[JBoss jBPM] - Strange instances
by Vorsorge
Hi,
I found some strange instances of ActionHandlers.
Background:
We wrote our own sub process handler. We needed more control over the communication between parent and child and over the embedding of the child into the parent.
For testing purposes I tried to let our sub process node as part of process A call process A again. This is a recursive call which we will not allow and there will be checks against.
This is the situation.
Let AP be the parent process instance and AC the child instance.
We create the AC like this:
| JbpmContext jbpmContext =executionContextOfAP.getJbpmContext()
| GraphSession graphSession = jbpmContext.getGraphSession();
| List processDefinitions = graphSession.findAllProcessDefinitions();
|
| <... Looking for process by the name of AP ... >
|
| ProcessInstance processInstanceOfAC = processDefinitionOfAC.createProcessInstance();
|
When ok, we start processInstanceOfAC with
| processInstanceOfAC.signal();
|
This causes an Exception of a type I didn't expect in I OUR code. Looking for the reason I found:
processDefinitionOfAP and processDefinitionOfAC are different instances of ProcessInstance. That's ok and what I expected.
But the instances of the used ActionHandlers are the same. So parent and child use the same instance of ActionHandler. (Which causes our code to crash.)
My questions:
1. Is this behaviour deliberate?
2. If yes, then why?
3. We are using Jbpm 3.1.2. Is it the same in 3.2?
Regards,
Martin
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087757#4087757
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4087757
18 years, 7 months
[Messaging, JMS & JBossMQ] - Re: cant control security in a jms queue
by jaikiran
"anderslinden" wrote : Hello!
|
| How do I setup this user database?
See if http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfigJBossMQDB helps. Once you have successfully done that, you can specify security restrictions on the Queue as follows (just an example):
<mbean code="org.jboss.mq.server.jmx.Queue"
| name="jboss.mq.destination:service=Queue,name=testQueue">
| <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
| <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
|
| <attribute name="SecurityConf">
| <security>
| <role name="guest" read="true" write="true"/>
| <role name="publisher" read="true" write="true" create="false"/>
| <role name="noacc" read="false" write="false" create="false"/>
| </security>
| </attribute>
| </mbean>
The above configuration can be done in "jbossmq-destinations-service.xml" file present in server/< serverName>/deploy/jms folder. The name of the queue in this example is "testQueue", change it to the name of your queue.
As you can see, the above configuration uses a SecurityManager (=jboss.mq:service=SecurityManager) which is configured in the jbossmq-service.xml file present in server/< serverName>/deploy/jms folder. The SecurityManager config in that jbossmq-service.xml mentions the following:
<mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager">
| <attribute name="DefaultSecurityConfig">
| <security>
| <role name="guest" read="true" write="true" create="true"/>
| </security>
| </attribute>
| <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute>
| <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
| </mbean>
As can be seen, this configuration uses the java:/jaas/jbossmq security domain to do the authentication. The login module is configured in login-config.xml file in server/< serverName>/conf folder (search for jbossmq in that file). All you have to do is configure that application policy to use your login module (similar to what's been mentioned in the link, above).
anonymous wrote : I have tried to manipulate these files:
| jboss/server/default/deploy/jms/jbossmq-destinations-service.xml
| jboss/server/default/data/hypersonic/localDB.script
| jboss/server/all/deploy-hasingleton/jms/jbossmq-service.xml
| jboss/server/all/deploy-hasingleton/jms/jbossmq-destinations-service.xml
| jboss/server/all/deploy-hasingleton/jms/hsqldb-jdbc-state-service.xml
|
Which server are you using, is it "default" or "all". Depending on that, you either have to change files in "default" or "all", but not both.
anonymous wrote :
| Actually, I would like to have a security model thats not password based, but based on which ip thats connected to the jms queue. I would like to setup a solution where only connections from localhost can write to the queue, in other words the server. Is that possible?
Once you get the security configurations done as mentioned above (and get working it with users stored in DB), this step should be simple enough. Just a change to the login-config.xml file to use a different login module instead of DB login module. As far as creating a login module for checking the IP address is concerned, i believe there was one, but was deprecated in recent releases of JBoss.
P.S: I havent tried anything of these. This is just based on the documents i could find, so you are sure to run into some issues, in which case just post it in the forums here. Maybe someone will be able to help.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087756#4087756
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4087756
18 years, 7 months