March 2010 - jboss-dev-forums - Jboss List Archives

[JBoss Microcontainer Development] New message: "Security problems with org.jboss.test:jboss-test 1.1.5.GA"

by Flavia Rainone

JBoss development, A new message was posted in the thread "Security problems with org.jboss.test:jboss-test 1.1.5.GA": http://community.jboss.org/message/530163#530163 Author : Flavia Rainone Profile : http://community.jboss.org/people/flavia.rainone@jboss.com Message: -------------------------------------------------------------- I'm not sure if this belongs to this forum, but I couldn't find a more appropriate forum for this either. In JBoss AOP, we are currently using jboss:jboss-test: 1.0.3.GA. We can't upgrate because whenever we try to upgrade we start seeing several Security Errors at all points of our testsuite that try to access the System Properties. An example of this: java.lang.reflect.InvocationTargetException at org.jboss.test.AbstractTestDelegate.getDelegate(AbstractTestDelegate.java:73) at org.jboss.test.AbstractTestSetup.setUp(AbstractTestSetup.java:62) at org.jboss.test.AbstractTestCaseWithSetup.setUp(AbstractTestCaseWithSetup.java:103) Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission * read,write) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252) at java.lang.System.getProperties(System.java:580) at org.jboss.test.aop.AOPTestDelegate$1.run(AOPTestDelegate.java:51) at org.jboss.test.aop.AOPTestDelegate$1.run(AOPTestDelegate.java:48) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.test.aop.AOPTestDelegate.<init>(AOPTestDelegate.java:47) at org.jboss.test.aop.AOPTestWithSetup.getDelegate(AOPTestWithSetup.java:53) This is AOPTestDelegate constructor implementation: public AOPTestDelegate(Class<?> clazz) { super(clazz); systemProps = AccessController.doPrivileged(new PrivilegedAction<Properties>() { public Properties run() { line 47>>> return (Properties)System.getProperties().clone(); } }); } Another example: access denied (java.util.PropertyPermission org.jboss.test.logging.LogginPlugin read) java.security.AccessControlException: access denied (java.util.PropertyPermission org.jboss.test.logging.LogginPlugin read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285) at java.lang.System.getProperty(System.java:686) at org.jboss.test.logging.LoggingPlugin.getInstance(LoggingPlugin.java:47) at org.jboss.test.AbstractTestDelegate.setUpLogging(AbstractTestDelegate.java:158) at org.jboss.test.AbstractTestDelegate.setUp(AbstractTestDelegate.java:125) at org.jboss.test.AbstractTestSetup.setUp(AbstractTestSetup.java:63) at org.jboss.test.AbstractTestCaseWithSetup.setUp(AbstractTestCaseWithSetup.java:103) at org.jboss.test.aop.annotatedAdviceParams.Arg2TestCase.setUp(Arg2TestCase.java:62) This last example is even more serious, because it happens on AbstractTestCaseWithSetup.setUp execution. I couldn't find any refrences for how to solve this apart from a hack Adrian mentioned in another http://community.jboss.org/thread/88629?tstart=-2. Does anybody know why these tests have no permission to access the System Properties? How do we work around this issue? -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530163#530163

16 years, 1 month

1
0
0 / 0

[JBoss ESB Development] New message: "Re: Camel integration input requested"

by Hans Wolffenbuttel

JBoss development, A new message was posted in the thread "Camel integration input requested": http://community.jboss.org/message/530162#530162 Author : Hans Wolffenbuttel Profile : http://community.jboss.org/people/h.wolffenbuttel Message: -------------------------------------------------------------- Hi Edgar, The gateway/listener is placed inside a service right? Why not use the internal parameters for the destination instead of configured parameters? so instead of: <listener name="ApacheCamel" busidref="ApacheCamel" is-gateway="true"> <property name="gatewayClass" value="org.jboss.soa.esb.listeners.gateway.camel.ApacheCamelListener"></property> <property name="protocol-uri" value="irc:breakingwoods@irc.freenode.net/#esbtest"></property> <property name="destination-category" value="sample-apachecamelESBService"></property> <property name="destination-name" value="sample-apachecamelESBServiceListener"></property> </listener> this would be: <listener name="ApacheCamel" busidref="ApacheCamel" is-gateway="true"> <property name="gatewayClass" value="org.jboss.soa.esb.listeners.gateway.camel.ApacheCamelListener"></property> <property name="protocol-uri" value="irc:breakingwoods@irc.freenode.net/#esbtest"></property> </listener> where as the retrieval of the parameters would be changed from: String serviceCategory = listenerConfig.getRequiredAttribute(DESTINATION_CATEGORYNAME_TAG); String serviceName = listenerConfig.getRequiredAttribute(DESTINATION_SERVICENAME_TAG); to: String serviceCategory = ListenerUtil.getValue(config, ListenerTagNames.SERVICE_CATEGORY_NAME_TAG) ;if (Util.isNullString(serviceCategory)){ throw new ConfigurationException("No service category defined!") ;}String serviceName = ListenerUtil.getValue(config, ListenerTagNames.SERVICE_NAME_TAG) ; if (Util.isNullString(serviceName)){ throw new ConfigurationException("No service name defined!") ;} Or am I missing something here? Regards, Hans -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530162#530162

16 years, 1 month

1
0
0 / 0

[JBoss AOP Development] New message: "Re: ClassPool Refactoring"

by Flavia Rainone

JBoss development, A new message was posted in the thread "ClassPool Refactoring": http://community.jboss.org/message/530158#530158 Author : Flavia Rainone Profile : http://community.jboss.org/people/flavia.rainone@jboss.com Message: -------------------------------------------------------------- I created a Jira for integrating all work that has been done as part of JBAOP-742 to JBoss AOP trunk: https://jira.jboss.org/jira/browse/JBAOP-772 Notice that the task also includes creating a new 2.2 Branch. Since trunk contains a few issues that have not been throughly tested yet, this branch will contain the same class pool refactoring work but will be based on Branch 2_1 instead of trunk. -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530158#530158

16 years, 1 month

1
0
0 / 0

[Security Development] New message: "Keeping the state of Caller principal in JBoss AppServer when authenticating from standalone WebServer"

by Eric Loh

JBoss development, A new message was posted in the thread "Keeping the state of Caller principal in JBoss AppServer when authenticating from standalone WebServer": http://community.jboss.org/message/530097#530097 Author : Eric Loh Profile : http://community.jboss.org/people/eric1lyk Message: -------------------------------------------------------------- Dear experts, I have problems understanding how i can maintain the Authentication Principal in the JBoss Appserver for subsequent invokations of an EJB3 Stateless session bean from a standalone client. I have EJB3 Stateless session beans deployed on JBoss 5.1.0 AS My Client is deployed on a Apache Tomcat Webserver (version 6.0.20) My Client (deployed on Tomcat Webserver) uses the following Login Config to do authentication. *myapp-login {* * com.myapp.services.authentication.client.jaas.OasisLoginModule requisite debug="true"* * facadeJndiName="myApp/authentication"* * java.naming.factory.initial="org.jnp.interfaces.NamingContextFactory"* * java.naming.factory.url.pkgs="org.jboss.naming:org.jnp.interfaces"* * java.naming.provider.url="jnp://localhost:1099";* * * * org.jboss.security.ClientLoginModule sufficient debug="true"* * multi-threaded="true";* *};* I realised that *org.jboss.security.ClientLoginModule is required so that the CallerPrincipal gets propagated from my Client to JBoss AppServer* *org.jboss.security.ClientLoginModule sufficient debug="true"* After I login, i created an InitialContext to lookup the EJB3 stateless session bean deployed in JBoss. I try to test if the Stateless session bean can obtain the principal that i propagated frmo the Tomcat Webserver to JBoss AS The first time i called, the context.getCallerPrincipal() was able to return the principal that i set inside the Callbackhandler. *@Stateless* *public class AuthenticationComponentFacadeBean extends AbstractComponentFacade<IAuthenticationComponentServiceLocator> implements IAuthenticationComponentFacade* *{ * * @Resource* * SessionContext context;* * * * @Override* * public char[] resetPassword(MyCredentials credential) throws AuthenticationException* * {* * if (context.getCallerPrincipal() != null)* * {* * System.out.println("principal: " + context.getCallerPrincipal());* * }* But, in subsequent invocations when i create the InitialContext again, I am getting NullPointerException *15:16:50,538 INFO [STDOUT] 2010-03-05 15:16:50,538 [ERROR] - [AuthenticationComponentFacadeBean] java.lang.NullPointerException* * at org.jboss.ejb3.security.helpers.EJBContextHelper.getCallerPrincipal(EJBContextHelper.java:99)* i.e. The CallerPrincipal gets lost in subsequent invocations. Can someone tell me how i can maintain the CallerPrincipal inside JBoss AppServer until i perform a logout operation to invalidate my session? *What is the correct way to do it?* * * *Should I invoke the ClientLoginModule at my Client on Tomcat Webserver everytime i lookup a stateless session bean so that it will keep the CallerPrincipal there?* *Is there a way to keep the CallerPrincipal without invoking the ClientLoginModule everytime i do a lookup?* -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530097#530097

16 years, 1 month

1
0
0 / 0

[JBoss Portal Development] New message: "Re: Problem with Eclipse IDE and Maven"

by Peter Johnson

JBoss development, A new message was posted in the thread "Problem with Eclipse IDE and Maven": http://community.jboss.org/message/530049#530049 Author : Peter Johnson Profile : http://community.jboss.org/people/peterj Message: -------------------------------------------------------------- Do what the warning message says - add a -vm entry to your eclipse.ini file. Mine looks like this: -startup plugins/org.eclipse.equinox.launcher_1.0.200.v20090520.jar --launcher.library plugins/org.eclipse.equinox.launcher.win32.win32.x86_1.0.200.v20090519 -product org.eclipse.epp.package.jee.product --launcher.XXMaxPermSize 256M -showsplash org.eclipse.platform --launcher.XXMaxPermSize 256m *-vm C:/apps/Java/jdk1.6.0_18/jre/bin/client/jvm.dll *-vmargs -Dosgi.requiredJavaVersion=1.5 -Xms40m -Xmx512m -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530049#530049

16 years, 1 month

1
0
0 / 0

[JBoss Portal Development] New message: "Problem with Eclipse IDE and Maven"

by Juan Carlos Hipolito CastaÃ±eda

JBoss development, A new message was posted in the thread "Problem with Eclipse IDE and Maven": http://community.jboss.org/message/530046#530046 Author : Juan Carlos Hipolito CastaÃ±eda Profile : http://community.jboss.org/people/juank Message: -------------------------------------------------------------- installed all .jar from plugin folder of Maven in plugin folder of Eclipse. But when i open Eclipse IDE show me a message alert *Maven Integration for Eclipse JDK Warning* Make sure the -vm option in eclipse.ini is pointing to a JDK and verify Installed JREs are also using JDK installs. Any one could help me please -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530046#530046

16 years, 1 month

1
0
0 / 0

[JBoss Portal Development] New message: "Re: How can i add JBoss tools in Eclipse IDE?"

by Peter Johnson

JBoss development, A new message was posted in the thread "How can i add JBoss tools in Eclipse IDE?": http://community.jboss.org/message/530037#530037 Author : Peter Johnson Profile : http://community.jboss.org/people/peterj Message: -------------------------------------------------------------- Which version of Eclipse. You should have Eclipse IDE for Java EE Developers. In Eclipse, go to Help | Install New Software. Then in the Available Software dialog box click Add. In the Add Site dialog box, add the link from http://www.jboss.org/tools/download.html (I recommend the http://download.jboss.org/jbosstools/updates/development/ under Development Updates) in the location text box (you can leave the Name box empty). Then click OK, and back on the Avaialable Software dialog box select the tools you want installed and click Next and follow the rest of the steps. -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530037#530037

16 years, 1 month

1
0
0 / 0

[JBoss Web Services Development] New message: "Weblogic equivalent library in JBOSS for generating wsdl2service and clientgen"

by Gurunath G

JBoss development, A new message was posted in the thread "Weblogic equivalent library in JBOSS for generating wsdl2service and clientgen": http://community.jboss.org/message/530027#530027 Author : Gurunath G Profile : http://community.jboss.org/people/gurunath_74 Message: -------------------------------------------------------------- Hello All, We are planning to migrate from Weblogic to JBOSS. in our build scripts we are refering weblogic library for generating *wsdl2service* and *clientgen* <taskdef name="wsdl2service" classname="weblogic.ant.taskdefs.webservices.wsdl2service.WSDL2Service" classpathref="site.classpath"> <classpath refid="weblogic.classpath" /> </taskdef> <taskdef name="clientgen" classname="weblogic.ant.taskdefs.webservices.clientgen.ClientGenTask" classpathref="site.classpath"> <classpath refid="weblogic.classpath" /> </taskdef> Please let me know equivalent library in JBOSS for WSDL2Service and ClientGenTask classess. Thanks, Gurunath -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530027#530027

16 years, 1 month

1
0
0 / 0

[JBoss Portal Development] New message: "How can i add JBoss tools in Eclipse IDE?"

by Juan Carlos Hipolito CastaÃ±eda

JBoss development, A new message was posted in the thread "How can i add JBoss tools in Eclipse IDE?": http://community.jboss.org/message/530000#530000 Author : Juan Carlos Hipolito CastaÃ±eda Profile : http://community.jboss.org/people/juank Message: -------------------------------------------------------------- I need to work in Eclipse IDE for making a portal, How can i add JBoss tools in Eclipse IDE? -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530000#530000

16 years, 1 month

1
0
0 / 0

[JBoss Microcontainer Development] New message: "Re: logging 2.2.0.CR1 and OnDemandDependencyUninstallTestCase"

by Kabir Khan

JBoss development, A new message was posted in the thread "logging 2.2.0.CR1 and OnDemandDependencyUninstallTestCase": http://community.jboss.org/message/529970#529970 Author : Kabir Khan Profile : http://community.jboss.org/people/kabir.khan@jboss.com Message: -------------------------------------------------------------- > alesj wrote: > > Kabir, can you please have a look at this? > > Done -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/529970#529970

16 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums March 2010