[JBoss Seam] - Seam Security question
by JohnEChesher
The example seamspace application, on logout, calls action method identity.logout, but does not explicitly call Seam.invalidateSession().
a) Does identity.logout invalidate the session for me? (I thought I saw a hint to the contrary, but I cannot reproduce...)
b) if not, shouldn't I create a logout action method that will call identity.logout() AND Seam.invalidateSession()?
I'm inclined to be conservative and clear the session manually, but that seems to obsolete the need for identity.logout(), so I'd like to hear an opinion from the Seam authors.
Thanks! Oh yeah, I've been working with Seam for a month now. I'm very impressed with the capabilities and quality available in such a new technology. Kudos to all the Seam contributors!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023273#4023273
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023273
19Â years, 1Â month
[Security & JAAS/JBoss] - auth-method ¿NONE? for a simple SSO using digital signatures
by lujop
Hello,
I have made a simply SSO solution for us using digital signature in a parameter of the request (We recive simple request from a third party that we trust).
My LoginModule takes the request and validates if it trust the digital signature of the request. If it trusts, the login is Ok.
The problem that I have is that in the web.xml <auth-method> I have to put FORM,BASIC,DIGEST or CLIENT-CERT. There is somthing like none? Because I don't want any interaction with the user, and I don't need any info (only the request).
What I have know is a "working" solution with the problem that the user gets a BASIC auth dialog asking the password, what it's entered doesn't matter because the Loginmodule only looks at the request.
My question is there is something like auth-method NONE, or any workarround to don't ask any info to the user?¿
A workarround that I have in mind, is use a nonprotected servlet in the app that manually puts the credentials. But, is that possible?
I have readed that in the FAQ:
anonymous wrote : Q21. How do I programatically establish an identity?
| A21: You need to perform a JAAS login against a configuration that includes the JBoss ClientLoginModule. When inside of a server/multi-threaded environment, the multi-threaded=true and restore-login-identity=true options should be enabled. An example login fragment:
import javax.security.auth.login.LoginContext;
| import org.jboss.security.auth.callback.UsernamePasswordHandler;
|
| void runAsUser(String username, String password)
| {
| UsernamePasswordHandler handler = new UsernamePasswordHandler(username, password);
| LoginContext lc = new LoginContext("client-login", handler);
| lc.login();
| // Any calls to secured resources now use the username/password identity
| ...
| // Clear and restore the previous identity
| lc.logout();
| }
But it isn't clear to me. Anyone have a nicer example. What I only need is to put a principal and role in the realm X in a unprotected servlet.
A lot of thanks in advance,
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023270#4023270
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023270
19Â years, 1Â month
[Management, JMX/JBoss] - Re: xmbean as service... and two more questions
by vitor_b
Hey
Thank you for the reply.
&defaltAttributes and &defaultOperations work fine with xml using dtd file version 1.2.
But unfortunately i cannot force my ant task to generate proper xml file for my xmbean (dtd version 1.0, cannot merge etc.). But that is a completely different story.
And once again persistence. I believe (after some experiments) that persistence for mbean means: "stored attribute values for this proper mbean". So it is not important what persistence strategy is when our mbean is deployed. We can change values of some of attributes and everything works fine.
Difference is only when we undeploy our mbean, and later deploy again. When an attribute of our mbean has no default value (in jboss-service.xml) value of this attribute will be initialized with value taken from file containing stored values for attributes.
I haven't seen other influence of persistence strategy on mbean.
And my question was: is there any influence on mbean, different from described above?
Best regards
vitor_b
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023263#4023263
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023263
19Â years, 1Â month
[JBoss jBPM] - problem with getVariable of serializable Object value
by leogamas
Hi to all,
I'm using the jbpm-starters-kit-3.1.3 and try to set and get variables from the process instance, where all my variables are serializable objects that are instances of a TaskRef class. No problem, but when i try to get the variable from the process instance, i get the following error:
| org.jbpm.JbpmException: couldn't deserialize object
| at org.jbpm.context.exe.converter.SerializableToByteArrayConverter.revert(SerializableToByteArrayConverter.java:66)
| at org.jbpm.context.exe.VariableInstance.getValue(VariableInstance.java:146)
| at org.jbpm.context.exe.VariableContainer.getVariablesLocally(VariableContainer.java:109)
| at org.jbpm.context.exe.VariableContainer.getVariables(VariableContainer.java:93)
| at org.cana.tasks.server.TaskServiceImpl.endTask(Unknown Source)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:597)
| at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:262)
| at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:146)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jbpm.web.JbpmContextFilter.doFilter(JbpmContextFilter.java:83)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
| at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
| at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
| at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
| at java.lang.Thread.run(Thread.java:619)
| Caused by: java.lang.ClassNotFoundException: No ClassLoaders found for: org.cana.tasks.server.TaskRef
| at org.jboss.mx.loading.LoadMgr3.beginLoadTask(LoadMgr3.java:198)
| at org.jboss.mx.loading.RepositoryClassLoader.loadClassImpl(RepositoryClassLoader.java:475)
| at org.jboss.mx.loading.RepositoryClassLoader.loadClass(RepositoryClassLoader.java:377)
| at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
| at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
| at java.lang.Class.forName0(Native Method)
| at java.lang.Class.forName(Class.java:247)
| at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604)
| at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575)
| at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496)
| at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732)
| at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
| at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
| at org.jbpm.context.exe.converter.SerializableToByteArrayConverter.revert(SerializableToByteArrayConverter.java:64)
| ... 34 more
|
I solved this problem by putting the requested class visible to the jbpm in the lib directory of the server. But after that a get another error:
|
| java.lang.ClassCastException: org.cana.tasks.server.TaskRef cannot be cast to org.cana.tasks.server.TaskRef
| at org.cana.tasks.server.TaskServiceImpl.endTask(Unknown Source)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:597)
| at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:262)
| at com.google.gwt.user.server.rpc.RemoteServiceServlet.doPost(RemoteServiceServlet.java:146)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jbpm.web.JbpmContextFilter.doFilter(JbpmContextFilter.java:83)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
| at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
| at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
| at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
| at java.lang.Thread.run(Thread.java:619)
|
It's a problem of class version?, I put a generated serialVersionUID, but i get tha same error. Someone has any idea about this error.
Thanks in advance,
Leonardo Gamas.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023254#4023254
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023254
19Â years, 1Â month
[Persistence, JBoss/CMP, Hibernate, Database] - Primary key object mapping
by MikeDougherty
Hello,
I have the following class structure:
| @Entity
| @Table(name="FOO")
| @IdClass(FooPK.class)
| public class Foo {
| private Long id;
| private String name;
| private String description;
| private List<FooBar> bars;
|
| @Id @Column(name="FOO_ID")
| public Long getId() {
| return id;
| }
| public void setId(Long id) {
| this.id = id;
| }
|
| @Id @Column(name="FOO_NAME")
| public String getName() {
| return name;
| }
| public void setName(String name) {
| this.name = name;
| }
|
| public static class FooPK {
| private Long id;
| private String name;
|
| @Id @Column(name="FOO_ID")
| public Long getId() {
| return id;
| }
| public void setId(Long id) {
| this.id = id;
| }
|
| @Id @Column(name="FOO_NAME")
| public String getName() {
| return name;
| }
| public void setName(String name) {
| this.name = name;
| }
| }
| }
|
|
| @Entity
| @Table(name="BAR")
| @IdClass(BarPK.class)
| public class Bar {
| private Long id;
| private String name;
| private String description;
|
| @Id @Column(name="BAR_ID")
| public Long getId() {
| return id;
| }
| public void setId(Long id) {
| this.id = id;
| }
|
| @Id @Column(name="BAR_NAME")
| public String getName() {
| return name;
| }
| public void setName(String name) {
| this.name = name;
| }
|
| public static class BarPK {
| private Long id;
| private String name;
|
| @Id @Column(name="BAR_ID")
| public Long getId() {
| return id;
| }
| public void setId(Long id) {
| this.id = id;
| }
|
| @Id @Column(name="BAR_NAME")
| public String getName() {
| return name;
| }
| public void setName(String name) {
| this.name = name;
| }
| }
| }
|
|
| @Entity
| @Table(name="FOO_BAR")
| @IdClass(FooBarPK.class)
| public class FooBar {
| private Foo foo;
| private Bar bar;
| private Date effectiveDate;
| private Date endDate;
|
| @Id @JoinColumn(name="FOO_ID")
| public Foo getFoo() {
| return foo;
| }
| @Id @JoinColumn(name="BAR_ID")
| public Bar getBar() {
| return bar;
| }
| @Id @Column(name="EFF_DATE")
| public Date getEffectiveDate() {
| return effectiveDate;
| }
|
| public static class FooBarPK {
| private Foo foo;
| private Bar bar;
| private Date effectiveDate;
|
| @Column(name="FOO_ID")
| public Foo getFoo() {
| return foo;
| }
| @Column(name="BAR_ID")
| public Bar getBar() {
| return bar;
| }
| @Column(name="EFF_DATE")
| public Date getEffectiveDate() {
| return effectiveDate;
| }
| }
| }
|
The question I have relates to the FooBar class. The table behind it has FOO_ID and BAR_ID columns as part of the primary key. But I can't seem to figure out how to map these column values to appropriate Foo.id and Bar.id values. Any ideas on how I might be able to do this?
Thanks for your help.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023249#4023249
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023249
19Â years, 1Â month
[JBoss jBPM] - Re: wscompile fails to generate artifacts for included xsd
by meghanai_99
I tried latest release of JBossWS1.0.4GA on JBossAS 4.0.5. I followed these installation instructions -
In order to install JBossWS the following steps are necessary:
1.) Copy lib/jbossws-client.jar to $JBOSS_HOME/client/
2.) Unzip lib/jbossws.sar to $JBOSS_HOME/server/default/deploy/
3.) Replacing jboss-xml-binding.jar
You need to manually replace the jboss-xml-binding.jar in the $JBOSS_HOME/client and $JBOSS_HOME/lib directories.
The compatible release can be found here: http://repository.jboss.com/jboss/jbossxb/1.0.0.CR7
Then I ran 'ant generate artifacts' and got new exception which looked worse. It seems it cannot find my wsdl file now.
call-wstools:
[wstools] java.lang.NullPointerException
[wstools] at java.io.File.(File.java:194)
[wstools] at org.jboss.ws.tools.helpers.ToolsHelper.handleWSDLToJavaGenera
tion(ToolsHelper.java:282)
[wstools] at org.jboss.ws.tools.WSTools.process(WSTools.java:138)
[wstools] at org.jboss.ws.tools.WSTools.generate(WSTools.java:120)
[wstools] at org.jboss.ws.tools.ant.wstools.execute(wstools.java:103)
[wstools] at org.apache.tools.ant.UnknownElement.execute(UnknownElement.ja
The BPEL and WSDL files I used are -
hello.wsdl
| <?xml version="1.0" encoding="UTF-8"?>
| <definitions targetNamespace="http://jbpm.org/examples/hello"
| xmlns="http://schemas.xmlsoap.org/wsdl/"
| xmlns:tns="http://jbpm.org/examples/hello"
| xmlns:xsd="http://www.w3.org/2001/XMLSchema"
| xmlns:plt="http://schemas.xmlsoap.org/ws/2003/05/partner-link/"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xmlns:evt="http://www.eclipse.org/alf/schema/EventBase/1">
|
|
| <import namespace="http://www.eclipse.org/alf/schema/EventBase/1" location="resources/xml/ALFEventManagerSOAP.wsdl" />
| <!-- characterizes the relationship between the greeter and its caller -->
| <plt:partnerLinkType name="Greeter-Caller">
| <plt:role name="Greeter">
| <plt:portType name="tns:ALFServiceFlow" />
| </plt:role>
| <!-- the Caller does not provide services to the Greeter,
| this is why we omit the "Caller" role -->
| </plt:partnerLinkType>
|
| <!-- describes the interface presented to callers -->
| <portType name="ALFServiceFlow">
| <operation name="eventNotice">
| <input message="evt:EventNotice"/>
| </operation>
| </portType>
|
| <!--<portType name="ALFServiceFlow">
| <operation name="TEMPEventNotice">
| <input message="evt:EventNotice"/>
| </operation>
| </portType>-->
|
| </definitions>
|
hello.bpel
| <?xml version="1.0" encoding="UTF-8"?>
| <process name="HelloWorld" targetNamespace="http://jbpm.org/examples/hello"
| xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
| xmlns:tns="http://jbpm.org/examples/hello"
| xmlns:bpel="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
| xmlns:evt="http://www.eclipse.org/alf/schema/EventBase/1"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation="http://schemas.xmlsoap.org/ws/2003/03/business-process/
| http://schemas.xmlsoap.org/ws/2003/03/business-process/">
|
| <partnerLinks>
| <!-- establishes the relationship with the caller agent -->
| <partnerLink name="caller2" partnerLinkType="tns:Greeter-Caller"
| myRole="Greeter" />
| </partnerLinks>
|
| <variables>
| <!-- holds the incoming message -->
| <variable name="request" messageType="evt:EventNotice" />
|
| </variables>
|
| <sequence>
|
| <!-- receive the name of a person -->
| <receive operation="eventNotice" partnerLink="caller2" portType="tns:ALFServiceFlow"
| variable="request" createInstance="yes" />
|
| <assign name="Calculate">
| <copy>
| <from expression="concat(bpel:getVariableData('request', 'EventNotice', '/EventNotice/evt:Base/evt:EventType'),bpel:getVariableData('request', 'EventNotice', '/EventNotice/evt:Base/evt:ObjectType'))" />
| <to part="EventNotice" query="/EventNotice/evt:Base/evt:ObjectType" variable="request" />
| </copy>
| </assign>
|
| <!-- compose a greeting phrase -->
| <!-- <assign>
| <copy>
| <from expression="concat('Hello, ',
| bpel:getVariableData('request', 'name'), '!')" />
| <to variable="response" part="greeting" />
| </copy>
| </assign> -->
|
| <!-- reply with the greeting -->
| <!-- <reply operation="sayHello" partnerLink="caller2" portType="tns:Greeter"
| variable="response" /> -->
| </sequence>
|
| </process>
|
I get this same exception for both 'evt:ALFServiceFlow' and 'tns:ALFServiceFlow' portTypes
Meghana
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023246#4023246
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023246
19Â years, 1Â month