October 2009 - jboss-user - Jboss List Archives

[jBPM Users] - Re: JBPM4: How to find leaving transitions of an execution

by sebastian.s

You could count on my vote. I consider you to point out the use case in the feature request. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262502#4262502 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262502

16 years, 6 months

1
0
0 / 0

[JBoss Cache Users] - Cache configuration question

by mramos

Hi. I'm currently migrating our JBoss Cluster from 4.2.3 to 5.1.0. We already have almost everything working, just a small piece is missing: Pojo Cache. We make heavy use of this feature, so all/any help on this is much appreciated! My configuration in JBossAS 4.2.3 is: cat jboss423/server/all/deploy/pojocache-service.xml: | <?xml version="1.0" encoding="UTF-8" ?> | <server> | <classpath codebase="./lib" archives="jboss-cache.jar, jgroups.jar"/> | | <mbean code="org.jboss.cache.aop.PojoCache" | name="jboss.cache:service=PojoCache"> | | <depends>jboss:service=Naming</depends> |  |  |  | | |  | | <attribute name="IsolationLevel">REPEATABLE_READ</attribute> | |  | <attribute name="CacheMode">REPL_ASYNC</attribute> | |  | | <attribute name="ClusterName">${jboss.partition.name:DefaultPartition}-PojoCacheCluster</attribute> | |  | <attribute name="ClusterConfig"> | <config> |  |  | | <UDP | mcast_addr="${jboss.partition.udpGroup:228.1.2.3}" | mcast_port="${jboss.ejb3sfsbpartition.mcast_port:48866}" | ip_mcast="true" | tos="8" | ucast_recv_buf_size="20000000" | ucast_send_buf_size="640000" | mcast_recv_buf_size="25000000" | mcast_send_buf_size="640000" | loopback="false" | discard_incompatible_packets="true" | max_bundle_size="64000" | max_bundle_timeout="30" | use_incoming_packet_handler="true" | ip_ttl="${jgroups.udp.ip_ttl:2}" | enable_bundling="true" | enable_diagnostics="true" | thread_naming_pattern="cl" | | use_concurrent_stack="true" | | thread_pool.enabled="true" | thread_pool.min_threads="2" | thread_pool.max_threads="8" | thread_pool.keep_alive_time="5000" | thread_pool.queue_enabled="true" | thread_pool.queue_max_size="1000" | thread_pool.rejection_policy="discard" | | oob_thread_pool.enabled="true" | oob_thread_pool.min_threads="1" | oob_thread_pool.max_threads="8" | oob_thread_pool.keep_alive_time="5000" | oob_thread_pool.queue_enabled="false" | oob_thread_pool.queue_max_size="100" | oob_thread_pool.rejection_policy="Run"/> | | | <PING timeout="2000" | num_initial_members="2"/> | <MERGE2 min_interval="10000" | max_interval="20000"/> | <FD_SOCK/> | <FD timeout="10000" max_tries="5" shun="true"/> | <VERIFY_SUSPECT timeout="1500"/> | <pbcast.NAKACK use_stats_for_retransmission="false" | exponential_backoff="150" | use_mcast_xmit="true" gc_lag="0" | retransmit_timeout="50,300,600,1200" | discard_delivered_msgs="true"/> | <UNICAST timeout="300,600,1200"/> | <pbcast.STABLE stability_delay="1000" desired_avg_gossip="50000" | max_bytes="1000000"/> | <VIEW_SYNC avg_send_interval="60000" /> | <FC max_credits="500000" | min_threshold="0.20"/> | <FRAG2 frag_size="60000" /> | <pbcast.GMS join_timeout="5000" join_retry_timeout="2000" | shun="true" print_local_addr="true"/> | <pbcast.STATE_TRANSFER/> | </config> | </attribute> | |  | <attribute name="FetchInMemoryState">false</attribute> | |  | <attribute name="InitialStateRetrievalTimeout">15000</attribute> | |  | <attribute name="SyncReplTimeout">15000</attribute> | |  | <attribute name="LockAcquisitionTimeout">10000</attribute> | |  | <attribute name="EvictionPolicyConfig"> | <config> | <attribute name="wakeUpIntervalSeconds">5</attribute> | <attribute name="policyClass">org.jboss.cache.eviction.LRUPolicy</attribute> |  | <region name="/_default_" policyClass="org.jboss.cache.eviction.LRUPolicy"> | <attribute name="maxNodes">0</attribute> | <attribute name="timeToLiveSeconds">86400</attribute> | </region> | </config> | </attribute> | | <attribute name="CacheLoaderConfiguration"> | <config> | <passivation>true</passivation> | <preload>/</preload> | <shared>false</shared> | |  | <cacheloader> | <class>org.jboss.cache.loader.FileCacheLoader</class> |  | <async>false</async> |  | <fetchPersistentState>true</fetchPersistentState> |  | <ignoreModifications>false</ignoreModifications> | </cacheloader> | </config> | </attribute> | </mbean> | </server> | In my work to migrate this config to something equal in jboss 5.1.0, I got something like this. cat jboss510/server/all/deploy/pojocache-service.xml: | <?xml version="1.0" encoding="UTF-8" ?> | | <server> | <mbean code="org.jboss.cache.pojo.jmx.PojoCacheJmxWrapper" | name="jboss.cache:service=PojoCache"> | | <depends>jboss:service=TransactionManager</depends> | |  | |  | <attribute name="IsolationLevel">READ_COMMITTED</attribute> | |  | <attribute name="CacheMode">REPL_ASYNC</attribute> | |  | <attribute name="ClusterName">PojoCacheCluster</attribute> | |  | <attribute name="ClusterConfig"> | <config> |  |  | <UDP mcast_addr="228.1.2.3" mcast_port="48866" | ip_ttl="64" ip_mcast="true" | mcast_send_buf_size="150000" mcast_recv_buf_size="80000" | ucast_send_buf_size="150000" ucast_recv_buf_size="80000" | loopback="false"/> | <PING timeout="2000" num_initial_members="3"/> | <MERGE2 min_interval="10000" max_interval="20000"/> | <FD shun="true"/> | <FD_SOCK/> | <VERIFY_SUSPECT timeout="1500"/> | <pbcast.NAKACK gc_lag="50" retransmit_timeout="600,1200,2400,4800" | max_xmit_size="8192"/> | <UNICAST timeout="600,1200,2400,4800"/> | <pbcast.STABLE desired_avg_gossip="400000"/> | <FC max_credits="2000000" min_threshold="0.10"/> | <FRAG2 frag_size="8192"/> | <pbcast.GMS join_timeout="5000" join_retry_timeout="2000" | shun="true" print_local_addr="true"/> | <pbcast.STATE_TRANSFER/> | </config> | </attribute> | |  | <attribute name="FetchInMemoryState">false</attribute> | |  | <attribute name="InitialStateRetrievalTimeout">15000</attribute> | |  | <attribute name="SyncReplTimeout">15000</attribute> | |  | <attribute name="LockAcquisitionTimeout">10000</attribute> | | </mbean> | </server> | The problem is i can't define an eviction policy and/or maxNodes attribute. I know i'm doing something wrong (obviously), but i can't undestand what. Examples on how to configure this properly are welcome! Regards, Miguel View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262496#4262496 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262496

16 years, 6 months

1
0
0 / 0

[JNDI and Naming] - lookupLocaly failing

by kkoster

I am attempting to deploy an EAR that contains annotated EJB3 beans. I have already done this on several instances of JBoss, but this one is causing me problems. I am getting the following exception. | javax.naming.NamingException: Could not dereference object [Root exception is java.lang.RuntimeException: Exception while trying to locate proxy factory in JNDI, at key ProxyFactory/risk-server/UserContextManagementBean/kdr/remote/UserContextManagement/KDR] | I have checked the JNDI tree in the web-console using JNDIView and can see the name that I am looking up (i.e. kdr/remote/UserContextManagement) registered with what appear to the the appropriate bindings. I turned up the logging to trace on org.jboss.ha.jndi and got the following output: | 2009-10-27 13:38:56,522 TRACE [org.jboss.ha.jndi.HANamingService] (JBoss System Threads(1)-4) Accepted bootstrap client: Socket[addr=/192.168.11.3,port=51953,localport=1100] | 2009-10-27 13:38:57,086 TRACE [org.jboss.ha.jndi.impl.jbc.JBossCacheDistributedTreeManager] (RMI TCP Connection(4)-192.168.11.3) lookup, name=kdr/remote/UserContextManagement | 2009-10-27 13:38:57,087 TRACE [org.jboss.ha.jndi.HAJNDI] (RMI TCP Connection(4)-192.168.11.3) lookupLocally, name=kdr/remote/UserContextManagement | 2009-10-27 13:38:57,124 TRACE [org.jboss.ha.jndi.impl.jbc.JBossCacheDistributedTreeManager] (RMI TCP Connection(4)-192.168.11.3) lookup, name=ProxyFactory/risk-server/UserContextManagementBean/kdr/remote/UserContextManagement/KDR | 2009-10-27 13:38:57,125 TRACE [org.jboss.ha.jndi.HAJNDI] (RMI TCP Connection(4)-192.168.11.3) lookupLocally, name=ProxyFactory/risk-server/UserContextManagementBean/kdr/remote/UserContextManagement/KDR | 2009-10-27 13:38:57,125 TRACE [org.jboss.ha.jndi.HAJNDI] (RMI TCP Connection(4)-192.168.11.3) lookupLocally failed, name=ProxyFactory/risk-server/UserContextManagementBean/kdr/remote/UserContextManagement/KDR | javax.naming.NameNotFoundException: ProxyFactory not bound | at org.jnp.server.NamingServer.getBinding(NamingServer.java:771) | at org.jnp.server.NamingServer.getBinding(NamingServer.java:779) | at org.jnp.server.NamingServer.getObject(NamingServer.java:785) | at org.jnp.server.NamingServer.lookup(NamingServer.java:396) | at org.jboss.ha.jndi.HAJNDI.lookupLocally(HAJNDI.java:131) | at org.jboss.ha.jndi.HAJNDI.lookup(HAJNDI.java:202) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:597) | at org.jboss.ha.framework.server.HARMIServerImpl.invoke(HARMIServerImpl.java:209) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:597) | at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305) | at sun.rmi.transport.Transport$1.run(Transport.java:159) | at java.security.AccessController.doPrivileged(Native Method) | at sun.rmi.transport.Transport.serviceCall(Transport.java:155) | at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535) | at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790) | at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649) | at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) | at java.lang.Thread.run(Thread.java:619) | 2009-10-27 13:38:57,125 TRACE [org.jboss.ha.jndi.HAJNDI] (RMI TCP Connection(4)-192.168.11.3) calling lookupLocally(ProxyFactory/risk-server/UserContextManagementBean/kdr/remote/UserContextManagement/KDR) on HAJNDI cluster | 2009-10-27 13:38:57,132 TRACE [org.jboss.ha.jndi.HAJNDI] (RMI TCP Connection(4)-192.168.11.3) Returned results size: 0 | It looks like an internal caching issue of the proxy. This is going a bit deeper than I can spend time looking at right now. If anyone has any ideas what is going on here, I would be grateful for some suggestions. Karl View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262491#4262491 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262491

16 years, 6 months

1
0
0 / 0

[JBoss Web Services Users] - Unable to process deployment descriptor for context and @Web

by chubinator

Hello, I've created some JbossWS web services using the top-down approach and wsconsume. I'm deploying a Stateless EJB implementation of one of my services to JBoss 5.1.0. It all deploys fine, but I get this warning: WARNING [config] Unable to process deployment descriptor for context '/myapp' My EJB looks like this: @Stateless | @WebService | @WebContext( contextRoot="/myapp" ) | public class MyServiceBean implements com.company.webservices.myapp.v1.MyServicePortType { My deployment package is a .ear file with the following contents: META-INF/application.xml | myservices.jar | myapp.jar The contents of the application.xml is: <?xml version="1.0" encoding="UTF-8"?> | <application xmlns="http://java.sun.com/xml/ns/javaee" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd" | version="5"> | <display-name>myapp-1.0</display-name> | <module> | <ejb>myapp.jar</ejb> | </module> | <module> | <java>myservices.jar</java> | </module> | </application> I spent a lot of time searching around the internet and the forums, and the best I can figure is that JBoss wants me to configure the context some place. The two examples I found reference some context.xml file that can be either in the WEB-INF folder of the war or configured as part of the JBoss server (outside my ear). I was not able to locate a DTD for this context.xml file and I'd really like to include it in my .ear. I'll generate a war if necessary, but want to be sure I understand what JBoss expects to see. Any help is greatly appreciated, Mark View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262487#4262487 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262487

16 years, 6 months

1
0
0 / 0

[Persistence] - Re: dedicated server process results in ORA-24777 error

by h2kinfosys

If we write the bellow connection URL it works fine, without providing Server=SHARED. <connection-url>jdbc:oracle:thin:@(description=((address=(protocol=tcp)(host=mana-jb)(port=1521)))(connect_data=(SID=testdb) I would like to know how to find out the JBOss is using Shared Server connection pool? What are the approaches we need to test to make sure the Database connections are SHARED? Thank you, Mahesh View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262483#4262483 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262483

16 years, 6 months

1
0
0 / 0

[JMX] - jmx-console depends on generic named ear-file

by mawenzel

I have a filter class (for the JMX-Console) in an ear-file (test_xxx.ear) which is dynamically named. Now I have the following line in the jboss-web.xml of the jmx-console: | <depends>jboss.j2ee:service=EARDeployment,url='test_xxx.ear'</depends> | The problem is: the ear-file has a dynamically-given name (like test_010.ear, test_020.ear,...) I tried an url with an wildcard and a directory, but the result is the same: I get a warning-message like: MBeans waiting for other MBeans... What can I do? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262481#4262481 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262481

16 years, 6 months

1
0
0 / 0

[jBPM Users] - Re: Custom Authentication/Identity Module

by JimDwyer

uhhmmm....thanks...uhhmmmm...I was looking for the answer in the identity project examples....uhhmmm....but will look in the jBPM examples in the uhhmmm... 4.1 release. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262479#4262479 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262479

16 years, 6 months

1
0
0 / 0

[JBoss Messaging Users] - Re: JBoss Messaging 1.4.2 Fails - JBoss AS 5.0.1 Startup

by raja8183

None of the Queues/Topics are deployed. | DEPLOYMENTS IN ERROR: | Deployment "vfsfile:/C:/JavaTools/jboss-5.0.1.GA/server/dispatch/deploy/messaging-service.xml" is in error due to the following reason(s): java.lang.RuntimeException: No Attribute found with name: SecurityDomain for jboss.messaging:service=ServerPeer, attributes: [ProviderVersion, DefaultExpiryQueue, DefaultMaxDeliveryAttempts, ServerAopConfig, JMSProviderName, FailoverCompleteTimeout, JMSVersion, DefaultRedeliveryDelay, StrictTck, Destinations, FailoverStartTimeout, MessageStatistics, RecoverDeliveriesTimeout, DefaultPreserveOrdering, ClientAopConfig, DefaultMessageCounterHistoryDayLimit, DefaultDLQ, SuckerPassword, Instance, DefaultTopicJNDIContext, ServerPeerID, ClusterPullConnectionFactoryName, PostOffice, PersistenceManager, EnableMessageCounters, MessageCounters, ProviderMajorVersion, JMSMajorVersion, DefaultQueueJNDIContext, SecurityStore, JMSUserManager, JMSMinorVersion, SupportsFailover, MessageCounterSamplePeriod, ProviderMinorVersion] | Deployment "jboss.messaging:service=ServerPeer" is in error due to the following reason(s): ** NOT FOUND Depends on 'jboss.messaging:service=ServerPeer' ** | The messaging-service.xml is the default service file: | <server> | |  | | <mbean code="org.jboss.jms.server.ServerPeer" | name="jboss.messaging:service=ServerPeer" | xmbean-dd="xmdesc/ServerPeer-xmbean.xml"> | |  | | <attribute name="ServerPeerID">${jboss.messaging.ServerPeerID:0}</attribute> | |  | | <attribute name="DefaultQueueJNDIContext">/queue</attribute> | |  | | <attribute name="DefaultTopicJNDIContext">/topic</attribute> | | <attribute name="PostOffice">jboss.messaging:service=PostOffice</attribute> | |  | | <attribute name="SecurityDomain">java:/jaas/messaging</attribute> | |  | | <attribute name="DefaultSecurityConfig"> | <security> | <role name="guest" read="true" write="true" create="true"/> | </security> | </attribute> | |  | | <attribute name="DefaultDLQ">jboss.messaging.destination:service=Queue,name=DLQ</attribute> | |  | | <attribute name="DefaultMaxDeliveryAttempts">10</attribute> | |  | | <attribute name="DefaultExpiryQueue">jboss.messaging.destination:service=Queue,name=ExpiryQueue</attribute> | |  | | <attribute name="DefaultRedeliveryDelay">0</attribute> | |  | | <attribute name="MessageCounterSamplePeriod">5000</attribute> | |  | | <attribute name="FailoverStartTimeout">60000</attribute> | |  | | <attribute name="FailoverCompleteTimeout">300000</attribute> | |  | | <attribute name="DefaultMessageCounterHistoryDayLimit">-1</attribute> | |  | | <attribute name="ClusterPullConnectionFactoryName">jboss.messaging.connectionfactory:service=ClusterPullConnectionFactory</attribute> | |  | | <attribute name="DefaultPreserveOrdering">false</attribute> | |  | | <attribute name="RecoverDeliveriesTimeout">300000</attribute> | |  | | <attribute name="EnableMessageCounters">false</attribute> | |  | | <depends optional-attribute-name="PersistenceManager">jboss.messaging:service=PersistenceManager</depends> | | <depends optional-attribute-name="JMSUserManager">jboss.messaging:service=JMSUserManager</depends> | | <depends>jboss.messaging:service=Connector,transport=bisocket</depends> | | </mbean> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262478#4262478 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262478

16 years, 6 months

1
0
0 / 0

[JBoss Messaging Users] - Re: JBoss Messaging 1.4.2 Fails - JBoss AS 5.0.1 Startup

by raja8183

JBoss Messaging 1.4.2 View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262473#4262473 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262473

16 years, 6 months

1
0
0 / 0

[Security] - RBAC Profile of XACML

by valeriu.nedelcu

Hi everyone! Our organization is trying to implement an authorization scheme based on JBoss' XACML library (v2.0.4) and RBAC profile of XACML. (RBAC profile is a standard specification available here: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profil...). I had several issues with implementing this profile, mostly related to difficulties in finding policies and policy sets by reference. Therefore I wrote a JUnit test case for the example given in the aforementioned document and ran it inside the jboss-xacml project (latest revision on trunk). The authorization scenario is the following: there are two roles ('employee' and 'manager'), a resource ('purchase order') and two actions ('create' and 'sign'). The employee can only create purchase orders, while the manager has also the ability to sign them. The policies needed for this scenario are described in greater detail in the RBAC profile document, pages 7-12. For each role there are two policy sets, the role policy set (RPS) and the permission policy set (PPS). The RPS is the primary policy set that has to be checked firsthand by the PDP and must include a reference to the applicable PPS. For example, RPS for employee looks like this (XacmlRolePolicySet-employee.xml): | <?xml version="1.0" encoding="UTF-8"?> | <PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os | http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..." | PolicySetId="RPS:employee:role" | PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"> | <Target> | <Subjects> | <Subject> | <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal"> | <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">urn:example:role-values:employee</AttributeValue> | <SubjectAttributeDesignator | DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" /> | </SubjectMatch> | </Subject> | </Subjects> | </Target> | |  | <PolicySetIdReference>PPS:employee:role</PolicySetIdReference> | | </PolicySet> and the corresponding PPS is (XacmlPermissionPolicySet-employee.xml): | <?xml version="1.0" encoding="UTF-8"?> | <PolicySet xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation="urn:oasis:names:tc:xacml:2.0:policy:schema:os | http://docs.oasis-open.org/xacml/access_control-xacml-2.0-policy-schema-o..." | PolicySetId="PPS:employee:role" | PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides"> | <Target /> | <Policy | RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides" | PolicyId="Permissions:specifically:for:the:employee:role"> | <Description> | Permissions specifically for the employee role. | </Description> | <Target /> |  | <Rule Effect="Permit" RuleId="Permission:to:create:a:purchase:order"> | <Target> | <Resources> | <Resource> | <ResourceMatch | MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> | <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">purchase order</AttributeValue> | <ResourceAttributeDesignator | AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" | DataType="http://www.w3.org/2001/XMLSchema#string" /> | </ResourceMatch> | </Resource> | </Resources> | <Actions> | <Action> | <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> | <AttributeValue | DataType="http://www.w3.org/2001/XMLSchema#string">create</AttributeValue> | <ActionAttributeDesignator | DataType="http://www.w3.org/2001/XMLSchema#string" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" /> | </ActionMatch> | </Action> | </Actions> | </Target> | </Rule> | </Policy> | | </PolicySet> | The JBoss XACML Configuration File used (src/test/resouces/test/config/rbacPolicySetConfig.xml): | <ns:jbosspdp xmlns:ns="urn:jboss:xacml:2.0"> | <ns:Policies> | <ns:PolicySet> | <ns:Location>test/policies/rbac/XacmlRolePolicySet-employee.xml</ns:Location> | <ns:PolicySet> | <ns:Location>test/policies/rbac/XacmlPermissionPolicySet-employee.xml</ns:Location> | </ns:PolicySet> | </ns:PolicySet> | <ns:PolicySet> | <ns:Location>test/policies/rbac/XacmlRolePolicySet-manager.xml</ns:Location> | <ns:PolicySet> | <ns:Location>test/policies/rbac/XacmlPermissionPolicySet-manager.xml</ns:Location> | </ns:PolicySet> | | </ns:PolicySet> | </ns:Policies> | <ns:Locators> | <ns:Locator Name="org.jboss.security.xacml.locators.JBossPolicySetLocator"/> | </ns:Locators> | </ns:jbosspdp> | The following request file asks for authorization for an employee that wants to create a purchase order. According to the policy the request should be granted. | <?xml version="1.0" encoding="UTF-8"?> | <xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" | xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os | http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-..."> | <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> | <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" | DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.rbac.example"> | <AttributeValue>500</AttributeValue> | </Attribute> | <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:user-name" | DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.rbac.example"> | <AttributeValue>Nick the Employee</AttributeValue> | </Attribute> | <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" | DataType="http://www.w3.org/2001/XMLSchema#anyURI" Issuer="xacml20.rbac.example"> | <AttributeValue>urn:example:role-values:employee</AttributeValue> | </Attribute> | </Subject> | <Resource> | <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" | DataType="http://www.w3.org/2001/XMLSchema#string"> | <AttributeValue>purchase order</AttributeValue> | </Attribute> | </Resource> | <Action> | <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" | DataType="http://www.w3.org/2001/XMLSchema#string"> | <AttributeValue>create</AttributeValue> | </Attribute> | </Action> | <Environment /> | </xacml-context:Request> This one is for an employee who want to sign a purchase order (src/test/resources/test/policies/rbac/sign-purchase-order-by-employee-request.xml): <?xml version="1.0" encoding="UTF-8"?> | <xacml-context:Request xmlns:xacml-context="urn:oasis:names:tc:xacml:2.0:context:schema:os" | xmlns="urn:oasis:names:tc:xacml:2.0:context:schema:os" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | xsi:schemaLocation=" urn:oasis:names:tc:xacml:2.0:context:schema:os | http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-..."> | <Subject SubjectCategory="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> | <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" | DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.rbac.example"> | <AttributeValue>500</AttributeValue> | </Attribute> | <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:user-name" | DataType="http://www.w3.org/2001/XMLSchema#string" Issuer="xacml20.rbac.example"> | <AttributeValue>Nick the Employee</AttributeValue> | </Attribute> | <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" | DataType="http://www.w3.org/2001/XMLSchema#anyURI" Issuer="xacml20.rbac.example"> | <AttributeValue>urn:example:role-values:employee</AttributeValue> | </Attribute> | </Subject> | <Resource> | <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" | DataType="http://www.w3.org/2001/XMLSchema#string"> | <AttributeValue>purchase order</AttributeValue> | </Attribute> | </Resource> | <Action> | <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" | DataType="http://www.w3.org/2001/XMLSchema#string"> | <AttributeValue>sign</AttributeValue> | </Attribute> | </Action> | <Environment /> | </xacml-context:Request> This request should be denied but surprisingly, I got a DECISION_NOT_APPLICABLE. Here is the method: public void testRBACSignPurchaseOrderByEmployee() throws Exception | { | String fileName = "test/config/rbacPolicySetConfig.xml"; | ClassLoader tcl = Thread.currentThread().getContextClassLoader(); | URL configFile = tcl.getResource(fileName); | JAXBContext jc = JAXBContext.newInstance("org.jboss.security.xacml.jaxb"); | assertNotNull("JAXBContext is !null", jc); | Unmarshaller u = jc.createUnmarshaller(); | JAXBElement<?> j = (JAXBElement<?>) u.unmarshal(configFile); | assertNotNull("JAXBElement is !null", j); | | assertNotNull("configFile != null", configFile); | PolicyDecisionPoint pdp = new JBossPDP(j); | TestCase.assertEquals("Sign purchase order by employee should be denied", | XACMLConstants.DECISION_DENY, XACMLTestUtil.getDecision(pdp, | "test/policies/rbac/sign-purchase-order-by-employee-request.xml")); | } | The JUnit test case is a slight adaptation of JBossXACMLConfigUnitTestCase. I ran the test from inside Eclipse SDK and as part of Maven build process, and the results were the same. So my questions are: How this result can be explained? Have I done anything wrong on the configuration level? | Can I configure/implement a policy (module) finder that would discover the policies referenced by PolicySetIdReference or PolicyIdReference elements? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262470#4262470 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262470

16 years, 6 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-user October 2009