July 2007 - jboss-dev-forums - Jboss List Archives

[Design of JBoss Remoting, Unified Invokers] - Remoting 3 API Mockup/prototype

by david.lloyd＠jboss.com

I made a mockup/prototype Remoting 3 API in the past couple days. I've uploaded it to a sandbox SVN repository in order to have a basis for discussion on features and so forth. Basically it's just a bunch of interfaces that summarize the ideas outlined thus far in the wiki article, emails, conversations, etc. It is at: https://svn.jboss.org/sandbox/david.lloyd/remoting3/api-proto Presumably an anonymous svn link will become available shortly. When it does, I'll post it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060962#4060962 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060962

18 years, 9 months

1
0
0 / 0

[Design of Clustering on JBoss (Clusters/JBoss)] - Re: Using JBossSerialization with HttpSession Replication (J

by ricardoarguello

I need to backport this to JBoss 4.0.x. How should I proceed? Can I use the same SessionSerializationFactory class from JB5, and just modify JBossCacheService in the 4.0.x Branch. I have read the source code and it looks like this should work... Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060959#4060959 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060959

18 years, 9 months

1
0
0 / 0

[Design of JBoss Wiki] - Re: Portal 2.6 support...

by julien＠jboss.com

2.6 GA is released. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060942#4060942 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060942

18 years, 9 months

1
0
0 / 0

[Design of JBoss Portal] - Re: pending CMS tasks

by julien＠jboss.com

those tasks did have a fix version that was only targetting 2.6.2, I updated it to 2.6.2 and 2.8 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060941#4060941 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060941

18 years, 9 months

1
0
0 / 0

[Design of JBoss Remoting, Unified Invokers] - Re: Remoting 3 Security

by anil.saldhana＠jboss.com

Cool. An additional note that I just want to place here for archival purpose is that this discussion has been around securing the transport layer only and use of SASL for that. For JBoss Security in general, SASL can be between the client security interceptors and the server security interceptors. http://jira.jboss.com/jira/browse/SECURITY-46 So these two areas are separate. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060931#4060931 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060931

18 years, 9 months

1
0
0 / 0

[Design of JBoss Remoting, Unified Invokers] - Re: Remoting 3 Security

by david.lloyd＠jboss.com

"anil.saldhana(a)jboss.com" wrote : 1) SSL/TLS should be available on the transport as a choice and not default. Yes, this is what I intended to say. "anil.saldhana(a)jboss.com" wrote : 2) I am interested in encryption provided as an option when the ssl setup is not acceptable and/or user just needs to avoid man-in-the-middle attacks. An issue with encryption is symmetric key management. This is where SRP is interesting. One end does userid/pwd. The server does prime numbers. They interact and agree on a session key. | 3) SRP can be done as a JCA provider for GSS. As far as I know, SASL does challenge/response. So SRP should fit in pretty easily. There is code already written by Scott (probably in the varia module) that can be adapted. OK, so an SASL marshaller would cover this. My understanding is clearer. Thanks for the feedback. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060929#4060929 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060929

18 years, 9 months

1
0
0 / 0

[Design of JBoss Remoting, Unified Invokers] - Re: Remoting 3 Security

by anil.saldhana＠jboss.com

1) SSL/TLS should be available on the transport as a choice and not default. 2) I am interested in encryption provided as an option when the ssl setup is not acceptable and/or user just needs to avoid man-in-the-middle attacks. An issue with encryption is symmetric key management. This is where SRP is interesting. One end does userid/pwd. The server does prime numbers. They interact and agree on a session key. 3) SRP can be done as a JCA provider for GSS. As far as I know, SASL does challenge/response. So SRP should fit in pretty easily. There is code already written by Scott (probably in the varia module) that can be adapted. 4) An interesting thing that I have noted (but not dealt into deeply) is when the client seeks a stub/proxy from the server, the server can send in SASL chunks to the client to avoid 1 round trip. This is the PUSH on the initial proxy seek. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060925#4060925 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060925

18 years, 9 months

1
0
0 / 0

[Design of JBoss Portal] - Re: pending CMS tasks

by sohil.shah＠jboss.com

yes. thats correct thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060923#4060923 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060923

18 years, 9 months

1
0
0 / 0

[Design of JBoss Remoting, Unified Invokers] - Re: Remoting 3 Security

by david.lloyd＠jboss.com

One other thing - from what I can see, the only way to allow a client to authenticate a server (or, to have two peers authenticate each other) with SASL is to have both an SASLClient and an SASLServer on both sides of the connection... this means that each chunk has to be processed twice. I'm not sure that SASL is appropriate for this application. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060922#4060922 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060922

18 years, 9 months

1
0
0 / 0

[Design of JBoss Remoting, Unified Invokers] - Remoting 3 Security

by david.lloyd＠jboss.com

Some random thoughts about security in Remoting 3. Authentication - SASL looks like a good option to support client authentication. The API makes it look pretty easy. I know that SRP was proposed at one point as well. Can an SRP mechanism be added to SASL? My first glance makes me think "yes". But I don't know how this would work with other mechanisms (e.g. GSS). Encryption - currently there is SSL support for certain protocols (http mainly?). It does not look to me like SSL is supported for socket/multiplex/bisocket (see my wiki posting for how/why these could be unified). SSL/TLS should be available for the "default" transport for sure. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4060919#4060919 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4060919

18 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums July 2007