[JBoss JIRA] (SRAMP-384) Add validation for password in overlord commons installer
by David virgil naranjo (JIRA)
[ https://issues.jboss.org/browse/SRAMP-384?page=com.atlassian.jira.plugin.... ]
David virgil naranjo commented on SRAMP-384:
--------------------------------------------
I found a solution. Is this:
-It is not possible to modify a ENV variable in the same thread execution. It is possible to create another java thread execution and modify the env variable, BUT in that case, the System.console() is null...
My solution has been drastic! And it is this:
-Copy the class AddPropertiesUser from jboss-as-domain-management jar.
-Modify the class and add a parameter --jboss_home.
-In case the parameter is set, then take the jboss home from there instead of ENV VARS.
Are there more reasons to modify the jboss-as main? Yes:
-When there is an ErrorState in the jboss implementation not always is thrown a RuntimeException or Exception. It is only displayed an error message, but the execution continues as it has been well created the user. This is the case of introducing a password "david".
-In other cases it is thrown a RuntimeException, for instance in case you introduced a password with the same value as the user, for instance 'admin' 'admin'.
In the change I have done, when the state is ErrorState, i always throw a RuntimeException.
In the next comment you can see how would be the execution of the s-ramp-installer:
> Add validation for password in overlord commons installer
> ---------------------------------------------------------
>
> Key: SRAMP-384
> URL: https://issues.jboss.org/browse/SRAMP-384
> Project: S-RAMP
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Eric Wittmann
> Assignee: David virgil naranjo
> Fix For: 0.5.0 - API Management
>
>
> Currently the overlord commons installer is responsible for doing all security related work. This includes creating the overlord 'admin' user and configured a password for this user. The installer prompts the user for this password and then passes whatever the user entered to the JBoss EAP add-user utility. This utility will fail if the password does not meet certain standards. However, the utility fails without failing the overall install.
> The installer should do its own validation of the password entered by the user so that this silent failure doesn't happen. Also note that the password input and validation should happen before anything else security related gets installed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months
[JBoss JIRA] (RTGOV-374) Support for JPA ActivityStore
by Gary Brown (JIRA)
[ https://issues.jboss.org/browse/RTGOV-374?page=com.atlassian.jira.plugin.... ]
Gary Brown commented on RTGOV-374:
----------------------------------
Using JNDI to obtain the datasource would be fine in all environments we are likely to support. I guess the only issue is how complex it will be for a user to setup a datasource - but that would be outside the scope of rtgov, and a general issue for any fuse/karaf user wanting to use a database. So this approach is fine with me.
In terms of programmatic EntityManager vs EE container managed - I think the issue is when we want to deploy to tomcat/jetty and I guess Karaf, that this would not be supported?
> Support for JPA ActivityStore
> -----------------------------
>
> Key: RTGOV-374
> URL: https://issues.jboss.org/browse/RTGOV-374
> Project: RTGov (Run Time Governance)
> Issue Type: Sub-task
> Reporter: Gary Brown
> Assignee: Brett Meyer
> Fix For: 2.0.0.Final
>
> Original Estimate: 2 weeks
> Remaining Estimate: 2 weeks
>
> Need to be able to use JPAActivityStore within Karaf/OSGi environment, with different databases (e.g. h2, mysql etc)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months
[JBoss JIRA] (RTGOV-374) Support for JPA ActivityStore
by Brett Meyer (JIRA)
[ https://issues.jboss.org/browse/RTGOV-374?page=com.atlassian.jira.plugin.... ]
Brett Meyer commented on RTGOV-374:
-----------------------------------
[~objectiser], here's a few thoughts.
Rather than create our own datasources, like activity-store-jpa-h2, could you require users to include the full JNDI service name (ex: "java:jboss/datasources/MyDataSource") within the rtgov configuration? This would allow more control, the reuse of existing datasources, etc., in addition to preventing the maintenance of datasource modules for every type of DB we need to support, as well as not restricting the types possible.
Alternatively, we could also allow users to provide a hibernate.properties or hibernate.cfg.xml, rather than JTA datasources. That could certainly be in addition to the above.
If that sort of capability is desirable, we'd probably need to stick with programmatically creating the EntityManager, ala JPAActivityStore, rather than manually calling out the datasource in the persistence.xml and relying on EE's container-managed @PersistenceContext (ala JPASituationStore).
> Support for JPA ActivityStore
> -----------------------------
>
> Key: RTGOV-374
> URL: https://issues.jboss.org/browse/RTGOV-374
> Project: RTGov (Run Time Governance)
> Issue Type: Sub-task
> Reporter: Gary Brown
> Assignee: Brett Meyer
> Fix For: 2.0.0.Final
>
> Original Estimate: 2 weeks
> Remaining Estimate: 2 weeks
>
> Need to be able to use JPAActivityStore within Karaf/OSGi environment, with different databases (e.g. h2, mysql etc)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months
[JBoss JIRA] (RTGOV-406) Remove report server and SLA report example in Karaf distribution and deprecate in EAP
by Gary Brown (JIRA)
[ https://issues.jboss.org/browse/RTGOV-406?page=com.atlassian.jira.plugin.... ]
Gary Brown updated RTGOV-406:
-----------------------------
Summary: Remove report server and SLA report example in Karaf distribution and deprecate in EAP (was: Deprecate report server and SLA report example in Karaf distribution)
Description:
Remove support for reports and the SLA report quickstart, from the Karaf distribution, and deprecate in the EAP distribution.
More comprehensive reporting capabilities can be provided using Karaf.
was:
Remove support for reports and the SLA report quickstart, from the Karaf distribution.
More comprehensive reporting capabilities can be provided using Karaf.
> Remove report server and SLA report example in Karaf distribution and deprecate in EAP
> --------------------------------------------------------------------------------------
>
> Key: RTGOV-406
> URL: https://issues.jboss.org/browse/RTGOV-406
> Project: RTGov (Run Time Governance)
> Issue Type: Sub-task
> Reporter: Gary Brown
> Assignee: Gary Brown
> Fix For: 2.0.0.Final
>
> Original Estimate: 1 day
> Remaining Estimate: 1 day
>
> Remove support for reports and the SLA report quickstart, from the Karaf distribution, and deprecate in the EAP distribution.
> More comprehensive reporting capabilities can be provided using Karaf.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months
[JBoss JIRA] (RTGOV-406) Deprecate report server and SLA report example in Karaf distribution
by Gary Brown (JIRA)
[ https://issues.jboss.org/browse/RTGOV-406?page=com.atlassian.jira.plugin.... ]
Gary Brown updated RTGOV-406:
-----------------------------
Summary: Deprecate report server and SLA report example in Karaf distribution (was: Update Karaf samples sla report to access activity store)
Description:
Remove support for reports and the SLA report quickstart, from the Karaf distribution.
More comprehensive reporting capabilities can be provided using Karaf.
was:
Reports are now supported, but the SLA report sample needed to be simplified as it was based on using the JPA version of Activity Store.
Once JPA ActivityStore supported in Karaf, then the full example could be added back in.
> Deprecate report server and SLA report example in Karaf distribution
> --------------------------------------------------------------------
>
> Key: RTGOV-406
> URL: https://issues.jboss.org/browse/RTGOV-406
> Project: RTGov (Run Time Governance)
> Issue Type: Sub-task
> Reporter: Gary Brown
> Assignee: Gary Brown
> Fix For: 2.0.0.Final
>
> Original Estimate: 1 day
> Remaining Estimate: 1 day
>
> Remove support for reports and the SLA report quickstart, from the Karaf distribution.
> More comprehensive reporting capabilities can be provided using Karaf.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months
[JBoss JIRA] (SRAMP-384) Add validation for password in overlord commons installer
by David virgil naranjo (JIRA)
[ https://issues.jboss.org/browse/SRAMP-384?page=com.atlassian.jira.plugin.... ]
David virgil naranjo commented on SRAMP-384:
--------------------------------------------
The implementation I have started and almost finish is this:
Create a custom Ant task that using the System.console() ask the user for the password/confirming password and try to call the AddUser Jboss Main method. If there is any exception then the program display the message and ask for password again:
- Password Validation Exception
- User already inserted
...
Here I found a problem. We need a Ant Local JBOSS_HOME environment variable:
- Inside of the code of jboss-as-domain-management jar, it uses this environment variable to read where is the instance of Jboss AS.
I took several looks to google and there is no way to set a not durable environment variable.
In Ant the only way to modify the env variable is throw the Java Ant task. But using the Java Ant task the System.console() is not available... also I checked this.
Then I thought to create the loop that I did in Java using something similar in the ant build, but there is not a tag do/while in Ant.
Any suggestion?
> Add validation for password in overlord commons installer
> ---------------------------------------------------------
>
> Key: SRAMP-384
> URL: https://issues.jboss.org/browse/SRAMP-384
> Project: S-RAMP
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Eric Wittmann
> Assignee: David virgil naranjo
> Fix For: 0.5.0 - API Management
>
>
> Currently the overlord commons installer is responsible for doing all security related work. This includes creating the overlord 'admin' user and configured a password for this user. The installer prompts the user for this password and then passes whatever the user entered to the JBoss EAP add-user utility. This utility will fail if the password does not meet certain standards. However, the utility fails without failing the overall install.
> The installer should do its own validation of the password entered by the user so that this silent failure doesn't happen. Also note that the password input and validation should happen before anything else security related gets installed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months
[JBoss JIRA] (RTGOV-418) Bulk event processor capability
by Gary Brown (JIRA)
[ https://issues.jboss.org/browse/RTGOV-418?page=com.atlassian.jira.plugin.... ]
Gary Brown updated RTGOV-418:
-----------------------------
Fix Version/s: 2.1.0.Final
(was: 2.0.0.Final)
> Bulk event processor capability
> -------------------------------
>
> Key: RTGOV-418
> URL: https://issues.jboss.org/browse/RTGOV-418
> Project: RTGov (Run Time Governance)
> Issue Type: Feature Request
> Components: Event Processor
> Reporter: Gary Brown
> Assignee: Gary Brown
> Fix For: 2.1.0.Final
>
>
> Currently the EventProcessor implementations are invoked to process individual events that pass an optional predicate.
> For some EventProcessor implementations, it may be more efficient to deal with a group of events at the same time.
> There are two ways that this could be dealt with:
> (a) maintain the single processing approach, and the implementation builds up the state locally - and potentially uses the txn commit as an indication to record the events - although means maintaining state against the txn/thread.
> (b) extend the event processor API to enable a collection of events (that have passed the predicate) to be provided in one go - it would then return a set of those events that need to be retried.
> Current preference is for (b), as it does not require any reliance on txn or maintaining state.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months
[JBoss JIRA] (RTGOV-436) Message creator
by Gary Brown (JIRA)
Gary Brown created RTGOV-436:
--------------------------------
Summary: Message creator
Key: RTGOV-436
URL: https://issues.jboss.org/browse/RTGOV-436
Project: RTGov (Run Time Governance)
Issue Type: Feature Request
Reporter: Gary Brown
Assignee: Gary Brown
Fix For: 2.1.0.Final
Allow user to create a new message from scratch, with support for validation if schema is available - will require the selection of the target service and operation.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
10 years, 5 months