[PicketBox Development] - Re: Mapping Application Roles to Declarative Role
by Martin Borgman
Martin Borgman [http://community.jboss.org/people/MartinBorgman] created the discussion
"Re: Mapping Application Roles to Declarative Role"
To view the discussion, visit: http://community.jboss.org/message/571554#571554
--------------------------------------------------------------
> Sohil Shah wrote:
>
> Since it makes sense to associate this mapping at the security-domain level to be utilized at different layers of the app (not just ejb and web)(I am thinking Portal,SEAM, JBPM etc)
It makes absolutely no sense at all to do this at the security domain level.
Let me give you an example.
I have 2 applications running on a JBoss instance.
Both applications use basic authentication using a single company wide active directory configuration.
Both applications use a common user role called "user" and an application administrator called "admin"
The role names "admin" and "user" are defined in the standard deployment descriptors. This is as it should be right?
Now a user for application 1 may not have any rights to use application 2
Another user may have admin rights for application 1 and only user rights for application two.
Since both applications use the same company wide authentication / authorization it make sense to define a single security domain, but if I do that I cannot differentiate between the rights for the two applications by using a domain level role mapper.
> Sohil Shah wrote:
>
> wouldn't it make sense to extend the configuration options in the login-config.xml so that you can specify the role/identity mappings kind of like this:
>
> <application-policy name="security-domain-name">
>
> <login-module>blahblah</login-module>
>
> <role-mapping>
>
> <application-role>whatever role from login module</application-role>
> <deployment-role>whatever deployment role it should map to</deployment-role>
>
> </role-mapping>
> </application-policy>
>
> Ofcourse this is just an example, and definitely needs better element names
>
This is a stupid idea. Think about PaaS. Applications move from application server to application server. You don't want to change your login-config every time you move your application to a different application server. While it is possible to deploy a login config with the application or make it part of the deployment unit. This would still mean you create a new security domain for every application you deploy and that would certainly be a waste of resources and a security nightmare.
It would be much better to remap roles in the container specific deployment descriptors.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/571554#571554]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 5 months
[jBPM Development] - Reports in jBPM console doesn't work
by Ibrahim Abu Ghosh
Ibrahim Abu Ghosh [http://community.jboss.org/people/iabughosh] created the discussion
"Reports in jBPM console doesn't work"
To view the discussion, visit: http://community.jboss.org/message/571524#571524
--------------------------------------------------------------
Dears,
i have installed jBPM and everything is great until now, i've created a new process, deploy and tested successfully on the server,
my current enviroment is :
JDK : 1.6
AS : JBoss 5.1.0
jbpm : 4.4
DB : MySQL 5.0
IDE : Eclipse Helios
when i want to run a report from jbpm-console it throws an exception like this :
The following items have errors:
Error.ReportQueryLoadingError ( 1 time(s)
)
detail : org.eclipse.birt.report.engine.api.EngineException: Can't load the report query: 93.
at org.eclipse.birt.report.engine.data.dte.DataPresentationEngine.doExecuteQuery(DataPresentationEngine.java:140)
at org.eclipse.birt.report.engine.data.dte.AbstractDataEngine.execute(AbstractDataEngine.java:253)
at org.eclipse.birt.report.engine.executor.ExecutionContext.executeQuery(ExecutionContext.java:1755)
at org.eclipse.birt.report.engine.internal.document.v4.ReportItemExecutor.executeQuery(ReportItemExecutor.java:409)
at org.eclipse.birt.report.engine.internal.document.v4.DataItemExecutor.doExecute(DataItemExecutor.java:62)
at org.eclipse.birt.report.engine.internal.document.v4.ReportItemExecutor.execute(ReportItemExecutor.java:294)
at org.eclipse.birt.report.engine.internal.document.v4.ContainerExecutor.prepareChildExecutor(ContainerExecutor.java:222)
at org.eclipse.birt.report.engine.internal.document.v4.ContainerExecutor.hasNextChild(ContainerExecutor.java:110)
at org.eclipse.birt.report.engine.internal.executor.wrap.WrappedReportItemExecutor.hasNextChild(WrappedReportItemExecutor.java:85)
at org.eclipse.birt.report.engine.internal.executor.wrap.WrappedReportItemExecutor.hasNextChild(WrappedReportItemExecutor.java:85)
at org.eclipse.birt.report.engine.layout.html.HTMLBlockStackingLM.layoutNodes(HTMLBlockStackingLM.java:60)
at org.eclipse.birt.report.engine.layout.html.HTMLStackingLM.layoutChildren(HTMLStackingLM.java:27)
at org.eclipse.birt.report.engine.layout.html.HTMLAbstractLM.layout(HTMLAbstractLM.java:133)
at org.eclipse.birt.report.engine.layout.html.HTMLInlineStackingLM.resumeLayout(HTMLInlineStackingLM.java:104)
at org.eclipse.birt.report.engine.layout.html.HTMLInlineStackingLM.layoutNodes(HTMLInlineStackingLM.java:153)
at org.eclipse.birt.report.engine.layout.html.HTMLStackingLM.layoutChildren(HTMLStackingLM.java:27)
at org.eclipse.birt.report.engine.layout.html.HTMLAbstractLM.layout(HTMLAbstractLM.java:133)
at org.eclipse.birt.report.engine.layout.html.HTMLBlockStackingLM.layoutNodes(HTMLBlockStackingLM.java:68)
at org.eclipse.birt.report.engine.layout.html.HTMLStackingLM.layoutChildren(HTMLStackingLM.java:27)
at org.eclipse.birt.report.engine.layout.html.HTMLTableLM.layoutChildren(HTMLTableLM.java:76)
at org.eclipse.birt.report.engine.layout.html.HTMLAbstractLM.layout(HTMLAbstractLM.java:133)
at org.eclipse.birt.report.engine.layout.html.HTMLBlockStackingLM.layoutNodes(HTMLBlockStackingLM.java:68)
at org.eclipse.birt.report.engine.layout.html.HTMLPageLM.layout(HTMLPageLM.java:90)
at org.eclipse.birt.report.engine.layout.html.HTMLReportLayoutEngine.layout(HTMLReportLayoutEngine.java:101)
at org.eclipse.birt.report.engine.api.impl.RenderTask$PageRangeRender.render(RenderTask.java:534)
at org.eclipse.birt.report.engine.api.impl.RenderTask.render(RenderTask.java:209)
at org.jboss.bpm.report.BirtService.view(BirtService.java:411)
at org.jboss.bpm.report.ReportFacade.viewReportHtml(ReportFacade.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:117)
at org.jboss.resteasy.core.ResourceMethod.invokeOnTarget(ResourceMethod.java:260)
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:232)
at org.jboss.resteasy.core.ResourceMethod.invoke(ResourceMethod.java:166)
at org.jboss.resteasy.core.DispatcherUtilities.getJaxrsResponse(DispatcherUtilities.java:142)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:173)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:93)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.bpm.console.server.util.GWTJsonFilter.doFilter(GWTJsonFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
any help will be great,
thanks in advance.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/571524#571524]
Start a new discussion in jBPM Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 5 months