[JBoss Seam] - Re: Security - Define dynamic Role in application
by shane.bryzak@jboss.com
There's an outstanding JIRA issue to add this kind of functionality to Seam security, however you can easily implement it in your own application. Roughly, the steps are:
1) Create a Permission class with a name and action property. For this example let's call it GrantedPermission.
2) In your authentication method, assert a GrantedPermission instance into the working memory (using RuleBasedIdentity.getSecurityContext().assertObject()) for each of the permissions granted via the user's role memberships.
3) Write a rule that matches permission checks against the granted permissions in the working memory, i.e. something like this:
| rule GrantDynamicPermission
| no-loop
| activation-group "permissions"
| salience -10
| when
| check: PermissionCheck(granted == false)
| GrantedPermission(n : name -> (n.equals(check.name)), a : action -> (a.equals(check.action)))
| then
| check.grant();
| end;
|
You'll have to double-check the syntax of the rule, however it demonstrates in principle what you need to do.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040048#4040048
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4040048
19 years
[JBossCache] - No cache hits
by gkar47
I am trying to configure the treecache using the following technologies:
JBoss AS 4.0.5GA
JCache 1.4.1SP3
Spring 2.0.2
Hibernate 3.2.3
I don't get any errors in the log, but when I look at the statistics in the CacheMgmtInterceptor I only see values for NumberOfNodes & NumberOfAttributes, no hits or misses.
Can anyone suggest what I'm doing wrong?
Here is my Spring applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
| <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
| <beans>
| <!-- ============ -->
| <!-- Mail Objects -->
| <!-- ============ -->
| <bean id="mailSession" class="org.springframework.jndi.JndiObjectFactoryBean">
| <property name="jndiName"><value>java:comp/env/mail/Session</value></property>
| </bean>
| <bean id="mailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
| <property name="session"><ref bean="mailSession"/></property>
| </bean>
|
| <!-- ================= -->
| <!-- DB Access Objects -->
| <!-- ================= -->
| <bean id="targetDataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
| <property name="jndiName"><value>java:comp/env/jdbc/EarthClaimDS</value></property>
| </bean>
| <bean id="dataSource" class="org.springframework.jdbc.datasource.LazyConnectionDataSourceProxy">
| <property name="targetDataSource"><ref local="targetDataSource"/></property>
| </bean>
| <bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
| <property name="mappingResources">
| <list>
| <value>com/earthclaim/systemaccess/User.hbm.xml</value>
| <value>com/earthclaim/moneyhandling/Transaction.hbm.xml</value>
| <value>com/earthclaim/moneyhandling/Price.hbm.xml</value>
| <value>com/earthclaim/moneyhandling/ProblemLog.hbm.xml</value>
| <value>com/earthclaim/moneyhandling/Dispute.hbm.xml</value>
| <value>com/earthclaim/moneyhandling/ShoppingCart.hbm.xml</value>
| <value>com/earthclaim/productinfo/CertificateRequest.hbm.xml</value>
| <value>com/earthclaim/productinfo/Deed.hbm.xml</value>
| <value>com/earthclaim/productinfo/DeedLink.hbm.xml</value>
| <value>com/earthclaim/information/News.hbm.xml</value>
| <value>com/earthclaim/information/Faq.hbm.xml</value>
| </list>
| </property>
| <property name="hibernateProperties">
| <props>
| <prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
|
| <prop key="hibernate.show_sql">false</prop>
| <prop key="hibernate.format_sql">false</prop>
| <prop key="hibernate.use_sql_comments">false</prop>
|
| <prop key="hibernate.max_fetch_depth">3</prop>
| <prop key="hibernate.default_batch_fetch_size">4</prop>
| <prop key="hibernate.order_updates">true</prop>
| <prop key="hibernate.generate_statistics">true</prop>
| <prop key="hibernate.connection.release_mode">on_close</prop>
|
| <prop key="hibernate.cache.use_second_level_cache">true</prop>
| <!-- <prop key="hibernate.cache.provider_class">org.hibernate.cache.TreeCacheProvider</prop> -->
| <prop key="hibernate.cache.provider_class">org.hibernate.cache.OptimisticTreeCacheProvider</prop>
| <prop key="hibernate.cache.use_query_cache">true</prop>
| <prop key="hibernate.cache.use_structured_entries">true</prop>
| <prop key="hibernate.cache.use_minimal_puts">true</prop>
| <prop key="hibernate.transaction.manager_lookup_class">org.hibernate.transaction.JBossTransactionManagerLookup</prop>
| </props>
| </property>
| <property name="entityCacheStrategies">
| <props>
| <prop key="com.earthclaim.systemaccess.User">transactional</prop>
| <prop key="com.earthclaim.moneyhandling.Transaction">transactional</prop>
| <prop key="com.earthclaim.moneyhandling.Price">transactional</prop>
| <prop key="com.earthclaim.moneyhandling.Dispute">transactional</prop>
| <prop key="com.earthclaim.moneyhandling.ShoppingCart">transactional</prop>
| <prop key="com.earthclaim.productinfo.CertificateRequest">transactional</prop>
| <prop key="com.earthclaim.productinfo.Deed">transactional</prop>
| <prop key="com.earthclaim.productinfo.DeedLink">transactional</prop>
| <prop key="com.earthclaim.information.News">transactional</prop>
| <prop key="com.earthclaim.information.Faq">transactional</prop>
| </props>
| </property>
| <property name="collectionCacheStrategies">
| <props>
| <prop key="com.earthclaim.moneyhandling.ShoppingCart.transactions">transactional</prop>
| <prop key="com.earthclaim.productinfo.Deed.links">transactional</prop>
| <prop key="com.earthclaim.productinfo.RegisteredUser.deeds">transactional</prop>
| </props>
| </property>
| <property name="dataSource">
| <ref bean="dataSource" />
| </property>
| </bean>
|
| <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager" >
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
|
| <!-- =========================== -->
| <!-- Application Object Registry -->
| <!-- =========================== -->
| <bean id="earthClaimRegistry" class="com.earthclaim.util.EarthClaimRegistry">
| <property name="userDAO">
| <ref bean="userDao" />
| </property>
| <property name="registeredUserDAO">
| <ref bean="registeredUserDao" />
| </property>
| <property name="deedDAO">
| <ref bean="deedDao" />
| </property>
| <property name="transactionDAO">
| <ref bean="transactionDao" />
| </property>
| <property name="certificateRequestDAO">
| <ref bean="certificateRequestDao" />
| </property>
| <property name="priceDAO">
| <ref bean="priceDao"/>
| </property>
| <property name="shoppingCartHandling">
| <ref bean="shoppingCartHandling" />
| </property>
| <property name="payPalHandling">
| <ref bean="payPalHandling" />
| </property>
| <property name="productInfo">
| <ref bean="productInfo" />
| </property>
| <property name="pricing">
| <ref bean="pricing" />
| </property>
| <property name="systemAccess">
| <ref bean="systemAccess" />
| </property>
| <property name="newsDAO">
| <ref bean="newsDao" />
| </property>
| <property name="faqDAO">
| <ref bean="faqDao" />
| </property>
| <property name="newsFAQInfo">
| <ref bean="newsFAQInfo" />
| </property>
| <property name="shoppingCartDAO">
| <ref bean="shoppingCartDao" />
| </property>
| <property name="problemLogDAO">
| <ref bean="problemLogDao" />
| </property>
| <property name="disputeDAO">
| <ref bean="disputeDao" />
| </property>
| <property name="systemParameters">
| <ref bean="systemParameters" />
| </property>
| </bean>
|
| <!-- =================== -->
| <!-- Data Access Objects -->
| <!-- =================== -->
| <bean id="certificateRequestDao" class="com.earthclaim.database.CertificateRequestDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="deedDao" class="com.earthclaim.database.DeedDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="registeredUserDao" class="com.earthclaim.database.RegisteredUserDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="transactionDao" class="com.earthclaim.database.TransactionDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="userDao" class="com.earthclaim.database.UserDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="priceDao" class="com.earthclaim.database.PriceDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="newsDao" class="com.earthclaim.database.NewsDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="faqDao" class="com.earthclaim.database.FaqDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="shoppingCartDao" class="com.earthclaim.database.ShoppingCartDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="problemLogDao" class="com.earthclaim.database.ProblemLogDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
| <bean id="disputeDao" class="com.earthclaim.database.DisputeDAOImpl">
| <property name="sessionFactory">
| <ref bean="sessionFactory" />
| </property>
| </bean>
|
| <!-- ================ -->
| <!-- Business Objects -->
| <!-- ================ -->
| <bean id="shoppingCartHandlingTarget" class="com.earthclaim.moneyhandling.ShoppingCartHandlingImpl" />
| <bean id="shoppingCartHandling" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean" >
| <property name="transactionManager">
| <ref bean="transactionManager" />
| </property>
| <property name="target">
| <ref local="shoppingCartHandlingTarget"/>
| </property>
| <property name="transactionAttributes">
| <props>
| <prop key="cancelTransaction*">PROPAGATION_REQUIRED, ISOLATION_SERIALIZABLE</prop>
| <prop key="createPurchaseOrder*">PROPAGATION_REQUIRED, ISOLATION_SERIALIZABLE, -PriceException</prop>
| <prop key="dropShoppingCartForUser*">PROPAGATION_REQUIRED, ISOLATION_SERIALIZABLE</prop>
| </props>
| </property>
| </bean>
| <bean id="payPalHandling" class="com.earthclaim.moneyhandling.PayPalHandlingImpl" />
| <bean id="productInfo" class="com.earthclaim.productinfo.ProductInfoImpl">
| <property name="mailSender">
| <ref bean="mailSender" />
| </property>
| </bean>
| <bean id="pricing" class="com.earthclaim.moneyhandling.PricingImpl" />
| <bean id="newsFAQInfo" class="com.earthclaim.information.NewsFAQInfoImpl" />
| <bean id="systemAccess" class="com.earthclaim.systemaccess.SystemAccessImpl" />
| <bean id="systemParameters" name="systemParameters" class="com.earthclaim.util.SystemParameters" />
|
| </beans>
|
Here is my treecache.xml
<?xml version="1.0" encoding="UTF-8"?>
|
| <!-- ===================================================================== -->
| <!-- -->
| <!-- TreeCache Service Configuration -->
| <!-- -->
| <!-- ===================================================================== -->
|
| <server>
|
| <classpath codebase="./lib" archives="jboss-cache.jar, jgroups.jar"/>
|
| <!-- ==================================================================== -->
| <!-- Defines TreeCache configuration -->
| <!-- ==================================================================== -->
|
| <mbean code="org.jboss.cache.TreeCache" name="jboss.cache:service=TreeCache">
|
| <depends>jboss:service=Naming</depends>
| <depends>jboss:service=TransactionManager</depends>
|
| <!--
| Configure the TransactionManager
| -->
| <attribute name="TransactionManagerLookupClass">org.jboss.cache.JBossTransactionManagerLookup </attribute>
|
|
| <!--
| Node locking scheme:
| OPTIMISTIC
| PESSIMISTIC (default)
| -->
| <attribute name="NodeLockingScheme">OPTIMISTIC</attribute>
|
| <!--
| Ignored when NodeLockingScheme is Optimistic.
| Node isolation level : SERIALIZABLE
| REPEATABLE_READ (default)
| READ_COMMITTED
| READ_UNCOMMITTED
| NONE
| -->
| <attribute name="IsolationLevel">REPEATABLE_READ</attribute>
|
| <!--
| Valid modes are LOCAL
| REPL_ASYNC
| REPL_SYNC
| INVALIDATION_SYNC
| INVALIDATION_ASYNC
| -->
| <attribute name="CacheMode">REPL_SYNC</attribute>
|
| <!--
| Just used for async repl: use a replication queue
| -->
| <attribute name="UseReplQueue">false</attribute>
|
| <!--
| Replication interval for replication queue (in ms)
| -->
| <attribute name="ReplQueueInterval">0</attribute>
|
| <!--
| Max number of elements which trigger replication
| -->
| <attribute name="ReplQueueMaxElements">0</attribute>
|
| <!-- Name of cluster. Needs to be the same for all clusters, in order
| to find each other
| -->
| <attribute name="ClusterName">TreeCache-Cluster</attribute>
|
| <attribute name="ClusterConfig">
| <config>
| <!-- UDP: if you have a multihomed machine,
| set the bind_addr attribute to the appropriate NIC IP address -->
| <!-- UDP: On Windows machines, because of the media sense feature
| being broken with multicast (even after disabling media sense)
| set the loopback attribute to true -->
| <UDP mcast_addr="228.1.2.4" mcast_port="45566"
| ip_ttl="64" ip_mcast="true"
| mcast_send_buf_size="150000" mcast_recv_buf_size="80000"
| ucast_send_buf_size="150000" ucast_recv_buf_size="80000"
| loopback="false"/>
| <PING timeout="2000" num_initial_members="3"
| up_thread="false" down_thread="false"/>
| <MERGE2 min_interval="10000" max_interval="20000"/>
| <FD shun="true" up_thread="true" down_thread="true"/>
| <VERIFY_SUSPECT timeout="1500"
| up_thread="false" down_thread="false"/>
| <pbcast.NAKACK gc_lag="50" retransmit_timeout="600,1200,2400,4800"
| up_thread="false" down_thread="false"/>
| <pbcast.STABLE desired_avg_gossip="20000"
| up_thread="false" down_thread="false"/>
| <UNICAST timeout="600,1200,2400" window_size="100" min_threshold="10"
| down_thread="false"/>
| <FRAG frag_size="8192"
| down_thread="false" up_thread="false"/>
| <pbcast.GMS join_timeout="5000" join_retry_timeout="2000"
| shun="true" print_local_addr="true"/>
| <pbcast.STATE_TRANSFER up_thread="false" down_thread="false"/>
| </config>
| </attribute>
|
| <!--
| Whether or not to fetch state on joining a cluster
| NOTE this used to be called FetchStateOnStartup and has been renamed to be more descriptive.
| -->
| <attribute name="FetchInMemoryState">true</attribute>
| <attribute name="FetchPersistentState">false</attribute>
|
| <!-- Whether each interceptor should have an mbean
| registered to capture and display its statistics.
| -->
| <attribute name="UseInterceptorMbeans">true</attribute>
|
| <!--
| The max amount of time (in milliseconds) we wait until the
| initial state (ie. the contents of the cache) are retrieved from
| existing members in a clustered environment
| -->
| <attribute name="InitialStateRetrievalTimeout">20000</attribute>
|
| <!--
| Number of milliseconds to wait until all responses for a
| synchronous call have been received.
| -->
| <attribute name="SyncReplTimeout">10000</attribute>
|
| <!-- Max number of milliseconds to wait for a lock acquisition -->
| <attribute name="LockAcquisitionTimeout">15000</attribute>
|
| <!-- Max number of milliseconds we hold a lock (not currently
| implemented) -->
| <attribute name="LockLeaseTimeout">60000</attribute>
|
| <!-- Name of the eviction policy class. -->
| <!-- <attribute name="EvictionPolicyClass"></attribute> -->
| <attribute name="EvictionPolicyClass">org.jboss.cache.eviction.LRUPolicy</attribute>
|
| <!-- Specific eviction policy configurations. This is LRU
| -->
| <attribute name="EvictionPolicyConfig">
| <config>
| <attribute name="wakeUpIntervalSeconds">5</attribute>
| <!- - Cache wide default - ->
| <region name="/_default_">
| <attribute name="maxNodes">5000</attribute>
| <attribute name="timeToLiveSeconds">60000</attribute>
| </region>
| <region name="/org/jboss/data">
| <attribute name="maxNodes">5000</attribute>
| <attribute name="timeToLiveSeconds">1000</attribute>
| </region>
| </config>
| </attribute>
|
| <!--
| Indicate whether to use region based marshalling or not. Set this to true if you are running under a scoped
| class loader, e.g., inside an application server. Default is "false".
| -->
| <attribute name="UseRegionBasedMarshalling">false</attribute>
| <attribute name="InactiveOnStartup">false</attribute>
|
| </mbean>
|
| </server>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040047#4040047
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4040047
19 years
[JBossCache] - Re: Node locking question
by genman
Although there could easily be an API for handling atomic data clear/put, there is none and will be none for many other similar situations, such as bulk put or bulk remove. So, your best bet is to learn to like transactions.
Manik s. (who often haunts these forums) came up with the documentation.
I would say the DummyTransactionManager is suitable for these sorts of things, so I don't see why it's not production ready. Certainly, it would not be suitable for distributed transaction cases or durable transaction processing. And so the DummyTransactionManager really should be renamed. Maybe it should be called the "MemoryTM" or "NonDurableTM" as it does confuse users.
I'll file an issue to clarify this.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040043#4040043
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4040043
19 years