May 2008 - jboss-dev-forums - Jboss List Archives

[Deployers on JBoss (Deployers/JBoss)] - Re: Is META-INF in the classpath?

by dimitris＠jboss.org

The full trace: | Caused by: java.io.FileNotFoundException: X:\cvs\jboss-public\jboss-head\build\o | utput\jboss-5.0.0.CR1\bin\META-INF\noop.xml | at org.jboss.net.protocol.file.FileURLConnection.connect(FileURLConnecti | on.java:95) | at org.jboss.net.protocol.file.FileURLConnection.getInputStream(FileURLC | onnection.java:104) | at org.apache.xerces.impl.XMLEntityManager.setupCurrentEntity(Unknown So | urce) | at org.apache.xerces.impl.XMLEntityManager.startEntity(Unknown Source) | at org.apache.xerces.impl.XMLEntityManager.startEntity(Unknown Source) | at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEntityRefer | ence(Unknown Source) | at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContent | Dispatcher.dispatch(Unknown Source) | at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Un | known Source) | at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) | at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) | at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) | at org.apache.xerces.parsers.DOMParser.parse(Unknown Source) | at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source) | at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:98) | at org.jboss.deployers.vfs.spi.deployer.JAXPDeployer.doParse(JAXPDeploye | r.java:179) | at org.jboss.deployers.vfs.spi.deployer.JAXPDeployer.parse(JAXPDeployer. | java:150) | at org.jboss.deployers.vfs.spi.deployer.AbstractVFSParsingDeployer.parse | (AbstractVFSParsingDeployer.java:184) | at org.jboss.deployers.spi.deployer.helpers.AbstractParsingDeployerWithO | utput.createMetaData(AbstractParsingDeployerWithOutput.java:330) | ... 26 more | 20:44:38,625 WARN [HDScanner] Failed to process changes | org.jboss.deployers.client.spi.IncompleteDeploymentException: Summary of incompl | ete deployments (SEE PREVIOUS ERRORS FOR DETAILS): | | *** CONTEXTS IN ERROR: Name -> Error | | vfsfile:/X:/cvs/jboss-public/jboss-head/build/output/jboss-5.0.0.CR1/server/defa | ult/deploy/x.sar/ -> java.io.FileNotFoundException: X:\cvs\jboss-public\jboss-he | ad\build\output\jboss-5.0.0.CR1\bin\META-INF\noop.xml | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154411#4154411 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154411

15 years, 11 months

1
0
0 / 0

[Deployers on JBoss (Deployers/JBoss)] - Is META-INF in the classpath?

by dimitris＠jboss.org

Randomly looking into one of the tests that have been failing for ever now: http://hudson.qa.jboss.com/hudson/view/JBoss%20AS/job/JBoss-AS-5.0.x-Test... A META-INF/jboss-service.xml descriptor references a 'noop.xml' entity in the same directory (META-INF) in the .sar, but fails to find it. | <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE server | [ | <!ENTITY noop SYSTEM "META-INF/noop.xml"> | ] | > | | <server> |  | &noop; | </server> | That was working in AS 3.x/4.x. Are we not allowing loading of resources from META-INF ? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154410#4154410 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154410

15 years, 11 months

1
0
0 / 0

[Design of Management Features on JBoss] - Re: Common context root for management web apps, web invoker

by scott.stark＠jboss.org

I don't see this as a problem for jbossas 5. For the EAP we could also work on an extended port mapping function that allows for any managed metadata to be overwritten such that there is a secured-metdata configuration override that does the typical security changes. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154409#4154409 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154409

15 years, 11 months

1
0
0 / 0

[Design of Management Features on JBoss] - Re: Common context root for management web apps, web invoker

by lhoriman

To anticipate the response "just secure the invokers ala the SecureTheInvokers wiki page", this still leaves the services vulnerable to: * Dictionary attacks and brute force attacks * Leaked passwords * Ex-employees who still know the password(s) In every major enterprise environment I've worked in (or been responsible for), there has been an explicit policy forbidding public access to administrative login interfaces, even if they are password protected. Remote access to internal company resources must first be authenticated through a VPN (usually, with two-factor authentication ala RSA SecureID). When an employee leaves, their VPN account is disabled so even if a developer or administrator has jboss passwords, they cannot use them. To anticipate the response "enable SecureTheInvokers with a LoginModule that authenticates against the VPN/two-factor source", I respond: * This is not always possible. Network designs (ie, firewalls) sometimes prevent public appsevers from accessing the authentication servers via LDAP (or whatever protocol). * As someone who has actually done this for some services, it's not easy, and doing group-based role setting requires a custom LoginModule. Most administrators will not bother. * It's painfully easy for a junior admin to deploy a new appserver and get the login config wrong, exposing critical vulnerable services. Thus: One critical part of securing web services is denying public access to administrative login interfaces. Currently this must be done by several explicit denial rules on the loadbalancer, one for each administrative web context root. When JBoss changes a context root or adds a new service with a new context, the loadbalancer rules can become stale and thus leave critical services unprotected. This would be resolved easily if all administrative services were shared under a single web context root such as "/jboss". Jeff View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154407#4154407 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154407

15 years, 11 months

1
0
0 / 0

[Design of POJO Server] - Re: Integrating aop-mc-int bean metadata with AS5

by scott.stark＠jboss.org

Yes, otherwise no deployers can load classes until after the aop deployer runs in the REAL phase. That makes the POST_CLASSLOADER and PRE_REAL phases of limited value. The aop deployer also needs a unique output or we need to use a relative ordering to ensure its the first POST_CLASSLOADER by default. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154406#4154406 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154406

15 years, 11 months

1
0
0 / 0

[Design of POJO Server] - Re: Integrating aop-mc-int bean metadata with AS5

by kabir.khan＠jboss.com

Because the beans that push the things into the aspectmanager are not deployed until the BeanMetaDataDeployer picks them up in the REAL stage. Are you suggesting that as part of my POST_CLASSLOADER deployer rip out the aop beanmetadatafactories from the deployment, and deploy them myself there? That could work, they are easily identifiable, but I didn't want to mess around with the deployment too much. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154404#4154404 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154404

15 years, 11 months

1
0
0 / 0

[Design of POJO Server] - Re: Integrating aop-mc-int bean metadata with AS5

by scott.stark＠jboss.org

So why can't the aop class weaving/proxy creation be done during a POST_CLASSLOADER stage? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154401#4154401 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154401

15 years, 11 months

1
0
0 / 0

[Design of Management Features on JBoss] - Re: Common context root for management web apps, web invoker

by dimitris＠jboss.org

I'm not sure if those paths have changed, ever. Adding a jboss/ prefix in the context could make sense for newly added applications, but changing it for the legacy ones is probably a bad idea. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154399#4154399 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154399

15 years, 11 months

1
0
0 / 0

[Design of Management Features on JBoss] - Common context root for management web apps, web invokers et

by csaldanh

This post is with regard to http://jira.jboss.com/jira/browse/JBAS-4388. Here is the Description: "In any enterprise environment, administrative interfaces are blocked from the public even if they require a password; administrative interfaces can only be accessed through the internal network or a SSL-secured VPN. This means the load balancer (or whatever) must block out all the possible management/invocation web apps: /jmx-console /web-console /invoker /jbossmq-httpil These paths sometimes change between JBoss versions without any significant announcement, plus services are occasionally added. This could easily result in unsecured or poorly secured (basic auth) services exposed to the public. Please put all JBoss-provided webapps under a base context that can easily be blocked to the public: /jboss/jmx-console /jboss/web-console /jboss/invoker /jboss/jbossmq-httpil" I just wanted to know the other developers views on this request. Thanks Clive View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154398#4154398 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154398

15 years, 11 months

1
0
0 / 0

[Design of Messaging on JBoss (Messaging/JBoss)] - Re: AIO error

by clebert.suconic＠jboss.com

anonymous wrote : What do you mean "the client is starting the journal"? NM.. ignore me... i could replicate the error. I thought the error was happening on the client side. My bad interpretation. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4154396#4154396 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4154396

15 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums May 2008