[JBoss JIRA] Created: (SEAMJMS-4) Event Mapping Observer Method Interfaces - Ingress
by Jordan Ganoff (JIRA)
Event Mapping Observer Method Interfaces - Ingress
--------------------------------------------------
Key: SEAMJMS-4
URL: https://jira.jboss.org/browse/SEAMJMS-4
Project: Seam JMS
Issue Type: Feature Request
Components: Event Bridging
Reporter: Jordan Ganoff
Priority: Blocker
Implement the ingress routing (receive JMS messages from a destination should produce CDI events) as per the spec.
>From JSR-299-20090521.pdf:
10.7. JMS event mappings
An event type may be mapped to JMS topic.
An event mapping is a special kind of observer method that is declared by an interface, for example:
interface EventMappings {
void mapLoggedInEvent(@Observes LoggedInEvent event, @Events Topic eventTopic);
}
Where the parameter of type Topic resolves to the following message destination:
@Resource(name="java:global/env/jms/Events")
@Produces @Events Topic eventTopic;
The event parameter specifies the mapped event type and bindings. Every message destination representing a topic that
any injected parameter resolves to is a mapped topic.
An event mapping may be specified as a member of any interface.
All observers of mapped event types must be asynchronous observer methods. If an observer for a mapped event type is
not an asynchronous observer method, the container automatically detects the problem and treats it as a deployment prob-
lem, as defined in Section 12.4, "Problems detected automatically by the container".
For every event mapping, the container must:
• send a message containing the serialized event and its event bindings to every mapped topic whenever an event with
the mapped event type and bindings is fired, and
• monitor every mapped topic for messages containing events of that mapped event type and bindings and notify all loc-
al observers whenever a message containing an event is received.
Thus, events with the mapped event type and bindings are distributed to other processes which have the same event map-
ping.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 4 months
[JBoss JIRA] Created: (SEAMJMS-3) Event Mapping Observer Method Interfaces - Egress
by Jordan Ganoff (JIRA)
Event Mapping Observer Method Interfaces - Egress
-------------------------------------------------
Key: SEAMJMS-3
URL: https://jira.jboss.org/browse/SEAMJMS-3
Project: Seam JMS
Issue Type: Feature Request
Reporter: Jordan Ganoff
Priority: Blocker
Implement the egress routing (forwarding CDI events to a JMS destination) as per the spec.
>From JSR-299-20090521.pdf:
10.7. JMS event mappings
An event type may be mapped to JMS topic.
An event mapping is a special kind of observer method that is declared by an interface, for example:
interface EventMappings {
void mapLoggedInEvent(@Observes LoggedInEvent event, @Events Topic eventTopic);
}
Where the parameter of type Topic resolves to the following message destination:
@Resource(name="java:global/env/jms/Events")
@Produces @Events Topic eventTopic;
The event parameter specifies the mapped event type and bindings. Every message destination representing a topic that
any injected parameter resolves to is a mapped topic.
An event mapping may be specified as a member of any interface.
All observers of mapped event types must be asynchronous observer methods. If an observer for a mapped event type is
not an asynchronous observer method, the container automatically detects the problem and treats it as a deployment prob-
lem, as defined in Section 12.4, "Problems detected automatically by the container".
For every event mapping, the container must:
• send a message containing the serialized event and its event bindings to every mapped topic whenever an event with
the mapped event type and bindings is fired, and
• monitor every mapped topic for messages containing events of that mapped event type and bindings and notify all loc-
al observers whenever a message containing an event is received.
Thus, events with the mapped event type and bindings are distributed to other processes which have the same event map-
ping.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 4 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3972) identity login security bug
by David Croe (JIRA)
identity login security bug
---------------------------
Key: JBSEAM-3972
URL: https://jira.jboss.org/jira/browse/JBSEAM-3972
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.1.1.GA
Environment: jboss 4.2.3.
Reporter: David Croe
Hello !
I think there is a major security bug in the seamspace example, which will give a user the permissions of the user which has been logged in before.
To reproduce the scenario:
1. login in as user demo.
2. click the back button or enter the login page manually in the url of your browser
3. login as another user.
the second user will have the admin permissions of the demo user!
Problem is that the authenticate method will not be invoked if you are allready logged in ( even as another user) and the old principal with the assigned permissions will stay in memory.
Greetings
D.Croe
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 4 months
[jbossseam-issues] [JBoss JIRA] Created: (JBSEAM-3941) IdentityMaanger: extend permission checks to allow user to modify his own password
by Raimund Hölle (JIRA)
IdentityMaanger: extend permission checks to allow user to modify his own password
----------------------------------------------------------------------------------
Key: JBSEAM-3941
URL: https://jira.jboss.org/jira/browse/JBSEAM-3941
Project: Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 2.1.1.GA, 2.1.1.CR2, 2.1.1.CR1, 2.1.0.SP1
Reporter: Raimund Hölle
Priority: Minor
Because IdentityManager.changePassword() requires the permission ("seam.user", "update"), it is not possible to use that method to change the password of the authenticated user itself without granting that permission to him.
But granting that means, the user is able to modify _any_ user.
I'm suggest to add a new permission target (or maybe a new action) and extend the changePassword() method:
public static final String OWNPASSWORD_PERMISSION_NAME = "seam.user.ownpassword";
public boolean changePassword(String name, String password) {
Identity identity = Identity.instance();
try {
identity.checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
} catch (AuthorizationException e) {
if ( identity.isLoggedIn() && identity.getCredentials().getUsername().equals(name) ) {
Identity.instance().checkPermission(OWNPASSWORD_PERMISSION_NAME, PERMISSION_UPDATE);
} else {
throw e;
}
}
return identityStore.changePassword(name, password);
}
Or maybe a specialized method?
Many regards,
Raimund
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 4 months