[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3408) Define available @UserPassword hash constants as an enumeration
by Jacob Orshalick (JIRA)
Define available @UserPassword hash constants as an enumeration
---------------------------------------------------------------
Key: JBSEAM-3408
URL: https://jira.jboss.org/jira/browse/JBSEAM-3408
Project: Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.0.BETA1
Reporter: Jacob Orshalick
Priority: Optional
As specified in the documentation, the available hash algorithm string values are the strings: md5, sha. There is also a value of "none" which is not specified in the documentation but avoids hashing the password all-together. It would be nice to wrap these strings with an enumeration that holds the necessary String values for a bit more type-safety when using the annotation. This would also help to make the options it a bit more clear from a user perspective.
The annotation could then be defined as:
@Target({METHOD,FIELD})
@Documented
@Retention(RUNTIME)
@Inherited
public @interface UserPassword
{
HashAlgorithm hash() default HashAlgorithm.MD5;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 9 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3329) security validation error in jbtools generated project for rule-based-permission-resolver element
by Jay Balunas (JIRA)
security validation error in jbtools generated project for rule-based-permission-resolver element
-------------------------------------------------------------------------------------------------
Key: JBSEAM-3329
URL: https://jira.jboss.org/jira/browse/JBSEAM-3329
Project: Seam
Issue Type: Bug
Components: Security, Tools
Affects Versions: 2.1.0.BETA1
Reporter: Jay Balunas
Fix For: 2.1.0.BETA2
I have created a seam runtime from 2.1.0.BETA1, and used it to generate a EAR and WAR projects. In each the components.xml is showing an error in the jboss tools.
The projects seems to compile, deploy, and execute fine. This may just be a missing element, that does not effect runtime.
The error is "cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:rule-based-permission-resolver'." and shows on the "<security:rule-based-permission-resolver security-rules="#{securityRules}"/>" line of the components.xml.
I checked the "security-2.1.xsd" both online and locally in the distribution (just in case it needed updating online), but this element "rule-based-permission-resolver" is not there.
because this does not seem to cause a runtime problem this is only a major.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 9 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3389) seam-gen generated Authenticator component is not up to date
by Joshua Partogi (JIRA)
seam-gen generated Authenticator component is not up to date
------------------------------------------------------------
Key: JBSEAM-3389
URL: https://jira.jboss.org/jira/browse/JBSEAM-3389
Project: Seam
Issue Type: Task
Components: Tools
Affects Versions: 2.1.0.BETA1
Environment: JBoss 4.2.2.GA, Eclipse 3.4
Reporter: Joshua Partogi
Priority: Minor
seam-gen is generating a Authenticator component code that is not up to date with the current API. It should be this:
@Name("authenticator")
public class Authenticator
{
@Logger Log log;
@In Identity identity;
@In Credentials credentials;
public boolean authenticate()
{
log.info("authenticating #0", credentials.getUsername());
//write your authentication logic here,
//return true if the authentication was
//successful, false otherwise
identity.addRole("admin");
return true;
}
}
And also on the login.xhtml:
<h:outputLabel for="username">Username</h:outputLabel>
<h:inputText id="username"
value="#{credentials.username}"/>
<h:outputLabel for="password">Password</h:outputLabel>
<h:inputSecret id="password"
value="#{credentials.password}"/>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 9 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3340) StatusMessages: addition of ConfigRedirectHandler messages is broken
by Wolfgang Schwendt (JIRA)
StatusMessages: addition of ConfigRedirectHandler messages is broken
--------------------------------------------------------------------
Key: JBSEAM-3340
URL: https://jira.jboss.org/jira/browse/JBSEAM-3340
Project: Seam
Issue Type: Bug
Environment: Seam 2.1.0 Rev 8823
Reporter: Wolfgang Schwendt
XML schema Pages-2.1.xsd allows the specification of an error message for any declared exception handler:
Example:
<exception class="org.jboss.seam.framework.EntityNotFoundException">
<end-conversation/>
<redirect view-id="/error.xhtml">
<message>#{messages['notFoundMsg']}</message>
</redirect>
</exception>
Right now as of Seam 2.1.0 Rev 8823, however, the error message is not added to the FacesContext, whereas with previous versions of Seam the functionality worked fine. org.jboss.seam.exception.RedirectHandler is not the problem. The bug is in org.jboss.seam.international.StatusMessages.
StatusMessages.add(Severity severity, String messageTemplate, Object... params) calls StatusMessages.add(severity, null, null, messageTemplate, null, params), setting the key-Parameter (resourceBundleKey) to null.
The implementation of StatusMessages.add(Severity severity, String key, String detailKey, String messageTemplate, String messageDetailTemplate, final Object... params) checks whether the key is empty.
if (!Strings.isEmpty(key)) ...
But because the supplied key is null, the error message is never added to the FacesContext! Further, there is another bug in the logic which calls the message interpolation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 9 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3388) Pages.xml file should be validated against its schema at runtime
by Arron Ferguson (JIRA)
Pages.xml file should be validated against its schema at runtime
----------------------------------------------------------------
Key: JBSEAM-3388
URL: https://jira.jboss.org/jira/browse/JBSEAM-3388
Project: Seam
Issue Type: Feature Request
Components: Core
Affects Versions: 2.1.0.BETA1
Environment: N/A
Reporter: Arron Ferguson
Priority: Minor
The pages.xml file that is used in Seam apps should really be validated when the WAR/package is deployed on the server. This would help alleviate a lot of the false positives (i.e., bug reports that are not due to bugs but are in fact users adding mistakes to the pages.xml file). Additionally Seam team developers would form a tighter contractual binding of what the specs state should happen, with what the API implementation is actually doing. This would most likely result in a reduction in bug reports due to false positives as well as actual bugs.
To complement this, a blurb in the Seam manual on how to create an Ant task with validation could be added as well as a small sample application for validating pages.xml files with the pages.xsd schema. If I have time later today I'll post to this report a snippet of code for each.
- Arron
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
15 years, 9 months