Nicholas DiPiazza [
https://community.jboss.org/people/ndipiazza] created the discussion
"Re: JAR blacklist for deployment"
To view the discussion, visit:
https://community.jboss.org/message/785269#785269
--------------------------------------------------------------
First of all, thanks for the feedback. I'm glad you think it's a good idea.
So as a follow up: what do you I'm looking for your opinions on the best strategy for
coming up with the best default list of blacklisted JARs. In other words, JARs that are
NEVER ok to have in your deployment.
I need to:
a) how to check to see if a JAR has been blacklisted.
b) getting a list of blacklisted JARs
My ideas for (a):
* Collect store a SHA1 checksum for all blacklisted JARs and store in text file
*conf/blacklist.properties*. Load the checksum list as a dictionary during server startup.
Validate SHA1 checksum for JARs deployed to verify none match a blacklisted JAR from the
dictionary.
* Just store the MANIFEST.MF for all blacklisted JARs in a special directory within
*conf/blacklisted-jar-manifests*. During deployment, check all JAR manifests don't
match a blacklisted one.
* Instead of blacklisting JARs, blacklist certain Classes that if found in any JAR within
your deployment will cause the warning. ----> This is the one I'm leaning towards.
My ideas for (b):
List of all JBoss system JARs:
From AS7+: Blacklist some or all JARs from modules\org\jboss
For
AS4-6: Blacklist all JARs in client/jboss*.jar, server/default/lib/jboss*.jar, and
server/all/lib/jboss*.jar
That is a good default list for now.
Any ideas on this?
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/785269#785269]
Start a new discussion in JBoss AS 7 Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]