[JBoss Seam] - Re: Security Remember Me Functionality
by jcoxï¼ captechventures.com
Christian,
I'll have to agree and disagree with you.
First, I agree, never trust the client, there is all manner of bad things that can be done by the client or done to the client to have it expose confidential information.
Next, I'll disagree that the proposed scheme would allow an attacker easy access to the user's password. If a secure hash (like SHA-256, SHA-1 or MD5 [which has some issues]) is stored in the cookie it would take some extensive work (like searching an answer space that is 2^69 big on SHA-1). I don't think hstang explicitly indicated a secure hash, I just assumed it. The inclusion of the expiry time in the hash prevents it from being attacked with a dictionary attack because the salt adds sufficient randomness. On average the attacker would need to compute 2^68 secure hashes, that will take a while.
Also, for useful features like site personalization, having the user re-enter their password each time they access the site would greatly detract from the value of the feature. Most people just wouldn't use it.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018166#4018166
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018166
19Â years, 2Â months
[Installation, Configuration & Deployment] - EAR classloading
by attodorov
Hi All,
Our company is evaluating JBoss as an application server choice for
our current applications to be deployed on. I have two questions
regarding the structure of the EAR in JBOSS with respect to class
loading.
According to the J2EE 1.4 specification, one can put utility jars in
the EAR, which are visible to all wars and EJB modules that make up
the enterprise application. I am trying to do that with JBoss, but get
ClassNotFoundExceptions. If i put all jars in the WAR that needs them,
all classes are loaded properly.
My second question is regarding class loader isolation in the EAR
scope. Suppose I have some enterpise application and several webapps
in it. At some point they both require the same libraries (jars), but
one of the webapps wants to use a specific version of some jar only
for itself. If I have some X.jar as a utility jar visible to two WARs,
and WAR 1 has another version of X.jar in its own lib directory, which
classes will be loaded first when the respective class in the webapp 1
requests them - the ones in its own lib directory, or the shared ones?
My JBOSS version is:
Version: 4.0.5GA(build: CVSTag=Branch_4_0 date=200610162340)
Version Name: Zion
Built on: October 16 2006
Thank you very much for the feedback.
Best Regards,
Angel
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018151#4018151
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018151
19Â years, 2Â months
[JBoss Seam] - Re: Conversation versus Session Context
by jrosskopf
Hello,
sorry bothering you again.
I don´t fully understand this pattern.
What I did so far is creating a ComponentBindings-POJO
| @Name("componentBindings")
| @Scope(ScopeType.EVENT)
| public class ComponentBindings {
| @Logger
| Log log;
|
| HtmlPanelGrid selectedItemPreview;
| HtmlPanelGrid selectedItemEditor;
|
| @Create
| public void init() {
| log.debug(LogFormat.INSTANCE.format(LogFormat.L_INSTANCE, ComponentBindings.class.getSimpleName()));
| }
|
| public HtmlPanelGrid getSelectedItemEditor() {
| return selectedItemEditor;
| }
| public void setSelectedItemEditor(HtmlPanelGrid selectedItemEditor) {
| this.selectedItemEditor = selectedItemEditor;
| }
|
| public HtmlPanelGrid getSelectedItemPreview() {
| return selectedItemPreview;
| }
| public void setSelectedItemPreview(HtmlPanelGrid selectedItemPreview) {
| this.selectedItemPreview = selectedItemPreview;
| }
| }
|
My backing bean looks now like this:
| @Stateful
| @Name("selectItemFacade")
| @Scope(ScopeType.CONVERSATION)
| public class SelectItemFacadeBean implements SelectItemFacade {
|
| @Logger
| Log log;
|
| // Bijection
| @Out
| ItemDescription selectedItemType;
| @Out(required=false)
| Item item;
|
| // Instance
| @In(create=true)
| ComponentBindings componentBindings;
|
| @Create @Begin()
| public void init() {
| this.componentBindings.setSelectedItemPreview((HtmlPanelGrid)FacesContext.getCurrentInstance().getApplication().createComponent(HtmlPanelGrid.COMPONENT_TYPE));
| this.selectedItemType = ItemRegistry.INSTANCE.getDefaultItemDescription();
| updateSelectedItemComponents();
| }
|
| private void updateSelectedItemComponents() {
| if (this.selectedItemType != null && this.componentBindings.getSelectedItemPreview() != null) {
| selectedItemType.getPreviewComponent(FacesContext.getCurrentInstance(), this.componentBindings.getSelectedItemPreview(), this.item);
| }
| }
|
| public Item getItem() {
| return item;
| }
|
| public void setItem(Item item) {
| this.item = item;
| }
|
| public SelectItem[] getAvailableItemTypes() {
| return ItemRegistry.INSTANCE.getAvailableTypesAsSelectItem();
| }
|
| public ItemDescription getSelectedItemType() {
| return selectedItemType;
| }
|
| public void setSelectedItemType(ItemDescription selectedItemType) {
| this.selectedItemType = selectedItemType;
| }
|
| public ComponentBindings getComponentBindings() {
| return componentBindings;
| }
|
| public void setComponentBindings(ComponentBindings bindings) {
| this.componentBindings = bindings;
| }
|
| // Actions
| @Begin(join=true)
| public void handleItemTypeChange(ValueChangeEvent evt) {
| ItemDescription desc = ItemRegistry.INSTANCE.getDescription((String)evt.getNewValue());
| if (desc != null) {
| this.selectedItemType = desc;
| updateSelectedItemComponents();
| log.debug("Item type changed to " + this.selectedItemType.getLabel());
| }
| }
|
| @Begin(join=true)
| public String edit() {
| log.debug("Action: edit called;");
|
| if (this.selectedItemType != null && this.item == null) {
| log.debug("Creating " + selectedItemType.getLabel() + " and getting edit Component;");
| this.item = selectedItemType.createItemInstance();
| }
|
| return NavCodes.ACTION_EDIT;
| }
|
| @Destroy @Remove
| public void destroy() { }
|
| }
|
My Page looks now like this:
| <ui:define name="body">
|
| <h:messages globalOnly="true" styleClass="message" />
| <h:form id="panel" >
| <h:panelGrid columns="1">
|
| <h:panelGroup>
| <h:selectOneMenu valueChangeListener="#{selectItemFacade.handleItemTypeChange}" onchange="submit()">
| <f:selectItems value="#{selectItemFacade.availableItemTypes}" />
| </h:selectOneMenu>
| </h:panelGroup>
|
| <h:panelGroup>
| <h:panelGrid binding="#{selectItemFacade.componentBindings.selectedItemPreview}" />
| </h:panelGroup>
|
| <h:panelGroup>
| <h:commandButton id="edit_button" action="#{selectItemFacade.edit}" />
| </h:panelGroup>
|
| </h:panelGrid>
| </h:form>
|
| </ui:define>
|
But after pushing the edit-button I still get the following exception:
| javax.faces.el.PropertyNotFoundException: /item/select.xhtml @23,89 binding="#{selectItemFacade.componentBindings.selectedItemPreview}": Target Unreachable, identifier 'selectItemFacade' resolved to null
|
I got redirected to the seam debug page. The conversation context contains then:
| - Conversation Context (1)
| org.jboss.seam.core.conversation
| org.jboss.seam.core.facesMessages
| org.jboss.seam.core.persistenceContexts
| org.jboss.seam.core.redirect
| org.jboss.seam.debug.lastException
| selectItemFacade
| selectedItemType
|
Can anybody help?
Thank you.
---
Joachim
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018141#4018141
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018141
19Â years, 2Â months
[JBoss Seam] - Seam-managed persistence contexts ok to use outside conversa
by codelion
I think I read all of reference documentation chapter 8 including section 8.3. Seam-managed persistence contexts.
Would like to know official position (other than whether an experiment would show it works).
Can a Seam-managed persistence context be used outside a conversation?
What do I mean? E.g. in a message driven bean that isn't a Seam anything.
Why? We use Seam for UI and I'm looking forward to use it even for non-UI. But we also have tasks that get scheduled by timers, and by fetching megabytes over HTTP they could run for minutes, or huge file format conversions could eat CPU cycles, and my colleagues care to fine tune load balance with JMS (e.g. dynamically change timer interval). In a non-seam MDB, can I
@In EntityManager ourDatabase;
or do I have to
@PersistenceContext EntityManager em;
The real reason why I'm asking is to know whether I can reuse the same pieces of code (e.g. a stateless session bean, I think) in the Seam UI as well as in the JMS driven bean with the same "one kind" injection, i.e. with
@In EntityManager ourDatabase;
or do I have to keep track of what code is calling, from within a Seam conversation or not, to make sure it matches one kind of EntityManager (Seam's) or the other (@PersistenceContext)?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018139#4018139
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018139
19Â years, 2Â months
[Installation, Configuration & Deployment] - Re: java.util.Properties$LineReader.readLine(Properties.java
by bipinthakur
"genman" wrote : Probably the argument to "load()" was a null stream. I would check the args for your call to this and your classpath.
Thanks a lot for your kind reply.
A have tried with many addtions in the classpath variable. Kindly let me know if any special entry is missing my classpath declaration. current Classpath is :- ;C:\Bipin\JDK\1.5.0_05;C:\Bipin\jboss405GA\;C:\Bipin\jboss405GA\server\lib\;c:\Bipin\jboss405GA\client\; c:\Bipin\myprojects\EJB\assemble\interest_client.jar;c:\Program Files\datastudio\lib;c:\bipin\rv;C:\Bipin\netbeans-5.5\enterprise3\modules
The argument to load is valid and the same piece of code works perfectly when run through a JBOSS IDE main java program.
The initial initialization shows below screen:
C:\Bipin\jboss405GA\bin>run
===============================================================================
JBoss Bootstrap Environment
JBOSS_HOME: C:\Bipin\jboss405GA\bin\\..
JAVA: C:\Bipin\JDK\1.5.0_05\bin\java
JAVA_OPTS: -Dprogram.name=run.bat -Xms128m -Xmx512m -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun
.rmi.dgc.server.gcInterval=3600000
CLASSPATH: C:\Bipin\JDK\1.5.0_05\lib\tools.jar;C:\Bipin\jboss405GA\bin\\run.jar
===============================================================================
16:16:39,170 INFO [Server] Starting JBoss (MX MicroKernel)...
16:16:39,170 INFO [Server] Release ID: JBoss [Zion] 4.0.5.GA (build: CVSTag=Branch_4_0 date=2006101
62339)
16:16:39,170 INFO [Server] Home Dir: C:\Bipin\jboss405GA
16:16:39,170 INFO [Server] Home URL: file:/C:/Bipin/jboss405GA/
16:16:39,170 INFO [Server] Patch URL: null
16:16:39,170 INFO [Server] Server Name: default
16:16:39,170 INFO [Server] Server Home Dir: C:\Bipin\jboss405GA\server\default
16:16:39,170 INFO [Server] Server Home URL: file:/C:/Bipin/jboss405GA/server/default/
16:16:39,170 INFO [Server] Server Log Dir: C:\Bipin\jboss405GA\server\default\log
16:16:39,170 INFO [Server] Server Temp Dir: C:\Bipin\jboss405GA\server\default\tmp
16:16:39,186 INFO [Server] Root Deployment Filename: jboss-service.xml
16:16:39,483 INFO [ServerInfo] Java version: 1.5.0,Sun Microsystems Inc.
16:16:39,483 INFO [ServerInfo] Java VM: Java HotSpot(TM) Client VM 1.5.0-b64,Sun Microsystems Inc.
16:16:39,483 INFO [ServerInfo] OS-System: Windows XP 5.1,x86
Sincere regards,
Bipin
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4018133#4018133
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4018133
19Â years, 2Â months