[JBoss jBPM] - Re: Maintenance and Repair Tools
by michaelholtzman
kukeltje:
anonymous wrote : - Would be great if you could elaborate a little on the way creating the indexes impacted performance more than just the delete (thankfully it was not the coroner you had to call ;-))
(1) When we start up the jBPM java app, we load information about all the running instances from JBPM into our application. This is much faster after indexing the table (generally anything that gathers components of a process instance or process definition is significantly faster).
(2) Eliminated (almost) deadlocks on tables by enabling row locking
(3) No downgrade in run-time performance (process instances do not run slower due to overhead from indexing)
anonymous wrote : - I'm not a fan of serialzation (I've had an incompatibility once due to upgrading a jdk). If needed, I marshal the objects, or use explicit hibernate mappings
When we started this project no one really understood how hibernate worked, much less how to configure it. I think that any new variable classes we add will be implemented the same way as the native variables.
anonymous wrote : - Creating an example is not trivial, but you expect 'us' to have/know tooling for debugging it.... ;-)
Well, I wasn't looking for a tool for a specific problem, I was wondering if there were any general purpose DB tools for jBPM. (E.g., in a previous job we had a tool that would 'walk' the database and identify any inconsistencies that might cause future problems).
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4249959#4249959
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4249959
16 years, 10 months
[JBossWS] - webservive form-like authentication
by fejesjoco
I would like to create a JBossWS webservice with a very specific authentication scheme, it's like securing a webservice like a website with form authentication. We want a login(...) webmethod (or several of them). When a client calls it and the authentication succeeds, we store that information (username, roles) in the session. All other webmethods would be declaratively secured like with @RolesAllowed. I haven't implemented anything yet, I'm only planning now.
I believe that in the endpoint class, I can get a @Resource WebServiceContext, and after that, in the login(...) method I can get the MessageContext, and then the HttpServletRequest, and then the HttpSession. This login(...) method is unsecured, so anyone can call it, we log them in and the client automatically receive a session cookie.
What I don't know how to do is this: I want JBoss to ask me before every webservice method invocation who the currently logged in user/Principal is and what roles they have. In this callback I would look at the session and return to JBoss the information that the login method stores in the session. So if I wanted to call WebServiceContext.getUserPrincipal, the principal would appear there, somehow magically, because there's no setUserPrincipal. And I believe that once a Principal is associated to the current request (or maybe the session, automatically), the @RolesAllowed annotation would work as expected.
Is there any extension point that lets me do this? So far I've only come up with some poor workarounds. I think I could create a GenericSOAPHandler, it knows what I want: it does execute before every request and it does have access to the session in the function handleInbound(MessageContext msgContext). I could throw an exception from there if the session is empty, but that's far from role-based security. Or, naturally, I have access to the session in all of the webmethods, so I could call an isInRole function at the start of every method, but that's much worse than doing the same thing declaratively.
I have no doubt that associating a principal+roles with a session is the only viable way for me. So is it possible? Please don't suggest WS-Security or basic authentication or things like that, requirements say we can't use that, it has to be with sessions+cookies (we're porting the server from .NET, yay, but the clients will have to stay the same).
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4249952#4249952
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4249952
16 years, 10 months
[JBoss jBPM] - Re: Maintenance and Repair Tools
by michaelholtzman
bestage:
anonymous wrote : How do you re-use the jBPM component in multiple applications? Are you distributing a jar and use a central jbpm db for the tables? This is what I am planning to do in one of my projects. But I was also thinking about the possible deadlock issues.
Yes, this is the tricky part. We use a central jBPM database. We have a java app written around jBPM, which can have multiple processing threads. We can run multiple copies of this java app concurrently. A central app manages jBPM requests and forwards them to one of the java apps (but does not call into jBPM directly).
When a start process instance request is made, the central app sends that command to one of the java apps, and saves the instance id that was started along with the id of the app that is running it. From that point on, any request targeted at that process instance will be handled by the same java app.
Similarly, within the java app there is a hash table that links the instance id to the thread number that started the instance, and all operations on that instance are handled by that thread.
As long as the jBPM tables are indexed on all foreign keys (and, if necessary, configured for row locking) the threads can operate on the database without stepping on each other.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4249943#4249943
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4249943
16 years, 10 months