November 2008 - esb-issues - Jboss List Archives

[JBoss JIRA] Created: (JBESB-2120) JaasSecurityService configured multiple times

by Kevin Conner (JIRA)

JaasSecurityService configured multiple times --------------------------------------------- Key: JBESB-2120 URL: https://jira.jboss.org/jira/browse/JBESB-2120 Project: JBoss ESB Issue Type: Task Security Level: Public (Everyone can see) Components: Security Affects Versions: 4.4 CP1 Reporter: Kevin Conner Assignee: Daniel Bevenius Fix For: 4.4 CP1 The JaasSecurityService is initalised and refreshed with every action processing pipeline that contains a security configuration. This should really be a one-off configuration. Also, the service is also modifying the JAAS configuration by setting properties and then creating an instance of a SUN private class. We should be using the normal mechanism to specify these policies, i.e. through login-config.xml. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

2
9
0 / 0

[JBoss JIRA] Created: (JBESB-2086) JON plugin: negative AVG metrics after redeploying an esb archive

by Jaroslaw Kijanowski (JIRA)

JON plugin: negative AVG metrics after redeploying an esb archive ----------------------------------------------------------------- Key: JBESB-2086 URL: https://jira.jboss.org/jira/browse/JBESB-2086 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Management Affects Versions: 4.4 Reporter: Jaroslaw Kijanowski Assignee: Tom Cunningham details in SOA-904 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

3
7
0 / 0

[JBoss JIRA] Created: (JBESB-2121) Replace crypto util with sealed object

by Kevin Conner (JIRA)

Replace crypto util with sealed object -------------------------------------- Key: JBESB-2121 URL: https://jira.jboss.org/jira/browse/JBESB-2121 Project: JBoss ESB Issue Type: Task Security Level: Public (Everyone can see) Components: Security Affects Versions: 4.4 CP1 Reporter: Kevin Conner Assignee: Daniel Bevenius Fix For: 4.4 CP1 The crypto util classes are used to encrypt the SecurityContext but we should be able to use a SealedObject. The util also relies on having a keystore configured but it would be sufficient to have the key(s) automatically generated on startup and use this to encrypt the session information. Another issue with the class is that the encrypt/decrypt methods repeatedly encrypt the serialised data in chunks but the encrypt/decrypt sizes are very dependent on the block cipher in use (currently RSA). If the configuration specifies a different cipher then this is likely to fail. If we can move to a SealedObject then this should no longer be an issue. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

2
13
0 / 0

[JBoss JIRA] Created: (JBESB-2090) Getting Started Guide not in sync with helloworld QS

by Jaroslaw Kijanowski (JIRA)

Getting Started Guide not in sync with helloworld QS ---------------------------------------------------- Key: JBESB-2090 URL: https://jira.jboss.org/jira/browse/JBESB-2090 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Documentation Affects Versions: 4.4 CP1 Reporter: Jaroslaw Kijanowski In both pictures, following changes should be applied: queue/quickstart_helloworld_Request -> queue/quickstart_helloworld_Request_gw queue/B -> queue/quickstart_helloworld_Request_esb FirstService:JMSService -> FirstServiceESB:SimpleListener page 10: The "FirstService:SimpleListener" ESB Aware Service Listener... -> The "FirstServiceESB:SimpleListener" ESB Aware Service Listener... listens for "ESB Aware" messages on "queue/quickstart_helloworld_Request_gw". -> listens for "ESB Aware" messages on "queue/quickstart_helloworld_Request_esb". -> page 12: ... messages are put on the bus, the "FirstService:SimpleJMSService" Service is registered ... -> ... messages are put on the bus, the "FirstServiceESB:SimpleListener" Service is registered ... This works out to be JMS Queue "queue/quickstart_helloworld_Request_gw" -> This works out to be JMS Queue "queue/quickstart_helloworld_Request_esb" The JMS Gateway Listener "adapts" the message into an ESB Aware message and places it into JMS Queue "queue/=quickstart_helloworld_Request_gw" -> The JMS Gateway Listener "adapts" the message into an ESB Aware message and places it into JMS Queue "queue/quickstart_helloworld_Request_esb" -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

4
9
0 / 0

[JBoss JIRA] Created: (JBESB-2135) clob usage should check for null too.

by Mark Little (JIRA)

clob usage should check for null too. ------------------------------------- Key: JBESB-2135 URL: https://jira.jboss.org/jira/browse/JBESB-2135 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta Affects Versions: 4.4 CP1 Reporter: Mark Little Assignee: Mark Little Fix For: 4.4 CP1 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

2
4
0 / 0

[JBoss JIRA] Created: (JBESB-2126) JBoss security credentials not always initialised

by Kevin Conner (JIRA)

JBoss security credentials not always initialised ------------------------------------------------- Key: JBESB-2126 URL: https://jira.jboss.org/jira/browse/JBESB-2126 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Security Affects Versions: 4.4 CP1 Reporter: Kevin Conner Fix For: 4.4 CP1 The JBoss security credentials are not always propagated. The current code is pushing the context within the authentication but there are a couple of issues with this. - authentication is not always performed (if a security context exists) - there is not attempt to 'pop' these credentials when finished. This functionality should be pushed into the pipeline, through an implementation(s) configured from jbossesb-properties.xml, and wrap the execution. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

2
7
0 / 0

[JBoss JIRA] Created: (JBESB-2136) Security context not passed to EJB in a way that EJB understands

by Martin Vecera (JIRA)

Security context not passed to EJB in a way that EJB understands ---------------------------------------------------------------- Key: JBESB-2136 URL: https://jira.jboss.org/jira/browse/JBESB-2136 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Rosetta Affects Versions: 4.4 Reporter: Martin Vecera Attachments: security_ejb.tar.bz2 It is not possible to call secured EJB (secured with annotations, see attached file) from secured ESB service. The ESB's security context is passed - comment out security annotations @SecurityDomain and @RolesAllowed in ejb3/src/org/jboss/soa/esb/samples/quickstart/servicecaller/ServiceCallerBean.java and rerun the test. You'll see the Subject passed which is correct. You can run this example by copying it to quickstarts and running: ant deploy-ejb ant deploy ant runtest -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

3
10
0 / 0

[JBoss JIRA] Created: (JBESB-2143) Add SOA Software Integration Document

by Tom Cunningham (JIRA)

Add SOA Software Integration Document ------------------------------------- Key: JBESB-2143 URL: https://jira.jboss.org/jira/browse/JBESB-2143 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Documentation Reporter: Tom Cunningham Assignee: Tom Cunningham Fix For: 4.4 CP1 Add a document on the SOA Software Integration. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

2
4
0 / 0

[JBoss JIRA] Created: (JBESB-2139) Remove State from ESB level of ESB JON plugin

by Tom Cunningham (JIRA)

Remove State from ESB level of ESB JON plugin --------------------------------------------- Key: JBESB-2139 URL: https://jira.jboss.org/jira/browse/JBESB-2139 Project: JBoss ESB Issue Type: Bug Security Level: Public (Everyone can see) Components: Management Reporter: Tom Cunningham Assignee: Tom Cunningham Fix For: 4.4 CP1 Remove state from the ESB node of the JBoss ESB plugin. State is not a MessageCounter attribute. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

3
6
0 / 0

[JBoss JIRA] Created: (JBESB-2108) InVM issues

by Kevin Conner (JIRA)

InVM issues ----------- Key: JBESB-2108 URL: https://jira.jboss.org/jira/browse/JBESB-2108 Project: JBoss ESB Issue Type: Task Security Level: Public (Everyone can see) Components: Transports Affects Versions: 4.4 Reporter: Kevin Conner The InVMCourier contains a notion of active state but the handling of this is inconsistent and error prone. The courier is created in the active state and can only be disabled when the associated service is unregistered. Unfortunately the courier is *always* enabled when it is retrieved from the CourierFactory. This can lead to inconsistent behaviour on behalf of the users of the courier as the disabled courier can be enabled when anyone retrieves a new courier for the service. This is further compounded by the fact that the courier names are not unique. The name is derived from a concatenation of the category/name but this can clash when multiple ESBs expose the same service in the same VM. It can also clash with other services that happen to generate the same concatenation. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years, 6 months

2
8
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

esb-issues November 2008