[Design of Security on JBoss] - Re: Security Injection in AS5
by sguilhen@redhat.com
Here is some background information
As part of http://jira.jboss.org/jira/browse/JBAS-5312, I've created a new file, security-policies-beans.xml and configured the DynamicLoginConfig as a bean:
| <?xml version="1.0" encoding="UTF-8"?>
|
| <deployment xmlns="urn:jboss:bean-deployer:2.0">
|
| <bean name="StandardLoginConfig" class="org.jboss.security.auth.login.DynamicLoginConfig">
| <property name="policyConfig">
| <jbsx:policy
| xsi:schemaLocation="urn:jboss:security-config:5.0 resource:security-config_5_0.xsd"
| xmlns:jbsx="urn:jboss:security-config:5.0"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
| <jbsx:application-policy name="jboss-web-policy" extends="other">
| <jbsx:authentication>
| </jbsx:authentication>
| <jbsx:authorization>
| <jbsx:policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/>
| </jbsx:authorization>
| </jbsx:application-policy>
| <jbsx:application-policy name="jboss-ejb-policy" extends="other">
| <jbsx:authentication>
| </jbsx:authentication>
| <jbsx:authorization>
| <jbsx:policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/>
| </jbsx:authorization>
| </jbsx:application-policy>
| </jbsx:policy>
| </property>
| <property name="mbeanServer"><inject bean="JMXKernel" property="mbeanServer"/></property>
| <property name="loginConfigService">jboss.security:service=XMLLoginConfig</property>
| <property name="securityManagerService">jboss.security:service=JaasSecurityManager</property>
| <!-- dependency to allow for a smooth shutdown -->
| <depends>jboss.security:service=XMLLoginConfig</depends>
| </bean>
|
| </deployment>
|
This file replaced the old security-policies-service.xml, that was used to configure the DynamicLoginConfig as an MBean. I have tested this new configuration in many ways to make sure it was being properly parsed and the bean was being properly created.
Before committing the changes, I've decided to update the AS workspace to make sure everything was still working. I then started getting the parse error saying that was not found as child of .
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138774#4138774
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138774
16 years, 6 months
[Design the new POJO MicroContainer] - Re: beanfactory injection
by alesj
"alesj" wrote : "adrian(a)jboss.org" wrote :
| | We should add something to the "toHumanReadableString()" for the "anonymous inject" to ask whether they intended that it or just forgot to give a bean name. :-)
| |
| |
| | | Bean2TypePool -> injection by interface org.jboss.beans.metadata.spi.factory.BeanFactory (or did you forget to supply a bean name for the injection?) {Installed:** NOT FOUND **}
| | |
| |
| | Otherwise we're going to get lots of FAQs :-)
| I'll update the toString/toHumanString for class dependency items.
This will require update to DeployersImpl:
| dependency = iDependOn.toString();
| ControllerContext other = controller.getContext(iDependOn, null);
| if (other == null)
| actualStateString = "** NOT FOUND **";
|
I guess this is what we want:
| actualStateString = "** NOT FOUND " + item.toHumanReadableString() + " **";
|
On a different note, looking at
| Object iDependOn = item.getIDependOn();
| if (iDependOn == null)
| {
| dependency = "<UNKNOWN>";
| actualStateString = "** UNRESOLVED " + item.toHumanReadableString() + " **";
| }
|
and a default impl of toHumanReadableString
| public String toHumanReadableString()
| {
| StringBuilder builder = new StringBuilder();
| builder.append("Depends on '").append(getIDependOn());
| return builder.toString();
| }
|
it seams meaningless, since getIDependOn will return null. :-)
OK, but that's impl detail. ;-)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138760#4138760
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138760
16 years, 6 months
[Design of Messaging on JBoss (Messaging/JBoss)] - Re: Shared Transport in JGroups
by bstansberry@jboss.com
[OT] Wow, firefox crashed about 3/4 way through this long response. Restarted it and when it restored the tab it resurrected my in progress response. :-)
"clebert.suconic(a)jboss.com" wrote : I have been testing JGroups 2.6.2 and it is working fine without any problems.
Great. :-)
anonymous wrote : I'm a little confused to what will replace the multiplexor.
Basically, JGroups maintains a static Map<String, TP> (where TP is the base class for all transport protocols, i.e. UDP and TCP). If you add a singleton_name="xxx" attribute to your UDP or TCP protocol config, JGroups sees that and checks the map for xxx before instantiating an instance of the protocol, uses the existing protocol if it finds one.
So, say the JBC cache used for session repl needs a channel. It's configured to use the "udp" stack. So, it does this:
Channel ch = channelFactory.createMultiplexerChannel("udp", .......);
ch.connect("Tomcat-DefaultPartition");
If JBM also wanted to use the "udp" config, your code could:
Channel ch = channelFactory.createMultiplexerChannel("udp", .......);
ch.connect("JBM-CTRL");
In the AS, each service will have it's own channel. Only thing shared would be the UDP protocol at the bottom of the protocol stack. That's because the config of the UDP protocol in the "udp" stack includes singleton_name="udp".
Let's make it more interesting. Say JBM doesn't want to use the "udp" stack; you want a customized stack, say w/o STATE_TRANSFER. So you'd added a "jbm-ctrl" stack to the -stacks.xml file and instead of the above you do this:
Channel ch = channelFactory.createMultiplexerChannel("jbm-ctrl", .......);
ch.connect("JBM-CTRL");
Now two different channels with separate UDP protocols. OK, but maybe not ideal, since admins now have to work harder to isolate AS clusters from each other, since there are now multiple mulitcast sockets being created.
But, if you guys and I came to an agreement where we realized the same configuration *of just the UDP protocol* was fine for the "udp" and "jbm-xxx" stacks, then we could specify the same UDP config in all of them. And change the value of the singleton name, for example to singleton_name="shared-udp".
Now JBC and JBM once again share a UDP protocol.
anonymous wrote : Whatever it is we need the stack we currently use available on JBAS 5.
Please send me whatever you want to use and I'll make sure it's integrated.
Let's continue this dialogue re: shared transport to see if we can agree on a common config for a shared UDP protocol (or not).
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138755#4138755
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138755
16 years, 6 months