May 2009 - seam-issues - Jboss List Archives

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3482) Add protection against XSS attacks in Seam Remoting

by Shane Bryzak (JIRA)

Add protection against XSS attacks in Seam Remoting --------------------------------------------------- Key: JBSEAM-3482 URL: https://jira.jboss.org/jira/browse/JBSEAM-3482 Project: Seam Issue Type: Task Components: Remoting Affects Versions: 2.1.0.BETA1 Reporter: Shane Bryzak Assignee: Shane Bryzak Fix For: 2.1.0.GA Investigate what changes we can make to make Seam Remoting more secure from XSS attacks. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

5
9
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-731) <restrict> in components.xml

by Gavin King (JIRA)

<restrict> in components.xml ---------------------------- Key: JBSEAM-731 URL: http://jira.jboss.com/jira/browse/JBSEAM-731 Project: JBoss Seam Issue Type: Feature Request Components: Security Reporter: Gavin King Assigned To: Gavin King Fix For: 1.2.0.BETA1 I guess we should allow you to restrict access to a component or method via a declaration in components.xml -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

4
6
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3145) Support conversation restoring in GWT remoting service

by Anahide Tchertchian (JIRA)

Support conversation restoring in GWT remoting service ------------------------------------------------------ Key: JBSEAM-3145 URL: http://jira.jboss.com/jira/browse/JBSEAM-3145 Project: Seam Issue Type: Feature Request Components: Remoting Affects Versions: 2.1.0.A1 Reporter: Anahide Tchertchian Assigned To: Shane Bryzak Current implementation does not make it possible to restore conversation when calling a remote seam component from a GWT module. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
4
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-986) Seam Remoting - support subscribing to a JMS Queue

by Shane Bryzak (JIRA)

Seam Remoting - support subscribing to a JMS Queue -------------------------------------------------- Key: JBSEAM-986 URL: http://jira.jboss.com/jira/browse/JBSEAM-986 Project: JBoss Seam Issue Type: Feature Request Components: Remoting Affects Versions: 1.2.0.GA Reporter: Shane Bryzak Assigned To: Shane Bryzak Priority: Minor Seam Remoting currently supports subscribing to a JMS topic, however doesn't support subscribing to a queue. This would be useful for things such as progress updates, etc. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

2
2
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3219) Describe JAAS integration more in depth in the docs

by Samuel Mendenhall (JIRA)

Describe JAAS integration more in depth in the docs --------------------------------------------------- Key: JBSEAM-3219 URL: https://jira.jboss.org/jira/browse/JBSEAM-3219 Project: Seam Issue Type: Task Components: Security Affects Versions: 2.1.0.A1, 2.0.3.CR1, 2.0.2.SP1 Reporter: Samuel Mendenhall Priority: Minor Add more documentation detailing the integration with Seam Identity and JAAS and what integration is included and what is not. For example, discuss logging in with the container's JAAS configuration via <security:identity jaas-config-name="other"/> and the integration or lack thereof with the EJB3 container as a result of doing that. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
3
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-1229) Remoting exception with JMS subscription

by Alex Mateescu (JIRA)

Remoting exception with JMS subscription ---------------------------------------- Key: JBSEAM-1229 URL: http://jira.jboss.com/jira/browse/JBSEAM-1229 Project: JBoss Seam Issue Type: Bug Components: Remoting Affects Versions: 1.2.1.GA Environment: JEMS Installer 1.2 ejb3 profile, JBoss Portal 2.6.0ALPHA1, JBoss Seam 1.2.1GA running on Fedora Core 6, Firefox 1.5 Reporter: Alex Mateescu Assigned To: Shane Bryzak Priority: Minor I am deploying an EAR with multiple (the number is probably irrelevant) JARs and WARs that use Seam Remoting and subscribe to a JMS topic. The subscribe calls work fine, they send the correct topic name and receive a token. On the first poll, though, there is an exception: 2007-04-23 14:08:29,602 ERROR [org.jboss.seam.remoting.Remoting] Error java.lang.IllegalArgumentException: Invalid token argument - token not found in Session Context. [undefined] at org.jboss.seam.remoting.messaging.SubscriptionRegistry.getSubscription(SubscriptionRegistry.java:179) at org.jboss.seam.remoting.messaging.PollRequest.poll(PollRequest.java:45) at org.jboss.seam.remoting.PollHandler.handle(PollHandler.java:83) at org.jboss.seam.remoting.Remoting.getResource(Remoting.java:110) at org.jboss.seam.servlet.ResourceServlet.doGet(ResourceServlet.java:68) at org.jboss.seam.servlet.ResourceServlet.doPost(ResourceServlet.java:77) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) Upon closer inspection, the polling request looks like this: <envelope><body><poll token="c312b1bb-d996-46e4-a8d7-6f35caa99d73" timeout="10"/><poll token="undefined" timeout="10"/></body></envelope> which is the cause of the exception. Subsequent calls look fine: <envelope><body><poll token="c312b1bb-d996-46e4-a8d7-6f35caa99d73" timeout="10"/><poll token="3922899d-1e6b-4bc1-96ab-3713f4460446" timeout="10"/></body></envelope> I think the error was there before, when using Seam 1.1.0GA, but it was random. I may be wrong, but now it is always there. Of course, remoting works fine after the initial call. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
2
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3886) Document the usage of <web-identity-filter disabled="true"> to disable identity managment

by Denis Forveille (JIRA)

Document the usage of <web-identity-filter disabled="true"> to disable identity managment ----------------------------------------------------------------------------------------- Key: JBSEAM-3886 URL: https://jira.jboss.org/jira/browse/JBSEAM-3886 Project: Seam Issue Type: Bug Components: Documentation Issues Affects Versions: 2.1.1.GA Reporter: Denis Forveille Priority: Minor Document the usage of <web-identity-filter disabled="true"> to disable identity managment in seam v2.1 as stated in jira JBSEAM-3629 Maybe this should be included in section 15.2 (Security/Disabling security) ? -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

4
6
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3890) Update the samples to user "credentials" instead of "identity"

by Denis Forveille (JIRA)

Update the samples to user "credentials" instead of "identity" -------------------------------------------------------------- Key: JBSEAM-3890 URL: https://jira.jboss.org/jira/browse/JBSEAM-3890 Project: Seam Issue Type: Bug Components: Documentation Issues, Security Affects Versions: 2.1.1.GA Reporter: Denis Forveille Priority: Minor In the security chapters, section 15.3.2 and 15.3.3, the code snippets use the "Credentials" class to store the username and the password of the user that is performing a login. The samples still use the "old" (?) way, ie use the identity class to store this data, at leat for the "blog", "booking", "dvdstore", etc... It seems that not one sample use the "Cedentials" class -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
4
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3942) LdapIdentityStore should crypt password

by Raimund Hölle (JIRA)

LdapIdentityStore should crypt password --------------------------------------- Key: JBSEAM-3942 URL: https://jira.jboss.org/jira/browse/JBSEAM-3942 Project: Seam Issue Type: Feature Request Components: Security Affects Versions: 2.1.1.GA, 2.1.1.CR2, 2.1.1.CR1, 2.1.0.SP1 Reporter: Raimund Hölle Priority: Minor LdapIdentityStore.changePassword() stores the new password always as plain text in the LDAP database. To allow crypted passwords, i suggest the following modifications: New bean properties (along with getter / setter): private String passwordCryptAlgorithm = "SHA"; // Or "" for plain text, "MD5", ... private String passwordEncoding = "UTF-8"; Extend changePassword() by one additional line: public boolean changePassword(String name, String password) { InitialLdapContext ctx = null; try { ctx = initialiseContext(); // crypt password if not already done password = cryptPwIfNeeded(password); BasicAttribute passwordAttrib = new BasicAttribute(getUserPasswordAttribute(), password); New Helpers method: private Pattern cryptedPwRegexp = Pattern.compile("^[{].+[}].+"); private String cryptPwIfNeeded(String password) { // only crypt if requested by algorithm and not already done! if (getPasswordCryptAlgorithm() != null && ! getPasswordCryptAlgorithm().equals("") && ! cryptedPwRegexp.matcher(password).matches()) { try { MessageDigest md; md = MessageDigest.getInstance(getPasswordCryptAlgorithm()); md.reset(); md.update(password.getBytes(getPasswordEncoding())); byte[] result = md.digest(); password = "{" + getPasswordCryptAlgorithm() + "}" + (new BASE64Encoder()).encode(result); } catch ( NoSuchAlgorithmException e ) { throw new IdentityManagementException( "Configuration problem - can not crypt password with algorithm " + getPasswordCryptAlgorithm(), e); } catch ( UnsupportedEncodingException e ) { throw new IdentityManagementException( "Configuration problem - can not encode password with " + getPasswordEncoding(), e); } } return password; } Many regards, Raimund -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

3
4
0 / 0

[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3738) Maven example for Seam

by Anthony Whitford (JIRA)

Maven example for Seam ---------------------- Key: JBSEAM-3738 URL: https://jira.jboss.org/jira/browse/JBSEAM-3738 Project: Seam Issue Type: Feature Request Components: Examples Affects Versions: 2.1.0.SP1 Reporter: Anthony Whitford In absence of a Maven Archetype for Seam, please add a Maven example project for Seam. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira

13 years, 4 months

2
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

seam-issues May 2009