[JBoss Web Services] - Security domain for JMS authentication is blacklisted when implementation is in EAR
by Martin Hynar
Martin Hynar [http://community.jboss.org/people/martin.hynar] created the discussion
"Security domain for JMS authentication is blacklisted when implementation is in EAR"
To view the discussion, visit: http://community.jboss.org/message/579220#579220
--------------------------------------------------------------
Hello everyone,
there is an interresting problem with security domain used to authenticate users connecting to JMS resources. The thing is that, there is custom implementation of authentication module (more constraints required) and a configuration of login-module that references this implementation.
<application-policy name="CustomSecurityDomain">
<authentication>
<login-module code="custom.authentication.LoginModule" flag="required">
<!-- some module options ... -->
</login-module>
</authentication>
</application-policy>
The class custom.authentication.LoginModule sits within EAR. Then this authentication module is configured to be used by JMS authentication:
<bean name="SecurityStore" class="org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore">
<!-- default security configuration -->
<property name="defaultSecurityConfig">
<![CDATA[
<security>
<role name="jmsrole" read="true" write="true" create="true"/>
</security>
]]>
</property>
<property name="securityDomain">CustomSecurityDomain</property>
<property name="securityManagement"><inject bean="JNDIBasedSecurityManagement"/></property>
<!-- @JMX annotation to export the management view of this bean -->
<annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=SecurityStore",exposedInterface=org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStoreMBean.class)</annotation>
<!-- Password Annotation to inject the password from the common password utility -->
<annotation>@org.jboss.security.integration.password.Password(securityDomain=suckerPassword,methodName=setSuckerPassword)</annotation>
</bean>
With this setup, the authentication always fails and by debugging (I probably have wrong logging levels set) it is known that CustomSecurityDomain is on blacklist. When the custom.authentication.LoginModule is separated into separate jar and deployed on its own, then everything (authentication) work just fine, but then there are different reasons that prevent usage of this setup. Did somebody faced problem like this? Any solution or advice is welcome!
thanks, Martin
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/579220#579220]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
15 years, 3 months
[JBoss Web Services] - Masking password for SSL configuration
by Martin Hynar
Martin Hynar [http://community.jboss.org/people/martin.hynar] created the discussion
"Masking password for SSL configuration"
To view the discussion, visit: http://community.jboss.org/message/579216#579216
--------------------------------------------------------------
Hello everyone,
I am fighting with problem that I need to mask password in SSL configuration for JMS (but, it will be the same for any other use). I have the following configuration now:
<mbean code="org.jboss.remoting.security.SSLSocketBuilder"
name="jboss.messaging:service=SocketBuilder,type=SSL"
display-name="SSL Server Socket Factory Builder">
<!--
IMPORTANT - If making ANY customizations, this MUST be set to false.
Otherwise, will used default settings and the following attributes will be ignored.
-->
<attribute name="UseSSLServerSocketFactory">false</attribute>
<!-- The protocol for the SSLContext. Default is TLS. -->
<attribute name="SecureSocketProtocol">TLS</attribute>
<!-- This is the url string to the key store to use -->
<attribute name="KeyStoreURL">${jboss.server.config.url}/keystore</attribute>
<!-- The password for the key store -->
<attribute name="KeyStorePassword">password</attribute>
<!-- The password for the keys (will use KeystorePassword if this is not set explicitly. -->
<!--attribute name="KeyPassword">secureexample</attribute-->
<!-- The algorithm for the key manager factory. Default is SunX509. -->
<attribute name="KeyStoreAlgorithm">SunX509</attribute>
<!-- The type to be used for the key store. -->
<attribute name="KeyStoreType">JKS</attribute>
</mbean>
However, I am not happy from the plain text password dirrectly written to the configuration file. What I would invite here is one of the following approaches:
1. Masked password, as recommended for JMS sucker password (JBoss Security Guide, chapter 16)
2. Encrypted database password as possible with org.jboss.resource.security.SecureIdentityLoginModule in login-config.xml (JBoss Security Guide, chapter 17)
3. Encrypted, file based password as possible in jbossweb server configuration (however, this is only security by obscurity which is not the right one). (Details in JBoss Security Guide, chapter 18).
Does somebody know, how to secure the password in SSL config to avoid plan text form? And if possible, also in jbossweb, to avoid security by obscurity.
thanks, Martin
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/579216#579216]
Start a new discussion in JBoss Web Services at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
15 years, 3 months
[jBPM] - JBPM5 -CR1- demo example form exception
by bpmn2 user
bpmn2user [http://community.jboss.org/people/bpmn2user] created the discussion
"JBPM5 -CR1- demo example form exception"
To view the discussion, visit: http://community.jboss.org/message/578514#578514
--------------------------------------------------------------
Following error gets generated in mina server while completing the form 'Start Performance Evaluation' for the sample com.sample.evaluation.
None of the news tasks are shown in Tasks->Personal tasks
Any comments?
[java] [2011:01:03 22:01:29:debug] Arguments : [org.jbpm.task.event.TaskEve
ntKey@ac37540, false, org.drools.process.workitem.wsht.WSHumanTaskHandler]
[java] [2011:01:03 22:01:76:debug] Message receieved on server : AddTaskReq
uest
[java] [2011:01:03 22:01:76:debug] Arguments : [org.jbpm.task.Task@23f66542
, null]
[java] [2011:01:03 22:01:139:exception] Error while commiting the transacti
on
[java] javax.persistence.RollbackException: Error while commiting the trans
action
[java] at org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java
:71)
[java] at org.jbpm.task.service.TaskServiceSession.doOperationInTransac
tion(TaskServiceSession.java:716)
[java] at org.jbpm.task.service.TaskServiceSession.addTask(TaskServiceS
ession.java:134)
[java] at org.jbpm.task.service.TaskServerHandler.
.....
[java] Caused by: org.h2.jdbc.JdbcBatchUpdateException: Referential integri
ty constraint violation: "FK27A9A59E619A0: PUBLIC.TASK FOREIGN KEY(CREATEDBY_ID)
REFERENCES PUBLIC.ORGANIZATIONALENTITY(ID)"; SQL statement:
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFil
ter.messageReceived(DefaultIoFilterChain.java:713)
[java] update Task set allowedToDelegate=?, taskInitiator_id=?, priority=?,
activationTime=?, actualOwner_id=?, createdBy_id=?, createdOn=?, documentAccess
Type=?, documentContentId=?, documentType=?, expirationTime=?, faultAccessType=?
, faultContentId=?, faultName=?, faultType=?, outputAccessType=?, outputContentI
d=?, outputType=?, parentId=?, previousStatus=?, skipable=?, status=?, workItemI
d=? where id=? [23002-124]
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNex
tMessageReceived(DefaultIoFilterChain.java:434)
[java] at org.h2.jdbc.JdbcPreparedStatement.executeBatch(JdbcPreparedSt
atement.java:1082)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$
1200(DefaultIoFilterChain.java:46)
[java] at org.hibernate.jdbc.BatchingBatcher.doExecuteBatch(BatchingBat
cher.java:70)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryIm
pl$1.messageReceived(DefaultIoFilterChain.java:793)
[java] at org.hibernate.jdbc.AbstractBatcher.executeBatch(AbstractBatch
er.java:268)
[java] at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDeco
derOutputImpl.flush(ProtocolCodecFilter.java:375)
[java] ... 37 more
[java] at org.apache.mina.filter.codec.ProtocolCodecFilter.messageRecei
ved(ProtocolCodecFilter.java:229)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNex
tMessageReceived(DefaultIoFilterChain.java:434)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$
1200(DefaultIoFilterChain.java:46)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryIm
pl$1.messageReceived(DefaultIoFilterChain.java:793)
[java] at org.apache.mina.filter.logging.LoggingFilter.messageReceived(
LoggingFilter.java:176)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNex
tMessageReceived(DefaultIoFilterChain.java:434)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$
1200(DefaultIoFilterChain.java:46)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryIm
pl$1.messageReceived(DefaultIoFilterChain.java:793)
[java] at org.apache.mina.core.filterchain.IoFilterAdapter.messageRecei
ved(IoFilterAdapter.java:119)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNex
tMessageReceived(DefaultIoFilterChain.java:434)
[java] at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMes
sageReceived(DefaultIoFilterChain.java:426)
[java] at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(
AbstractPollingIoProcessor.java:638)
[java] at org.apache.mina.core.polling.AbstractPollingIoProcessor.proce
ss(AbstractPollingIoProcessor.java:598)
[java] at org.apache.mina.core.polling.AbstractPollingIoProcessor.proce
ss(AbstractPollingIoProcessor.java:587)
[java] at org.apache.mina.core.polling.AbstractPollingIoProcessor.acces
s$400(AbstractPollingIoProcessor.java:61)
[java] at org.apache.mina.core.polling.AbstractPollingIoProcessor$Proce
ssor.run(AbstractPollingIoProcessor.java:969)
[java] at org.apache.mina.util.NamePreservingRunnable.run(NamePreservin
gRunnable.java:64)
[java] at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Thread
PoolExecutor.java:886)
[java] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPool
Executor.java:908)
[java] at java.lang.Thread.run(Thread.java:662)
[java] Caused by: org.hibernate.exception.ConstraintViolationException: Cou
ld not execute JDBC batch update
[java] at org.hibernate.exception.SQLStateConverter.convert(SQLStateCon
verter.java:94)
[java] at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExcep
tionHelper.java:66)
[java] at org.hibernate.jdbc.AbstractBatcher.executeBatch(AbstractBatch
er.java:275)
[java] at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.j
ava:266)
[java] at org.hibernate.engine.ActionQueue.executeActions(ActionQueue.j
ava:168)
[java] at org.hibernate.event.def.AbstractFlushingEventListener.perform
Executions(AbstractFlushingEventListener.java:321)
[java] at org.hibernate.event.def.DefaultFlushEventListener.onFlush(Def
aultFlushEventListener.java:50)
....
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/578514#578514]
Start a new discussion in jBPM at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
15 years, 3 months
[jBPM] - Human.task startup errors
by Uri Kimchi
Uri Kimchi [http://community.jboss.org/people/kimchiuri] created the discussion
"Human.task startup errors"
To view the discussion, visit: http://community.jboss.org/message/578187#578187
--------------------------------------------------------------
Hi,
I just started with JBPM and I have problems with Human.Task. when eunning the "Ant start.human.task" I get the following messages.
BTW: I followed the instrution to copy "slf4j-1.6.1\slf4j-jdk14-1.6.1.jar" to the runtine dir but it dinet help.
10x Uri,
Buildfile: C:\jbpm\build.xml
start.human.task:
[javac] C:\jbpm\build.xml:525: warning: 'includeantruntime' was not set, defaulting to build.sysclasspath=last; set to false for repeatable builds
[javac] Compiling 1 source file to C:\jbpm\task-service\target
[javac] javac: invalid flag: -Xlint:unchecked
[javac] Usage: javac <options> <source files>
[javac] where possible options include:
[javac] -g Generate all debugging info
[javac] -g:none Generate no debugging info
[javac] -g:{lines,vars,source} Generate only some debugging info
[javac] -nowarn Generate no warnings
[javac] -verbose Output messages about what the compiler is doing
[javac] -deprecation Output source locations where deprecated APIs are used
[javac] -classpath <path> Specify where to find user class files
[javac] -sourcepath <path> Specify where to find input source files
[javac] -bootclasspath <path> Override location of bootstrap class files
[javac] -extdirs <dirs> Override location of installed extensions
[javac] -d <directory> Specify where to place generated class files
[javac] -encoding <encoding> Specify character encoding used by source files
[javac] -source <release> Provide source compatibility with specified release
[javac] -target <release> Generate class files for specific VM version
[javac] -help Print a synopsis of standard options
[javac]
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/578187#578187]
Start a new discussion in jBPM at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
15 years, 3 months