[Security & JAAS/JBoss] - using Active Directory for Authorization in Seam apps
by asookazian
we have several Seam apps that will need a security solution involving using AD for authentication and authorization.
Authentication is ok (we're using NTLM with IE browsers).
We need advice for authorization. Our security model involves having the owner's of the applications add members (end-users) to AD distribution groups via Outlook.
We have a custom Java AD library that allows us to get a list of the groups an authenticated user belongs to. We need to know whether or not it's ok to query AD real-time for multiple apps with a potential centralized AD cluster for all field sites. Any performance issues? This would happen on every JSF page load, for example, when a drop down needs to be populated for a particular role filter (e.g. only show the list of technicians).
We are considering copying the added/deleted member info from the AD distro groups to RDBMS tables but then we have the syncing issue of when/how to do this. We are also considering augmenting our db schema to add user_role info to our user table by adding multiple tables (i.e., each user can have multiple roles in multiple apps).
Any advice on this authorization portion? I can't find any best practices heuristics from microsoft regarding AD and we need to integrate our security framework with Seam ultimately. What is the JBoss best practice? The JBoss 4 official guide doesn't go into authorization in detail. thx.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4125824#4125824
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4125824
18 years, 2 months
[JBoss Seam] - EVENT_LOGIN_SUCCESSFUL handled twice
by joeyxxx
I just upgraded to 2.0.1GA and overrode facesSecurityEvents. addLoginSuccessfulMessage() which used to be in identity so I could suppress the "Welcome, user" message.
>From my logs, I can tell authenticator.authenticate is only being called once but addLoginSuccessfulMessage(), the event handler for EVENT_LOGIN_SUCCESSFUL(org.jboss.seam.security.loginSuccessful) is being called twice. What gives?
| @Name("org.jboss.seam.security.facesSecurityEvents")
| @Scope(ScopeType.APPLICATION)
| @Install(precedence = APPLICATION, classDependencies = "javax.faces.context.FacesContext")
| @BypassInterceptors
| @Startup
| public class SecurityEventsHandler extends org.jboss.seam.security.FacesSecurityEvents {
|
| @Logger Log log;
|
| @Override @Observer(Identity.EVENT_LOGIN_SUCCESSFUL)
| public void addLoginSuccessfulMessage()
| {
| log.info("\n\n\n>>>>>>>>>>>>>>>>>>>>EVENT_LOGIN_SUCCESSFUL handled<<<<<<<<<<<<<<<<<<<<<<<<\n\n\n");
| }
|
|
| }
|
My identity.login ff:
@Override
| public String login() {
| super.login();
| return loginFailed ? null : this.destination;
| }
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4125822#4125822
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4125822
18 years, 2 months
[JBoss Seam] - s:link without the href? Only for the onclick
by EricJava
Simple question here:
I'm setting up my entire site in such a way that it will display pages, and the various sections of the page will have an "edit" button next to them. When the user clicks "edit", there is a DHTML operation that transforms the static display into a form. The user can then do things on the form, and click "save", and the data are updated as an AJAX request and the form returns to its static view, and the "edit" button is back. This seems like a very friendly way to display a lot of information on a page, and have it editable in a simple way.
At this stage, I have it working like this:
<div id="staticView">
| .....
| </div>
|
| <div id="formView">
| .....
| </div>
|
| <s:link value="Switch them!" onclick="showAndHide('staticView', 'formView');false;"/>
|
And a corresponding JavaScript function:
function showAndHide($showId, $hideId) {
|
| var $showElement = document.getElementById($showId);
| var $hideElement = document.getElementById($hideId);
|
| $showElement.style.display = 'inline';
| $hideElement.style.display = 'none';
|
| return false;
|
| }
I put all this together, and it works. Then I enclose it in an <h:form>, and it starts doing a whole-page reload on clicking. I tried s:link, h:commandButton, s:button, and it's all the same behavior.
Any suggestions on this?
I'm also thinking of using rich:componentControl, which seems like it is intended for doing things like this, but I can't figure out how to use it. Or are there some other RichFaces components I should try out?
Any pointers would be welcome!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4125807#4125807
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4125807
18 years, 2 months
[JBoss Seam] - Re: Here is a Richfaces Ajax Datascroler and Seam Example
by supernovasoftware.com
Here is a more recent version of the code. This time I have the query return a List of maps for an HQL query.
I just override get id and it works. Try this more recent version. Are you using Seam 2.0.x?
I have not seen too much interest in my method. If people like the technique employed, I can post an example when I get some time.
|
| import java.io.IOException;
| import java.io.Serializable;
| import java.util.ArrayList;
| import java.util.HashMap;
| import java.util.List;
| import java.util.Map;
|
| import javax.faces.context.FacesContext;
|
| import org.ajax4jsf.model.DataVisitor;
| import org.ajax4jsf.model.ExtendedDataModel;
| import org.ajax4jsf.model.Range;
| import org.ajax4jsf.model.SequenceRange;
| import org.jboss.seam.annotations.Logger;
| import org.jboss.seam.log.Log;
|
| import com.xxx.ui.Idable;
|
| public abstract class BaseExtendedDataModel<T,ID extends Serializable> extends ExtendedDataModel implements BaseExtendedDataModelDAO<T, ID>{
|
| private @Logger Log log;
|
| int rowNum=-1;
|
| public int getRowNum()
| {
| return ++rowNum;
| }
|
| public List<T> listRow;
|
| private ID currentId;
| private Map<ID, T> wrappedData = new HashMap<ID, T>();
| private List<ID> wrappedKeys;
| private Long rowCount; // better to buffer row count locally
|
| public abstract Long getCount();
| public abstract List<T> getList(Integer firstRow, Integer maxResults);
| public abstract T findById(ID id);
|
| public ID getId(T row)
| {
| Idable idable = (Idable) row;
| ID id = (ID) idable.getId();
| return id;
| }
|
| public void wrap(FacesContext context, DataVisitor visitor, Range range, Object argument, List<T> list) throws IOException
| {
| wrappedKeys = new ArrayList<ID>();
| wrappedData = new HashMap<ID, T>();
| for (T row : list)
| {
| ID id = getId(row);
| wrappedKeys.add(id);
| wrappedData.put(id, row);
| visitor.process(context, id, argument);
| }
| }
|
| public boolean hasById(ID id)
| {
| for (T row : listRow)
| {
| ID rowId = getId(row);
| if (rowId.equals(id))
| {
| return true;
| }
| }
| return false;
| }
|
| @Override
| public void walk(FacesContext context, DataVisitor visitor, Range range, Object argument) throws IOException
| {
| int firstRow = ((SequenceRange) range).getFirstRow();
| int maxResults = ((SequenceRange) range).getRows();
| log.info("("+firstRow +", "+ maxResults+")");
| wrap(context, visitor, range, argument, getList(firstRow, maxResults));
| }
|
| /*
| * This method normally called by Visitor before request Data Row.
| */
| @Override
| public void setRowKey(Object key)
| {
| this.currentId = (ID) key;
| }
|
| @Override
| public int getRowCount()
| {
| if(rowCount == null)
| return (rowCount = this.getCount()).intValue();
| else
| return rowCount.intValue();
| }
|
| @Override
| public boolean isRowAvailable()
| {
| if (currentId == null) {
| return false;
| } else {
| return hasById(currentId);
| }
| }
|
| /**
| * This is main way to obtain data row. It is intensively used by framework.
| * We strongly recommend use of local cache in that method.
| */
| @Override
| public Object getRowData() {
| if (currentId == null) {
| return null;
| } else {
| T ret = wrappedData.get(currentId);
| if (ret == null) {
| ret = this.findById(currentId);
| wrappedData.put(currentId, ret);
| return ret;
| } else {
| return ret;
| }
| }
| }
|
|
| // Unused rudiment from old JSF staff.
| @Override public int getRowIndex() { throw new UnsupportedOperationException(); }
| @Override public void setRowIndex(int rowIndex) { throw new UnsupportedOperationException(); }
| @Override public Object getWrappedData() { throw new UnsupportedOperationException(); }
| @Override public void setWrappedData(Object data) { throw new UnsupportedOperationException(); }
|
| // TODO if this is never called by the framework why is it necessary.
| @Override public Object getRowKey() { throw new UnsupportedOperationException(); }
|
| }
|
|
|
|
| import java.util.List;
| import java.util.Map;
|
| import org.jboss.seam.ScopeType;
| import org.jboss.seam.annotations.In;
| import org.jboss.seam.annotations.Logger;
| import org.jboss.seam.annotations.Name;
| import org.jboss.seam.annotations.Out;
| import org.jboss.seam.annotations.Scope;
| import org.jboss.seam.log.Log;
|
| import com.xxx.dao.richfaces.BaseExtendedDataModel;
| import com.xxx.search.PipeSearch;
|
| @Name("pipeSearchExtendedDataModel")
| @Scope(ScopeType.CONVERSATION)
| public class PipeSearchExtendedDataModel extends BaseExtendedDataModel<Map<String, Object>, Long>
| {
| private @Logger Log log;
|
| @In(create=true) PipeSearchDAO pipeSearchDAO;
|
| @In(required=false) @Out(required = false)
| private PipeSearch pipeSearch;
| public PipeSearch getPipeSearch() { return pipeSearch; }
| public void setPipeSearch(PipeSearch pipeSearch) { this.pipeSearch = pipeSearch; }
|
| @Override
| public Long getId(Map<String, Object> row)
| {
| return (Long) row.get("minId");
| }
|
| @Override
| public Long getCount()
| {
| return pipeSearchDAO.getCount(pipeSearch);
| }
|
| @Override
| public Map<String, Object> findById(Long id)
| {
| return pipeSearchDAO.findResultById(id);
| }
|
| @Override
| public List<Map<String, Object>> getList(Integer firstRow, Integer maxResults)
| {
| return listRow = pipeSearchDAO.getList(pipeSearch,firstRow, maxResults);
| }
|
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4125802#4125802
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4125802
18 years, 2 months
[Installation, Configuration & DEPLOYMENT] - Passivation time configuration
by JEFFASTOREY
Hi, I've deployed an EJB (in a .ear file using EJB3 annotations) to my JBoss server, and for some reason, they always take 10 minutes of inactivity to passivate (and then seem to be hours until they are removed from the container entirely).
I'm running the default configuration and I've modified the JBoss standardjboss.xml file (in server\default\conf) that relates to the container configuration to look as follows:
<container-configuration>
| <container-name>Standard Stateful SessionBean</container-name>
| <call-logging>false</call-logging>
| <invoker-proxy-binding-name>stateful-unified-invoker</invoker-proxy-binding-name>
| <container-interceptors>
| <interceptor>org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor</interceptor>
| <interceptor>org.jboss.ejb.plugins.LogInterceptor</interceptor>
| <!-- CMT -->
| <interceptor transaction="Container">org.jboss.ejb.plugins.TxInterceptorCMT</interceptor>
| <interceptor transaction="Container">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor>
| <interceptor transaction="Container">org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor</interceptor>
| <!-- BMT -->
| <interceptor transaction="Bean">org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor</interceptor>
| <interceptor transaction="Bean">org.jboss.ejb.plugins.TxInterceptorBMT</interceptor>
| <interceptor transaction="Bean">org.jboss.ejb.plugins.CallValidationInterceptor</interceptor>
| <interceptor>org.jboss.resource.connectionmanager.CachedConnectionInterceptor</interceptor>
| <interceptor>org.jboss.ejb.plugins.SecurityInterceptor</interceptor>
| </container-interceptors>
| <instance-cache>org.jboss.ejb.plugins.StatefulSessionInstanceCache</instance-cache>
| <persistence-manager>org.jboss.ejb.plugins.StatefulSessionFilePersistenceManager</persistence-manager>
| <container-cache-conf>
| <cache-policy>org.jboss.ejb.plugins.LRUStatefulContextCachePolicy</cache-policy>
| <cache-policy-conf>
| <min-capacity>50</min-capacity>
| <max-capacity>1000000</max-capacity>
| <remover-period>30</remover-period>
| <max-bean-life>30</max-bean-life>
| <overager-period>30</overager-period>
| <max-bean-age>30</max-bean-age>
| <resizer-period>5</resizer-period>
| <max-cache-miss-period>5</max-cache-miss-period>
| <min-cache-miss-period>1</min-cache-miss-period>
| <cache-load-factor>0.75</cache-load-factor>
| </cache-policy-conf>
| </container-cache-conf>
| <container-pool-conf>
| <MaximumSize>100</MaximumSize>
| </container-pool-conf>
| </container-configuration>
|
I would think the beans should now passivate within 30 seconds of inactivity (or in my case, after the application shuts down -- I wrote a small test app that just looks up the bean then ends so the bean becomes inactive).
Can anyone explain why passivation still takes 10 minutes? Thanks.
Jeff
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4125800#4125800
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4125800
18 years, 2 months
[JBoss jBPM] - Re: Cannot build JBPM source from CVS
by karltraunmueller
Hi all,
when compiling jBpm CVS HEAD, I stumbled upon the same problem, "Missing required plug-in org.jbpm.gd.common_0.0.0", but managed to get the build run to completion with some "manual intervention".
Steps to reproduce (jbpm.3 is the local CVS module root folder):
| * Set up a copy of Eclipse SDK 3.3.1.1, unzip dtp-sdk_1.5.1, emf-sdo-xsd-SDK-2.3.1, GEF-SDK-3.3.1, wtp-sdk-R-2.0.1-20070926042742 (all from the local jBPM repo) into the eclipse dir, and switch to a clean workspace.
| * Import the projects under jbpm.3/designer (org.jbpm.gd.bpel, org.jbpm.gd.bpel.runtime, org.jbpm.gd.common, org.jbpm.gd.pf).
| * All projects should build, except org.jbpm.gd.bpel.runtime, which depends on org.eclipse.bpel, so I installed the BPEL plugins from http://download.eclipse.org/technology/bpel/update-site.
| * For some strange reason, org.jbpm.gd.bpel.runtime still does not compile, having troubles with "The import org.eclipse.bpel cannot be resolved", although the plugin is there, and I reloaded the target platform under Preferences / Plug-in Development / Target Platform, but still no luck. Can anyone help here?
| * Export org.jbpm.gd.common (File / Export / Deployable plug-ins and fragments) to jbpm.3\designer\jpdl\org.jbpm.gd.jpdl.build\target\workspace, deselect option "Package plug-ins as individual JAR archives".
|
By the way, I found that when checking out jBpm HEAD inside Eclipse, not all folders are checked out, so I used cvs command line client to check out the complete source.
What was missing from the build was jbpm.sar, which I built using the following steps:
| * Run jbpm.3\jpdl\jar>ant config.profile.datasource. Although this is marked as old stuff in the main build.xml, it seems to work.
| * Manually copy jbpm.3\jpdl\jar\target\profiles\jbpm.config.profile.datasource.jar to JBPM_REPO\jbpm\jpdl\3.2.2\lib\jbpm.config.profile.datasource.jar
| * Run the package target in jboss/sar: jbpm.3\jboss\sar>ant package
|
Testing jbpm.sar:
| * Copy jbpm.sar from jbpm.3\jboss\sar\target to jboss-4.2.2.GA\server\default\deploy
| * Copy jbpm-ds.xml from jbpm.3\jboss\configuration\4.2.2.GA\target\configuration\deploy to jboss-4.2.2.GA\server\default\deploy
| * Copy the application-policy name="jbpm" from jbpm.3\jboss\configuration\4.2.2.GA\target\configuration\conf\login-config.xml into jboss-4.2.2.GA\server\default\conf\login-config.xml
| * Copy jbpmDB.properties and jbpmDB.script from jbpm.3\jboss\configuration\4.2.2.GA\target\configuration\data\hypersonic to jboss-4.2.2.GA\server\default\data\hypersonic
| * Copy the JbpmCommandQueue and JbpmJobQueue mbean definitions from jbpm.3\jboss\configuration\4.2.2.GA\target\configuration\deploy\jms\jbossmq-destinations-service.xml to jboss-4.2.2.GA\server\default\deploy\jms\jbossmq-destinations-service.xml
| * Copy jbpm-console.war from jbpm.3\console\target\jbossas-4.2.x to jboss-4.2.2.GA\server\default\deploy
| * Start jboss-4.2.2.GA
| * jbpm-console should be functional
| * JNDIView should show the JbpmService MBean under jboss.jbpm:name=DefaultJbpm,service=JbpmService
|
And, seriously folks, what about migrating the build process to maven 2? With the current build system, several targets get re-run over and over again during a build, hinting at broken dependency checking of build artifacts, and resulting in unneccessary long build times. As far as I can see, JBoss is gradually moving all project builds to maven, so this might be worth considering (I know, the current build system has certainly taken lots of time and energy, but maven does this, well, even better).
regards,
Karl
Karl Traunmueller
Objectbay Software & Consulting GmbH
Softwarepark 35
4232 Hagenberg, Austria
www.objectbay.com
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4125795#4125795
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4125795
18 years, 2 months