March 2007 - jboss-dev-forums - Jboss List Archives

[Design of JBoss Web Services] - Re: EndpointMetaData#eagerInitializeTypes()

by jason.greene＠jboss.com

Anything defined in LiteralTypeMapping, EncodedTypeMapping, and TypeMappingImpl.regiseterStandardLiteralTypes() -Jason View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025246#4025246 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025246

19 years, 1 month

1
0
0 / 0

[Design of JBoss ESB] - Re: jBPM in JBossESB

by bill.burke＠jboss.com

Esteban, Have you considered at all using JBPM as a backbone for the ESB? I see a lot of overlap/similarities between the core ESB engine and JBPM. Maybe ESB actions could be written as JBPM nodes or actions? For instance, take a look at the Seam Drools JBPM decision handler. Looks almost exactly the same as ESB's. ESB's split/aggragate are similar to JBPMs fork/join. Context variables are very analogous to a message map. What are the advantages/disadvantages to using JBPM as the core process engine? Here's some I thought of off the top of my head: Advantages: * JBPM eclipse designer * JBPM persistence * JBPM asynchronicity * versioning * richer IoC * parameter/context mappings Disadvantages: * A little extra verbose for small tasks (I think this could be overcome by writing our own node type.) I don't know, what do you think??? In the least, we should create some JBPM adapters so that ESB actions/nodes could be used as JBPM nodes/actions. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025242#4025242 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025242

19 years, 1 month

1
0
0 / 0

[Design of JBoss ESB] - Re: Scripting Language ESB Action

by bill.burke＠jboss.com

JBPM has its own tiny scripting as well. And you have drools. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025234#4025234 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025234

19 years, 1 month

1
0
0 / 0

[Design of Security on JBoss] - Re: AS 4.2.0 binding to localhost

by dimitris＠jboss.org

I'm pessimistic, too, in that creating a locked up static config will make more damage in our reputation for being developer friendly, than do good in our reputation for being unsecure. And AFAIK. the user perception that we are "unsecure" came from a default installation. If you check the jboss forums people rarely complaint about an unsecure jboss - most of them know what they are doing. There is so much you can do with a static configuration that needs to satisfy everyone. If there is no tools support for altering a jboss configuration at installation time, this is not a problem of the .zip distro. It's the problem of the tool. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025214#4025214 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025214

19 years, 1 month

1
0
0 / 0

[Design of JBoss jBPM] - Re: Designer 'Save Without Deploying' not working

by jeffdelong

It is the designer that gives the exception and there is no stacktrace. It effects both Save Without Deploying and Deploy Process Archive, so I don't think it is related to the console. It appears to be related to the files in the images directory, but I don't know why that would cause an issue. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025200#4025200 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025200

19 years, 1 month

1
0
0 / 0

[Design of Security on JBoss] - Re: AS 4.2.0 binding to localhost

by ryan.campbell＠jboss.com

"dimitris(a)jboss.org" wrote : First of all, better don't make assumption about how users will react to the change. If jboss binds to 0.0.0.0 since year 1999 and now this has changed to localhost, I think this is already a big change and will at the very least make people wonder why's that. Release notes and blogging will help explain the problem, too. We are both making assumptions about how users will react. The difference is you are being optimistic, and I am being pessimistic. I agree veteran users will notice a change, but they are likely not the source of our "problem." If the goal is to provide legalistic arguments that we are secure by default, the status quo is fine. If the goal is to reduce the perception that we are insecure, we won't make any progress with the existing solution. I completely agree it is the job of the deployer to secure the jmx-console and other vulnerable access points, but they are consistently not doing their jobs and we are getting the blame. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025198#4025198 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025198

19 years, 1 month

1
0
0 / 0

[Design of Security on JBoss] - Re: AS 4.2.0 binding to localhost

by dimitris＠jboss.org

First of all, better don't make assumption about how users will react to the change. If jboss binds to 0.0.0.0 since year 1999 and now this has changed to localhost, I think this is already a big change and will at the very least make people wonder why's that. Release notes and blogging will help explain the problem, too. Second, for the really naive users without any jboss knowledge that just unzip jboss, throw in a webapp, and they are done, or the case where a jboss server is installed by default and is just waiting there, unused, this measure offers some really basic but essential protection. Remember that we received negative comments about "remotely accessing a default jboss installation" and this is what we are fixing here. >From the point where somone starts messing with command line parameters and configuration options he/she must assume responsibility for his/hers doings. I agree we can assist a user to create a more secure environment, but this is done either in the installer, or some post installation script. Besides, there are many points you need to secure, not just the jmx-console. In my understanding, if we lock up everying in the default developer-oriented .zip distro, we'll just manage to enrage developers. And don't forget that the .zip distro IS primarily made for developers. In a production environment where you'll have to make quite a few configuration changes before installing/testing/fine-tuning a server, securing the server is really one of the standard items in your checklist. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025187#4025187 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025187

19 years, 1 month

1
0
0 / 0

[Design of Security on JBoss] - Re: AS 4.2.0 binding to localhost

by mjc＠redhat.com

"ryan.campbell(a)jboss.com" wrote : I'm skeptical that the existing approach will actually push users to read any documentation. Binding to localhost does at least stop us being insecure by default and is something we do in Red Hat Enterprise Linux with servers such as sendmail. However we've also discussed a better solution -- having HTTP Basic authentication turned on by default for any consoles, with no username and password configured. A user browsing the console for the first time (if they don't use the installer) would be prompted to log in and when failing to log in a custom "403 Authentication Required" response would be displayed and could point them at the documentation. Using the installer would by default give the user the ability to setup this user/password. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025177#4025177 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025177

19 years, 1 month

1
0
0 / 0

[Design of JBoss jBPM] - Re: Designer 'Save Without Deploying' not working

by david.lloyd＠jboss.com

Jeff, is it the console that is giving the exception, or the designer? Can you provide a stacktrace in any case? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025173#4025173 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025173

19 years, 1 month

1
0
0 / 0

[Design of JBoss jBPM] - Re: Designer 'Save Without Deploying' not working

by jeffdelong

It seems to deploy ok if I uncheck src/main/images, and only have src/main/jpdl, src/main/java, and src/main/css checked in the Java Classes and Resources. In this example the images directory does not really have anything interesting in it that I can tell, ... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025168#4025168 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025168

19 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums March 2007