November 2011 - jboss-dev-forums - Jboss List Archives

[PicketBox Development] - Get something started with XACML - Requirements Discussion

by Dan Gradl

Dan Gradl [http://community.jboss.org/people/dgradl] created the discussion "Get something started with XACML - Requirements Discussion" To view the discussion, visit: http://community.jboss.org/message/637330#637330 -------------------------------------------------------------- Hello all, I have recently begun participating in this project and I noticed that the discussion on XACML has been fairly quiet, so I thought I would kick off some discussions to see what the interest level is, see what requirements people have considered, see who is using it, and maybe create some interest in it from others who don't know what it is or have looked at it and found it lacking something. I'm going to use this post as a teaser for topics I'm going to write about and to provide a summary of links to them. However, I would also like people to respond on this thread, if there is something I don't mention, or to provide other general thoughts on the subject of XACML. In a past role I architected and implemented a fine-grained access control system on a large scale using XACML. This was built on the SunXACML library which is now at the core of JBossXACML (since the Sun community died off). The library left a lot to be desired for such an implementation, and it was our desire actually to purchase a vendor product because of those gaps. However, due to various reasons this purchase was delayed and we fell back on this library and filling gaps ourself to provide at least a portion of the capabilities required. I am going to share some of the learning from this experience on various aspects of a complete access control solution based on XACML. I believe that for JBoss XACML to get more adoption and interest and to provide an alternative to the commercial products it needs to address some of these concerns. Don't take this as a critcism of what's here nor me just complaining (I intend to help build new features, if there is some interest). Here's some of the key considerations in its implementation that I intend to write about and start discussions on: 1. Performance - Access control is a cross cutting concern, it is pervasive throughout an application (or an enterprise). If you are controlling access to services it's going to be checked on every service invocation, if you are controlling access to data it will be called whenever its accessed. As such it needs to have a low overhead and be able to scale well. One thread is started about caching, but there is more to consider. http://community.jboss.org/thread/175058?tstart=0 Caching 2. Enforcement - In the XACML logical architecture, JBossXACML pretty much provides just the PDP, some context handling, and hooks to PIPs. Enforcement will vary greatly depending on what resources you are protecting, but is there anything generic it could provide here? 3. Administration - Policy writing is difficult, complex, and has a great impact on item #1. There is no open source Policy Administration Point (PAP) that I am aware of, but this is essential for ease of use and adotion. This may also include the need to test a policy that was created. 4. Auditing/Reporting - Access to resources is a major security concern so of course auditors and it security professionals and others need to know who has access to what 5. Deployment - Is the entire XACML stack (PEP, PDP, PIP, PAP) on one box alongside the application using it or is support for more distributed deployment topologies required? 6. Resource management - keeping an inventory of things you are protecting, seems simple, sounds like administration, but there are some gotcha's I'd like to share. 7. Best practices - this'll be a catchall for some random things -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637330#637330] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

2
4
0 / 0

[PicketBox Development] - JBoss AS7: Security : EJB3 Security

by Anil Saldhana

Anil Saldhana [http://community.jboss.org/people/anil.saldhana] created the document: "JBoss AS7: Security : EJB3 Security" To view the document, visit: http://community.jboss.org/docs/DOC-17364 -------------------------------------------------------------- Some things to remember are: * Use the @org.jboss.ejb3.annotation.SecurityDomain on your EJB3 beans. Unless they are present, the security system is not enabled for the EJBs. You can also use jboss.xml with the security-domain element -------------------------------------------------------------- Comment by going to Community [http://community.jboss.org/docs/DOC-17364] Create a new document in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=102&co...]

12 years, 5 months

1
0
0 / 0

[JBoss ESB Development] - jboss esb project with soap - Problem

by Anand Bhat

Anand Bhat [http://community.jboss.org/people/anandbhat87] created the discussion "jboss esb project with soap - Problem" To view the discussion, visit: http://community.jboss.org/message/637716#637716 -------------------------------------------------------------- Hello All, I had developed a web application which simply responds back the name which any client send as a request.Now i have deployed the project as web service in the jboss server.Now i would like to create a client which will be an esb project to access the web service whose wsdl address is : http://localhost:8080/M2M/services/Hello?wsdl http://localhost:8080/M2M/services/Hello?wsdl. The problem is i created the esb project similar to the web service consumer1 in the esb 4.9 samples.I am not able to deploy the.esb of the project.Kindly help me out to make a simple .esb project with minimum prerequisite to develop the project to access the web service. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637716#637716] Start a new discussion in JBoss ESB Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

1
0
0 / 0

[JBoss AS 7 Development] - Re: ClassCastException with Infinispan using multiple applications

by Randy Nott

Randy Nott [http://community.jboss.org/people/rnott] created the discussion "Re: ClassCastException with Infinispan using multiple applications" To view the discussion, visit: http://community.jboss.org/message/637629#637629 -------------------------------------------------------------- I'm attaching code for a simple test case that demonstrates the problem. There are two web applications A and B used to put and get from cache respectively. There is also a shared class Foo that is to be cached. I've included my standalone-preview-ha.xml as well; the only addition should be for the cache container entry. I've tried local-cache, distributed-cache and replicated-cache with equivalent results. Instructions for invoking the servlets can be found in readme.txt in the archive root. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637629#637629] Start a new discussion in JBoss AS 7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

1
0
0 / 0

[JBoss Remoting Development] - Re: remoting, classloading and specialized class problem

by Ron Sigal

Ron Sigal [http://community.jboss.org/people/ron_sigal] created the discussion "Re: remoting, classloading and specialized class problem" To view the discussion, visit: http://community.jboss.org/message/637626#637626 -------------------------------------------------------------- Hi Lio, Sorry for the delay. You are correct that the only remote classloading facility in Remoting 2 is from server to client. I'm not sufficiently familiar with Remoting 3 to give you an answer, but it's possible that Remoting 3 is more symmetric in this regard. However, you would have to upgrade to AS 7 to use Remoting 3. -Ron -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637626#637626] Start a new discussion in JBoss Remoting Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

1
0
0 / 0

[jBPM Development] - Re: Oryx Designer is not working in Internet Explorer after installing Google Chrome frame also

by uvijayreddy657

uvijayreddy657 [http://community.jboss.org/people/uvijayreddy657] created the discussion "Re: Oryx Designer is not working in Internet Explorer after installing Google Chrome frame also" To view the discussion, visit: http://community.jboss.org/message/637596#637596 -------------------------------------------------------------- As Oryx is internally using SVG to display workflow diagrams, Can we modify Oryx's SVG version to the latest version to get it work with IE also..... -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637596#637596] Start a new discussion in jBPM Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

1
0
0 / 0

[JBoss Web Services Development] - Exception in thread "main" java.lang.NoSuchMethodError: com.sun.xml.bind.api.JAXBRIContext.newInstance([Ljava/lang/Class; )Ljavax/xml/bind/JAXBContext;

by Sreejith K T

Sreejith K T [http://community.jboss.org/people/srekt] created the discussion "Exception in thread "main" java.lang.NoSuchMethodError: com.sun.xml.bind.api.JAXBRIContext.newInstance([Ljava/lang/Class;)Ljavax/xml/bind/JAXBContext;" To view the discussion, visit: http://community.jboss.org/message/637023#637023 -------------------------------------------------------------- Hi, I am getting the below exception while invoking the Web Service log4j:WARN No appenders could be found for logger (org.jboss.ws.metadata.builder.jaxws.JAXWSWebServiceMetaDataBuilder). log4j:WARN Please initialize the log4j system properly. *Exception in thread "main" java.lang.NoSuchMethodError: com.sun.xml.bind.api.JAXBRIContext.newInstance([Ljava/lang/Class;)Ljavax/xml/bind/JAXBContext*; at org.jboss.ws.metadata.acessor.JAXBAccessor$1.create(JAXBAccessor.java:67) at org.jboss.ws.metadata.acessor.JAXBAccessor$1.create(JAXBAccessor.java:54) at org.jboss.ws.metadata.umdm.ParameterMetaData.eagerInitialize(ParameterMetaData.java:470) at org.jboss.ws.metadata.umdm.OperationMetaData.eagerInitialize(OperationMetaData.java:466) at org.jboss.ws.metadata.umdm.EndpointMetaData.eagerInitializeOperations(EndpointMetaData.java:516) at org.jboss.ws.metadata.umdm.EndpointMetaData.initializeInternal(EndpointMetaData.java:502) at org.jboss.ws.metadata.umdm.EndpointMetaData.eagerInitialize(EndpointMetaData.java:490) at org.jboss.ws.metadata.builder.jaxws.JAXWSClientMetaDataBuilder.rebuildEndpointMetaData(JAXWSClientMetaDataBuilder.java:292) at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.getPortInternal(ServiceDelegateImpl.java:274) at org.jboss.ws.core.jaxws.spi.ServiceDelegateImpl.getPort(ServiceDelegateImpl.java:200) at javax.xml.ws.Service.getPort(Service.java:116) at tutorial.hanbo.webservice.jaws.GreetingService.getGreetingPort(GreetingService.java:56) at tutorial.hanbo.webservice.Client.main(Client.java:10) My Webservice is up and running and client code as follows, Please help GreetingService service = new GreetingService(); tutorial.hanbo.webservice.jaws.Greeting echo = service.getGreetingPort(); /* Set NEW Endpoint Location */ String endpointURL = " http://dskt:8080/greeting/GreetingWebService?wsdl http://dskt:8080/greeting/GreetingWebService?wsdl"; BindingProvider bp = (BindingProvider)echo; bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL); System.out.println("Server said: " + echo.greetClient("Sreejith")); -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637023#637023] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

1
1
0 / 0

[JBoss AS 7 Development] - Re: ClassCastException with Infinispan using multiple applications

by Paul Ferraro

Paul Ferraro [http://community.jboss.org/people/pferraro] created the discussion "Re: ClassCastException with Infinispan using multiple applications" To view the discussion, visit: http://community.jboss.org/message/637306#637306 -------------------------------------------------------------- Try this: @FooCache @Produces @ApplicationScoped Cache<String, Foo> fooCache() { return container.<String, Foo>getCache("foo").getAdvancedCache().with(Foo.class.getClassLoader()); } -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637306#637306] Start a new discussion in JBoss AS 7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

2
1
0 / 0

[PicketBox Development] - XACML Best Practices

by Dan Gradl

Dan Gradl [http://community.jboss.org/people/dgradl] created the discussion "XACML Best Practices" To view the discussion, visit: http://community.jboss.org/message/637524#637524 -------------------------------------------------------------- This is a post in a serious of discussions I was starting to get some discussion going on XACML. I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharing some of my insights as a way to elicit some requirements on the further development of XACML. The original post and index to these discussions is http://community.jboss.org/thread/175091?tstart=0 http://community.jboss.org/thread/175091?tstart=0. This topic is meant to be a catchall for items not in the other major categories listed there. I am starting with just one of those misc. items this morning, primarily because I ran across this as I was attempting to use JBoss XACML in a way I had used SunXACML. I found it very useful to leverage PolicyIdReference in PolicySets. Rather than embed all the policies within the PolicySet, using references to policies, kept things cleaner and more understandable, and it enabled reuse. In the RBAC Profile example here: http://community.jboss.org/docs/DOC-16676 http://community.jboss.org/wiki/XACMLRBACLocator, the policies are directly in the PPS. I preferred instead to create a set of policies externally and refer to them as references in the PPS. This enabled me to use them in different roles in different combinations. More specifically policies were written to target specific resource/action combinations (only), and then assigned them to PolicySets that targetted specific subjects (namely a role). As far as I can see the JBoss XACML Locators and FinderModules do not handle references. Everything is treated as a first level policy and it's common to see this warning "INFO: More than one top-level applicable policy for the request". The XACML spec says "the mechanism for resolving a policy reference to the corresponding policy is outside the scope of this specification", so it's up to implementation detail. However, the way I believe it should work is that those policies referenced should be considered a second-level policy. As such, they should not be target evaluated in the initial passthrough, only if a top-level PolicySet matches the target and refers to these policies, then the target should be evaluated. In the SunXACML module there is a StaticRefPolicyFinderModule, and it works just that way. It will "find" policies only by reference id and not by evaluation, and can be pointed at a different set of policies. So I would place all of my RPS/PPS files in one directory and all of my policies in a separate directory and they would be evaluted if an RPS/PPS matched first and had reference to it. That component is still there but can't be used directly by the JBoss Locators because of some differences. But I would suggest that there definitely needs to be support for PolicyIdReference capabilities, but would like to solicit feedback on the approach I described. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637524#637524] Start a new discussion in PicketBox Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

1
0
0 / 0

[JBoss AS 7 Development] - Bundled Windows native connectors for AS7

by Nicklas Karlsson

Nicklas Karlsson [http://community.jboss.org/people/nickarls] created the discussion "Bundled Windows native connectors for AS7" To view the discussion, visit: http://community.jboss.org/message/637439#637439 -------------------------------------------------------------- (directed mostly @jfclere) Are there any plans to include bundled pre-configured native connectors for Windows for the AS7 like the 6.x series had? I noticed that the existing connectors mostly work for AS7 if you edit service.bat to call standalone.bat and jboss-admin.bat. It's important not to have the "call shutdown" around anymore since that will result in system since the shutdown.bat is no longer there and will call the shutdown.exe in system32 instead). It would also be nice if there was some mechanism for customizing the service.bat for multiple installs. The service name has to be altered and the calls to jboss-admin must take the management port into consideration. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/637439#637439] Start a new discussion in JBoss AS 7 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

12 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums November 2011