Re: [jboss-dev-forums] [PicketBox Development] - Make JBossPDP an interface to allow easier insertion of custom PDP.
by Brian Krisler
Brian Krisler [http://community.jboss.org/people/bkrisler] replied to the discussion
"Make JBossPDP an interface to allow easier insertion of custom PDP."
To view the discussion, visit: http://community.jboss.org/message/559902#559902
--------------------------------------------------------------
I too am against reinventing the wheel and that is one of the reasons we selected Picketbox/Picketlink as a
staring point for our research. When we started, we reviewed all of the existing SAML/XACML
solutions in the open source and found that Picketbox/Picketlink put us close to our goal with minimal modification.
As far as why I need to create a custom PDP, there are two reasons, (if I missed something
that would allow these features in the existing implementation, a pointer would be great!):
1) We need to support attribute-based authorization. The current implementation appears to be
role-based authorization.
2) We need to support remote Attribute Authorities. From what I can determine, this would require
modification of the PDP to allow for configuration of a known/trusted attribute authority that
is not self contained.
Another requirement I have not started to investigate, however I think should be supported in the existing
PDP is the intergration of a custom rule combining algorithm.
At the moment, the custom PolicyRegistration approach is the route I took. This has allowed my
to extend and modify the existing PDP to meet my requirements. It is possible that what I am doing
is very specific and not worth modification of the existing implementation.
Hope this helps some in clarifying my intent.
Brian
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/559902#559902]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
14 years, 3 months
Re: [jboss-dev-forums] [JBoss AS7 Development] - model updates and references
by Brian Stansberry
Brian Stansberry [http://community.jboss.org/people/bstansberry%40jboss.com] replied to the discussion
"model updates and references"
To view the discussion, visit: http://community.jboss.org/message/559893#559893
--------------------------------------------------------------
> Emanuel Muckenhuber wrote:
>
> Hmm some modifications i have in mind are: -) subsystem updates - since they are part of extensions
> -) creating new subsystems - since they might require an <extension /> module
> -) a domain deployment used by 2 server-groups... where you update only one group with a new deployment
> -) changing the value of a socket binding / jvm and determining which server-groups / servers are affected
> -) a deployment targeted to a single server - which would require to split the server-group? not sure if we want to allow that, but we had some discussions with the console team about that
That seems like a good list, except for the last one. That's OK, too, but I was just now thinking that kind of thing should be decomposed into 2 steps: forming a new server-group from a set of servers, and then applying any change to that new server group. So the deployment becomes one type of change. All the servers that form a new server group would need to be consistent. They wouldn't need to come from the same server-group (although we could require that to make life easier) but their configurations would need to be consistent.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/559893#559893]
Start a new discussion in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
14 years, 3 months
Re: [jboss-dev-forums] [JBoss AS7 Development] - Thoughts on hot deployment
by Jason Greene
Jason Greene [http://community.jboss.org/people/jason.greene%40jboss.com] replied to the discussion
"Thoughts on hot deployment"
To view the discussion, visit: http://community.jboss.org/message/559888#559888
--------------------------------------------------------------
> David Lloyd wrote:
>
> > Brian Stansberry wrote:
> >
> > Is it easier just to copy the exploded deployment and have the scanner keep the copy in sync. I've done that for farming; it's not such a big deal. I'm starting to feel like not doing that is leading to a lot of internal complication (e.g. needing to keep track of multiple locations where content is stored.)
> >
> > That doesn't solve the atomic move problem, but maybe if people can't do atomic moves they should [not] use the filesystem as their deployment API. :)
>
> For a single JAR it's a much simpler proposition to avoid partial copies than it is for exploded deployments. One merely has to ignore files which were modified in the past, say, 500 ms. This very greatly reduces the likelihood of a partial copy without really sacrificing latency significantly.
>
> This doesn't work for directories as most filesystems won't update the directory timestamp when one of its children are updated, and in no cases I can think of offhand for deep children.
You know if you look at AS4 behavior from the user perspective the proposal it not really THAT different.
Instead of touching web.xml for a redeploy they touch "jboss.redeploy" or whatever. The only real significant difference is where jboss.redeploy does not exist until they want it to start. But hey they can still do it the old with atomic moves, just leave a jboss.redeploy file in there and do the atomic move.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/559888#559888]
Start a new discussion in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
14 years, 3 months
Re: [jboss-dev-forums] [JBoss AS7 Development] - Thoughts on hot deployment
by David Lloyd
David Lloyd [http://community.jboss.org/people/david.lloyd%40jboss.com] replied to the discussion
"Thoughts on hot deployment"
To view the discussion, visit: http://community.jboss.org/message/559887#559887
--------------------------------------------------------------
> Brian Stansberry wrote:
>
> Is it easier just to copy the exploded deployment and have the scanner keep the copy in sync. I've done that for farming; it's not such a big deal. I'm starting to feel like not doing that is leading to a lot of internal complication (e.g. needing to keep track of multiple locations where content is stored.)
>
> That doesn't solve the atomic move problem, but maybe if people can't do atomic moves they should [not] use the filesystem as their deployment API. :)
For a single JAR it's a much simpler proposition to avoid partial copies than it is for exploded deployments. One merely has to ignore files which were modified in the past, say, 500 ms. This very greatly reduces the likelihood of a partial copy without really sacrificing latency significantly.
This doesn't work for directories as most filesystems won't update the directory timestamp when one of its children are updated, and in no cases I can think of offhand for deep children.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/559887#559887]
Start a new discussion in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
14 years, 3 months
[jBPM Development] - JBPM-2928 - BPMN2 - business rule task
by Maciej Swiderski
Maciej Swiderski [http://community.jboss.org/people/swiderski.maciej] created the discussion
"JBPM-2928 - BPMN2 - business rule task"
To view the discussion, visit: http://community.jboss.org/message/559870#559870
--------------------------------------------------------------
Hi,
I create prototype of business rule task for bpmn2 support. I tried to follow spec as much as possible (and as much as I understood it).
In general, it follows the same concept as RulesActivity and uses Drools for rules evaluation. So, you need to to provide facts for the business rule task that will be used to create state full knowledge session and fires all matching rules.
This is how definition of business rule task should look like (there can be many dataInputRefs)
<businessRuleTask id="_3" name="Validation">
<ioSpecification>
<inputSet>
<dataInputRefs>itemDefinition1</dataInputRefs>
</inputSet>
</ioSpecification>
</businessRuleTask>
In addition, item definitions should be declared
<itemDefinition id="itemDefinition1">
<jbpm:var name="fact" />
</itemDefinition>
I am not sure that referencing item definitions directly from dataInputRef is correct and according to spec?!
Complete example with all code changes can be found in https://jira.jboss.org/browse/JBPM-2928 jira
Cheers
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/559870#559870]
Start a new discussion in jBPM Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
14 years, 3 months