November 2006 - jboss-dev-forums - Jboss List Archives

[Design of Security on JBoss] - Re: Cleaned up security project

by scott.stark＠jboss.org

We need to list all the code pulling in the jbossas dependencies and then either rewrite it to avoid it, move it, or provide a legitimate jbossas spi jar. So yes, let's do that. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989833#3989833 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989833

17 years, 11 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Cleaned up security project

by anil.saldhana＠jboss.com

"scott.stark(a)jboss.org" wrote : The jboss-transaction dependency is due to a simple utility class that really should be in the common or some j2ee util. | | The LoginConfigInterceptor was a prototype to look at being able to introduce security configs by finding a login-config.xml in the deployment. Its obsolete for jboss5 and the vdf, and should in fact be a security config deployer in jbossas, not in the security project. | The jboss-transaction dependency is due to DatabaseServerLoginModule. I already removed the LoginConfigInterceptor. By the way, do you think it is worthwhile to basically list some of the code with some of the doubtful dependencies, such that you can comment on where in jbas, it can be refactored? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989832#3989832 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989832

17 years, 11 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Cleaned up security project

by scott.stark＠jboss.org

The jboss-transaction dependency is due to a simple utility class that really should be in the common or some j2ee util. The LoginConfigInterceptor was a prototype to look at being able to introduce security configs by finding a login-config.xml in the deployment. Its obsolete for jboss5 and the vdf, and should in fact be a security config deployer in jbossas, not in the security project. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989827#3989827 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989827

17 years, 11 months

1
0
0 / 0

[Design of JBoss Profiler] - Re: Runtime profiler operation

by clebert.suconic＠jboss.com

I"m sorry.. just realized you're using Solaris... There is some issue with JVMPI & threading model on Solaris. It seems that Solaris is sending some different sequence of events. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989824#3989824 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989824

17 years, 11 months

1
0
0 / 0

[Design of JBoss Profiler] - Re: Runtime profiler operation

by sboying

There are 72378 files in the profiler directory I have chosen for output, seems a little high. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989822#3989822 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989822

17 years, 11 months

1
0
0 / 0

[Design of JBoss Profiler] - Re: Runtime profiler operation

by sboying

Clebert, I issue the activate(start), let it run awhile, around a minute, then issue the stop. I noticed this time there are some files with data, but there are still several zero length, too many to list here. I get the same results when trying to process results. Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989821#3989821 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989821

17 years, 11 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Cleaned up security project

by anil.saldhana＠jboss.com

As part of http://jira.jboss.com/jira/browse/SECURITY-25, I created sub projects under security (security-spi, security-jboss-sx and security-optional) along the lines of the "common" project. The optional sub project is currently empty. I was not able to remove the aforementioned dependencies unless we start moving the low priority code into the optional subproject. | When I removed the class "org.jboss.security.auth.login.LoginConfigInterceptor", I was able to get the MBeans dependency out | Do you remember why Dimitris wrote this interceptor? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989820#3989820 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989820

17 years, 11 months

1
0
0 / 0

[Design the new POJO MicroContainer] - Re: VFS security issues for jbossweb

by scott.stark＠jboss.org

So either we support identifying such path mismatches, or jbossweb will have to go outside of the vfs to the java.io.File apis. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989814#3989814 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989814

17 years, 11 months

1
0
0 / 0

[Design the new POJO MicroContainer] - VFS security issues for jbossweb

by scott.stark＠jboss.org

Remy brought up the following issue when looking at using the vfs in jbossweb: There is the usual issue that (among other problems) exposes JSP source (a request for foo.jsP will not match the *.jsp pattern, but the default servlet will find and serve a file named foo.jsp on the filesystem). To check case sensitivity (on a filesystem), you have to compare the absolute path (which will return the absolute path using what you used - here, it would be /some/path/foo.jsP) with the canonical path (which will rebuild everything from the filesystem, so it would be /some/path/foo.jsp). No match means the filesystem abstraction will return null (= not found). However, this check does not work when symlinking is used on Unix, so there's an override flag. Example code from Tomcat: | protected File file(String name) { | | File file = new File(base, name); | if (file.exists() && file.canRead()) { | | if (allowLinking) | return file; | | // Check that this file belongs to our root path | String canPath = null; | try { | canPath = file.getCanonicalPath(); | } catch (IOException e) { | } | if (canPath == null) | return null; | | // Check to see if going outside of the web application root | if (!canPath.startsWith(absoluteBase)) { | return null; | } | | // Case sensitivity check | if (caseSensitive) { | String fileAbsPath = file.getAbsolutePath(); | if (fileAbsPath.endsWith(".")) | fileAbsPath = fileAbsPath + "/"; | String absPath = normalize(fileAbsPath); | if (canPath != null) | canPath = normalize(canPath); | if ((absoluteBase.length() < absPath.length()) | && (absoluteBase.length() < canPath.length())) { | absPath = absPath.substring(absoluteBase.length() + 1); | if ((canPath == null) || (absPath == null)) | return null; | if (absPath.equals("")) | absPath = "/"; | canPath = canPath.substring(absoluteBase.length() + 1); | if (canPath.equals("")) | canPath = "/"; | if (!canPath.equals(absPath)) | return null; | } | } | | } else { | return null; | } | return file; | | } | Note: The normalization thingie removes ".." and things like that. It is there because of possible usage through the request dispatcher. Note2: These operations are expensive, but there's a cache (another dir context) on top of that dir context. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989813#3989813 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989813

17 years, 11 months

1
0
0 / 0

[Design of JBoss jBPM] - continuous integration?

by Digeratus

Hi Folks, I'm new to the source code of jbpm. So far I've checked things out; imported the eclipse .projects into my workspace and "made things happy there", i.e. I've resolved the buildpath issues related to defining JBPM_REPO. So now I was wondering about updating from cvs; but naturally you worry about getting a "broken build" that way, like in the middle of the day when people are in the middle of checking things in. In our internal environment we use anthill to continuously run builds and tests... is there anything like that for jbpm? I.e. a website that I can go to to see that everything has built successfully? Thanks in advance for pointers... and sorry if I should have RTFM something I missed. On another point... anyone do any eclipse .project things with BPEL they'd be interested in checking in or sharing? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989811#3989811 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989811

17 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums November 2006