-
1. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
anil.saldhana May 26, 2010 1:54 PM (in response to sergeyb)If you are operating in the AS environment, either provide your own xml config file or leave that blank.
-
2. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
sergeyb May 27, 2010 12:51 PM (in response to anil.saldhana)Ok, I've managed to prototype a replacement code (PicketBox vs JNDI) using my own file.
However, using a "" configuration file name does help with eliminating the exception reported earlier but what happens is that it actually resolves to VirtualJarInputStream as opposed to say FileInputStream (ex, when using a custom file). I'm not really sure what it points too, but would like to ask : would you consider enhancing PicketBox to auto-resolve to an OTB login-config.xml shipped with JBossAS ?
2. How safe it is to use the code like
public class SomeClass {
private AuthenticationManager am;
private init() {
SecurityFactory.prepare();
try
{
PicketBoxConfiguration idtrustConfig = new PicketBoxConfiguration();
idtrustConfig.load(configFile);am = SecurityFactory.getAuthenticationManager(securityDomainName);
}
finally {
SecurityFactory.prepare();
}
}
public void handleRequest(...) {
am.isValid(...);
}
}
given that I do not want to parse XML and load the authentication manager on every request
thanks
-
3. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
anil.saldhana May 27, 2010 1:01 PM (in response to sergeyb)What happens when you dont load the config file? In JBossAS, the security subsystem has already parsed the conf/login-config.xml for you. Applications using PicketBox will load a config file of their own or do not, if they want to reuse the conf/login-config.xml (or any of the AS loaded configuration files).
-
4. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
sergeyb May 27, 2010 1:29 PM (in response to anil.saldhana)Looks like it does find the JBossAS loaded login-config.xml, when no custom file is loaded, cool...
Regarding my second question : I'm presumin it is safe to preload AuthenticationManager in advance ?
thanks
-
5. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
anil.saldhana May 27, 2010 1:31 PM (in response to sergeyb)In JBAS, PicketBox automatically detects the needed infrastructure from JBAS6. Only when you run standalone you need to be worried about configuration and things like that.
The AuthenticationManager the security factory returns is the authentication manager active in JBAS. This is needed for doing any propagation in JBAS to other components.
-
6. Re: Making basic PicketBox authentication sample working in JBoss AS 6.0
anil.saldhana May 27, 2010 1:34 PM (in response to anil.saldhana)I do recommend not reusing the conf/login-config.xml for your security domains. If you are defining new security domains, best is to create a new config file such that securityfactory prepare installs and release uninstalls the configuration.