[PicketBox Development] - XACML Enforcement
by Dan Gradl
Dan Gradl [http://community.jboss.org/people/dgradl] created the discussion
"XACML Enforcement"
To view the discussion, visit: http://community.jboss.org/message/639028#639028
--------------------------------------------------------------
This is a post in a serious of discussions I am starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharing some of my insights as a way to elicit some requirements on the further development of XACML. The original post and index to these discussions is http://community.jboss.org/thread/175091?tstart=0 http://community.jboss.org/thread/175091?tstart=0.
This thread will discuss policy enforcement. The core JBoss XACML (PicketBox) portion provides PDP, context handling, and a bit of PIP functionality. Any PEP capability is elsewhere.
Anil, you mentioned in another thread that PEPs are in higher level projects. When you get a chance can you let me know where to look for those?
Enforcement can be very specific to the resource being protected and to the security environment, but I think there could be some useful pieces that could be provided out of the box. The first thing is simply an API to simplify making a XACML request. The majority of enforcement types will only need to deal with a small number of core attributes.. e.g. subject-id, resource-id, action-id. Additional attributes could be made available more simply as key/value pairs rather than requiring the PEP implementer to construct a complex XACML Request object.
The second thing that can be provided is a library of PEPs that can handle common resources, in this case container resources or development framework resources. For example, you might be able to provide a generalized PEP for an EJB, a servlet, a portlet, etc. You might have resources in Seam (I'm not very familiar with Seam, so forgive me) but maybe some REST resource or JSF resources (perhaps you want to protect a data field).
Last thing might be to provide common obligation handling capabilities... maybe must log or something like this. Plus, the XACML spec states that if a PEP cannot fulfil an obligation it should deny access....if every PEP is written differently, its hard to consistently ensure this is met.
In all, its hard to provide a set of PEPs that will work for all resources you are protecting, and there's not a ton you can provide here.. but just a couple thoughts/ideas.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/639028#639028]
Start a new discussion in PicketBox Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 1 month
Re: [jboss-dev-forums] [PicketBox Development] - JBoss AS7 : Security Domain Model
by Bernhard Günter
Bernhard Günter [http://community.jboss.org/people/berni02] commented on the document
"JBoss AS7 : Security Domain Model"
To view all comments on this document, visit: http://community.jboss.org/docs/DOC-16811#comment-8308
--------------------------------------------------
Hi,
My custom LoginModule, defined in standalone.xml is not called (JBoss7.1-B1), what could be wrong? On JBoss 4.2 it was working...
The stateless beans are annotated with @org.jboss.security.annotation.SecurityDomain("MyDomain")
and the methods:
@RolesAllowed(..)
*standalone.xml:*
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="MyDomain" cache-type="default">
<authentication>
<login-module code="de.security.MyDatabaseLoginModule" flag="required"/>
</authentication>
</security-domain>
</security-domains>
</subsystem>
Regards,
Bernhard
--------------------------------------------------
13 years, 1 month
[jBPM Development] - can't show diagram on jbpm-console
by Jimmy dong
Jimmy dong [http://community.jboss.org/people/jimmy.dongjia] created the discussion
"can't show diagram on jbpm-console"
To view the discussion, visit: http://community.jboss.org/message/638777#638777
--------------------------------------------------------------
I create one myself project,upload the .bpmn file and .ftl file and .png file to guvnor,the name of these file are right,use {taskname}or {id},and in guvnor build successful,login console,I can see the new process I created,I can start the process,but when I click "Diagram",an error showed.Can tell me some possible reasons about the error?Thanks!
http://community.jboss.org/servlet/JiveServlet/showImage/2-638777-17373/e... http://community.jboss.org/servlet/JiveServlet/downloadImage/2-638777-173...
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/638777#638777]
Start a new discussion in jBPM Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 1 month
[JBoss AS 7 Development] - Not starting with standard Sun JMX options
by Roberto Beeman
Roberto Beeman [http://community.jboss.org/people/robertobeeman] created the discussion
"Not starting with standard Sun JMX options"
To view the discussion, visit: http://community.jboss.org/message/638723#638723
--------------------------------------------------------------
Hi,
I am trying to start JBoss with the following JAVA_OPTS and the JBoss is not coming up:
*./standalone.sh -c standalone-full.xml*
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /home/roberto/jboss-as-7.1.0.Beta1
JAVA: /home/roberto/jdk1.6.0_21/bin/java
JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true *-Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=4545 -Dcom.sun.management.jmxremote.authenticate=false*
=========================================================================
WARNING: Failed to load the specified logmodule org.jboss.logmanager:main
Exception in thread "main" java.lang.ExceptionInInitializerError
at org.jboss.as.server.Main.main(Main.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.modules.Module.run(Module.java:243)
at org.jboss.modules.Main.main(Main.java:313)
Caused by: java.lang.IllegalStateException: The LogManager was not properly installed (you must set the "java.util.logging.manager" system property to "org.jboss.logmanager.LogManager")
at org.jboss.logmanager.Logger.getLogger(Logger.java:60)
at org.jboss.logmanager.log4j.BridgeRepositorySelector.<clinit>(BridgeRepositorySelector.java:42)
... 7 more
*+If i remove the JAVA_OPTS which are high lighted above then everything works fine.+*
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/638723#638723]
Start a new discussion in JBoss AS 7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 1 month
[jBPM Development] - Oryx: Not able parse the knowledge when adding Message Events or Send Task Node
by uvijayreddy657
uvijayreddy657 [http://community.jboss.org/people/uvijayreddy657] created the discussion
"Oryx: Not able parse the knowledge when adding Message Events or Send Task Node"
To view the discussion, visit: http://community.jboss.org/message/629805#629805
--------------------------------------------------------------
I am getting the following exception when loading the process which has *Intermediate Message Event(i.e. Email Notification Nodes) or Send Task nodes*
URL url = new URL(guvnorRepoURL+ "/drools-guvnor/rest/packages/pkg/assets/" + assetName+ "/source/");
KnowledgeBuilder kbuilder = KnowledgeBuilderFactory.newKnowledgeBuilder();
kbuilder.add(ResourceFactory.newUrlResource(url),ResourceType.BPMN2);
KnowledgeBase kbase = kbuilder.newKnowledgeBase(); //Getting error at this statement
*(null: 369, 100): cvc-datatype-valid.1.2.1: '2' is not a valid value for 'QName'.*
*(null: 369, 100): cvc-attribute.3: The value '2' of attribute 'messageRef' on element 'bpmn2:messageEventDefinition' is not valid with respect to its type, 'QName'.*
*java.lang.IllegalArgumentException: No messages found*
at org.jbpm.bpmn2.xml.IntermediateCatchEventHandler.handleMessageNode(IntermediateCatchEventHandler.java:131)
at org.jbpm.bpmn2.xml.IntermediateCatchEventHandler.end(IntermediateCatchEventHandler.java:64)
at org.drools.xml.ExtensibleXmlParser.endElement(ExtensibleXmlParser.java:414)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.endElement(XMLSchemaValidator.java:795)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1772)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2923)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:645)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:395)
at org.drools.xml.ExtensibleXmlParser.read(ExtensibleXmlParser.java:293)
at org.drools.xml.ExtensibleXmlParser.read(ExtensibleXmlParser.java:172)
at org.jbpm.compiler.xml.XmlProcessReader.read(XmlProcessReader.java:46)
at org.jbpm.compiler.ProcessBuilderImpl.addProcessFromXml(ProcessBuilderImpl.java:249)
at org.drools.compiler.PackageBuilder.addProcessFromXml(PackageBuilder.java:516)
at org.drools.compiler.PackageBuilder.addKnowledgeResource(PackageBuilder.java:560)
at org.drools.builder.impl.KnowledgeBuilderImpl.add(KnowledgeBuilderImpl.java:28)
at com.emirates.sds.workflow.mbean.CWorkflowDesignerMBean.getWFProcessNodesList(CWorkflowDesignerMBean.java:279)
at com.emirates.sds.workflow.mbean.CWorkflowDesignerMBean.getProcessNodesList(CWorkflowDesignerMBean.java:1071)
at com.emirates.sds.workflow.mbean.CWorkflowDesignerMBean.mapForms(CWorkflowDesignerMBean.java:249)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.el.parser.AstValue.invoke(AstValue.java:172)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:84)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:98)
at javax.faces.component.UICommand.broadcast(UICommand.java:311)
at org.ajax4jsf.component.AjaxActionComponent.broadcast(AjaxActionComponent.java:55)
at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:329)
at org.ajax4jsf.component.AjaxViewRoot.broadcastEventsForPhase(AjaxViewRoot.java:304)
at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:261)
at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:474)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:77)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:97)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:114)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:308)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:206)
at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290)
at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:388)
at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:515)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:349)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:619)
*org.drools.compiler.ProcessLoadError: unable to parse xml : Exception class java.lang.IllegalArgumentException : No messages found*
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/629805#629805]
Start a new discussion in jBPM Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 1 month
