forum.andromda.org

by **jide** » Fri 27. Apr 2007, 15:07

Hi, I have enabled security in my application with the default JAAS module. I am now confronted to several problems:

1)

Everything works perfectly, but now I want to go one step further in the security level, and actually HASH passwords in the database(with md5), so the questions are: how can I make the management section hash the password when it inserts into the base, and how can I tell jboss to hash the "password" entry when it compares it to the one stored in the database?

2)

I have two entities: "Fiche" and "Responsable", which are both manageable. My problem is: I want an "Admin" to be able to manage both, but a "User" to be able only to manage "Fiche" (or at the very least not to manage anything)

3)

I also have a third entity: Role, which contains the list of all the roles available to user, and I don't want this entity to be manageable at all, but if I don't state it as "Manageable", the mvn install command generates bad code:

Code: Select all: [INFO] [compiler:compile] [INFO] Compiling 37 source files to D:Unilog estcore argetclasses [INFO] ------------------------------------------------------------------------ [ERROR] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Compilation failure D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[6 4,41] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[6 9,78] ')' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[6 9,83] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[6 9,84] '{' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[7 0,24] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[7 1,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[7 1,57] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[7 3,8] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[7 7,4] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[7 9,11] 'class' or 'interface' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 15,90] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 15,91] '{' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 17,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 18,83] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 19,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 20,89] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 21,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 22,85] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 23,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 24,91] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 25,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 26,85] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 27,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 28,85] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 29,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 29,89] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 30,16] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 50,49] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 51,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 51,111] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 52,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 52,123] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 53,34] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 55,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 55,34] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 57,8] 'class' or 'interface' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 61,4] 'class' or 'interface' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 69,90] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 69,91] '{' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 70,34] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 71,12] illegal start of type D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 71,34] <identifier> expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 73,8] 'class' or 'interface' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[1 77,4] 'class' or 'interface' expected D:Unilog estcore argetsrcentitescrudResponsableManageableDaoBase.java:[2 43,1] 'class' or 'interface' expected [INFO] ------------------------------------------------------------------------ [INFO] For more information, run Maven with the -e switch [INFO] ------------------------------------------------------------------------ [INFO] Total time: 32 seconds [INFO] Finished at: Fri Apr 27 15:41:10 CEST 2007 [INFO] Final Memory: 31M/63M [INFO] ------------------------------------------------------------------------

If I say that Responsable is not "Manageable", then the errors come from "FicheManageableDaoBase".

Actullay it's as if I have the choice between stating that ALL my entities as manageable, or none at all!

4)

Here's a link to my entity diagram:

http://jeandeniscosta.free.fr/AndroMDA/entites.jpg

5)

Is it just a feeling or are there a lot of french people on this forum?

by **wouter.zoons** » Sun 13. May 2007, 21:46

3) yeah, all entities must be manageable, but only if they are associated .. entities which have nothing to do with the manageable ones do not need the stereotype

5) yeah that's true .. a lot of French-speaking people :-)

by **susie2007** » Wed 18. Jul 2007, 08:38

Hi,

I'm in the same process (security management with JAAS and EJB3) but I've not yet reach the same point of realization. Following what is described in EJB3 pages:

Then compiling and deploying the application, I've access to the application frontendview and clicking on manage entities, a login page appears asking me to log. But entering nicolas, nicolas, I have as a response Login failed, please try again or register as a new user.

Any idea on what I've done that's wrong?
How did you proceed to be able to log in without encryption?

Thanks by advance.
Nicolas

[/list]

by **vance.karimi** » Sat 21. Jul 2007, 16:24

Sounds like you have everything covered. Any error logs?

forum.andromda.org

Security and encryption

Security and encryption

JAAS Security

Who is online