April 2008 - jboss-dev-forums - Jboss List Archives

[Design of JBoss Build System] - Re: Eclipse and Maven (.project and .classpath in SVN)

by wolfc

"ALRubinger" wrote : I say let each developer be responsible for import of the project into his/her own preferred IDE. Too error prone, because it leads to stuff like: <classpathentry kind="src" path="src/test/java"/> Thus test classes show up in snapshots & releases. And: <classpathentry kind="output" path="target/classes"/> Which makes Eclipse generated artifacts pop up in snapshots & releases. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147127#4147127 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147127

16 years, 4 months

1
0
0 / 0

[Design of JBoss Web Services] - Re: UsernameToken authentication and authorization for POJO

by anil.saldhana＠jboss.com

Why not just design a generic solution around invoking the JBoss Security Managers by doing a JNDI lookup (works both in web and ejb2 containers) | // Get the JBoss security manager from the ENC context | InitialContext iniCtx = new InitialContext(); | SecurityManager securityMgr = (SecurityManager) iniCtx.lookup("java:comp/env/security/securityMgr"); | SimplePrincipal principal = new SimplePrincipal(username); | if( securityMgr.isValid(principal, password) ) | { | Darran, may I humbly request you to finish my beta release before you assign this JBossWS feature request? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147116#4147116 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147116

16 years, 4 months

1
0
0 / 0

[Design of JBoss Web Services] - Re: Unlocking WS-Security in Metro

by alessio.soldano＠jboss.com

Hi Richard, I've just checked out the tag metro1_1_1-release and the sources of com.sun.xml.wss.impl.misc.DefaultCallbackHandler seems to be OK (i.e. they have a couple of lines to scan the META-INF inside the jar). I'll try using this version soon then I'll let you know. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147115#4147115 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147115

16 years, 4 months

1
0
0 / 0

[Design of JBoss Web Services] - Re: UsernameToken authentication and authorization for POJO

by alessio.soldano＠jboss.com

"darran.lofthouse(a)jboss.com" wrote : I am thinking about having a look at this issue and just wanted to bring up some ideas here. The reason I am looking at this is because although there is a solution based on using EJB endpoints there is still a consistent demand for this capability for POJO endpoints. | | We currently have the following unscheduled issue: - | | http://jira.jboss.org/jira/browse/JBWS-1999 I Darran, interesting there's a consistent demand for these ws-security related features. That issue is assigned to me but you're welcome to reassing and work at it. anonymous wrote : I have seen the contributed code but this does not integrate with our current WS-Security handlers so I am proposing a more integrated solution. I think the idea of forcing the authentication calling the WSSecurityManager's .authenticate(...) method is good, that's imho the missing piece for pojo endpoints, since with ejb3 endpoints the ejb3 layer takes care of requesting the authentication. Of course I agree with you we can't have this called from other handlers; I didn't spend a lot of time looking at this, but I guess the current ReceiveUsernameOperation could be a nice place to do this. anonymous wrote : My idea would be to re-open the following issue to allow the UsernameToken to be set as a requirement on the incoming message: - | | http://jira.jboss.org/jira/browse/JBWS-1136 Generally speaking, I agree with you the should be a way to say "ok, the username token is required". anonymous wrote : The configuration should have an attribute 'authenicate=true', if set we can make use of the programatic web authentication available from JBoss 4.2.0.GA: - | | http://wiki.jboss.org/wiki/WebAuthentication | | In addition to this the configuration could then contain a set of the allowed roles to call the endpoint and if this is set after the authentication we could use isCallerInRole to verify if the user is in the allowed role. | | The use of the WebAuthentication above does mean that we can mainly use the standard servlet APIs after the authentication and this change would be achieved with a small amount of additional configuration, as we have authenticated then this will still be propagated to the calls to any subsequent EJBs. | I think it would be better to leave the configuration of the allowed roles to the login module configuration. May be I'm missing something, but I think we could simply let the user configure the security domain as usual and then the login module(s) configured for that security domain will have the roles configuration. Btw doing this you'll also get the digest/nonce feature of the UsernameToken Profile for free (see the test for JBWS-1988) also for pojo endpoints. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147109#4147109 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147109

16 years, 4 months

1
0
0 / 0

[Design of Messaging on JBoss (Messaging/JBoss)] - Overhead of remoting filters

by timfox

I'd be interesting in knowing what's the overhead of the keep alive and the request-response filters on non request-response traffic. A simple test would be very useful - send some decoupled non request-response traffic both with and without these filters enabled and measure the difference. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147046#4147046 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147046

16 years, 4 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Security Injection in AS5

by anil.saldhana＠jboss.com

It should go in AS/trunk/security module. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147015#4147015 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147015

16 years, 4 months

1
0
0 / 0

[Design of EJB 3.0] - Re: EJBTHREE-1290, MCDependencyPolicy interface

by scott.stark＠jboss.org

EJBTHREE-1329 (client app launcher needs DependencyPolicy in classpath) depends on this. Currently I have to include the jboss-ejb3-core.jar in the launcher classpath. Creating proper interfaces and moving them out of core into a jboss-ejb3-injection-spi.jar seems to be what is needed. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147012#4147012 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147012

16 years, 4 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Security Injection in AS5

by scott.stark＠jboss.org

"sguilhen(a)redhat.com" wrote : | I've started by taking a look at the aop-mc integration, as AOP had to define their beans and metadata factories to make it possible to use the aop elements in the -beans.xml files. | | So I've created a module, security-mc-int under the microcontainer project (not sure it should be there, just using the same approach AOP has taken), defined the beans, defined the security-beans.xsd, and started the implementation of the metadata factory. | Definitely does not belong under the microcontainer project. It belongs under the security project. "sguilhen(a)redhat.com" wrote : | I still have to figure out a couple of things. First, can I add post-installation behavior to my beans just by implementing the install and uninstall methods or is it necessary to configure an aop lifecycle for that? Just define create/start/stop/destroy methods as desired on the bean that should perform the setup. "sguilhen(a)redhat.com" wrote : | Second, I don't expect things to magically happen just by defining the metadata factory. Somehow I must bind it to the schema being parsed (that is, somehow the MC must know which factory to use when facing an application-policy element). | Use the XmlRootElement/JBossXmlSchema to define the element name appearing in under the beans.xml deployment element and its namespace: | @JBossXmlSchema(namespace="urn:jboss:aop-beans:1.0", elementFormDefault=XmlNsForm.QUALIFIED) | @XmlRootElement(name="annotation-introduction") | public class AnnotationIntroductionBeanMetaDataFactory extends AbstractAnnotationBeanMetaDataFactory | { | | private static final long serialVersionUID = 1L; | | @Override | protected String getBeanClassName() | { | return AnnotationIntroduction.class.getName(); | } | | } | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147008#4147008 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147008

16 years, 4 months

1
0
0 / 0

[Design of JBoss Web Services] - Re: Unlocking WS-Security in Metro

by richard.opalka＠jboss.com

"alessio.soldano(a)jboss.com" wrote : Hi Folks, | I've just committed some tests showing how to use ws-security with the jbossws-metro stack Nice job Alessio ;) "alessio.soldano(a)jboss.com" wrote : I found out on the wsit fisheye that more recent releases also scan the jar's META-INF folder and that's why I created JIRA-2158. Did you find more recent Metro tag than the current one metro1_1-release that would include your feature of scanning the jar's META-INF folder? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147005#4147005 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147005

16 years, 4 months

1
0
0 / 0

[Design of EJB 3.0] - Re: WS EJB invocation

by scott.stark＠jboss.org

It changed because the DeploymentScope is now handling the resolution of references to other components, so there is always a DeploymentScope. Previously this only existed for ears. Use the DeploymentScope getEjbContainer methods to obtain the container: | public interface DeploymentScope extends JavaEEApplication | { | /** | * Obtain the EJBContainer best matching the business interface | * @param businessIntf - the business interface to match | * @param vfsContext - the vfs path to the deploment initiating the request | * @return the matching EJBContainer if found, null otherwise. | */ | EJBContainer getEjbContainer(Class businessIntf, String vfsContext) | throws NameNotFoundException; | /** | * Obtain the EJBContainer best matching the business interface | * @param ejbLink - the referencing ejb-link | * @param businessIntf - the business interface to match | * @param vfsContext - the vfs path to the deploment initiating the request | * @return the matching EJBContainer if found, null otherwise. | */ | EJBContainer getEjbContainer(String ejbLink, Class businessIntf, String vfsContext); | | } | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4147001#4147001 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4147001

16 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums April 2008