[Security] - Re: How to set EJBContext callerPrincipal from LoginModule?
by hosier.david
I got this idea from the FAQ that is listed in the sticky post at the top of this forum, and it worked for me. This idea presumes that the recommendation is followed to create a CallerPrincipal group in getRoleSets() and add your custom principal as a member of that group.
| Principal callerPrincipal = null;
| try {
| Subject caller = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
| for (Principal p : caller.getPrincipals()) {
| if (p.getName().equals("CallerPrincipal")) {
| Group g = (Group)p;
| callerPrincipal = g.members().nextElement();
| }
| }
| } catch (Exception e) {
| log.error("Error accessing Subject", e);
| }
|
Obviously the code could be enhanced to recognize whatever groups you might use or to check the Principal type instead of just assuming there is one principal in a specific group.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4251329#4251329
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4251329
16 years, 8 months
[Spring Integration] - Can't get a reference to parent context.
by Crucifix
I've got an EAR deployment with multiple JARs - each JAR contains its own Spring context via jboss-spring.xml files. The challenge I'm facing is that I want my main application to be able to instantiate Spring beans from these child contexts.
Now, I haven't a lot of experience with Spring, but I'm assuming that through the parent/child hierarchy of contexts (using 'BeanFactory=(xxx) and ParentBeanFactory=(xxx)'), the children can get beans from the parent, but not vice versa.
That doesn't work for me - I need access to those beans, so I'm trying to register the child beans directly into the parent context using a BeanPostProcessor that finds the parent and stuffs it in there instead.
Maybe this isn't such a good idea (could be other dependency issues?), but that's beside the point. :) The trouble is, I can't get a reference to the parent context... NamedXmlApplicationContext.getParent() always returns null.
I wrote a simple ApplicationListener (see below) to dump out all my beans and their context name. It also logs the parent context name for the given context, if it's there, but it never is (see log output below).
Note that if I change my module order, I get errors in the child context that the parent BeanFactory is not bound, so I know that in my normal setup, my parent is definitely being registered (I also see it in the JNDI tree).
| @Component
| public class SpringContextListener implements ApplicationListener {
| private static final Logger logger = Logger.getLogger(SpringContextListener.class);
|
| public void onApplicationEvent(ApplicationEvent applicationEvent) {
| if (logger.isTraceEnabled()) {
| if (applicationEvent.getSource() instanceof NamedXmlApplicationContext) {
| NamedXmlApplicationContext context = (NamedXmlApplicationContext) applicationEvent.getSource();
| NamedXmlApplicationContext parentContext = (NamedXmlApplicationContext) context.getParent();
| String[] registeredBeans = context.getBeanDefinitionNames();
|
| for (String bean : registeredBeans) {
| if (parentContext == null) {
| logger.trace(String.format("Spring Bean (%s,NoParent): %s", context.getName(), bean));
| } else {
| logger.trace(String.format("Spring Bean (%s,%s): %s", context.getName(), parentContext.getName(), bean));
| }
| }
| }
| }
| }
| }
|
Log output:
| 2009-08-24 15:32:48,956 TRACE [com.mydomain.listeners.SpringContextListener] Spring Bean (DiagnosticPlugin-BeanFactory,NoParent): org.springframework.context.annotation.internalPersistenceAnnotationProcessor
| 2009-08-24 15:32:48,962 TRACE [com.mydomain.listeners.SpringContextListener] Spring Bean (DiagnosticPlugin-BeanFactory,NoParent): org.springframework.context.annotation.internalCommonAnnotationProcessor
| 2009-08-24 15:32:48,968 TRACE [com.mydomain.listeners.SpringContextListener] Spring Bean (DiagnosticPlugin-BeanFactory,NoParent): org.springframework.context.annotation.internalAutowiredAnnotationProcessor
| 2009-08-24 15:32:48,974 TRACE [com.mydomain.listeners.SpringContextListener] Spring Bean (DiagnosticPlugin-BeanFactory,NoParent): org.springframework.context.annotation.internalRequiredAnnotationProcessor
|
| ... etc ...
|
Description for parent jboss-spring.xml:
| <description>BeanFactory=(Main-BeanFactory)</description>
|
Description for child jboss-spring.xml:
| <description>BeanFactory=(DiagnosticPlugin-BeanFactory) ParentBeanFactory=(Main-BeanFactory)</description>
|
Any ideas on what I've done wrong, and how I can gain access to the parent context?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4251327#4251327
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4251327
16 years, 8 months
[Persistence] - Re: Application Scoped datasources
by henk53
"PeterJ" wrote : 1) By restricting who has access to the production server (only the sysadmin is allowed to deploy apps to production) and by using code reviews to make sure that no developer write a datasource fishing app. For really secure environments, an app server instance per app is also used.
|
Those are indeed the two most commonly used methods. I don't think that Java EE was really designed for a kind of 'shared hosting' scenario where applications that are potentially hostile to each other should be protected. The app server is not exactly a replacement for a fully multitasking protected/supervisor mode OS.
By using an app server per app you're basically piggy backing on the process security model of your operating system. There are some variants here. In the most basic setup you run every app server on the same account. Theoretically, apps could still mess with other apps via the file system, although they can't access each other's address space directly. So, the next level is running each app server using different user accounts for each.
Another option that's gaining in popularity lately is running an app server per OS instance on a hypervisor (XEN, VMWare, etc). This provides the maximum isolation possible on a single piece of hardware. It has certain other management advantages too, like separating ports being used, dedicating memory, dedicating cores, etc.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4251321#4251321
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4251321
16 years, 8 months
[EJB 3.0 Users] - Re: persistence-context-ref always yields same object instan
by henk53
"jaikiran" wrote : Looking into the way this is handled, this appears to be an issue with the web layer where the ENC injections happen only once (during the start). Effectively, the EntityManager is injected once into the ENC of that component. The spec says:
|
| anonymous wrote : In general, lookups of objects in the JNDI java: namespace are required to return a new instance of the requested object every time. Exceptions are allowed for the following:
| |
| | The container knows the object is immutable (for example, objects of type java.lang.String), or knows that the application cannot change the state of the object.
| |
| | The object is defined to be a singleton, such that only one instance of the object may exist in the JVM.
| |
| | The name used for the lookup is defined to return an instance of the object that might be shared. The name java:comp/ORB is such a name.
| |
|
| So this looks like a bug to me. Could you please create an issue in JBAS here https://jira.jboss.org/jira/browse/JBAS
Sure, no problem. Thanks for verifying.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4251319#4251319
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4251319
16 years, 8 months
[JBoss AOP Users] - Re: Deploy AOP to jboss 5.1
by kgreenejpmc
I resolved the classnotfound error. The aop is being applied to the injbossaop example as I see the output below.
Still trying to figure out why the aop for my classes are not being applied. Is there something different that needs to be done if the aop is being triggered via an annotation? If you have any insights, it would be most appreciated. The annotation, aspect and jboss-aop.xml is in previous replies.
17:52:19,670 INFO [STDOUT] **** ExampleValue empty Constructor
17:52:19,717 INFO [STDOUT] <<< Entering SimpleInterceptor:
invocation class: org.jboss.injbossaop.lib.JoinPoint_getMessage5353407034680111516_1
type: Method Invocation
method: getMessage
Class containing method: org.jboss.injbossaop.lib.ExampleValue
17:52:19,717 INFO [STDOUT] **** ExampleValue.getMessage()
17:52:19,717 INFO [STDOUT] >>> Leaving SimpleInterceptor
17:54:08,753 INFO [STDOUT] <<< Entering SimpleInterceptor:
invocation class: org.jboss.injbossaop.web.JoinPoint_service8586428322187484014_2
type: Method Invocation
method: service
Class containing method: org.jboss.injbossaop.web.BasicExampleServlet
17:54:08,769 INFO [STDOUT] **** BasicExampleServlet.service()
17:54:08,816 INFO [STDOUT] <<< Entering SimpleInterceptor:
invocation class: org.jboss.injbossaop.lib.JoinPoint_constructor_ExampleValue_1_3
type: Constructor Invocation
constructor: public org.jboss.injbossaop.lib.ExampleValue(java.lang.String)
17:54:08,816 INFO [STDOUT] **** ExampleValue String Constructor
17:54:08,816 INFO [STDOUT] >>> Leaving SimpleInterceptor
17:54:08,910 INFO [STDOUT] <<< Entering SimpleInterceptor:
invocation class: org.jboss.injbossaop.lib.JoinPoint_getMessage5353407034680111516_1
type: Method Invocation
method: getMessage
Class containing method: org.jboss.injbossaop.lib.ExampleValue
17:54:08,910 INFO [STDOUT] **** ExampleValue.getMessage()
17:54:08,910 INFO [STDOUT] >>> Leaving SimpleInterceptor
17:54:08,910 INFO [STDOUT] >>> Leaving SimpleInterceptor
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4251318#4251318
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4251318
16 years, 8 months