EJB Container on AS 7
by Marchioni Francesco
Dear AS 7 developers,
can anybody tell me about the EJB container- when will it be available
on the AS 7 stack ?
Thanks a lot
Regards
Francesco
--------------------------------------------------------------------------------------------------------
Le informazioni trasmesse possono contenere documenti confidenziali e/o materiale riservato; sono
quindi da intendersi esclusivamente ad uso della persona e/o societa a cui sono indirizzate.
Qualsiasi modifica, inoltro, diffusione o altro utilizzo, relativo alle informazioni trasmesse, da parte
di persone e/o societa diversi dai destinatari indicati, e proibito ai sensi della legge 196/2003.
Qualora questa mail fosse stata ricevuta per errore, si prega di contattare il mittente e cancellarne
il contenuto.
--
Privileged/Confidential Information may be contained in this message. If you are not the addressee
indicated in this message (or responsible for delivery of the message to such person), you may not
copy or deliver this message to anyone. In such case, you should destroy this message and kindly
notify the sender by reply email. Please advise immediately if you or your employer does not consent
to Internet email for messages of this kind. Opinions, conclusions and other information in this
message that do not relate to the official business of my firm shall be understood as neither given
nor endorsed by it.
--------------------------------------------------------------------------------------------------------
13 years, 8 months
json vs custom parser
by Scott Stark
Just browsing through the as7-dev list I don't see a discussion of why
we have a custom parser for a json like serial format vs just using
json. Was this to avoid a runtime dependency, or was there another reason?
13 years, 8 months
Independent / Orphaned Hosts
by Darran Lofthouse
From some discussions today it has become apparent that we may need to
receive requests over the management APIs on hosts not currently
connected to a domain controller. The hosts may not be connected either
because the domain controller has gone or because they are a new host
not currently connected to a domain controller.
From a securing the management APIs perspective could it be reasonable
to consider this a special case and maybe approach it with a host
specific user account defined that if used to connect to the host will
only allow verification of the domain controller connection and
modification of the domain controller connection.
Anything beyond that would require a domain controller connection so
that the full configuration for management API security can be pulled
from the domain controller.
Regards,
Darran Lofthouse.
13 years, 8 months
Out of the Box - Management API Security
by Darran Lofthouse
From the requirements the APIs used to access the server need to be
secured and there also needs to be the possibility of integrating with
existing infrastructure - however what do we need for the out of the box
experience?
Within prior AS releases default security configuration would generally
be provided using login modules that read the users, their password and
their roles from properties files. These files would be static and for
updates they would need to be edited by hand.
For AS7 would we also use a statically defined approach like this or for
the out of the box security configuration would we be looking for an
approach where the users and their roles can also be configured through
the management APIs?
Regards,
Darran Lofthouse.
13 years, 8 months
Authentication Caching
by Darran Lofthouse
As confirmed on another thread we can not rely on connections between
the client and the domain controller being maintained, this means that
we can not authenticate a user once when they connect and keep this
associated with the connection - some form of authentication would need
to happen on every connection.
I have started to consider a couple of options here for how the
authenticated identity can be cached: -
http://community.jboss.org/wiki/DesignConsideration-ManagementAPIAuthenti...
Probably best to keep the discussion on this e-mail thread so it is all
in one place.
Regards,
Darran Lofthouse.
13 years, 8 months
Definitely no subsystem support in the domain controller?
by Darran Lofthouse
Just want to double check one last time that there will be no support
for subsystems in the domain controller.
For securing the management APIs the backing infrastructure that we
would need to be able to connect to is most likely already covered by
the login modules included within PicketBox. The integration of this
with JBossAS 7 is also already working to provide a nicer schema when
defining a security domain.
http://community.jboss.org/thread/154409?tstart=0
If a schema already exists then the benefit of re-using it really means
that administrators only need to learn how to configure these modules
once rather than once for the management API and once for the actual
subsystems used by servers.
The first problem is that the existing parsing of the configuration will
be based around the detyped API and performing operations in the context
of a subsystem. Secondly operations to operate on this configuration
will also be in that context.
In the context of the domain controller configuration we could still
re-implement the parsing and operations without the dependency of a
server and the subsystem so at least the configuration appears the same
even if the integration with the server is different.
However the next issue that crops up using the PicketBox modules is the
dependence on things like JNDI and Datasources, probably not a massive
issue to solve but has there been any consideration yet regarding how to
manage datasources in the domain controller process?
Regards,
Darran Lofthouse.
13 years, 8 months
Remote Management APIs - Keep-Alive?
by Darran Lofthouse
Just trying to clarify a couple of the requirements for securing the
management APIs to AS7.
For both the HTTP and the Remoting APIs would the connections from the
clients be maintained or a new connection established for each operation?
I am trying to establish here if we are going to need our own
authentication cache - if the connections are kept alive then any
established identity can be held with the connection for future
invocations but if we are regularly establishing new connections we are
going to need an alternative caching mechanism to prevent repeatedly
calling out to the back end repository of users.
Regards,
Darran Lofthouse.
13 years, 8 months