August 2010 - jboss-dev-forums - Jboss List Archives

Re: [jboss-dev-forums] [PicketBox Development] - Make JBossPDP an interface to allow easier insertion of custom PDP.

by Brian Krisler

Brian Krisler [http://community.jboss.org/people/bkrisler] replied to the discussion "Make JBossPDP an interface to allow easier insertion of custom PDP." To view the discussion, visit: http://community.jboss.org/message/559902#559902 -------------------------------------------------------------- I too am against reinventing the wheel and that is one of the reasons we selected Picketbox/Picketlink as a staring point for our research. When we started, we reviewed all of the existing SAML/XACML solutions in the open source and found that Picketbox/Picketlink put us close to our goal with minimal modification. As far as why I need to create a custom PDP, there are two reasons, (if I missed something that would allow these features in the existing implementation, a pointer would be great!): 1) We need to support attribute-based authorization. The current implementation appears to be role-based authorization. 2) We need to support remote Attribute Authorities. From what I can determine, this would require modification of the PDP to allow for configuration of a known/trusted attribute authority that is not self contained. Another requirement I have not started to investigate, however I think should be supported in the existing PDP is the intergration of a custom rule combining algorithm. At the moment, the custom PolicyRegistration approach is the route I took. This has allowed my to extend and modify the existing PDP to meet my requirements. It is possible that what I am doing is very specific and not worth modification of the existing implementation. Hope this helps some in clarifying my intent. Brian -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559902#559902] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [PicketBox Development] - Make JBossPDP an interface to allow easier insertion of custom PDP.

by ANIL SALDHANA

ANIL SALDHANA [http://community.jboss.org/people/anil.saldhana%40jboss.com] replied to the discussion "Make JBossPDP an interface to allow easier insertion of custom PDP." To view the discussion, visit: http://community.jboss.org/message/559895#559895 -------------------------------------------------------------- In JBAS, you should be able to replace the entire xacml infrastructure with a custom stack by implementing a new PolicyRegistration interface and then writing your own XACML policy module. The JBoss Microcontainer can be used to add in your PR implementation. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559895#559895] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [PicketBox Development] - Make JBossPDP an interface to allow easier insertion of custom PDP.

by ANIL SALDHANA

ANIL SALDHANA [http://community.jboss.org/people/anil.saldhana%40jboss.com] replied to the discussion "Make JBossPDP an interface to allow easier insertion of custom PDP." To view the discussion, visit: http://community.jboss.org/message/559894#559894 -------------------------------------------------------------- And why would you create your own custom PDP? I fail to understand why people want to reinvent the wheels themselves. This is a trend I am increasingly seeing at companies. A PDP's job is to evaluate policies. If our PDP is not doing that properly then there may be bugs (I have not seen any major bug reports and I have run our PDP in complex policies' scenarios at various interoperability events). I am pretty confident that our PDP is robust and can do good for the features we have advertised. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559894#559894] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss AS7 Development] - model updates and references

by Brian Stansberry

Brian Stansberry [http://community.jboss.org/people/bstansberry%40jboss.com] replied to the discussion "model updates and references" To view the discussion, visit: http://community.jboss.org/message/559893#559893 -------------------------------------------------------------- > Emanuel Muckenhuber wrote: > > Hmm some modifications i have in mind are: -) subsystem updates - since they are part of extensions > -) creating new subsystems - since they might require an <extension /> module > -) a domain deployment used by 2 server-groups... where you update only one group with a new deployment > -) changing the value of a socket binding / jvm and determining which server-groups / servers are affected > -) a deployment targeted to a single server - which would require to split the server-group? not sure if we want to allow that, but we had some discussions with the console team about that That seems like a good list, except for the last one. That's OK, too, but I was just now thinking that kind of thing should be decomposed into 2 steps: forming a new server-group from a set of servers, and then applying any change to that new server group. So the deployment becomes one type of change. All the servers that form a new server group would need to be consistent. They wouldn't need to come from the same server-group (although we could require that to make life easier) but their configurations would need to be consistent. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559893#559893] Start a new discussion in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss AS7 Development] - Thoughts on hot deployment

by Jason Greene

Jason Greene [http://community.jboss.org/people/jason.greene%40jboss.com] replied to the discussion "Thoughts on hot deployment" To view the discussion, visit: http://community.jboss.org/message/559888#559888 -------------------------------------------------------------- > David Lloyd wrote: > > > Brian Stansberry wrote: > > > > Is it easier just to copy the exploded deployment and have the scanner keep the copy in sync. I've done that for farming; it's not such a big deal. I'm starting to feel like not doing that is leading to a lot of internal complication (e.g. needing to keep track of multiple locations where content is stored.) > > > > That doesn't solve the atomic move problem, but maybe if people can't do atomic moves they should [not] use the filesystem as their deployment API. :) > > For a single JAR it's a much simpler proposition to avoid partial copies than it is for exploded deployments. One merely has to ignore files which were modified in the past, say, 500 ms. This very greatly reduces the likelihood of a partial copy without really sacrificing latency significantly. > > This doesn't work for directories as most filesystems won't update the directory timestamp when one of its children are updated, and in no cases I can think of offhand for deep children. You know if you look at AS4 behavior from the user perspective the proposal it not really THAT different. Instead of touching web.xml for a redeploy they touch "jboss.redeploy" or whatever. The only real significant difference is where jboss.redeploy does not exist until they want it to start. But hey they can still do it the old with atomic moves, just leave a jboss.redeploy file in there and do the atomic move. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559888#559888] Start a new discussion in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss AS7 Development] - Thoughts on hot deployment

by David Lloyd

David Lloyd [http://community.jboss.org/people/david.lloyd%40jboss.com] replied to the discussion "Thoughts on hot deployment" To view the discussion, visit: http://community.jboss.org/message/559887#559887 -------------------------------------------------------------- > Brian Stansberry wrote: > > Is it easier just to copy the exploded deployment and have the scanner keep the copy in sync. I've done that for farming; it's not such a big deal. I'm starting to feel like not doing that is leading to a lot of internal complication (e.g. needing to keep track of multiple locations where content is stored.) > > That doesn't solve the atomic move problem, but maybe if people can't do atomic moves they should [not] use the filesystem as their deployment API. :) For a single JAR it's a much simpler proposition to avoid partial copies than it is for exploded deployments. One merely has to ignore files which were modified in the past, say, 500 ms. This very greatly reduces the likelihood of a partial copy without really sacrificing latency significantly. This doesn't work for directories as most filesystems won't update the directory timestamp when one of its children are updated, and in no cases I can think of offhand for deep children. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559887#559887] Start a new discussion in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss AS7 Development] - Thoughts on hot deployment

by Brian Stansberry

Brian Stansberry [http://community.jboss.org/people/bstansberry%40jboss.com] replied to the discussion "Thoughts on hot deployment" To view the discussion, visit: http://community.jboss.org/message/559883#559883 -------------------------------------------------------------- I mean they *should not* use the filesystem as their deployment API. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559883#559883] Start a new discussion in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss AS7 Development] - Thoughts on hot deployment

by Brian Stansberry

Brian Stansberry [http://community.jboss.org/people/bstansberry%40jboss.com] replied to the discussion "Thoughts on hot deployment" To view the discussion, visit: http://community.jboss.org/message/559882#559882 -------------------------------------------------------------- Is it easier just to copy the exploded deployment and have the scanner keep the copy in sync. I've done that for farming; it's not such a big deal. I'm starting to feel like not doing that is leading to a lot of internal complication (e.g. needing to keep track of multiple locations where content is stored.) That doesn't solve the atomic move problem, but maybe if people can't do atomic moves they should use the filesystem as their deployment API. :) -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559882#559882] Start a new discussion in JBoss AS7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss ESB Development] - Naming for webservice endpoints

by Keith Babo

Keith Babo [http://community.jboss.org/people/kcbabo] replied to the discussion "Naming for webservice endpoints" To view the discussion, visit: http://community.jboss.org/message/559873#559873 -------------------------------------------------------------- Hmm ... that's an interesting idea. My impression is that adding a separate property to SOAPProxy might be a bit funky, but that's just me. David is best qualified to address that. Generally speaking, I like the idea of having a single way to reference JBossWS hosted services across ESB actions. If we end up creating more confusion by changing the SOAPProxy config, however, then it's best to just fix SOAPProcessor and leave SOAPProxy alone. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559873#559873] Start a new discussion in JBoss ESB Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

[jBPM Development] - JBPM-2928 - BPMN2 - business rule task

by Maciej Swiderski

Maciej Swiderski [http://community.jboss.org/people/swiderski.maciej] created the discussion "JBPM-2928 - BPMN2 - business rule task" To view the discussion, visit: http://community.jboss.org/message/559870#559870 -------------------------------------------------------------- Hi, I create prototype of business rule task for bpmn2 support. I tried to follow spec as much as possible (and as much as I understood it). In general, it follows the same concept as RulesActivity and uses Drools for rules evaluation. So, you need to to provide facts for the business rule task that will be used to create state full knowledge session and fires all matching rules. This is how definition of business rule task should look like (there can be many dataInputRefs) <businessRuleTask id="_3" name="Validation"> <ioSpecification> <inputSet> <dataInputRefs>itemDefinition1</dataInputRefs> </inputSet> </ioSpecification> </businessRuleTask> In addition, item definitions should be declared <itemDefinition id="itemDefinition1"> <jbpm:var name="fact" /> </itemDefinition> I am not sure that referencing item definitions directly from dataInputRef is correct and according to spec?! Complete example with all code changes can be found in https://jira.jboss.org/browse/JBPM-2928 jira Cheers -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/559870#559870] Start a new discussion in jBPM Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

13 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums August 2010