December 2009 - seam-issues - Jboss List Archives

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3890) Update the samples to user "credentials" instead of "identity"

by Denis Forveille (JIRA)

Update the samples to user "credentials" instead of "identity" -------------------------------------------------------------- Key: JBSEAM-3890 URL: https://jira.jboss.org/jira/browse/JBSEAM-3890 Project: Seam Issue Type: Bug Components: Documentation Issues, Security Affects Versions: 2.1.1.GA Reporter: Denis Forveille Priority: Minor In the security chapters, section 15.3.2 and 15.3.3, the code snippets use the "Credentials" class to store the username and the password of the user that is performing a login. The samples still use the "old" (?) way, ie use the identity class to store this data, at leat for the "blog", "booking", "dvdstore", etc... It seems that not one sample use the "Cedentials" class -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
4
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3942) LdapIdentityStore should crypt password

by Raimund Hölle (JIRA)

LdapIdentityStore should crypt password --------------------------------------- Key: JBSEAM-3942 URL: https://jira.jboss.org/jira/browse/JBSEAM-3942 Project: Seam Issue Type: Feature Request Components: Security Affects Versions: 2.1.1.GA, 2.1.1.CR2, 2.1.1.CR1, 2.1.0.SP1 Reporter: Raimund Hölle Priority: Minor LdapIdentityStore.changePassword() stores the new password always as plain text in the LDAP database. To allow crypted passwords, i suggest the following modifications: New bean properties (along with getter / setter): private String passwordCryptAlgorithm = "SHA"; // Or "" for plain text, "MD5", ... private String passwordEncoding = "UTF-8"; Extend changePassword() by one additional line: public boolean changePassword(String name, String password) { InitialLdapContext ctx = null; try { ctx = initialiseContext(); // crypt password if not already done password = cryptPwIfNeeded(password); BasicAttribute passwordAttrib = new BasicAttribute(getUserPasswordAttribute(), password); New Helpers method: private Pattern cryptedPwRegexp = Pattern.compile("^[{].+[}].+"); private String cryptPwIfNeeded(String password) { // only crypt if requested by algorithm and not already done! if (getPasswordCryptAlgorithm() != null && ! getPasswordCryptAlgorithm().equals("") && ! cryptedPwRegexp.matcher(password).matches()) { try { MessageDigest md; md = MessageDigest.getInstance(getPasswordCryptAlgorithm()); md.reset(); md.update(password.getBytes(getPasswordEncoding())); byte[] result = md.digest(); password = "{" + getPasswordCryptAlgorithm() + "}" + (new BASE64Encoder()).encode(result); } catch ( NoSuchAlgorithmException e ) { throw new IdentityManagementException( "Configuration problem - can not crypt password with algorithm " + getPasswordCryptAlgorithm(), e); } catch ( UnsupportedEncodingException e ) { throw new IdentityManagementException( "Configuration problem - can not encode password with " + getPasswordEncoding(), e); } } return password; } Many regards, Raimund -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
4
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-4427) JpaPermissionStore: Auto-detect discriminator value if rolePermissionClass is set

by Alexander Galanin (JIRA)

JpaPermissionStore: Auto-detect discriminator value if rolePermissionClass is set --------------------------------------------------------------------------------- Key: JBSEAM-4427 URL: https://jira.jboss.org/jira/browse/JBSEAM-4427 Project: Seam Issue Type: Feature Request Components: Security Affects Versions: 2.2.0.GA Reporter: Alexander Galanin Priority: Minor Currently discriminatorValue auto-detected only if rolePermissionClass is null. I propose to modify JpaPermissionStore::initProperties() to allow auto-detection of discriminatorValue if discriminatorProperty is null. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
3
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-4456) Support for reloading classpath security.drl

by Miloslav Vlach (JIRA)

Support for reloading classpath security.drl -------------------------------------------- Key: JBSEAM-4456 URL: https://jira.jboss.org/jira/browse/JBSEAM-4456 Project: Seam Issue Type: Feature Request Components: Drools Affects Versions: 2.2.0.GA Environment: Drools without BRMS Reporter: Miloslav Vlach Attachments: RuleAgent.java.patch.zip I need to enable reloading *.drl files located in classpath. The attribute files load only files typed in absolute path form. <security:rule-based-permission-resolver security-rules="#{ruleAgent}" /> <security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true" /> <drools:rule-agent name="ruleAgent" files="classpath:///security.drl classpath:///security2.drl" local-cache-dir="/tmp/" poll="5"/> <drools:managed-working-memory name="policyPricingWorkingMemory" auto-create="true" rule-base="#{ruleAgent}" /> More info at http://www.bpsolutions.cz/blog/-/blogs/reloadable-drools-jboss-rules-secu... -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
5
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-4326) Allow to specify a directory with rule resources to Seam RuleBase

by Tihomir Surdilovic (JIRA)

Allow to specify a directory with rule resources to Seam RuleBase ----------------------------------------------------------------- Key: JBSEAM-4326 URL: https://jira.jboss.org/jira/browse/JBSEAM-4326 Project: Seam Issue Type: Feature Request Affects Versions: 2.2.0.CR1 Reporter: Tihomir Surdilovic Currently org.jboss.seam.drools.RuleBase allows to add a list of rule resources individually, for example: -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

4
9
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3738) Maven example for Seam

by Anthony Whitford (JIRA)

Maven example for Seam ---------------------- Key: JBSEAM-3738 URL: https://jira.jboss.org/jira/browse/JBSEAM-3738 Project: Seam Issue Type: Feature Request Components: Examples Affects Versions: 2.1.0.SP1 Reporter: Anthony Whitford In absence of a Maven Archetype for Seam, please add a Maven example project for Seam. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

2
6
0 / 0

[JBoss JIRA] Created: (JBSEAM-4506) Seam GWTService is incompatible with GWT 2.0

by Szaby GrÃ¼nwald (JIRA)

Seam GWTService is incompatible with GWT 2.0 -------------------------------------------- Key: JBSEAM-4506 URL: https://jira.jboss.org/jira/browse/JBSEAM-4506 Project: Seam Issue Type: Bug Components: GWT, Remoting Affects Versions: 2.2.0.GA Environment: Ubuntu 9.10 x64, Java 6, Seam 2.2.0 GA, GWT 2.0, Firefox 3.5.5 Reporter: Szaby GrÃ¼nwald The example application at examples/remoting/gwt throws IncompatibleRemoteServiceException There seem to be a hint here: http://seamframework.org/Community/GWTTrunkWithSeamRemoting ERROR An IncompatibleRemoteServiceException was thrown while processing this call. com.google.gwt.user.client.rpc.IncompatibleRemoteServiceException: Parameter 0 of is of an unknown type 'java.lang.String/2004016611' at org.jboss.seam.remoting.gwt.GWTService.RPC_decodeRequest(GWTService.java:426) at org.jboss.seam.remoting.gwt.GWTService.processCall(GWTService.java:203) at org.jboss.seam.remoting.gwt.GWTService$1.process(GWTService.java:120) at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53) at org.jboss.seam.remoting.gwt.GWTService.getResource(GWTService.java:105) at org.jboss.seam.servlet.SeamResourceServlet.service(SeamResourceServlet.java:80) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:40) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:178) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:290) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:368) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:495) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at kiwi.extension.CheckSetupFilter.doFilter(CheckSetupFilter.java:111) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at kiwi.servlet.FacebookUserFilter.doFilter(FacebookUserFilter.java:102) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.ClassNotFoundException: java.lang.String/2004016611 at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at org.jboss.seam.remoting.gwt.GWTService.RPC_getClassFromSerializedName(GWTService.java:479) at org.jboss.seam.remoting.gwt.GWTService.RPC_decodeRequest(GWTService.java:422) ... 50 more -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

7
6
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-4260) Drools5 API

by Tihomir Surdilovic (JIRA)

Drools5 API ----------- Key: JBSEAM-4260 URL: https://jira.jboss.org/jira/browse/JBSEAM-4260 Project: Seam Issue Type: Feature Request Reporter: Tihomir Surdilovic Seam components to use Drools5 API. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
5
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-4350) Enable/Disable a Role

by Sand Lee (JIRA)

Enable/Disable a Role --------------------- Key: JBSEAM-4350 URL: https://jira.jboss.org/jira/browse/JBSEAM-4350 Project: Seam Issue Type: Feature Request Components: Security Affects Versions: 2.2.0.GA Reporter: Sand Lee Enable/Disable a Role Is it possible to disable/enable a role by annotation configuration in the same way like @RoleConditional is configured. Adding a Boolean property in the role class and annote it with @RoleEnabled. This property holds the status of the role (active/inactive). If a role is disabled it should not be returned when JpaIdentityStore.listRoles() or JpaIdentityStore.getImpliedRoles() is called. that also requires a new method in getJpaIdentityStore().setRoleStatus(String roleName Boolean status) to set the Role status. If this Method is called, all permissions which have this role as recipient should be deactivated by setting a flag in each permission object. So that JpaPermissionStore.listPermissions() only returns permissions that not belongs to deactivated roles. It also raises an RoleDisabled event and the identity objects (from already loggedin users) are listen to this event and then it checks if the identity has this role. If an already loggedin user has this role it will be removed from identity object. Is it possible to include a mechanism like this? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
3
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3606) Chatroom example does not work on Windows

by Jozef Hartinger (JIRA)

Chatroom example does not work on Windows ----------------------------------------- Key: JBSEAM-3606 URL: https://jira.jboss.org/jira/browse/JBSEAM-3606 Project: Seam Issue Type: Bug Components: Examples, Remoting Environment: JDK 5 JBoss AS 4.2.3 Windows XP Professional Reporter: Jozef Hartinger Fix For: 2.1.0.GA I connect from two different browser instances (IE and Firefox 3). Connection works fine and I can see the other user logged in but when I send a message it is not displayed in the other browser. All the sent messages are present in server log. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

5
14
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

seam-issues December 2009