April 2007 - jboss-dev-forums - Jboss List Archives

[Design of Security on JBoss] - Re: Security Client SPI

by anil.saldhana＠jboss.com

I did some more reading on SASL. As I mentioned earlier, it is a challenge/response based mechanism between the client and the server. So there will be multiple message flow between the client and server. In the case of EJB invocations, there is a notion of clients and servers. In the case of web invocations, there is just server that we are dealing with. Scott, do you think we should make an attempt at SASL? The details will be hidden behind the Security Client implementation and server side security manager implementation. Any feedback? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041679#4041679 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041679

17 years

1
0
0 / 0

[Design of JBoss internal QA (Test Suite)] - Re: prevent tests get overwritten

by ryan.campbell＠jboss.com

I'm fine with doing it in continuous builds for now. Ideally, this guarantee would be built into a custom test runner. IE, a notion of a test run identifier which would prevent the overwriting of results. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041669#4041669 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041669

17 years

1
0
0 / 0

[Design of JBoss internal QA (Test Suite)] - Re: strange compatibility matrix behaviour

by ryan.campbell＠jboss.com

I think your work around is ok for this legacy test suite. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041668#4041668 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041668

17 years

1
0
0 / 0

[Design of JBoss internal QA (Test Suite)] - Re: JBAS-3704 Add a notion of available interfaces to org.jb

by ryan.campbell＠jboss.com

This looks good to me. Let's commit it to the test project and come up with some unit tests before rolling it out to the test suite. Also, it looks like this requires Java5, so will only work in Branch_4_2 & trunk, but this is fine with me. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041667#4041667 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041667

17 years

1
0
0 / 0

[Design of JBoss Portal] - Re: how to find a portalobject in portal 2.6?

by julien＠jboss.com

Have a look at the class org.jboss.portal.test.core.model.portal.PortalObjectIdTestCase View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041663#4041663 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041663

17 years

1
0
0 / 0

[Design of JBoss Portal] - how to find a portalobject in portal 2.6?

by FredF

Hello. I have been using jboss 2.4 for a while and built an own "portalservice package" that creates various portalobjects like pages, windows and portletinstances purely by the api (not with management portlet). Now I have upgraded to portal 2.6 and my code breaks because when I want to fetch a portalobject i cant use Strings to the portalobjectcontainer. getObject requires an PortalObjectId. I am having trouble to get a portalobject by its name. I have a page under default portal and when I do this PortalObjectId id = PortalObjectId.parse(parentpage, PortalObjectId.LEGACY_FORMAT); I get null when I do PortalObject segmentpage = portalobjectcontainer.getObject(id); I am expecting my page as a page direct under the default portal root. How do I get an arbritrary portalobject from the portal object container? knowing only the name of the page I want? thanks, Fredrik View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041647#4041647 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041647

17 years

1
0
0 / 0

[Design of POJO Server] - Re: AOP testsuite failures in AS trunk

by anil.saldhana＠jboss.com

With the new iteration to the security deployer, I am creating service beans not only for the top deployment but for all jacc capable deployments in the DU. I am wondering if any of this discussion has changed in reference to: http://jira.jboss.com/jira/browse/JBAS-4379 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041612#4041612 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041612

17 years

1
0
0 / 0

[Design of Security on JBoss] - Security Client SPI

by anil.saldhana＠jboss.com

There have been usage of SecurityAssociation directly in the client code by users as well as JEMS projects. We really need to be getting a Client SPI from the security project. The SPI should include things like passage of username/password, callback handler, jaas config name (if the SPI implementation has to do JAAS). The SPI implementation can make use of SASL on which GSS can be placed. GSS works on the concept of tokens and can use encryption. One concept that I have not checked out is whether SASL needs both SASL client as well as SASL server because SASL is primarily used for a challenge/response type scenario. I want to be just doing SASL client. A rough outline of the security client spi is: | public interface SecurityClient | { | public void setUserName(String username) | public void setPrincipal(Principal p) | public void setCredential(Object cred) | public void setJaasConfigName(String str) | | //Advanced stuff for GSS | public setEncryption(String algo) | } | I will work out the SPI in the next few days. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041574#4041574 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041574

17 years

1
0
0 / 0

[Design of Kosmos] - Re: Install kosmos-0.2.0RC2 for Liferay 4.2.0

by ggates

I wouldn't hold your breath on any Kosmos package working. I've spent a couple of weeks messing around with JBoss, LifeRay and eXo. In all those install attempts the documentation for Kosmos has been next to useless, the build and/or deployment scripts have been broken or were missing so many elements needed in the classpath. I spent an entire day downloading and searching the web for halfbaked open source jar files that the process became a joke and some local developers started taking bets on how many more addons I would need just to get the LifeRay/Kosmos war file deployment script to complete successfully. BTW, you are correct, Build Successful means absolutely nothing with these scripts. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041504#4041504 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041504

17 years

1
0
0 / 0

[Design of Security on JBoss] - Re: SecurityAssociation no loger valid in remote client

by anil.saldhana＠jboss.com

I had a discussion with Scott on this. The invocation object creators should not be dealing with the security aspects. I will need to establish the security aspects via an interceptor after the container. For the client side, people should not be doing any direct SecurityAssociation stuff. JAAS is ok. The security project should really be providing a client SPI for clients to use. JAAS etc should be an internal detail of the SPI. GSS/SASL type of framework is where we intend to go towards that will provide pluggable aspects semantics for security. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041485#4041485 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041485

17 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums April 2007