users@glassfish.java.net

Re: JDBC realm, how GlassFish knows which group belongs to which user?

From: Arthur Yeo <artyyeo_at_gmail.com>
Date: Mon, 28 Mar 2011 19:46:08 -0700

Anyone?

On Mon, Mar 28, 2011 at 11:50 AM, Arthur Yeo <artyyeo_at_gmail.com> wrote:

> All,
> I have included one of the Server's log. Three things I do not understand
> are these:
>
> 1. why is there file:/ep/ep <no signer certificates> I thot GF comes
> with a pre-installed CERT. SSL seems to be working fine between the browser
> and the Jersey service.
> 2. why am I seeing "java.io.FilePermission
> G:\glassfishv3.01\glassfish\domains\domain1\lib\databases\- delete)
> (java.io.FilePermission C:\Users\ARTHUR~1\AppData\Local\Temp\\- delete)" in
> there? I thot stuffs are stored in the DB, why is there a File operation?
> 3. why is there a security.CORBAObjectPermission in there? Is CORBA
> used internally to implement the security component?
>
> ------------------ Error message --------------------------------
> Message ID
> JACC Policy Provider
> Complete Message
> PolicyWrapper.getPermissions(cs), context (ep/ep) codesource ((file:/ep/ep
> <no signer certificates>)) permissions: java.security.Permissions_at_54a96023( (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
> (java.util.PropertyPermission line.separator read)
> (java.util.PropertyPermission java.vm.version read)
> (java.util.PropertyPermission java.vm.specification.version read)
> (java.util.PropertyPermission java.vm.specification.vendor read)
> (java.util.PropertyPermission java.vendor.url read)
> (java.util.PropertyPermission java.vm.name read)
> (java.util.PropertyPermission * read,write) (java.util.PropertyPermission
> os.name read) (java.util.PropertyPermission java.vm.vendor read)
> (java.util.PropertyPermission path.separator read)
> (java.util.PropertyPermission java.specification.name read)
> (java.util.PropertyPermission os.version read) (java.util.PropertyPermission
> os.arch read) (java.util.PropertyPermission java.class.version read)
> (java.util.PropertyPermission java.version read)
> (java.util.PropertyPermission file.separator read)
> (java.util.PropertyPermission java.vendor read)
> (java.util.PropertyPermission java.vm.specification.name read)
> (java.util.PropertyPermission java.specification.version read)
> (java.util.PropertyPermission java.specification.vendor read)
> (javax.management.MBeanTrustPermission register)
> (javax.security.auth.PrivateCredentialPermission
> javax.resource.spi.security.PasswordCredential * "*" read)
> (java.lang.RuntimePermission getClassLoader) (java.lang.RuntimePermission
> loadLibrary.*) (java.lang.RuntimePermission accessDeclaredMembers)
> (java.lang.RuntimePermission getProtectionDomain)
> (java.lang.RuntimePermission modifyThreadGroup) (java.lang.RuntimePermission
> stopThread) (java.lang.RuntimePermission setContextClassLoader)
> (java.lang.RuntimePermission queuePrintJob) (java.io.FilePermission <<ALL
> FILES>> read,write) (java.io.FilePermission
> G:\glassfishv3.01\glassfish\domains\domain1\lib\databases\- delete)
> (java.io.FilePermission C:\Users\ARTHUR~1\AppData\Local\Temp\\- delete)
> (unresolved javax.security.jacc.WebUserDataPermission /* !GET,POST)
> (unresolved javax.security.jacc.WebUserDataPermission /*
> GET,POST:CONFIDENTIAL) (unresolved
> com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
> (unresolved javax.security.jacc.WebResourcePermission /* !GET,POST)
> (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
> (java.net.SocketPermission localhost:1024- listen,resolve)
> (java.net.SocketPermission * connect,resolve) )
> ------------------
>
> On Mon, Mar 28, 2011 at 2:04 AM, Richard Kolb <rjdkolb_at_gmail.com> wrote:
>
>> Hi Hez
>>
>> On 28 March 2011 10:51, hezjing <hezjing_at_gmail.com> wrote:
>>
>>> Thanks, Richard!
>>
>>
>> Glad I could help :)
>>
>>
>>>
>>> Now I see that the GlassFish is actually getting the user - group
>>> relationship from the group table, but if this is something already
>>> documented in GlassFish documents? I don't find this from GlassFish 3.1
>>> Security Guide.
>>>
>>
>> I did not find it there, but have not looked in a while.
>> If you don't still, please log a feature request.
>>
>>
>> I still have questions though, how can I verify and trace which role has
>>> been mapped to an user?
>>>
>>
>> What I do programmaticly is :
>> Principal userPrincipal = request.getUserPrincipal();
>> GenericPrincipal genericPrincipal = (GenericPrincipal) userPrincipal;
>> String[] roles = genericPrincipal.getRoles();
>>
>>
>>
>>> Is there a logger in GlassFish I can turn on to see this kind of
>>> information?
>>>
>>
>> In GlassFish 3.1 I go to the logging console in the GlassFish Admin
>> Console.
>> Then I search for 'security', and set the debugging level to DEBUG.
>> This works well if the GlassFish Realm does not like your tables or
>> relations.
>> It dumps some good logs.
>>
>>
>>>
>>> What about how to print the roles in JSF? Example when a user logged in
>>> successfully, I want to display "You are a administrator" on the page?
>>>
>>
>> Ah, Programatically you can do this kind of thing
>> public boolean isAdmin() {
>> ExternalContext context
>> = FacesContext.getCurrentInstance().getExternalContext();
>> Object requestObject = context.getRequest();
>> if (!(requestObject instanceof HttpServletRequest)) {
>> log.info("request object has type " +
>> requestObject.getClass());
>> return false;
>> }
>> HttpServletRequest request = (HttpServletRequest) requestObject;
>> return request.isUserInRole("admin");
>> }
>>
>>
>> <h:someComponent rendered="#{yourBean.admin}">
>> Will be displayed when user.isAdmin() returns true.
>> </h:someComponent>
>>
>> Hope this helps
>>
>> There are also lots of ways of writing your own pretty login page and
>> being in more control in JSF2
>> If you need this help, please shout.
>>
>> regards
>> Richard
>>
>>
>>
>>
>>>
>>>
>>>
>>> On Mon, Mar 28, 2011 at 1:28 PM, Richard Kolb <rjdkolb_at_gmail.com> wrote:
>>>
>>>> Hi Hez
>>>>
>>>> On 26 March 2011 11:23, hezjing <hezjing_at_gmail.com> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> I'm trying to create a JDBC realm in GlassFish 3.1.
>>>>>
>>>>> I have created an user table (with username and password columns) and a
>>>>> group table (with just a name column).
>>>>>
>>>>> I'm wondering how GlassFish can tell which groups assigned to which
>>>>> user? Isn't there should be one table storing these user group assignment?
>>>>>
>>>>>
>>>>> Appreciate your advice, thank you!
>>>>>
>>>>
>>>> This is one of the blogs I always look at
>>>> http://blogs.sun.com/swchan/entry/jdbcrealm_in_glassfish_with_mysql
>>>>
>>>> The user ID is a foreign key in the group table.
>>>>
>>>> Hope this helps
>>>> Richard.
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Hez
>>>
>>
>>
>
>
> --
> Arthur Y.
>



-- 
Arthur Y.