April 2011 - gatein-issues - Jboss List Archives

[JBoss JIRA] Resolved: (GTNWSRP-127) WSRP Identity Propagation users WSRP user context and should use WS-Security

by Matt Wringe (JIRA)

[ https://issues.jboss.org/browse/GTNWSRP-127?page=com.atlassian.jira.plugi... ] Matt Wringe resolved GTNWSRP-127. --------------------------------- Resolution: Done Should be working in the next version. Please see http://community.jboss.org/wiki/GateInWSRPAndWebServiceSecurity for configuration documentation. > WSRP Identity Propagation users WSRP user context and should use WS-Security > ---------------------------------------------------------------------------- > > Key: GTNWSRP-127 > URL: https://issues.jboss.org/browse/GTNWSRP-127 > Project: GateIn WSRP > Issue Type: Bug > Environment: EPP 4.3 CP03 > Reporter: Aaron Pestel > Assignee: Matt Wringe > > The current WSRP implementation passes the username via the WSRP user context, which according to the spec is not the purpose of the user context. > I have created a wiki that offers a potential solution. It involves two jax-rpc handers (one to generate the ws-security header on the consumer and one to parse and authenticate the ws-security header on the producer). In addition, org/jboss/portal/wsrp/producer/RequestProcessor.java needs to be changed to use the authenticated user's context rather than the information passed in the wsrp user context. Source code for these pieces is in the JARs at this wiki: http://community.jboss.org/wiki/JBossEPP43-WSRPwithWS-SecurityandSSL > Here is the current implementation of RequestProcessor that pulls security information from the WSRP user context, followed by my proposed implementation: > ------------------------------------------------------------------------------------------- > // fix-me: check that the correct semantics is used. > private SecurityContext createSecurityContext(final MarkupParams params, final RuntimeContext runtimeContext, > final org.jboss.portal.wsrp.core.UserContext wsrpUserContext) > { > return new SecurityContext() > { > public boolean isSecure() > { > return params.isSecureClientCommunication(); > } > public String getAuthType() > { > return runtimeContext.getUserAuthentication(); > } > public String getRemoteUser() > { > if (wsrpUserContext != null) > { > return wsrpUserContext.getUserContextKey(); > } > return null; > } > public Principal getUserPrincipal() > { > return null; > } > public boolean isUserInRole(String roleName) > { > return wsrpUserContext != null && Tools.isContainedIn(roleName, wsrpUserContext.getUserCategories()); > } > public boolean isAuthenticated() > { > return wsrpUserContext != null; > } > }; > } > ------------------------------------------------------------------------------------------- > ------------------------------------------------------------------------------------------- > // fix-me: check that the correct semantics is used. > private SecurityContext createSecurityContext(final MarkupParams params, final RuntimeContext runtimeContext, > final org.jboss.portal.wsrp.core.UserContext wsrpUserContext) > { > final Request r = ((org.apache.catalina.connector.Request)(SecurityAssociationValve.activeRequest.get())); > return new SecurityContext() > { > public boolean isSecure() > { > return r.isSecure(); > } > public String getAuthType() > { > return r.getAuthType(); > } > public String getRemoteUser() > { > return r.getRemoteUser(); > } > public Principal getUserPrincipal() > { > return r.getUserPrincipal(); > } > public boolean isUserInRole(String roleName) > { > return r.isUserInRole(roleName); > } > public boolean isAuthenticated() > { > return r.getUserPrincipal() != null; > } > }; > } > ------------------------------------------------------------------------------------------- -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 12 months

1
0
0 / 0

[JBoss JIRA] Created: (GTNWSRP-83) Improve testing of admin UI beans

by Chris Laprun (JIRA)

Improve testing of admin UI beans --------------------------------- Key: GTNWSRP-83 URL: https://jira.jboss.org/browse/GTNWSRP-83 Project: GateIn WSRP Issue Type: Task Components: Admin GUI Affects Versions: 2.0.0-Alpha03 Reporter: Chris Laprun Assignee: Chris Laprun Fix For: 2.0.0-Beta -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 12 months

1
4
0 / 0

[JBoss JIRA] Resolved: (GTNWSRP-133) Consumer localization

by Chris Laprun (JIRA)

[ https://issues.jboss.org/browse/GTNWSRP-133?page=com.atlassian.jira.plugi... ] Chris Laprun resolved GTNWSRP-133. ---------------------------------- Resolution: Out of Date > Consumer localization > --------------------- > > Key: GTNWSRP-133 > URL: https://issues.jboss.org/browse/GTNWSRP-133 > Project: GateIn WSRP > Issue Type: Feature Request > Affects Versions: 1.1.1-GA > Reporter: Julien Viet > Assignee: Chris Laprun > Priority: Minor > Fix For: 2.1.0 > > -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

14 years, 12 months

1
0
0 / 0

[JBoss JIRA] Created: (GTNPORTAL-1880) Performance issue when showing OrganizationManagementPortlet when there are many users in IDM DB

by Marek Posolda (JIRA)

Performance issue when showing OrganizationManagementPortlet when there are many users in IDM DB ------------------------------------------------------------------------------------------------ Key: GTNPORTAL-1880 URL: https://issues.jboss.org/browse/GTNPORTAL-1880 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Components: Identity integration, Performance Affects Versions: 3.1.0-GA Environment: EPP 5.1.0.GA, Picketlink 1.1.7.GA Reporter: Marek Posolda Assignee: Boleslaw Dawidowicz Fix For: 3.2.0-GA Attachments: threadDump1-loadOfAttributes.txt, threadDump2-loadOfAttributeValues.txt Time for load of page with organizationManagementPortlet depends on number of users. When there are very big number of users in picketlink DB (100000 or more) then loading of page can be few minutes. Steps to reproduce: 1) Add many users into IDM database 2) Login as john 3) Go to page http://localhost:8080/portal/private/classic/organization/management When looking into the source of problem, I've found that Hibernate is using 2 very expensive SQL select commands, which needs to load attributes and attribute values of ALL users in DB inspite of the fact that there are only first 10 users shown in the table in UI. Expensive select commands are: 1) Select for loading names of all attributes of all users ( This is called from HibernateIdentityStoreImpl.getAttributes ) select attributes0_.IDENTITY_OBJECT_ID as IDENTITY2_4_1_, attributes0_.ATTRIBUTE_ID as ATTRIBUTE1_1_, attributes0_.ATTRIBUTE_ID as ATTRIBUTE1_9_0_, attributes0_.IDENTITY_OBJECT_ID as IDENTITY2_9_0_, attributes0_.NAME as NAME9_0_, attributes0_.ATTRIBUTE_TYPE as ATTRIBUTE4_9_0_, attributes0_.BIN_VALUE_ID as BIN5_9_0_ from jbid_io_attr attributes0_ where attributes0_.IDENTITY_OBJECT_ID in (select this_.ID from jbid_io this_ inner join jbid_io_type type2_ on this_.IDENTITY_TYPE=type2_.ID inner join jbid_realm rm1_ on this_.REALM=rm1_.ID where rm1_.NAME='idm_realm' and type2_.NAME='USER' and this_.NAME like '%' ) 2) Select for loading text values of all users ( This is called from AttributesManagerImpl.convertAttribute ) select textvalues0_.TEXT_ATTR_VALUE_ID as TEXT1_9_0_, textvalues0_.ATTR_VALUE as ATTR2_0_ from jbid_io_attr_text_values textvalues0_ where textvalues0_.TEXT_ATTR_VALUE_ID in (select attributes0_.ATTRIBUTE_ID from jbid_io_attr attributes0_ where attributes0_.IDENTITY_OBJECT_ID in (select this_.ID from jbid_io this_ inner join jbid_io_type type2_ on this_.IDENTITY_TYPE=type2_.ID inner join jbid_realm rm1_ on this_.REALM=rm1_.ID where rm1_.NAME='idm_realm' and type2_.NAME='USER' and this_.NAME like '%' )) Problem with both select commands is that they need to load attributes of all users in DB even if only attributes for some very limited number of users are really needed. Big problem seems to be storing of query results into Hibernate Query Cache. I am attaching part of thread dumps where can be seen which parts are calling SQL commands. I guess fix can be some change in Hibernate mapping files for HibernateIdentityObject and HibernateIdentityObjectAttribute. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

1
1
0 / 0

[JBoss JIRA] Created: (GTNPORTAL-1221) IE6:Broken gadget form with 4 column in Arabic langauge

by Hang Nguyen (JIRA)

IE6:Broken gadget form with 4 column in Arabic langauge ------------------------------------------------------- Key: GTNPORTAL-1221 URL: https://jira.jboss.org/browse/GTNPORTAL-1221 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Components: User Interface Environment: IE6 Reporter: Hang Nguyen Priority: Minor Attachments: 3.jpg, 4.jpg - Set Number of columns for Dashboard portlet is : 4 - Change language to Arabic - Drag & drop gadget into dashboard --> Show broken gadget form. See attach file -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

3
7
0 / 0

[JBoss JIRA] Created: (GTNPORTAL-1153) Local Gadgets don't support the same HTTP methods are remote ones

by Matt Wringe (JIRA)

Local Gadgets don't support the same HTTP methods are remote ones ----------------------------------------------------------------- Key: GTNPORTAL-1153 URL: https://jira.jboss.org/jira/browse/GTNPORTAL-1153 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Matt Wringe Local gadgets don't appear to support the same HTTP methods that remote gadgets do. I am seeing errors like "The specified HTTP method is not allowed for the requested resource" for a gadget loaded locally through gadget.xml while the same gadget works fine when its added as a remote gadget using a url. This is the exact same gadget just loaded through different methods. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

4
14
0 / 0

[JBoss JIRA] Created: (GTNPORTAL-1797) Error UI in homepage when change languge to Arabic with simple skin

by Hang Nguyen (JIRA)

Error UI in homepage when change languge to Arabic with simple skin ------------------------------------------------------------------- Key: GTNPORTAL-1797 URL: https://issues.jboss.org/browse/GTNPORTAL-1797 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Environment: FF+IE Reporter: Hang Nguyen Priority: Minor Attachments: 1.jpg - Login by root - Change to sipmle skin - Change Arabic language => Error UI. See attach file -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

3
6
0 / 0

[JBoss JIRA] Created: (GTNPORTAL-1806) Can't login portal after sign in with unregistered user name

by Hang Nguyen (JIRA)

Can't login portal after sign in with unregistered user name ------------------------------------------------------------ Key: GTNPORTAL-1806 URL: https://issues.jboss.org/browse/GTNPORTAL-1806 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Hang Nguyen - Go to public mode - Click Sign in link - input unregistered user name - Click Sign In => Return to private mode -> OK - Continue input unregistered user name - Click Sign in => Show message => OK - Input user name "root" and pass "gtn" - Click Sign in => Return to public mode and show form Sign In -> Can't login to portal -> Wrong. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

5
4
0 / 0

[JBoss JIRA] Created: (GTNPORTAL-1624) Local Rss Reader gadget don't work under https mode

by kien nguyen (JIRA)

Local Rss Reader gadget don't work under https mode --------------------------------------------------- Key: GTNPORTAL-1624 URL: https://jira.jboss.org/browse/GTNPORTAL-1624 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Affects Versions: 3.1.0-GA Reporter: kien nguyen Assignee: kien nguyen When GateIn run on HTTPS mode, Local Rss Reader gadget don't work but other gadgets work fine. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

3
9
0 / 0

[JBoss JIRA] Created: (GTNPORTAL-1804) No Content-Type on css files

by Arne Berge (JIRA)

No Content-Type on css files ---------------------------- Key: GTNPORTAL-1804 URL: https://issues.jboss.org/browse/GTNPORTAL-1804 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Components: WebUI Affects Versions: 3.1.0-GA Reporter: Arne Berge GateIn doesn't set content-type on css-files added via gatein-resources.xml. This is important, beacuse IE9 ignores these css-files due to new security policy. In the console it states: SEC7113: CSS was ignored due to mime type mismatch. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira

15 years

5
7
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

gatein-issues April 2011