August 2012 - security-dev - Jboss List Archives

PicketLink IDM LDAP Store feedback requested

by Anil Saldhana

Hi all, since yesterday, I will be trying to code up the LDAP Identity Store in the PL IDM project. https://github.com/anilsaldhana/picketlink-idm LDAPIdentityStore: https://github.com/anilsaldhana/picketlink-idm/blob/master/impl/src/main/... Test case: https://github.com/anilsaldhana/picketlink-idm/blob/master/impl/src/test/... It is kind of early in the implementation. But I wanted to get feedback from Shane and Bolek to see if this looks in the right direction. Regards, Anil

11 years, 9 months

3
6
0 / 0

IDM API/Implementation

by Anil Saldhana

Hi all, (Shane will add more info to this thread soon) Shane has been driving the standalone IDM API/Implementation project in the PicketLink umbrella. This is a brand new project. https://github.com/picketlink/picketlink-idm The Key classes/interfaces are: https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/jav... https://github.com/picketlink/picketlink-idm/blob/master/api/src/main/jav... The Manager has a simple api for user/role/group. Now each of these types (User,Role,Group) is an IdentityType (implying they get attributes). So for an user, if you want to store/retrieve/represent certificates, password recovery Qs, you can do so as attributes. Currently implementation is done using JPA. There is plan to do an LDAP implementation. Regards, Anil

11 years, 9 months

6
13
0 / 0

LDAP Integration project

by Anil Saldhana

Hi all, we do ldap testing in a bunch of PBox and PL projects. To reduce the redundancy and make it standalone, I created a picketbox-ldap project for embedding ldap server and unit testing ldap based code. https://docs.jboss.org/author/display/SECURITY/PicketBox+LDAP+Server It is a standalone project with dependency on ApacheDS alone. We are already using it in PicketBox Core project. Next I will be using it to provide the ldap provider for the PicketLink IDM project. You are welcome to use it in your own projects. Regards, Anil

11 years, 9 months

1
0
0 / 0

PicketBox 5.0.0-2012Aug24 Timed Release is out

by Pedro Igor Silva

Hi All, We are glad to announce that a timed version was released for PicketBox 5.0.0 (version 5.0.0-2012Aug24). https://docs.jboss.org/author/display/SECURITY/Timed+Release+2012-Aug-24 PicketBox is a project that works wonders for application security. Here are some highlights: - You can use it as a standalone API for pure JavaSE applications or in a JavaEE environment as well. - Decouple applications from security code. - Choice of HTTP Authentication Schemes (BASIC, DIGEST, FORM, CLIENT-CERT or you write your own authentication scheme). - Choice of Authentication Managers or Stores. (File Based, Ldap Based, Database Based etc) - Choice of Authorization Managers. (Drools based authorization, XACML based authorization, Deltaspike Security based authorization or write your own authorization mechanism). - Application Session Management. - JSON security. - Integration code for Solder, DeltaSpike and CDI applications. - and more ... Please refer to the documentation at https://docs.jboss.org/author/display/SECURITY/Java+Application+Security. You can also check the Getting Started guide and some examples/quickstarts: - Getting Started: https://docs.jboss.org/author/display/SECURITY/Getting+Started - Examples: https://docs.jboss.org/author/display/SECURITY/PicketBox+Quickstarts We did this timed release to get some feedback about what was done so far. Best Regards. Pedro Igor

11 years, 9 months

3
3
0 / 0

Re: [security-dev] Where's requirements doc?

by Anil Saldhana

On 08/22/2012 04:52 PM, Anil Saldhana wrote: > Bill, > I created it at > https://community.jboss.org/wiki/SecurityRequirementsDocument > > I think I still need to add a lot of information to it. > > Regards, > Anil > > On 08/22/2012 04:51 PM, Bill Burke wrote: >> Anil, >> >> You were going to expand on the requirements doc. What you linked a few >> weeks ago was way to insufficient. You need to go through and list >> every feature of Picketlink, every new feature you want to add, >> requirements that are required to implement those features, etc. Then >> you need to pass them around so others can add to the list, and then >> everybody can sign off and say, "Hey this is great". Then you'll be >> able to design something solid... >> >> Bill >> >

11 years, 10 months

1
0
0 / 0

Where's requirements doc?

by Bill Burke

Anil, You were going to expand on the requirements doc. What you linked a few weeks ago was way to insufficient. You need to go through and list every feature of Picketlink, every new feature you want to add, requirements that are required to implement those features, etc. Then you need to pass them around so others can add to the list, and then everybody can sign off and say, "Hey this is great". Then you'll be able to design something solid... Bill -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

11 years, 10 months

1
0
0 / 0

APIs for principal/role propagation

by Bill Burke

Have you implemented simple APIs for principal and role propagation? Specifically so that we can bypass your security abstractions when they are not needed? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

11 years, 10 months

2
2
0 / 0

Database driven Java Keystore

by Anil Saldhana

Hi all, you are familiar with the file based standard Java keystore. KeyTool is a command line utility to deal with the standard keystore. The challenges with a file based keystore are plenty: a) Each node in a cluster needs to have a local copy. NFS based keystore does solve this problem. b) Updates to keystore need to be done with each copy in a cluster. I put in a DB backed keystore that is standalone with dependence on Bouncycastle jars alone. https://docs.jboss.org/author/display/SECURITY/Java+Keystores There are multiple TBD items listed on the page. There is a master salt. It is used to MD5 hash+salt the keystore password (master password) and also individual key passwords. Feedback welcome. Regards, Anil

11 years, 10 months

2
4
0 / 0

[PicketBox] - Securing a simple Aerogear application

by Pedro Igor Silva

Hi All, We are securing a simple Aerogear(HTML5+REST+CDI) quickstart with PicketBox and Apache DeltaSpike (0.2-incubating). For more details about what was done so far, please take a look at https://docs.jboss.org/author/display/SECURITY/Aerogear. Regards. Pedro Igor

11 years, 10 months

3
2
0 / 0

A simple Deltaspike Authorization quickstart

by Pete Muir

Hi all I just did a first cut at a simple quickstart showing how you can use: * DeltaSpike Authorization * CDI * JAX-RS * DeltaSpike exception handling to restrict access to a REST resources, and do something with the AccessDeniedException other than just rethrow it. Please take a look: https://github.com/pmuir/quickstart/tree/deltaspike-authorization/deltasp... Known issues: * I'm not handling bad responses in the UI at all. Please tell me what to do someone :-) * The README isn't done

11 years, 10 months

4
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

security-dev August 2012