April 2010 - jboss-dev-forums - Jboss List Archives

Re: [jboss-dev-forums] [JBoss Web Services Development] - JBWS-2210 : CXF Username Token JAAS integration

by Alessio Soldano

Alessio Soldano [http://community.jboss.org/people/alessio.soldano%40jboss.com] replied to the discussion "JBWS-2210 : CXF Username Token JAAS integration" To view the discussion, visit: http://community.jboss.org/message/536504#536504 -------------------------------------------------------------- Thanks Darran and Anil for the involvement in this thread. > The approach of having two interceptors (one for authentication and one for authorization) is probably the biggest part of this problem already solved. +1 > Where this becomes really apparent is where endpoints are deployed as EJB3 session beans, in this case the container can already be configured to perform authentication and authorization - as a deployed session bean can potentially be called from multiple different clients it makes sense for the authorization checks to remain with the bean. > A second requirement would be related to endpoints deployed as POJOs - although these do not have any container security before the invocation there is still the potential that the implementations will call other secured resources so any identity would need to be propagated for these calls. I think I've mentioned this to Sergey offline before, but the comments above better clarify the concept, thanks Darran. > A final feature related to this that I know there is user demand for would be the ability to annotate the POJO endpoints with the same role annotations as used on EJB3 sesstion beans - we were unable to do this for our Native implementation of this as we had to support JAX-RPC as well as JAX-WS but as this would be JAX-WS only this could be an option and may help simplify the role configuration. Definitely a good idea, that could also simplify the user experience. JAX-RPC endpoints are not going to be deployed using the CXF impl, so it's actually JAX-WS only. We might want to think about a proper roles' configuration with a xml descriptor too later, but the annotation solution is probably the idea one for the first implementation. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536504#536504] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

Re: [jboss-dev-forums] [Management Development] - To scope or not to scope (domain.xml)

by Emanuel Muckenhuber

Emanuel Muckenhuber [http://community.jboss.org/people/emuckenhuber] replied to the discussion "To scope or not to scope (domain.xml)" To view the discussion, visit: http://community.jboss.org/message/536496#536496 -------------------------------------------------------------- > Brian Stansberry wrote: > > The part of our existing profile discussion I was thinking of was what's shown here: http://community.jboss.org/docs/DOC-14742 http://community.jboss.org/docs/DOC-14742. Basically a fairly compact listing of required capabilities, an indication of where a deploy directory is (which could perhaps be defaulted). Then add stuff like jdbc-resources, jms-resources, threads, etc. That's pretty end-user-oriented; the heavy implementation detail stuff is in http://community.jboss.org/docs/DOC-14743 http://community.jboss.org/docs/DOC-14743. > If we didn't need the required capabilities bit (e.g. could infer them from the rest of domain.xml content), that's nice. But I don't know if we can do that, not if we allow a deploy dir with contents not fully specified in domain.xml. Having this part of the domain model was basically the reason why i tried to separate "user configuration" from the server side module configuration. We can obviously also change the names in the configuration files, to make things a more obvious. In the end - I think if you configure clustering it would make sense to also deploy the needed service. Where you definitely should not care about which deployments are needed for this. Since we are going to have a domain specific model - each fragment could export a requirement on a module. But, yes - in case we have don't have this part of a separate "module" and deployments are still in deploy dirs, then this would not make much sense. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536496#536496] Start a new discussion in Management Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Web Services Development] - JBWS-2210 : CXF Username Token JAAS integration

by Darran Lofthouse

Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] replied to the discussion "JBWS-2210 : CXF Username Token JAAS integration" To view the discussion, visit: http://community.jboss.org/message/536495#536495 -------------------------------------------------------------- Hi Sergey - I have worked on some of the similar areas you are looking at here in our Native stack so have been interested to see your comments here. Looking at your comments regarding the changes needed in CXF it looks like you are along the same lines I would consider, essentially I came to the same conclusion that the UsernameTokenProcessor within WSS4J is making an unsuitable assumption that you can obtain a users password. Regarding how all of this would fit with the application server there are a couple of other things to consider, when integrating with the application server we are really looking to pass as much back to the application server provided containers as possible and not just have an independent authentication / authorization process within the web services stack. The approach of having two interceptors (one for authentication and one for authorization) is probably the biggest part of this problem already solved. Where this becomes really apparent is where endpoints are deployed as EJB3 session beans, in this case the container can already be configured to perform authentication and authorization - as a deployed session bean can potentially be called from multiple different clients it makes sense for the authorization checks to remain with the bean. A second requirement would be related to endpoints deployed as POJOs - although these do not have any container security before the invocation there is still the potential that the implementations will call other secured resources so any identity would need to be propagated for these calls. The point of these two comments really is to highlight that this is not just a case of obtaining a Subject from whatever app server you are running in but actually associating the users identity with the request so that is propagates for further calls within the application server. Using the APIs suggested from Anil should help with this so this is just something to keep in mind. A final feature related to this that I know there is user demand for would be the ability to annotate the POJO endpoints with the same role annotations as used on EJB3 sesstion beans - we were unable to do this for our Native implementation of this as we had to support JAX-RPC as well as JAX-WS but as this would be JAX-WS only this could be an option and may help simplify the role configuration. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536495#536495] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

Re: [jboss-dev-forums] [EJB Development] - Allow for configuring default resource adaptor name for the EJB2 MDBs

by Alexey Loubyansky

Alexey Loubyansky [http://community.jboss.org/people/alex.loubyansky%40jboss.com] replied to the discussion "Allow for configuring default resource adaptor name for the EJB2 MDBs" To view the discussion, visit: http://community.jboss.org/message/536472#536472 -------------------------------------------------------------- IMO, a separate DTD for EAP is even uglier. DTDs to be created are jboss_6_0.dtd, jboss_5_x_eap.dtd. And in case we want to support this in 5.x non-EAP versions then also jboss_5_x.dtd. And after that, if we want to have a common setting for both EJB2 and EJB3 we may end-up with a system property anyway. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536472#536472] Start a new discussion in EJB Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Web Services Development] - CXF jms integration

by Richard Opalka

Richard Opalka [http://community.jboss.org/people/richard.opalka%40jboss.com] replied to the discussion "CXF jms integration" To view the discussion, visit: http://community.jboss.org/message/536448#536448 -------------------------------------------------------------- Abbreviations: * CXF - CXF integration layer * ASIL - JBossWS Application Server Integration Layer * SPI - JBossWS SPI - the only dependency reused cross different JBossWS abstractions * DA - JBossWS Deployment Aspect * UMDM - JBossWS Universal Meta Data Model * JMS MD - AS JMS Meta Data * AS API - compilation dependency on AS API classes * IAC - in any case Hi Jim, first approach is fundamentally wrong because: * it would violate our abstractions * it wouldn't reuse existing code/architecture We cannot introduce *JBossWSCXF*Deployers* because we would introduce *CXF -> AS API* dependency. Only allowed dependency is http://www.jboss.org/file-access/default/members/jbossws/images/wsf.png CXF -> SPI. This is because AS architecture can/will change over time and we want to be AS agnostic IAC. Yes, the solution 2 is little bit more complex one but we should always follow the golden programmers rule: *Either do it properly or don't do it at all (*otherwise our code would become unmaintanable in the future*).* * * Here are my suggestions how we should proceed with *approach 2* (*ensures proper abstractions, dependencies and code/architecture reuse*): * extend our UMDM (located in SPI) to provide JMS endpoint abstractions * extend our DA framework to distinguish DA aspects intended to create web based endpoints and jms based endpoints * update our ASIL (concretely WSDeploymentAspectDeployer) to distinguish between Web DAs and JMS DAs * implement CXF DA that will map jboss-cxf.xml MD to our UMDM (ensures http://www.jboss.org/file-access/default/members/jbossws/images/wsf.png CXF -> SPI dependency) * implement ASIL DA that will create JMS MD from our UMDM (ensures http://www.jboss.org/file-access/default/members/jbossws/images/wsf.png ASIL -> SPI dependency) * implement CXF DA that will register plain JMS endpoints with CXF (ensures http://www.jboss.org/file-access/default/members/jbossws/images/wsf.png CXF -> SPI dependency) -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536448#536448] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

Re: [jboss-dev-forums] [EJB Development] - Allow for configuring default resource adaptor name for the EJB2 MDBs

by Jason Greene

Jason Greene [http://community.jboss.org/people/jason.greene%40jboss.com] replied to the discussion "Allow for configuring default resource adaptor name for the EJB2 MDBs" To view the discussion, visit: http://community.jboss.org/message/536444#536444 -------------------------------------------------------------- Agreed. I don't see why we cant create an update dtd for EAP releases. The system property is a pretty ugly solution for this. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536444#536444] Start a new discussion in EJB Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

Re: [jboss-dev-forums] [EJB Development] - Allow for configuring default resource adaptor name for the EJB2 MDBs

by jaikiran pai

jaikiran pai [http://community.jboss.org/people/jaikiran] replied to the discussion "Allow for configuring default resource adaptor name for the EJB2 MDBs" To view the discussion, visit: http://community.jboss.org/message/536443#536443 -------------------------------------------------------------- > Clebert Suconic wrote: > > As I said we will probably need some MBean that will define the system property? > > MBean won't be required. We can follow this syntax in the xmls: ${some.system.property.name:defaultvalue} The xml parsing will look for a system property named "some.system.property.name" and if not already set, then will set the value to "defaultvalue" -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536443#536443] Start a new discussion in EJB Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

[JBoss Web Services Development] - CXF jms integration

by Jim Ma

Jim Ma [http://community.jboss.org/people/jim.ma] created the discussion "CXF jms integration" To view the discussion, visit: http://community.jboss.org/message/536441#536441 -------------------------------------------------------------- After looked at Alessio's work about cxf descriptor deployment and lazy bus load removal , I'd like to discuss with you about my thoughts about jms integration. Here is what in my mind so far .As we talked before , we need to introduce other deployer or deployerAspect to make cxf stack directly deploy/load jbossws-cxf.xml. IMO, the easy approach to implement this is adding several real stage deployers to the current deployer chain to take care of the jms deployment without web.xml: `--org.jboss.webservices.integration.deployers.WSEJBAdapterDeployer@4007f4 `--org.jboss.webservices.integration.deployers.WSTypeDeployer@d6f833 `--org.jboss.webservices.integration.deployers.WSDeploymentDeployer@103ddfd `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1279d82(org.jboss.wsf.framework.deployment.EndpointMetricsDeploymentAspect(a)b77801) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1fa6e43(org.jboss.webservices.integration.metadata.ContainerMetaDataDeploymentAspect(a)1e7c7fb) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@fcc66a(org.jboss.wsf.framework.deployment.EndpointHandlerDeploymentAspect(a)18b3f9a) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@124a94(org.jboss.wsf.framework.deployment.BackwardCompatibleContextRootDeploymentAspect(a)6fcd57) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@4aba6a(org.jboss.wsf.framework.deployment.URLPatternDeploymentAspect(a)fb39f6) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@8d69f8(org.jboss.wsf.framework.deployment.EndpointAddressDeploymentAspect(a)13bf9ce) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1f99aa6(org.jboss.wsf.framework.deployment.EndpointNameDeploymentAspect(a)929ed4) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1f8a03f(org.jboss.wsf.framework.deployment.VirtualHostDeploymentAspect(a)4a9acb) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@e9635a(org.jboss.wsf.framework.deployment.JAXBIntroDeploymentAspect(a)12cebd2) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1744996(org.jboss.wsf.stack.cxf.deployment.aspect.DescriptorDeploymentAspect(a)1e890b4) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@864ae7(org.jboss.wsf.stack.cxf.deployment.aspect.ResourceResolverDeploymentAspect(a)1214a13) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@4fdf56(org.jboss.wsf.stack.cxf.deployment.aspect.BusDeploymentAspect(a)79bca4) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@6e1cbf(org.jboss.wsf.framework.deployment.ContextPropertiesDeploymentAspect(a)827b51) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@786a44(org.jboss.webservices.integration.tomcat.WebMetaDataCreatingDeploymentAspect(a)c9f31e) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1850507(org.jboss.webservices.integration.tomcat.WebMetaDataModifyingDeploymentAspect(a)b6cddb) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1ee86f2(org.jboss.webservices.integration.security.JACCPermissionsDeploymentAspect(a)1ec0b9d) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@31613(org.jboss.webservices.integration.injection.InjectionMetaDataDeploymentAspect(a)182ac61) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1d61032(org.jboss.wsf.framework.deployment.EndpointRegistryDeploymentAspect(a)d91c60) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1d37602(org.jboss.wsf.framework.deployment.EndpointRecordProcessorDeploymentAspect(a)9f987a) `--org.jboss.webservices.integration.deployers.WSDeploymentAspectDeployer@1a30367(org.jboss.wsf.framework.deployment.EndpointLifecycleDeploymentAspect(a)1bb1dd2) + org.jboss.wsf.stack.cxf.deployment.JBossWSCXFMetaDataDeployer(to parse the jbossws-cxf.xml and create JBossWSCXFMetaData) + org.jboss.wsf.stack.cxf.deployment.JBossWSCXFJAXBIntroDeploymentDeployer(to do the jaxb databinding customization) + org.jboss.wsf.stack.cxf.deployment.JBossWSCXFDeploymentBuilderDeployer(to create deployment, service and endpoint etc) + org.jboss.wsf.stack.cxf.deployment.JBossWSCXFDeploymentDeployer(to let the cxf bus load the jbossws-cxf.xml) + org.jboss.wsf.stack.cxf.deployment.JBossWSCXFEndpointRegistryDeployer(to register the endpoint) I marked the new add deployer with "+" prefix and these new add deployers will be put the end of the DeploymentAspect deplyers. As you can see ,there will be some duplicate work/code in the these deployers with above DeploymentAspects. But it makes the deployer structure more clear and these new added deployers are dedicated to handle the jms deployment and other stack specific deployment without web.xml. The another option is we handle it both in integration layer and cxf stack : 1. Create a unified MetaData/holder to reprsent or place the stack specific deployment :jbossws-cxf.xml. 2. Modify the WSDeploymentDeployer to handle the deployment without JBossWebMetaData 3. Add the code in the current DepoymentAspects ,for example EndpointHandlerDeploymentAspect, DescriptorDeploymentAspect and BusDeploymentAspectin to process the stack specific deployment (without web.xml). We can put the code to process the cxf jms deployment in each DeploymentAspect, so this approach will reuse the function in each deployment aspect.This will change a lot in current integration layer and deployers framework and it's a little bit complex. After the comparison, I prefer to the first approach. Because at the moment, only cxf has this requirement to deploy stack specific deployment. And it is also simple :only adding some new additional deployers for cxf stack can make it work . It will not impact the other components : integration layer , spi and framework codebase. You thoughts ? -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536441#536441] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

Re: [jboss-dev-forums] [EJB Development] - Allow for configuring default resource adaptor name for the EJB2 MDBs

by Clebert Suconic

Clebert Suconic [http://community.jboss.org/people/clebert.suconic%40jboss.com] replied to the discussion "Allow for configuring default resource adaptor name for the EJB2 MDBs" To view the discussion, visit: http://community.jboss.org/message/536440#536440 -------------------------------------------------------------- I was actually thinking.. .a System property would be good.. as long as it could be defined somewhere on the configs through some XML. As I said we will probably need some MBean that will define the system property? If we had such property, we could have both EJB3 and EJB2 reading the same property. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536440#536440] Start a new discussion in EJB Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

[jBPM Development] - oracle donot allow insert blob in batching

by Huisheng Xu

Huisheng Xu [http://community.jboss.org/people/rebody] created the discussion "oracle donot allow insert blob in batching" To view the discussion, visit: http://community.jboss.org/message/536439#536439 -------------------------------------------------------------- Hi all, Oracle do not allow insert blog in batching, So if we want to deploy a process definition into oracle, we have to set <prop key="hibernate.jdbc.batch_size">0</prop>, this setting will affect other operation in hibernate. I think we should have a special treatment for deployment in oracle. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536439#536439] Start a new discussion in jBPM Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

15 years, 12 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums April 2010