[Design of Messaging on JBoss (Messaging/JBoss)] - Re: Security Configuration --- getting confused
by gaohoward
my jbm-queues.xml
| <settings xmlns="urn:jboss:messaging"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="urn:jboss:messaging ../schemas/jbm-queues.xsd ">
|
| <!-- any user can have full control of generic topics -->
| <security match="jms.topic.#">
| <permission type="createDurableQueue" roles="user"/>
| <permission type="deleteDurableQueue" roles="user"/>
| <permission type="createTempQueue" roles="user"/>
| <permission type="deleteTempQueue" roles="user"/>
| <permission type="send" roles="user"/>
| <permission type="consume" roles="user"/>
| </security>
|
| <!-- only europe-user can create/delete any news.europe topics and pulish news to it. -->
| <security match="jms.topic.news.europe.#">
| <permission type="createDurableQueue" roles="user"/>
| <permission type="deleteDurableQueue" roles="user"/>
| <permission type="createTempQueue" roles="user"/>
| <permission type="deleteTempQueue" roles="user"/>
| <permission type="send" roles="europe-user"/>
| <permission type="consume" roles="news-user"/>
| </security>
|
| <!-- only us-user can create/delete any news.europe topics and pulish news to it. -->
| <security match="jms.topic.news.us.#">
| <permission type="createDurableQueue" roles="user"/>
| <permission type="deleteDurableQueue" roles="user"/>
| <permission type="createTempQueue" roles="user"/>
| <permission type="deleteTempQueue" roles="user"/>
| <permission type="send" roles="us-user"/>
| <permission type="consume" roles="news-user"/>
| </security>
|
| </settings>
|
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227230#4227230
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227230
16 years, 8 months
[Design of Messaging on JBoss (Messaging/JBoss)] - Security Configuration --- getting confused
by gaohoward
Hi, when working on the security example, I improved the configuration a little, adding some more stuff here. But I'm confused that the configuration seems not consistent with my result.
In the configuration I have 4 users bill, andrew, frank and sam, each has different roles
And I also configured 3 topics: genericTopic, news.europe.europeTopic and news.us.usTopic.
The security settings can be simply described in the following chart:
| Users | user | news-user | europe-user | us-user
| --------------------------------------------------------------------
| bill | X | | |
| andrew | X | | X |
| frank | X | X | | X
| sam | X | X | |
| --------------------------------------------------------------------
| Topics | | | |
| --------------------------------------------------------------------
| genericTopic | rw | rw | rw | rw
| europeTopic | | r | w |
| usTopic | | r | | w
| --------------------------------------------------------------------
|
| Note:
|
| r --- means the corresponding role can receive messages from the topic
| w --- means the corresponding role can send messages to the topic
|
|
But when I run the example to show the result, I got several 'Security Broken' cases, The output is:
|
| [java] User bill can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
| [java] User bill can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
| [java] User andrew can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
| [java] User andrew can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
| [java] User frank can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
| [java] User frank can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
| [java] User sam can send message: [hello-world-4] to topic: JBossTopic[genericTopic]
| [java] User sam can receive message: [hello-world-4] from topic: JBossTopic[genericTopic]
| [java] User bill cannot create consumer on topic JBossTopic[news.europe.europeTopic]
| [java] User bill cannot send message [hello-world-3] to topic: JBossTopic[news.europe.europeTopic]
| [java] User andrew can send message [hello-world-2] to topic JBossTopic[news.europe.europeTopic]
| [java] Security setting is broken! User andrew can receive message [hello-world-2] from topic JBossTopic[news.europe.europeTopic]
| [java] Security setting is broken! User frank can send message [hello-world-1] to topic JBossTopic[news.europe.europeTopic]
| [java] User frank can receive message [hello-world-1] from topic JBossTopic[news.europe.europeTopic]
| [java] Security setting is broken! User sam can send message [hello-world-1] to topic JBossTopic[news.europe.europeTopic]
| [java] User sam can receive message [hello-world-1] from topic JBossTopic[news.europe.europeTopic]
| [java] User bill cannot create consumer on topic JBossTopic[news.us.usTopic]
| [java] User bill cannot send message [hello-world-3] to topic: JBossTopic[news.us.usTopic]
| [java] User andrew cannot send message [hello-world-3] to topic: JBossTopic[news.us.usTopic]
| [java] Security setting is broken! User andrew can receive message [hello-world-3] from topic JBossTopic[news.us.usTopic]
| [java] User frank can send message: [hello-world-4] to topic: JBossTopic[news.us.usTopic]
| [java] User frank can receive message: [hello-world-4] from topic: JBossTopic[news.us.usTopic]
| [java] Security setting is broken! User sam can send message [hello-world-1] to topic JBossTopic[news.us.usTopic]
| [java] User sam can receive message [hello-world-1] from topic JBossTopic[news.us.usTopic]
| [java] Java Result: 1
|
|
If you take one error from the above, for example:
| Security setting is broken! User andrew can receive message [hello-world-2] from topic J
| BossTopic[news.europe.europeTopic]
|
You can see user andrew can receive message from news.europe.europeTopic, which should not according to the chart.
What's wrong? Can anybody help? I really have no idea.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227228#4227228
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227228
16 years, 8 months
[Design of Messaging on JBoss (Messaging/JBoss)] - Re: AS 5 profiles must have empty configuration, Java EE exa
by jmesnil
i've updated the Java EE examples so they have their own resources files (jbm-queues.xml, jbm-jms.xml + other specific to the example).
I've only one warning in the mdb-remote when I undeploy the resources:
| 5:42:04,022 INFO [JBMResourceAdapter] JBoss Messaging resource adapter stopped
| 15:42:04,050 INFO [ConnectionFactoryBindingService] Unbound ConnectionManager 'jboss.jca:service=ConnectionFactoryBinding,name=RemoteJmsXA' from JNDI name 'java:RemoteJmsXA'
| 15:42:04,074 INFO [SessionSpecContainer] Stopping jboss.j2ee:ear=mdb-example.ear,jar=mdb-example.jar,name=StatelessSender,service=EJB3
| 15:42:04,086 INFO [EJBContainer] STOPPED EJB: org.jboss.javaee.example.server.StatelessSender ejbName: StatelessSender
| 15:42:04,162 WARN [JBossMessageEndpointFactory] Endpoint activation failed ra=jboss.jca:service=RARDeployment,name='example-jbm-ra.rar' activationSpec=org.jboss.messaging.ra.inflow.JBMActivationSpec(ra=org.jboss.messaging.ra.JBMResourceAdapter@262428b4 destination=queue/B destinationType=javax.jms.Queue tx=true durable=false user=null maxMessages=1 minSession=1 maxSession=15 keepAlive=60000)
| javax.management.InstanceNotFoundException: jboss.jca:service=RARDeployment,name='example-jbm-ra.rar' is not registered.
| at org.jboss.mx.server.registry.BasicMBeanRegistry.get(BasicMBeanRegistry.java:526)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:662)
| at org.jboss.ejb3.JmxClientKernelAbstraction.invoke(JmxClientKernelAbstraction.java:58)
| at org.jboss.ejb3.mdb.inflow.JBossMessageEndpointFactory.deactivate(JBossMessageEndpointFactory.java:363)
| at org.jboss.ejb3.mdb.inflow.JBossMessageEndpointFactory.stop(JBossMessageEndpointFactory.java:221)
| at org.jboss.ejb3.mdb.MessagingContainer.stopProxies(MessagingContainer.java:338)
| at org.jboss.ejb3.mdb.MessagingContainer.lockedStop(MessagingContainer.java:326)
| at org.jboss.ejb3.EJBContainer.stop(EJBContainer.java:923)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.reflect.plugins.introspection.ReflectionUtils.invoke(ReflectionUtils.java:59)
| at org.jboss.reflect.plugins.introspection.ReflectMethodInfoImpl.invoke(ReflectMethodInfoImpl.java:150)
| at org.jboss.joinpoint.plugins.BasicMethodJoinPoint.dispatch(BasicMethodJoinPoint.java:66)
| at org.jboss.kernel.plugins.dependency.KernelControllerContextAction$JoinpointDispatchWrapper.execute(KernelControllerContextAction.java:241)
| at org.jboss.kernel.plugins.dependency.ExecutionWrapper.execute(ExecutionWrapper.java:47)
| at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchExecutionWrapper(KernelControllerContextAction.java:109)
| at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchJoinPoint(KernelControllerContextAction.java:70)
| at org.jboss.kernel.plugins.dependency.LifecycleAction.uninstallActionInternal(LifecycleAction.java:249)
| at org.jboss.kernel.plugins.dependency.InstallsAwareAction.uninstallAction(InstallsAwareAction.java:157)
| at org.jboss.kernel.plugins.dependency.InstallsAwareAction.uninstallAction(InstallsAwareAction.java:42)
| at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleUninstallAction(SimpleControllerContextAction.java:79)
| at org.jboss.dependency.plugins.action.AccessControllerContextAction.uninstall(AccessControllerContextAction.java:131)
| at org.jboss.dependency.plugins.AbstractControllerContextActions.uninstall(AbstractControllerContextActions.java:58)
| at org.jboss.dependency.plugins.AbstractControllerContext.uninstall(AbstractControllerContext.java:354)
| at org.jboss.dependency.plugins.AbstractController.uninstall(AbstractController.java:1664)
| at org.jboss.dependency.plugins.AbstractController.uninstallContext(AbstractController.java:1275)
| at org.jboss.dependency.plugins.AbstractController.uninstallContext(AbstractController.java:1179)
| at org.jboss.dependency.plugins.AbstractController.uninstall(AbstractController.java:655)
| at org.jboss.dependency.plugins.AbstractController.uninstall(AbstractController.java:568)
| at org.jboss.deployers.vfs.deployer.kernel.BeanMetaDataDeployer.undeploy(BeanMetaDataDeployer.java:153)
| at org.jboss.deployers.vfs.deployer.kernel.BeanMetaDataDeployer.undeploy(BeanMetaDataDeployer.java:51)
| at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalUndeploy(AbstractSimpleRealDeployer.java:69)
| at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.undeploy(AbstractRealDeployer.java:112)
| at org.jboss.deployers.plugins.deployers.DeployerWrapper.undeploy(DeployerWrapper.java:196)
| at org.jboss.deployers.plugins.deployers.DeployersImpl.doUndeploy(DeployersImpl.java:1469)
| at org.jboss.deployers.plugins.deployers.DeployersImpl.doUninstallParentLast(DeployersImpl.java:1376)
| at org.jboss.deployers.plugins.deployers.DeployersImpl.doUninstallParentLast(DeployersImpl.java:1369)
| at org.jboss.deployers.plugins.deployers.DeployersImpl.doUninstallParentLast(DeployersImpl.java:1356)
| at org.jboss.deployers.plugins.deployers.DeployersImpl.uninstall(DeployersImpl.java:1331)
| at org.jboss.dependency.plugins.AbstractControllerContext.uninstall(AbstractControllerContext.java:354)
| at org.jboss.dependency.plugins.AbstractController.uninstall(AbstractController.java:1664)
| at org.jboss.dependency.plugins.AbstractController.uninstallContext(AbstractController.java:1275)
| at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:827)
| at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
| at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:694)
| at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:679)
| at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
| at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:338)
| at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:231)
| at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)
| at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:280)
| at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:135)
| at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:65)
| at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:142)
| at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:166)
| at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
| at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
| at java.lang.Thread.run(Thread.java:613)
| 15:42:04,165 INFO [EJBContainer] STOPPED EJB: org.jboss.javaee.example.server.MDBQueueB ejbName: MDB_QueueB
| 15:42:04,268 INFO [EJBContainer] STOPPED EJB: org.jboss.javaee.example.server.MDBQueueA ejbName: MDB_QueueA
|
I guess I undeploy resources in an incorrect order but I don't know what is wrong.
Clebert, if you have some time, could you check the "undeploy" target in mdb-remote/build.xml to see if I've missed something?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227221#4227221
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227221
16 years, 8 months
[Design of JBoss jBPM] - mail examples
by alex.guizar@jboss.com
I've committed the first mail example to the jBPM 4 codebase. The example shows usage of an inline template in a mail activity. While simple, the example is fully functional and having it working is a milestone. I used the Wiser mock server to verify emails are actually sent.
Other examples will be an external template and task notifications. Here is what I like and don't like about the current implementation. Input appreciated
Like:
A) Model and distribution of responsibilites between MailTemplate, MailProducer and MailSession
B) Template and activity syntax
Dislike:
Z) The way dynamic content is produced is not really amenable to templating engines. In the case of freemarker, the whole template content should be available to the engine, and a mechanism should exist to retrieve "compiled" templates by name. Templates take context variables as input and produce a character stream. Only the resulting output should be bound to a MailTemplate object, which would require no further evaluation.
Y) Related to the above point, the output produced by the template should be in a well defined format. Right now there is the "native" format shown in the example and in MailTemplateWireBinding. Rather than brewing our own mail template format, however, we might as well use an existing one, say XMTP.
X) Templates cannot be placed in a separate document yet (Tom, would the import feature help there?)
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227198#4227198
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227198
16 years, 8 months