[IronJacamar Development] - Reauthentication
by Jesper Pedersen
Jesper Pedersen [http://community.jboss.org/people/jesper.pedersen] modified the document:
"Reauthentication"
To view the document, visit: http://community.jboss.org/docs/DOC-16434
--------------------------------------------------------------
h2. Description
A resource adapter can re-authenticate a physical connection (that is, one that already exists in the connection pool under a different security context) to the underlying EIS. A resource adapter performs reauthentication when an application server calls the getConnection method with a security context, passed as a Subject instance, different from the context previously associated with the physical connection.
h2. Requirements
* Reauthentication support: The resource adapter provider must specify whether a resource adapter supports reauthentication of an existing physical connection.
* The matchManagedConnections method in ManagedConnectionFactory may return a matched ManagedConnection instance with the assumption that the ManagedConnection.getConnection method will later switch the security context through reauthentication.
* If reauthentication is successful, the resource adapter has changed the security context of the underlying ManagedConnection instance to that associated with the passed Subject instance.
Detailed description of the reauthentication process is described in section 9.1.9.
h2. Design
h2. Implementation
h2. Test suite
h3. Test client
1. Lookup connection factory / connection
2. Invoke connection with credential #1
3. Invoke connection with credential #2
should lead to success
h3. Resource adapter
* Reauthentication enabled
* Expose simple connection interface
* Configuration: Initially <min-pool-size> and <max-pool-size> should be set to 1
h3. Target system
* Allow a configured number of connections (java.net.Socket)* Binary protocol
* Header (0 = Auth, 1 = Shutdown)
* Payload* 0: Subject / CRI
* 1: <nothing>
* Support Subject based security
* Support CRI based security* implements java.io.Serializable
* Support reauthentication on existing connection* Packet 0
* Be able to run in-VM* All communication has to go over the Sockets for clean separation between RA and EIS
Option #C and #A described in section 9.1.9 should be tested in that order.
Ideally the entire test suite setup can be included as an example in the user guide.
h2. JDBC
Some databases support reauthentication, so we need to provide a way to enable support in our JDBC resource adapter.
We can also provide plugins for the Open Source databases that supports this.
h2. Links
* http://jcp.org/en/jsr/detail?id=322 Java EE Connector Architecture 1.6
* https://issues.jboss.org/browse/JBJCA-94 JBJCA-94
* http://community.jboss.org/en/picketbox PicketBox user forum
* http://community.jboss.org/en/picketbox/dev PicketBox developer forum
* http://community.jboss.org/docs/DOC-10430 Old JCA pooling mechanims
* http://community.jboss.org/message/230163#230163 User thread
* https://issues.jboss.org/browse/JBAS-1429 JBAS-1429
--------------------------------------------------------------
Comment by going to Community
[http://community.jboss.org/docs/DOC-16434]
Create a new document in IronJacamar Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&co...]
13 years, 10 months
[EJB Development] - Adding interceptor at runtime / dynamically
by Ales Justin
Ales Justin [http://community.jboss.org/people/alesj] created the discussion
"Adding interceptor at runtime / dynamically"
To view the discussion, visit: http://community.jboss.org/message/585708#585708
--------------------------------------------------------------
I'm trying to add EJB' AOP intreceptor for Weld, in some deployer.
Should this work? Or when does EJB container assemble its AOP interceptors?
As I tried debugging, but the interceptor is never hit.
This is the test: https://github.com/alesj/core/compare/weld-848 https://github.com/alesj/core/compare/weld-848
public class WeldEjbLifecycleInterceptorDeployer extends WeldAwareMetadataDeployer<JBossMetaData>
{
private Boolean done;
public WeldEjbLifecycleInterceptorDeployer()
{
super(JBossMetaData.class, false);
setStage(DeploymentStages.PRE_REAL);
}
@Override
protected void internalDeploy(VFSDeploymentUnit unit, JBossMetaData jbmd, Collection<VirtualFile> wbXml) throws DeploymentException
{
if (done != null)
return;
try
{
AspectDefinition def = new AspectDefinition("weld-aspect", Scope.PER_INSTANCE, new GenericAspectFactory(WeldLifecycleInterceptor.class.getName(), null));
AdviceFactory advice = new AdviceFactory(def, "invoke");
PointcutExpression pointcut = new PointcutExpression("weld-pointcut", "execution(* @" + PostActivate.class.getName() + "->*(..)) OR execution(* @" + PrePassivate.class.getName() + "->*(..))");
InterceptorFactory[] interceptors = {advice};
AdviceBinding binding = new AdviceBinding("weld-binding", pointcut, null, null, interceptors);
AspectManager manager = AspectManager.getTopLevelAspectManager();
DomainDefinition dd = manager.getContainer("Intercepted Bean");
AspectManager domain = dd.getManager();
domain.addAspectDefinition(def);
domain.addInterceptorFactory(advice.getName(), advice);
domain.addPointcut(pointcut);
domain.addBinding(binding);
done = true;
}
catch (Exception e)
{
done = false;
throw DeploymentException.rethrowAsDeploymentException("Error setting Weld lifecycle interceptor", e);
}
}
public static class WeldLifecycleInterceptor extends SessionBeanInterceptor implements Interceptor
{
public String getName()
{
return WeldLifecycleInterceptor.class.getName();
}
public Object invoke(final Invocation invocation) throws Throwable
{
return aroundInvoke(new InvocationContext()
{
public Object getTarget()
{
return invocation.getTargetObject();
}
public Method getMethod()
{
return null;
}
public Object[] getParameters()
{
return new Object[0];
}
public void setParameters(Object[] params)
{
}
public Map<String, Object> getContextData()
{
return Collections.emptyMap();
}
public Object getTimer()
{
return null;
}
public Object proceed() throws Exception
{
try
{
return invocation.invokeNext();
}
catch (Throwable t)
{
throw new Exception(t);
}
}
});
}
}
}
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/585708#585708]
Start a new discussion in EJB Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 10 months
[JBoss AS7 Development] - Management API Security (Design)
by Darran Lofthouse
Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] created the document:
"Management API Security (Design)"
To view the document, visit: http://community.jboss.org/docs/DOC-16447
--------------------------------------------------------------
h1. Management API Security
h2. Introduction
The purpose of this document is to capture the requirements, considerations and desicions regarding the securing access to the management APIs for managing or monitoring both standalone JBoss AS7 installations and complete JBoss AS7 domains.
At a high level the JBoss AS7 domains will be managed by a single domain controller, the hosts will then establish a connection with this domain controller to recieve their management operations to be performed on the host or servers running on that host. In addition to this there is also the possibility for clients to connect directly to hosts to retrieve state from those running hosts and their servers.
The standalone AS7 installations will have all of this combined into a single process, however the same management APIs will be exposed and the same operations possible in the context of a single standalone installation (i.e. operations such as starting a server on a remote host will no longer be applicable).
--------------------------------------------------------------
Comment by going to Community
[http://community.jboss.org/docs/DOC-16447]
Create a new document in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&co...]
13 years, 10 months
[JBoss Remoting Development] - Help!!! ON Jboss and IIS 6 ISAPI
by Victor Usamah
Victor Usamah [http://community.jboss.org/people/vtech005] created the discussion
"Help!!! ON Jboss and IIS 6 ISAPI"
To view the discussion, visit: http://community.jboss.org/message/585427#585427
--------------------------------------------------------------
Please i need a huge favour from any Jboss IIS User and idea that could help will be appreciated cos...i have been trying to redirect request from IIS to an EAR (homepage.ear) file delpoyed in Jboss-5.1.0.GA in the deploy folder. And i have been on this for months and all efforts have be notting ur contribution is required Thanks.
I can not access my application via this url http://192.168.1.5/homepage http://192.168.1.5/homepage but i can access it via http://192.168.1.5:8080/homepage http://192.168.1.5:8080/homepage
i what to resolve the port 8080
i have congifured the followings WITH THIS TOOL:
1 Web Server – IIS version: 6
2 Application Server – JBoss-5.1.0.GA
3 Java Development Kit – J2SE Development Kit 5.0 Update 7
4 ISAPI Redirector 1.2.30.DLL
5 Operating System – Windows Server 2003 with SP2:
Ear file in this path C:\jboss-5.1.0.GA\server\ default\deploy
Installed isapi_redirect-1.2.14.exe in this path C:\Jakarta Isapi Redirector\jboss_tomcat and it created a Registry on my PC as shown below
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\1.0
Class Name: <NO CLASS>
Last Write Time: 2/3/2011 - 2:32 PM
Value 0
Name: <NO NAME>
Type: REG_SZ
Data:
Value 1
Name: extension_uri
Type: REG_SZ
Data: /jakarta/isapi_redirect.dll
Value 2
Name: log_file
Type: REG_SZ
Data: C:\Jakarta Isapi Redirector\jboss_tomcat\log\isapi_redirect.log
Value 3
Name: log_level
Type: REG_SZ
Data: info
Value 4
Name: worker_file
Type: REG_SZ
Data: C:\Jakarta Isapi Redirector\jboss_tomcat\conf\workers.properties.minimal
Value 5
Name: worker_mount_file
Type: REG_SZ
Data: C:\Jakarta Isapi Redirector\jboss_tomcat\conf\uriworkermap.properties
I downloaded isapi_redirect-1.2.30.dll renamed it to isapi_redirect.dll and replaced the on in my bin folder
C:\Jakarta Isapi Redirector\jboss_tomcat\bin
I modify workers.properties.minimal to workers.properties and droped my workers.properties file in the config
C:\Jakarta Isapi Redirector\jboss_tomcat\conf
WORKER.PROPERTIES configuration as follows:
# workers.properties.minimal -
#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# The workers that jk should create and work with
#
worker.list=wlb,jkstatus
#
# Defining a worker named ajp13w and of type ajp13
# Note that the name and the type do not have to match.
# Define node1
worker.list=node1
worker.node1.port=8009
worker.node1.host=192.168.1.5
worker.node1.type=ajp13
worker.node1.ping_mode=A
worker.node1.lbfactor=50
worker.node1.cachesize=10
worker.node1.cache_timeout=600
worker.node1.socket_keepalive=1
worker.node1.reclycle_timeout=300
#worker.ajp13w.type=ajp13
#worker.ajp13w.host=localhost
#worker.ajp13w.port=8009
#
# Defining a load balancer
worker.list=loadbalancer,status
# Defining a template worker to be used
worker.template.port=8009
worker.template.type=ajp13
worker.template.ping_mode=A
worker.template.socket_timeout=10
# Define Node1
# modify the host as your host IP or DNS name.
worker.node1.reference=worker.template
worker.node1.host=192.168.1.5
worker.node1.type=ajp13
#
# Load-balancing worker
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=node1
#
# Define status worker
#
worker.jkstatus.type=status
URIWORKER CONFIGURED AS FOLLOWS:
# uriworkermap.properties - IIS
#
# This file provides sample mappings for example wlb
# worker defined in workermap.properties.minimal
# The general syntax for this file is:
# [URL]=[Worker name]
/admin/*=wlb
/manager/*=wlb
/jsp-examples/*=wlb
/servlets-examples/*=wlb
#send all /homepage requests to node1
/homepage/*=node1
/homepage/*jsp=node1
# Optionally filter out all .jpeg files inside that context
# For no mapping the url has to start with exclamation (!)
!/servlets-examples/*.jpeg=wlb
#
# Mount jkstatus to /jkmanager
# For production servers you will need to
# secure the access to the /jkmanager url
#
/jkmanager=jkstatus
CONFIGURED IIS 6 AND isapi_redirect.dll AS FOLLOWS
Open IIS Manager navigate to (local computer) >>> Web Sites>>>> right click on “Default Web Site” click on properties,
from the properties windows click on “ISAPI filters” tab click “Add” give filter name as “jakarta” (exact spelling & case required),
add Executable path as
C:\Jakarta Isapi Redirector\jboss_tomcat\bin\isapi_redirect.dll” apply the changes and clicked ok.
I right click on the “Default Web Site” and create a “virtual directory” named “jakarta” (exact spelling & case) and set the path to
C:\Jakarta Isapi Redirector\jboss_tomcat\bin\isapi_redirect.dll
Gave Read, Run Scripts and Execute permissions during the creation of virtual directory “jakarta”
Then navigate to Web Service Extensions from IIS Manager and right click on the right pane of the IIS Manager and
click “Add a new Web service extension…” and create the extension named “jakarta” (exact spelling & case) with “Required Files” path to
C:\Jakarta Isapi Redirector\jboss_tomcat\bin\isapi_redirect.dll” and set the extension statusto “Allowed”.
I Copied my ear into this path “C:\Inetpub\wwwroot”
or sometime i set the default directry from IIS to the path where my EAR file is deployed
C:\jboss-5.1.0.GA\server\ default\deploy
And restart all services including my pc
Issues:
ISAPI does not generated logfile in the log directory so i can trace my error
some times the ISAPI do not show green arrow upward and if it shows it does not display it's priority whether high or low
some times if the ISAPI priority is high and i try to access this url http://192.168.1.5/homepage http://192.168.1.5/homepage is dose not display it show error 404
but i can always access http://192.168.1.5:8080/homepage http://192.168.1.5:8080/homepage i need to resolve the port...
Question:
Please is the any configuration and missing out or doing wrong....
Do i need to do any settings in JBOSS Config files or service xml do need to add or remove pls advice
i appreciate your great help hope to get a feedback soon
thank
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/585427#585427]
Start a new discussion in JBoss Remoting Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 11 months
[JBoss AS7 Development] - Classloading in Jboss AS7
by Stuart Douglas
Stuart Douglas [http://community.jboss.org/people/swd847] modified the document:
"Classloading in Jboss AS7"
To view the document, visit: http://community.jboss.org/docs/DOC-16435
--------------------------------------------------------------
This document is a draft, it may (and probably will) change significantly.
* All class loading is handled by Jboss modules
* All Modules will have a corresponding ModuleService associated with them.
* All non-ear deployments are represented by a single module
* Inside an ear:* deployments are represented as a single module
* All arbitrary jars outside /lib are represented as a module. The ModuleService for these modules will start up on-demand, so if they are never referenced, then the Module will not be created.
* The combined contents of the /lib directory is represented as a single module
* By default war modules have access to /lib and all other non-war deployments
* All non-war deployments have access to /lib and all other non-war deployments
* jars in /lib jave access to other jars in /lib
* Class-Path references* If the jar that is pointed to by a class-path reference is not accessible by default (e.g. in /lib) then the jar is turned into a module
* Transitive dependencies are handled by the deployer, not jboss-modules, so modules do not re-export any of their imports
* references to jars in another deployment are supported. If that deployment is removed then the deployment will go down, if the other deployment is replaced then this deployment will come back up.* references to jars in another deployment will not bring in transitive dependencies
* Extension-List references* Each referenced jar is treated as a single module (TODO should these modules be shared between deployments)
* Custom Module Configuration* Custom module configuration will be supported. At a minimum it will support the following:* Turn an arbitrary jar (outside of /lib) into a module, and specify it's dependencies
* Specify additional dependencies for any (or all) modules in the deployment
* Produce multiple modules from the same jar with different module configurations (e.g. one that has a dependencies on util-1.0.jar and another that has a dependency on util-1.1.jar)
* Provide a complete module configuration for any deployed module that overrides the default dependencies created by the container.
--------------------------------------------------------------
Comment by going to Community
[http://community.jboss.org/docs/DOC-16435]
Create a new document in JBoss AS7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&co...]
13 years, 11 months