[JBoss Web Services] - Migrating secured WS from JBoss 5.1 to 7.1.1
by Xavier Dury
Xavier Dury [https://community.jboss.org/people/xdury] created the discussion
"Migrating secured WS from JBoss 5.1 to 7.1.1"
To view the discussion, visit: https://community.jboss.org/message/780326#780326
--------------------------------------------------------------
Hi,
I've been migrating one of our projects from JBoss 5.1 to 7.1.1, all was done without too much problems but I'm stuck on the security configuration for a Web Service (which does not have WS-Security Policy):
In JBoss 5.1, configuring WS-Security was done within the file "META-INF/jboss-wsse-server.xml"
<jboss-ws-security>
<key-store-file>${wsse.keystore}</key-store-file>
<key-store-type>jks</key-store-type>
<key-store-password>${wsse.keystore.password}</key-store-password>
<trust-store-file>${wsse.truststore}</trust-store-file>
<trust-store-type>jks</trust-store-type>
<trust-store-password>${wsse.truststore.password}</trust-store-password>
<config>
<timestamp ttl="3000" />
<sign type="x509v3" alias="${wsse.keystore.alias}" />
<requires>
<timestamp maxAge="3000" />
<signature />
</requires>
</config>
</jboss-ws-security>
So, I just need requests and responses to be signed and timestamped but I have a hard time understanding how to achieve this in AS7.1.1.
I've read the page https://docs.jboss.org/author/display/JBWS/WS-Security https://docs.jboss.org/author/display/JBWS/WS-Security, but it didn't help.
Do I need to configure this via jbossws-cxf.xml? (tried this but seems to be ignored)
Is it available out-of-the-box in JBoss AS7.1.1? (I see spring is being used but there are no spring jars in the distribution)
I must be missing something...
Thanks,
Xavier
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/780326#780326]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&con...]
12 years, 5 months
[JBoss Messaging] - Spring JMS error with JBoss 7.1.1-Final
by Marcio B.
Marcio B. [https://community.jboss.org/people/romarcio] created the discussion
"Spring JMS error with JBoss 7.1.1-Final"
To view the discussion, visit: https://community.jboss.org/message/730037#730037
--------------------------------------------------------------
Hello!
I am trying to configure a JMS Listener with Spring 3.1 in JBoss 7.1.1-Final.
But this exception is thrown:
21:05:20,184 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-12) MSC00001: Failed to start service jboss.deployment.unit."jms-receiver.war".PARSE: org.jboss.msc.service.StartException in service jboss.deployment.unit."jms-receiver.war".PARSE: Failed to process phase PARSE of deployment "jms-receiver.war"
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:119) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_03]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_03]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_03]
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: JBAS011666: Could not parse file C:\jboss-as-7.1.1.Final\standalone\tmp\vfs\temp22a1673201a833b9\jms-receiver.war-1a83767da3f83ba\WEB-INF\spring-jms.xml
at org.jboss.as.messaging.deployment.MessagingXmlParsingDeploymentUnitProcessor.deploy(MessagingXmlParsingDeploymentUnitProcessor.java:76)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:113) [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
... 5 more
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: JBAS011666: Could not parse file C:\jboss-as-7.1.1.Final\standalone\tmp\vfs\temp22a1673201a833b9\jms-receiver.war-1a83767da3f83ba\WEB-INF\spring-jms.xml
at org.jboss.as.messaging.deployment.MessagingXmlParsingDeploymentUnitProcessor.deploy(MessagingXmlParsingDeploymentUnitProcessor.java:73)
... 6 more
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[2,1]
Message: Unexpected element '{ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans}beans'
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:108) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69) [staxmapper-1.1.0.Final.jar:1.1.0.Final]
at org.jboss.as.messaging.deployment.MessagingXmlParsingDeploymentUnitProcessor.deploy(MessagingXmlParsingDeploymentUnitProcessor.java:67)
... 6 more
21:05:20,198 INFO [org.jboss.as.server] (management-handler-thread - 2) JBAS015870: Deploy of deployment "jms-receiver.war" was rolled back with failure message {"JBAS014671: Failed services" => {"jboss.deployment.unit.\"jms-receiver.war\".PARSE" => "org.jboss.msc.service.StartException in service jboss.deployment.unit.\"jms-receiver.war\".PARSE: Failed to process phase PARSE of deployment \"jms-receiver.war\""}}
21:05:20,351 INFO [org.jboss.as.server.deployment] (MSC service thread 1-11) JBAS015877: Stopped deployment jms-receiver.war in 153ms
21:05:20,352 INFO [org.jboss.as.controller] (management-handler-thread - 2) JBAS014774: Service status report
JBAS014777: Services which failed to start: service jboss.deployment.unit."jms-receiver.war".PARSE: org.jboss.msc.service.StartException in service jboss.deployment.unit."jms-receiver.war".PARSE: Failed to process phase PARSE of deployment "jms-receiver.war"
File spring-jms.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans"
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="jndiTemplate" class="org.springframework.jndi.JndiTemplate">
<property name="environment">
<props>
<prop key="java.naming.factory.initial">org.jboss.naming.remote.client.InitialContextFactory</prop>
<prop key="java.naming.provider.url">remote://localhost:4447</prop>
<prop key="java.naming.security.principal">user</prop>
<prop key="java.naming.security.credentials">pass</prop>
</props>
</property>
</bean>
<bean id="queueConnectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jms/RemoteConnectionFactory"/>
<property name="jndiTemplate" ref="jndiTemplate"/>
</bean>
<bean id="secureConnectionFactory" class="org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter">
<property name="targetConnectionFactory" ref="queueConnectionFactory"/>
<property name="username" value="user"/>
<property name="password" value="pass"/>
</bean>
<bean id="queueName" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jms/queue/test"/>
<property name="jndiTemplate" ref="jndiTemplate"/>
</bean>
<bean id="messageListener" class="org.springframework.jms.listener.adapter.MessageListenerAdapter">
<constructor-arg>
<bean class="com.tecnoil.consumer.jms.JMSConsumer"/>
</constructor-arg>
<property name="messageConverter">
<null/>
</property>
</bean>
<bean id="jmsContainer" class="org.springframework.jms.listener.DefaultMessageListenerContainer">
<property name="connectionFactory" ref="secureConnectionFactory"/>
<property name="destination" ref="queueName"/>
<property name="sessionAcknowledgeModeName" value="AUTO_ACKNOWLEDGE"/>
<property name="messageListener" ref="messageListener"/>
<property name="receiveTimeout" value="1000"/>
</bean>
</beans>
What is the solution?
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/730037#730037]
Start a new discussion in JBoss Messaging at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&con...]
12 years, 5 months
[jBPM] - Proposed temporary and limited approach to supporting excluded owners
by jemmerling
jemmerling [https://community.jboss.org/people/jemmerling] created the discussion
"Proposed temporary and limited approach to supporting excluded owners"
To view the discussion, visit: https://community.jboss.org/message/646719#646719
--------------------------------------------------------------
I have been looking at way to do the following within jBPM:
Have a node in a process definition be associated with a particular group (or groups), however due to the history of a given process, to exclude some actor(s) who might be members of that group.
Now the WS-HumanTask specification supports something called excluded owners. Here is a snippet from one version of this specification (not certain if it is the latest one):
+"Potential owners of a task are persons who receive the task so that they can claim and complete it. A potential owner becomes the actual owner of a task by explicitly claiming it. Before the task has been claimed, potential owners can influence the progress of the task, for example by changing the priority of the task, adding ad-hoc attachments or comments. All excluded owners are implicitly removed from the set of potential owners. A WS-HumanTask Definition MAY define assignment for this generic human role.+
+Excluded owners are are people who cannot become an actual or potential owner and thus they cannot reserve or start the task. A WS-HumanTask Definition MAY define assignment for this generic human role. "+
Although the jBPM5 schema supports the existence of excluded owners, I have seen no explicit mechanism to support this when developing an application. If there is something I am missing, please point this out.
In the meantime, I can see a way that a developer could add this functionality without the need to directly modify jBPM5, using the following approach. I would like to know whether it is believed this would work. I am not completely comfortable with this for reasons I will give (although these reasons should be more or less obvious):
1.) First, define a new work item parameter (or analogous mechanism) that represents users who will be excluded from the next node. Let's assume we can correctly identify the next node.
2.) Create a class that extends WSHumanTaskHandler. This class will override the executeWorkItem method. This method will populate excluded owners in the people assignments from having inspected the new parameter. It will otherwise be the same as the method it overrides except for this one additional logic step.
3.) Replace the existing Taskorm.xml with a modified version in which the TasksAssignedAsPotentialOwnerByGroup named query (and possibly some similar named queries) is modified so that excluded owners are not able to claim the task.
I believe all the above is feasible because a.) there is nothing to stop the developer from extending WSHumanTaskHandler in the described manner, and using it in the application code and b.) the ORM file is specified in persistence.xml which is a developer-configurable file, so the developer should be at liberty to specify a different file. So all this could be done without "hacking" jBPM directly.
However I am uncomfortable with this approach because the overridden executeWorkItem method as well as the replacement ORM file would be created using a copy-and-paste methodology so that when progressing to a later version of jBPM it would be necessary to modify these to reflect the original logic.
Nevertheless, if there is some intention to support this type of functionality in a future release of jBPM (and assuming I am right to conclude it is not currently supported) this might be a justifiable short-term solution.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/646719#646719]
Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&con...]
12 years, 6 months