[ https://jira.jboss.org/jira/browse/JBSEAM-4305?page=com.atlassian.jira.pl... ]
Shane Bryzak reassigned JBSEAM-4305:
------------------------------------
Assignee: Shane Bryzak
> JpaIdentityStore ignores @Column names for the @UserPrincipal
> -------------------------------------------------------------
>
> Key: JBSEAM-4305
> URL: https://jira.jboss.org/jira/browse/JBSEAM-4305
> Project: Seam
> Issue Type: Bug
> Components: Security
> Affects Versions: 2.1.1.GA
> Reporter: Eric Jung
> Assignee: Shane Bryzak
>
> I'm using the JpaIdentityStore as described at http://docs.jboss.com/seam/2.1.1.GA/reference/en-US/html_single/#d0e8804.
> If I define my User entity like this:
> @Entity
> @Table(name = "USERS")
> @Scope(ScopeType.SESSION)
> public class User implements java.io.Serializable {
> ...
> @UserPrincipal
> @Column(name = "USER_IDENT", nullable = false, length = 300)
> private String user;
> ...
> }
> then Seam generates the following EQL/HQL to authenticate credentials:
> select u from com.chcf.cams.entities.User u where user = :username
> it should instead be:
> select u from com.chcf.cams.entities.User u where user_ident = :username
> (Note the @Column annotation maps the Java field |user| to the database column USERS.USER_IDENT)
> Because of this, authentication *always* fails with this code.
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Page <restrict> tag, Ajax call and POST parameters
--------------------------------------------------
Key: JBSEAM-4141
URL: https://jira.jboss.org/jira/browse/JBSEAM-4141
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.1.1.GA
Reporter: Jarek Gilewski
Priority: Blocker
The problem is that <restrict> part is always trigered before the page parameters are properly set with Ajax/POST call on the page.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Current identity store incorrectly detected by JpaPermissionStore if identity store extends JpaIdentityStoreClass
-----------------------------------------------------------------------------------------------------------------
Key: JBSEAM-4424
URL: https://jira.jboss.org/jira/browse/JBSEAM-4424
Project: Seam
Issue Type: Bug
Components: Security
Affects Versions: 2.2.0.GA
Reporter: Alexander Galanin
Priority: Minor
Current identity store incorrectly detected by JpaPermissionStore if identity store extends JpaIdentityStoreClass.
The following line in function resolvePrincipalEntity() (class JpaPermissionStore) is incorrect in my case:
JpaIdentityStore identityStore = (JpaIdentityStore) Component.getInstance(JpaIdentityStore.class, true);
Should be (copy-pasted from resolvePrincipal())
IdentityStore ids = IdentityManager.instance().getRoleIdentityStore();
JpaIdentityStore identityStore = null;
if (ids instanceof JpaIdentityStore) {
identityStore = (JpaIdentityStore) ids;
}
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Enable Security for POJO WebServices Endpoint
---------------------------------------------
Key: JBSEAM-2766
URL: http://jira.jboss.com/jira/browse/JBSEAM-2766
Project: JBoss Seam
Issue Type: Feature Request
Components: Security, WS
Affects Versions: 2.0.0.GA
Environment: JBoss 4.2.1GA
Reporter: Srinivasan Raguraman
The @Restrict annotation on Seam component are never applied if they were exposed directly as web service end-point. This is probably because the y are not initialized as seam components, by the web service layer.
Right now the workaround is to have facade layer over seam components and expose them as web service end-point.
The security interceptor on POJO components could be enabled by AOP interception or by some other delegation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Enable Seam Security from external client
-----------------------------------------
Key: JBSEAM-2332
URL: http://jira.jboss.com/jira/browse/JBSEAM-2332
Project: JBoss Seam
Issue Type: Feature Request
Components: Security
Environment: JavaSE 1.5.0_12, JBoss 4.2.1.GA, JBoss Seam 2.0.0.GA
Reporter: Andreas Eriksson
Attachments: seam-external-client-security.zip
If a Seam component is annotated with the @Restrict annotation and accessed from a POJO (in my case a Quartz job initialized by a servlet) the SecurityInterceptor isn't executed.
The same goes for the Seam Entity Security.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Consider integrating jBPM Identity modulewith Security
-------------------------------------------------------
Key: JBSEAM-1465
URL: http://jira.jboss.com/jira/browse/JBSEAM-1465
Project: JBoss Seam
Issue Type: Feature Request
Components: BPM, Security
Reporter: Gavin King
Assigned To: Gavin King
Fix For: 1.3.0.GA
Maybe we can use that as our identity model....
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Integration with JBoss SSO
--------------------------
Key: JBSEAM-1032
URL: http://jira.jboss.com/jira/browse/JBSEAM-1032
Project: JBoss Seam
Issue Type: Feature Request
Components: Security
Affects Versions: 1.2.0.GA
Reporter: Shane Bryzak
Assigned To: Shane Bryzak
We should provide integration of Seam Security with JBoss SSO.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
URL authorization
-----------------
Key: JBSEAM-740
URL: http://jira.jboss.com/jira/browse/JBSEAM-740
Project: JBoss Seam
Issue Type: Feature Request
Components: Security
Reporter: Gavin King
Assigned To: Shane Bryzak
Priority: Minor
Fix For: 1.2.0.BETA1
Probably, for completeness, we need the SecurityFIlter after all, to allow GET/PUT/POST/DELETE authorization for URLs.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
Support X509 certificates
-------------------------
Key: JBSEAM-744
URL: http://jira.jboss.com/jira/browse/JBSEAM-744
Project: JBoss Seam
Issue Type: Feature Request
Components: Security
Reporter: Gavin King
Assigned To: Shane Bryzak
Priority: Minor
Fix For: 1.2.0.BETA1
I have no idea what these things are, but apparently people want to get them. Supposedly, they are nothing to do with certificates you get when you win something like a spelling competition in primary school. 'Cos if they were, we could have used Norman's PDF stuff. So anyway we can just steal code from Acegi. Then I can tell people "we've got a certificate for X509" in talks, and they will think I know what it is.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira