Unification of resource hirarchies
by Heiko Braun
I am currently building the context help for web console.
It does leverage the resource descriptions that are available through the detyped API.
While doing so, I stumbled across a problem that has been mentioned several times already:
Proper parent child relations when exposing subsystem configuration.
Most of the default configuration elements (server-groups, server-config, etc) make proper use
of addressable child resources. But I can still find several cases where this isn't done properly.
(i.e. subsystem=messaging, attribute security-setting / addressing-setting).
Cases like this make it hard and sometimes impossible to work with the API.
The context help is good example: For 80% of the cases it works fine to generate the
documentation on the fly. But in some cases, it's not possible at all.
I would consider both the means to retrieve configuration data and the data structure itself
as being part of the public API . Therefore I would suggest we clean it up before 7.0.CR1.
Would it be possible nail down subsystem configurations to attributes for simple types
and child relations for complex types? This would greatly help any API client to consume that data.
Or am i missing something here?
Ike
12 years, 10 months
web security extensions
by Bill Burke
I think AS7 and JBoss Web needs some cleaner integration if you want to
define your own web security extensions to do your own custom
authentication for instance.
Right now you have to define in jboss-web.xml:
<jboss-web>
<security-domain>java:/jaas/SPNEGO</security-domain>
<valve>
<class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
</valve>
</jboss-web>
It would be cool if you could replace the <valve> in jboss-web.xml with
an <auth-method> within web.xml. I think I know how this could be done
with no modifications to JBoss-Web, but where would you put the mapping
information? Within JBoss-web's subsystem domain model?
Furthermore, I think it would be even cleaner if that type of config was
ditched in favor of a URI within web.xml i.e.
<login-config>
<auth-method>BASIC:/webconsole</auth-method>
...
</login-config>
The above would mean BASIC authentication using the "webconsole"
security-domain. I think it would be interesting also if JBossWeb asked
the security domain for valves it should use/apply.
i.e.
<login-config>
<auth-method>security-domain:/webconsole</auth-method>
...
</login-config>
In this case, JBoss Web sees "security-domain" so it looks up the
"webconsole" security domain and asks it to set up all the appropriate
valves that are needed to set up.
In this manner, multiple web apps could use the same security domain and
you wouldn't have to change their config if you wanted to change the
authentication method. The security domain has complete control over
the authentication mechanism. You could take this even further fully
delegate security constraint application to the security domain. THis
would be very interesting as then an Identity Management service could
have complete control over security metadata without having to modify
the WAR.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12 years, 10 months
Looking for naming help
by James Perkins
Hello All,
While working on the Maven deployment plugin we've been contemplating
what the goals should be named. Currently we have 4 goals; deploy,
deploy-or-redeploy, redeploy and undeploy.
We kind of feel deploy-or-redeploy will be the default most people would
use. It seems a little verbose for the default. I've thought about
making deploy act as the deploy-or-redeploy, but I'm a bit concerned
that users will assume it will fail if the deployment already exists.
So my question to the lot of you is how would you interpret these goals
and can you think of some better names? Mainly a replacement for
deploy-or-redeploy, but any other suggestions are welcome.
Currently as a replacement for deploy-or-redeploy we have always-deploy
and force-deploy.
Thanks in advance,
--
James R. Perkins
JBoss by Red Hat
12 years, 10 months
:installed-drivers-list on managed server or SG?
by Heiko W.Rupp
Hi,
I know I am late to this game.
I am puzzled by the fact that in domain mode I get the list of jdbc drivers by
[standalone@localhost:9999 server=server-one] pwd
/host=local/server=server-one
[standalone@localhost:9999 server=server-one] ./subsystem=datasources:installed-drivers-list
actually with picking a random host within a server group after previously having uploaded
and deployed the driver jar to the server group.
This makes obviously sense if we allow individual drivers per managed AS instance in a SG,
but then installing a datasource that uses such a driver on /profile=X/subsystem=DS level
sounds like a big source of confusion if one of the managed servers happens to have
a different version of the driver and this only managed AS starts to behave in strange ways
Wouldn't it make more sense to put :installed-drivers-list on server-group level?
Heiko
12 years, 10 months
SPNEGO authentication fails loading configuration
by Christoph Gostner
Hi,
I'm running into problems using the SPNEGO authenticator in AS7.
I created a module with the costumized picketbox jar, modified the
Authenticators.properties in jbossweb-7.0.0.CR1.jar and deployed the test
toolkit.
At first sight the deployment process works. But testing the application,
it can't find the required login modules configured in standalone.xml.
So I debugged the complete process and compared my application with a
working
BASIC authentication jar.
Deploying the BasicAuthentication.jar, the required configuration is set in
JaasConfigurationService.start(...). The configuration includes all the
login
modules, configured in standalone.xml.
When I deploy the negotiation toolkit, the configuration is not set. The
authentication process tries to load the configuration in
Configuration.getConfiguration()
but a new configuration instance is created with no login modules in it.
The authenticator is a subclass of AuthenticatorBase.
It seems that JBoss doesn't recognize that the application is JAAS enabled.
I don't see the difference between the BASIC authentication application and
SPNEGO toolkit. Has somebody an explanation for this phenomenon?
Christoph
12 years, 11 months
Re: [jboss-as7-dev] JBoss AS7 Console Extensions
by Heiko Braun
On Jun 7, 2011, at 12:24 AM, Rob Cernich wrote:
> Hey Heiko,
>
> I'm working on some tooling for SwitchYard and was wondering what the preferred method for adding console extensions for additional modules, in this case, SwitchYard. Any insight you might provide would be greatly appreciated.
>
> Thanks in advance,
> Rob
Hi Rob,
it's not yet implemented but planned for the AS 7.1.CR1 release:
https://issues.jboss.org/browse/AS7-963
I cannot provide any of the specifics yet, but it will be a build time solution
that allows you to plugin tooling extensions that have been published to the maven repository.
We used to have such a solution within Errai Workspaces and we will build on the ideas that proven to be successful already:
http://download.jboss.org/errai/docs/1.2.2/userguide/index.html#workspaces
It's a meta data driven approach (Annotations). If you take a look at the workspace-api section
you get an idea how it looks like. Basically any extension will be packaged as a jar file and can be included
in a custom switchyard build.
It builds on a number of pre-requisites/constraints:
- Tools need to be written GWT
- There is no declarative approach like in RHQ. You need to write code. But we can help.
- The framework will provide shared services: authentication, widgets, backend integration, etc
Please let me know if you have any further questions.
Regards, Ike
12 years, 11 months
Migrating Seam app to AS7: Accessing page results in "The page isn't redirecting properly"
by Sande Gilda
I have made a lot of progress migrating this application from EAP5.1 to
AS7 with a whole lot of help from the developers. The application is now
deploying successfully, but I have run into a problem when I access the
application in the browser.
I am getting this error in Firefox:
/The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for
this address in a way that will never complete.
* This problem can sometimes be caused by disabling or
refusing to accept
cookies./
Cookies are enabled, and in fact, this application runs fine in EAP 5.1.
It looks like Firefox displays this error when a web page redirects you
in an endless loop.
I googled JBoss Seam and this error and I see a few issues reported in
previous releases. Many are related to page security issues.
In my JBoss startup log, I do see this, but am not sure if it's related:
15:46:23,747 WARNING
[org.jboss.seam.security.permission.PersistentPermissionResolver]
(MSC service thread 1-4) no permission store available - please
install a PermissionStore with the name
'org.jboss.seam.security.jpaPermissionStore' if persistent
permissions are required.
I've attached the entire JBoss log. The java.lang.NoClassDefFoundError:
sun/misc/Unsafe error occurs when I hit the page, I'm assuming it's
because of the endless loop.
I'm not familiar enough with Seam to debug this. Does anyone have any
suggestions for my next step?
Thanks,
Sande
12 years, 11 months
Transitive deps to be removed from the AS7 build
by Paul Gier
According to David, most, if not all, of the transitive deps in the AS7
build can be excluded in the POMs [1]. Please take a quick look at the
attached list and see if there is any transitive dep that you know
should be included in the build, and I will make it a direct dependency.
To provide context, the list also shows the direct dependency from
which each transitive dep is pulled in.
[1]https://issues.jboss.org/browse/AS7-954
12 years, 11 months
Local database file connection urls
by Scott Stark
In the
http://community.jboss.org/wiki/DataSourceConfigurationInAS7#Defining_the...
section I don't see an example of setting up a local database with a
backing store. Looking at the
org.jboss.as.connector.subsystems.datasources code, I don't see any
reference to the usual relativeTo attribute, or an attempt to expand
jboss.* properties. It seems like something like the following needs to
be supported with the datasource element handling property expansion:
<subsystem xmlns="urn:jboss:domain:datasources:1.0">
<datasources>
<datasource jndi-name="java:/H2DS" pool-name="H2DS" enabled="true"
use-java-context="true"
relativeTo="jboss.server.data.dir">
<connection-url>
jdbc:h2:file:${jboss.server.data.dir}/test;DB_CLOSE_DELAY=-1
</connection-url>
...
12 years, 11 months
How to install a JDBC driver as a module via CLI or console?
by Jaikiran Pai
In AS7 upstream, how do I currently install a JDBC driver *as a module*
either via the CLI or the admin console? Looking at the admin console I
just see that it allows me a choose from a list of already installed
drivers while creating a datasource but doesn't allow me to add a new
driver. Is this feature planned for AS 7.0 CR1/Final? Or is the driver
installation supposed to happen outside of the admin console?
As for the CLI, I'm just trying to get a hang of the syntax. So far, I
haven't found a way to add a new JDBC driver (as a module) from the CLI.
Here's what I have tried so far:
[standalone@localhost:9999 /] /subsystem=datasources/jdbc-driver=new-one:add
{
"outcome" => "failed",
"failure-description" => [("java.util.NoSuchElementException" =>
"No child 'driver-name' exists")]
}
I guess I'm using a wrong syntax here. Anyone knows how to go about
this? In the meantime, I'll go check the CLI syntax wiki.
P.S: By the way, I don't understand what that error message is trying to
convey to me. What does no child "driver-name" mean?
-Jaikiran
12 years, 11 months
