[Security & JAAS/JBoss] - Security Impl
by jplenhart
Hi,
I am currently working on a new security implementation for my company - I am a committer on JBossESB and thought what better people to ask my questions than fellow JBoss brethren :-)
We are migrating to JBoss - but right now we are focused on security. There is a good oppty for us to integrate JBoss security at this point. My reqt. is for Delegated Authentication - we have currently have an application that performs Form based authentication, sets an encrypted cookie (with user and pass), this cookie on subsequent requests is decrypted by a webserver plug-in - which also sets the BASIC auth headers and forwards the request to our apps, then there is a JAAS plugin to take care of the application entitlements. Woo! Get all that.
Right now - we would like to keep all that but offer our own SAML Delegated Authentication (browser based identity federation) scheme. We could just give our clients a different url for the saml assertions.
I have looked through the docs and I do not see anything directly dealing with browser identity federation through the use of SAML assertions. Also, wondering if it would be possible to achieve this using non-JBoss appserver instances (keeping the BASIC auth) - I am thinking all requests would need to come through a marshalling framework to handle timeouts, etc... then populate the BASIC headers, forward the request - sound right?
Or am I way off base?
I would love to get this working as it would definitely be a high profile implementation.
Thanks for any help.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970988#3970988
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970988
19 years, 7 months
[Persistence, JBoss/CMP, Hibernate, Database] - Associations between entity beans under different datasource
by gemig
Hi!
I want to partition my application so that the majority of the entity beans are mapped against tables in one (physical) datasource/database, and a few entity beans against another datasource/database. However, I seems to get into trouble when one bean in one 'partition' is associated with a bean in another.
JBoss gives as message that is unable to deploy one or several beans involved, stating "references an unknown entity" as a cause. I guess this due to the fact that some kind of circular reference, since rearranging the order of persistence-units in persistence.xml doesn't matter.
This 'design pattern' worked in EJB 2.1. I'm fully aware of disadvantage of the lack of integrity constraints between the databases. However, the goal here is physical data separation of the two 'partitions'.
I could really need some hints here...
On a related subject, there is no annotation for specifying a different datasource for a specific entity bean? persistence.xml is the way to go? In the latter case I guess I would have to deploy the entity beans in two different jar-files, unless I want to explictly list all entity beans for each persistence unit...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970979#3970979
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970979
19 years, 7 months
[JBoss jBPM] - Re: Help getting a condition to work
by earniedyke
Thanks for the help. You are correct the variable in the controller was not valid. This is what I have now that works:
<?xml version="1.0" encoding="UTF-8"?>
|
| <process-definition
| xmlns="urn:jbpm.org:jpdl-3.1" name="test2">
| <start-state name="BeginLogin">
| <transition name="toCheckForLock" to="CheckForLockedAccount"></transition>
| </start-state>
| <end-state name="End"></end-state>
| <decision name="CheckForLockedAccount">
| <transition name="Account is locked" to="AccountIsLocked"></transition>
| <transition name="Account is not locked" to="CheckPassword">
| <condition expression="#{contextInstance.variables['locked'] == 'N'}"/>
| </transition>
| </decision>
| <node name="AccountIsLocked">
| <script>executionContext.getContextInstance().setVariable("message","Is");</script>
| <transition name="toEnd" to="End"></transition>
| </node>
| <node name="CheckPassword">
| <script>executionContext.getContextInstance().setVariable("message","Is NOT");</script>
| <transition name="toEnd" to="End"></transition>
| </node>
| </process-definition>
Earnie!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970976#3970976
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970976
19 years, 7 months
[The Lizzard's corner] - Are Open Source Software Tools Better than Commercial?
by martinig
More and more developers are using development tools produced by the open source community like MySQL, Eclipse, PHP or JBoss. A recent poll asked to compare the quality of open source and commercial software development tools. And the winner is... not obvious ;o)
Open source versus commercial tools 2006 (2004 answers)
Same quality: 38% (32%)
There is no easy answer to this question: 22% (24%)
Superior in quality: 20% (26%)
Inferior in quality: 12% 13%
I do not use open source tools: 6% (4%)
I do not use commercial tools: 2% (1%)
Participants: 524 (312)
Source: http://www.methodsandtools.com
For many participants, there is no difference in perceived quality between open source and commercial tools for software development. For 22% of the participants, it was difficult to give a precise answer. Diversity exists in both worlds and it is not easy to give a clear indication when you have experiences giving opposite indications. Things have not changed a lot since our 2004 poll, even if the usage of open source tools has surely increased in the mainstream development shop. This may be a reason of the 6% decline in percentage in the "OS software is better than commercial" category, as open source has been more used and could revealed some limits.
The claim that open source software is as good as commercial one seems easy to understand. Besides their open source label, there is little difference in the available support infrastructure between products like JBoss, PHP or MySQL and their commercial competitor. Backed by large companies like IBM, products like Apache or Eclipse will surely receive more testing than a small project in SourceForge. For open source software development tools, a large user base also increases the probability that associated professional services are created to provide commercial support and that the quality of the software is "commercially" managed.
For 20% of the participants, open source development tools are superior in quality to commercial ones. Besides the results of our informal pool, there have been some studies to compare the quality of open source and commercial products. Part of these studies have investigated a claim by many open source software advocates that their code quality was higher. Peer review and the amount of feedback from users are quoted as allowing open source software to achieve high quality results. When it decided to release some software in the open source world the NASA gives "to increase NASA software quality via community peer review " as its first motivation (see references). But if the size of the development team and a smaller user base could be a problem for small vendors, larger commercial organisations could also have implemented internal peer review and they have also a user community with adequate feedback channels. So why could the feedback loops and quality perception be better in the open source community?
Several factors could influence this perception:
- Developers and users (not customers!) have a higher sense of product's ownership. They feel that they both contribute to something special and it is not "just a job" or "just a product"
- The relationship between users and developers are less confrontational because
a) money is not the matter
b) expectations are often different: the product is "younger" and... there is not a marketing organisation sometimes over-selling the benefits ;o)
c) open source organisations seems to have a better responsiveness to customers request/bugs as the process is more collaborative than confrontational
Some references on the quality of open source software:
http://opensource.arc.nasa.gov/
http://scan.coverity.com/
http://www.artima.com/weblogs/viewpost.jsp?thread=21730
http://www.cyrius.com/publications/michlmayr_hill-reliance.pdf
http://opensource.mit.edu/papers/michlmayr_hunt_probert-quality_practices...
http://www.theglobeandmail.com/servlet/story/RTGAM.20060420.gtflkhaledapr...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970975#3970975
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970975
19 years, 7 months