jacc.WebUserDataPermission /*
GET,POST:CONFIDENTIAL) (unresolved
com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
(unresolved javax.security.jacc.WebResourcePermission /* !GET,POST)
(unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
(java.net.SocketPermission localhost:1024- listen,resolve)
(java.net.SocketPermission * connect,resolve) )
------------------
On Mon, Mar 28, 2011 at 2:04 AM, Richard Kolb <rjdkolb_at_gmail.com> wrote:
> Hi Hez
>
> On 28 March 2011 10:51, hezjing <hezjing_at_gmail.com> wrote:
>
>> Thanks, Richard!
>
>
> Glad I could help :)
>
>
>>
>> Now I see that the GlassFish is actually getting the user - group
>> relationship from the group table, but if this is something already
>> documented in GlassFish documents? I don't find this from GlassFish 3.1
>> Security Guide.
>>
>
> I did not find it there, but have not looked in a while.
> If you don't still, please log a feature request.
>
>
> I still have questions though, how can I verify and trace which role has
>> been mapped to an user?
>>
>
> What I do programmaticly is :
> Principal userPrincipal = request.getUserPrincipal();
> GenericPrincipal genericPrincipal = (GenericPrincipal) userPrincipal;
> String[] roles = genericPrincipal.getRoles();
>
>
>
>> Is there a logger in GlassFish I can turn on to see this kind of
>> information?
>>
>
> In GlassFish 3.1 I go to the logging console in the GlassFish Admin
> Console.
> Then I search for 'security', and set the debugging level to DEBUG.
> This works well if the GlassFish Realm does not like your tables or
> relations.
> It dumps some good logs.
>
>
>>
>> What about how to print the roles in JSF? Example when a user logged in
>> successfully, I want to display "You are a administrator" on the page?
>>
>
> Ah, Programatically you can do this kind of thing
> public boolean isAdmin() {
> ExternalContext context
> = FacesContext.getCurrentInstance().getExternalContext();
> Object requestObject = context.getRequest();
> if (!(requestObject instanceof HttpServletRequest)) {
> log.info("request object has type " +
> requestObject.getClass());
> return false;
> }
> HttpServletRequest request = (HttpServletRequest) requestObject;
> return request.isUserInRole("admin");
> }
>
>
> <h:someComponent rendered="#{yourBean.admin}">
> Will be displayed when user.isAdmin() returns true.
> </h:someComponent>
>
> Hope this helps
>
> There are also lots of ways of writing your own pretty login page and being
> in more control in JSF2
> If you need this help, please shout.
>
> regards
> Richard
>
>
>
>
>>
>>
>>
>> On Mon, Mar 28, 2011 at 1:28 PM, Richard Kolb <rjdkolb_at_gmail.com> wrote:
>>
>>> Hi Hez
>>>
>>> On 26 March 2011 11:23, hezjing <hezjing_at_gmail.com> wrote:
>>>
>>>> Hi
>>>>
>>>> I'm trying to create a JDBC realm in GlassFish 3.1.
>>>>
>>>> I have created an user table (with username and password columns) and a
>>>> group table (with just a name column).
>>>>
>>>> I'm wondering how GlassFish can tell which groups assigned to which
>>>> user? Isn't there should be one table storing these user group assignment?
>>>>
>>>>
>>>> Appreciate your advice, thank you!
>>>>
>>>
>>> This is one of the blogs I always look at
>>> http://blogs.sun.com/swchan/entry/jdbcrealm_in_glassfish_with_mysql
>>>
>>> The user ID is a foreign key in the group table.
>>>
>>> Hope this helps
>>> Richard.
>>>
>>>
>>
>>
>> --
>>
>> Hez
>>
>
>
--
Arthur Y.