May 2008 - jboss-dev-forums - Jboss List Archives

[Design of Security on JBoss] - Re: Security Injection in AS5

by sguilhen＠redhat.com

Hey Ales, thanks again for the pointers. Adrian's post makes sense as validation is separate from XML mapping. I'll do the validation programmatically like you suggested ;) View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149191#4149191 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149191

17 years, 11 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Security Injection in AS5

by alesj

Probably this post explains it best, why there is no special annotations. ;-) - http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4144891#4144891 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149187#4149187 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149187

17 years, 11 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Security Injection in AS5

by alesj

"sguilhen(a)redhat.com" wrote : One of the details I have to address has to do with schema validation. Is there any way to express a <xsd:choice> using the annotations? I'm asking because security policies should either have an authentication or an <authentication-jaspi> element, but never both simultaneously. How do I express this kind of restriction? I see a bunch of xsd:choice usage here: - http://anonsvn.jboss.org/repos/jbossas/projects/microcontainer/trunk/kern... but I don't think we do any special treatment / annotations in the code. You can do this programmatically, as we do it in certain places: - http://anonsvn.jboss.org/repos/jbossas/projects/microcontainer/trunk/kern... see initialVisit method. You can put this just before you create your security bean metadata. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149180#4149180 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149180

17 years, 11 months

1
0
0 / 0

[Design of JBossXB] - Re: Add schema binding to SingletonSchemaResolverFactory

by alex.loubyansky＠jboss.com

Yes, I would say logically the resolver configuration and all the mappings (including the existing ones) should be done on the integration level. The mappings reference class names from other projects and it makes sense for the owners of those classes to be able to make changes in this area w/o requesting a change in the xb's sourcecode. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149178#4149178 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149178

17 years, 11 months

1
0
0 / 0

[Design of JBossXB] - Re: Add schema binding to SingletonSchemaResolverFactory

by alesj

You can/should create your own deployer, that knows how to parse your custom security xml, plus it registers your schema/metadata to resolver. This way you can then use your custom xml in -beans.xml and your e.g. -security.xml. Stefan knows how to do this, or see SchemaResolverDeployer for more info. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149177#4149177 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149177

17 years, 11 months

1
0
0 / 0

[Design of JBossXB] - Re: Add schema binding to SingletonSchemaResolverFactory

by anil.saldhana＠jboss.com

Alexey, shouldn't this registration sit in the security integration layer rather than XB? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149173#4149173 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149173

17 years, 11 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Security Injection in AS5

by sguilhen＠redhat.com

One of the details I have to address has to do with schema validation. Is there any way to express a <xsd:choice> using the annotations? I'm asking because security policies should either have an authentication or an <authentication-jaspi> element, but never both simultaneously. How do I express this kind of restriction? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149161#4149161 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149161

17 years, 11 months

1
0
0 / 0

[Design of JBossXB] - Re: Add schema binding to SingletonSchemaResolverFactory

by alex.loubyansky＠jboss.com

Yes. Also, please, create a Jira issue in the JBXB for this. Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149152#4149152 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149152

17 years, 11 months

1
0
0 / 0

[Design of Security on JBoss] - Re: Security Injection in AS5

by sguilhen＠redhat.com

Update on the metadata work: Following Ales' pointers I was able to come up with a clean implementation of the metadata factory that generates the beans responsible for the definition of an application policy. There are still a few details to address but I am ready to commit the code and work on the details later. As of now, it is possible to declare complete application policies and have them registered with the security layer: | <deployment xmlns="urn:jboss:bean-deployer:2.0"> | | <application-policy xmlns="urn:jboss:security-beans:1.0" name="TestPolicy1"> | <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/> | </authentication> | <authorization> | <policy-module code="org.jboss.security.authz.AuthorizationModule" flag="required"> | <module-option name="authzOption">authz.value</module-option> | </policy-module> | </authorization> | <identity-trust> | <trust-module code="org.jboss.security.trust.IdentityTrustModule" flag="required"> | <module-option name="trustOption1">trust.value1</module-option> | <module-option name="trustOption2">trust.value2</module-option> | </trust-module> | </identity-trust> | <audit> | <provider-module code="org.jboss.security.audit.AuditModule"> | <module-option name="auditOption">audit.value</module-option> | </provider-module> | </audit> | <rolemapping> | <mapping-module code="org.jboss.security.mapping.RoleMappingModule"> | <module-option name="mappingOption1">mapping.value1</module-option> | <module-option name="mappingOption2">mapping.value2</module-option> | </mapping-module> | </rolemapping> | </application-policy> | .... | </deployment> | JASPI authentication policies can also be declared: | <application-policy xmlns="urn:jboss:security-beans:1.0" name="TestPolicy1"> | <authentication-jaspi> | <login-module-stack name="ModuleStack1"> | <login-module code="org.jboss.security.auth.StackModule1" flag="required"> | <module-option name="stackOption1">stack1.value1</module-option> | </login-module> | <login-module code="org.jboss.security.auth.StackModule2" flag="option"/> | </login-module-stack> | <login-module-stack name="ModuleStack2"> | <login-module code="org.jboss.security.auth.StackModule1" flag="required"> | <module-option name="stackOption1">stack2.value1</module-option> | <module-option name="stackOption2">stack2.value2</module-option> | </login-module> | </login-module-stack> | <auth-module code="org.jboss.security.auth.AuthModule" login-module-stack-ref="ModuleStack1"> | <module-option name="authOption1">auth.value1</module-option> | <module-option name="authOption2">auth.value2</module-option> | </auth-module> | </authentication-jaspi> | </application-policy> | There are a few tests (I'll be working on improving the tests) that run in standalone mode and those tests add, at runtime, a binding for the security-policy schema into the SingletonSchemaResolverFactory in the setUp method. For this code to work in the AS we need add this binding permanently to XB and update the AS to use a new release of XB. I've opened a thread in the JBossXB forum to address this issue. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149151#4149151 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149151

17 years, 11 months

1
0
0 / 0

[Design of JBossXB] - Add schema binding to SingletonSchemaResolverFactory

by sguilhen＠redhat.com

I am about to commit the implementation of a metadata factory for security policies. This factory allows for the declaration of policies in -beans.xml files using security tags: | <deployment xmlns="urn:jboss:bean-deployer:2.0"> | | <application-policy xmlns="urn:jboss:security-beans:1.0" name="TestPolicy1"> | <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | <module-option name="usersProperties">jboss-users.properties</module-option> | <module-option name="rolesProperties">jboss-roles.properties</module-option> | </login-module> | </authentication> | </application-policy> | | ..... | </deployment> | the AppPolicyBean generated by the factory registers the application policy described with the security layer. What I need is to add a definitive binding for the security schema to the SingletonSchemaResolverFactory for the policies to be used in the AS. In my tests I'm doing that explicitly during the setUp method: | SingletonSchemaResolverFactory.getInstance().addJaxbSchema("urn:jboss:security-beans:1.0", | "org.jboss.security.microcontainer.beans.metadata.SecurityPolicyMetaData"); | Is it ok if I add myself this binding and commit it? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149139#4149139 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149139

17 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums May 2008