April 2014 - teiid-issues - Jboss List Archives

[JBoss JIRA] (TEIID-2911) Guard against external entity resolving

by Ramesh Reddy (JIRA)

[ https://issues.jboss.org/browse/TEIID-2911?page=com.atlassian.jira.plugin... ] Ramesh Reddy commented on TEIID-2911: ------------------------------------- Patch odata4j code locally. > Guard against external entity resolving > --------------------------------------- > > Key: TEIID-2911 > URL: https://issues.jboss.org/browse/TEIID-2911 > Project: Teiid > Issue Type: Bug > Components: OData, Query Engine > Affects Versions: 7.7, 8.4 > Reporter: Van Halbert > Assignee: Steven Hawkins > Priority: Critical > Fix For: 8.4.2, 8.7 > > > if applications that expose RESTEasy XML endpoints, add the following snippet to their web.xml file to disable entity expansion in RESTEasy: > <context-param> > <param-name>resteasy.document.expand.entity.references</param-name> > <param-value>false</param-value> > </context-param> > Note that this <context-param> setting has precedence over <init-param>, and will override a contrary setting in an <init-param> element. > However this is not sufficient for OData as OData4j is responsible for parsing the Atom feed. StaxXMLFactoryProvider2 simply creates XMLInputFactories without any options, thus they will perform external entity resolving by default. An issue will need to be opened against OData4j. > For SQL/XML, the XMLType input factory needs to disable external entity resolving (via experimentation just setting the relevant property doesn't always work, so like other projects we'll set an XMLResolver, which does work). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2911) Guard against external entity resolving

by Van Halbert (JIRA)

[ https://issues.jboss.org/browse/TEIID-2911?page=com.atlassian.jira.plugin... ] Van Halbert commented on TEIID-2911: ------------------------------------ When you say locally, do you mean patching their code or just a quick fix in Teiid? > Guard against external entity resolving > --------------------------------------- > > Key: TEIID-2911 > URL: https://issues.jboss.org/browse/TEIID-2911 > Project: Teiid > Issue Type: Bug > Components: OData, Query Engine > Affects Versions: 7.7, 8.4 > Reporter: Van Halbert > Assignee: Steven Hawkins > Priority: Critical > Fix For: 8.4.2, 8.7 > > > if applications that expose RESTEasy XML endpoints, add the following snippet to their web.xml file to disable entity expansion in RESTEasy: > <context-param> > <param-name>resteasy.document.expand.entity.references</param-name> > <param-value>false</param-value> > </context-param> > Note that this <context-param> setting has precedence over <init-param>, and will override a contrary setting in an <init-param> element. > However this is not sufficient for OData as OData4j is responsible for parsing the Atom feed. StaxXMLFactoryProvider2 simply creates XMLInputFactories without any options, thus they will perform external entity resolving by default. An issue will need to be opened against OData4j. > For SQL/XML, the XMLType input factory needs to disable external entity resolving (via experimentation just setting the relevant property doesn't always work, so like other projects we'll set an XMLResolver, which does work). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2911) Guard against external entity resolving

by Ramesh Reddy (JIRA)

[ https://issues.jboss.org/browse/TEIID-2911?page=com.atlassian.jira.plugin... ] Ramesh Reddy commented on TEIID-2911: ------------------------------------- For now we have to fix this locally then submit as patch to the OData4J. > Guard against external entity resolving > --------------------------------------- > > Key: TEIID-2911 > URL: https://issues.jboss.org/browse/TEIID-2911 > Project: Teiid > Issue Type: Bug > Components: OData, Query Engine > Affects Versions: 7.7, 8.4 > Reporter: Van Halbert > Assignee: Steven Hawkins > Priority: Critical > Fix For: 8.4.2, 8.7 > > > if applications that expose RESTEasy XML endpoints, add the following snippet to their web.xml file to disable entity expansion in RESTEasy: > <context-param> > <param-name>resteasy.document.expand.entity.references</param-name> > <param-value>false</param-value> > </context-param> > Note that this <context-param> setting has precedence over <init-param>, and will override a contrary setting in an <init-param> element. > However this is not sufficient for OData as OData4j is responsible for parsing the Atom feed. StaxXMLFactoryProvider2 simply creates XMLInputFactories without any options, thus they will perform external entity resolving by default. An issue will need to be opened against OData4j. > For SQL/XML, the XMLType input factory needs to disable external entity resolving (via experimentation just setting the relevant property doesn't always work, so like other projects we'll set an XMLResolver, which does work). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2914) Infinispan Connector didn't have the advanced searching option exposed

by Steven Hawkins (JIRA)

[ https://issues.jboss.org/browse/TEIID-2914?page=com.atlassian.jira.plugin... ] Steven Hawkins commented on TEIID-2914: --------------------------------------- I think that it was put onto the translator since there was no inherent logic in the resource adapter that determined whether searching is supported and all of the dependent logic is in the translator as well. Wouldn't this change be simpler as just removing the rar property? > Infinispan Connector didn't have the advanced searching option exposed > ---------------------------------------------------------------------- > > Key: TEIID-2914 > URL: https://issues.jboss.org/browse/TEIID-2914 > Project: Teiid > Issue Type: Bug > Components: Misc. Connectors > Affects Versions: 8.7, 8.7.1 > Reporter: Van Halbert > Assignee: Steven Hawkins > > The advanced searching option (i.e, lucene searching) that is defined in the .rar was not being picked up in the connector. > Also, it was incorrectly defined on the translator, because the translator cannot override how the cache is configured. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2911) Guard against external entity resolving

by Steven Hawkins (JIRA)

[ https://issues.jboss.org/browse/TEIID-2911?page=com.atlassian.jira.plugin... ] Steven Hawkins updated TEIID-2911: ---------------------------------- Summary: Guard against external entity resolving (was: Applications that expose RESTEasy XML endpoints) Fix Version/s: 8.4.2 8.7 Description: if applications that expose RESTEasy XML endpoints, add the following snippet to their web.xml file to disable entity expansion in RESTEasy: <context-param> <param-name>resteasy.document.expand.entity.references</param-name> <param-value>false</param-value> </context-param> Note that this <context-param> setting has precedence over <init-param>, and will override a contrary setting in an <init-param> element. However this is not sufficient for OData as OData4j is responsible for parsing the Atom feed. StaxXMLFactoryProvider2 simply creates XMLInputFactories without any options, thus they will perform external entity resolving by default. An issue will need to be opened against OData4j. For SQL/XML, the XMLType input factory needs to disable external entity resolving (via experimentation just setting the relevant property doesn't always work, so like other projects we'll set an XMLResolver, which does work). was: if applications that expose RESTEasy XML endpoints, add the following snippet to their web.xml file to disable entity expansion in RESTEasy: <context-param> <param-name>resteasy.document.expand.entity.references</param-name> <param-value>false</param-value> </context-param> Note that this <context-param> setting has precedence over <init-param>, and will override a contrary setting in an <init-param> element. Affects Version/s: 8.4 7.7 (was: 8.4.1) (was: 8.7) (was: 8.7.1) Component/s: Query Engine > Guard against external entity resolving > --------------------------------------- > > Key: TEIID-2911 > URL: https://issues.jboss.org/browse/TEIID-2911 > Project: Teiid > Issue Type: Bug > Components: OData, Query Engine > Affects Versions: 7.7, 8.4 > Reporter: Van Halbert > Assignee: Steven Hawkins > Priority: Critical > Fix For: 8.4.2, 8.7 > > > if applications that expose RESTEasy XML endpoints, add the following snippet to their web.xml file to disable entity expansion in RESTEasy: > <context-param> > <param-name>resteasy.document.expand.entity.references</param-name> > <param-value>false</param-value> > </context-param> > Note that this <context-param> setting has precedence over <init-param>, and will override a contrary setting in an <init-param> element. > However this is not sufficient for OData as OData4j is responsible for parsing the Atom feed. StaxXMLFactoryProvider2 simply creates XMLInputFactories without any options, thus they will perform external entity resolving by default. An issue will need to be opened against OData4j. > For SQL/XML, the XMLType input factory needs to disable external entity resolving (via experimentation just setting the relevant property doesn't always work, so like other projects we'll set an XMLResolver, which does work). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-1070) Create Amazon SimpleDB Connector

by Ramesh Reddy (JIRA)

[ https://issues.jboss.org/browse/TEIID-1070?page=com.atlassian.jira.plugin... ] Ramesh Reddy reassigned TEIID-1070: ----------------------------------- Assignee: Ramesh Reddy (was: Radim Hopp) > Create Amazon SimpleDB Connector > --------------------------------- > > Key: TEIID-1070 > URL: https://issues.jboss.org/browse/TEIID-1070 > Project: Teiid > Issue Type: Feature Request > Components: Misc. Connectors > Reporter: John Doyle > Assignee: Ramesh Reddy > Fix For: 8.7 > > > We need connectivity to Amazon SimpleDB. This should be accomplished through a dedicated connector. > Simple DB presents a few challenges as a Teiid source as it is more like a spreadsheet than a database. Simple DB "Domains' are like individual worksheets and contain any number of items. Items however can have any number of attributes, and the attributes do not have to be the same for ever item. So in a single Domain you can have an item with the attributes Size and Color, and another item with the attributes Color and ExpirationDate. This presents both modeling issues and SQL execution issues. None of them are insurmountable, but users will have to understand the issues and design their integration around them. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2760) Add direct query support to SimpleDB

by Ramesh Reddy (JIRA)

[ https://issues.jboss.org/browse/TEIID-2760?page=com.atlassian.jira.plugin... ] Ramesh Reddy reassigned TEIID-2760: ----------------------------------- Assignee: Ramesh Reddy (was: Steven Hawkins) > Add direct query support to SimpleDB > ------------------------------------ > > Key: TEIID-2760 > URL: https://issues.jboss.org/browse/TEIID-2760 > Project: Teiid > Issue Type: Enhancement > Components: Misc. Connectors > Affects Versions: 8.7 > Reporter: Steven Hawkins > Assignee: Ramesh Reddy > Fix For: 8.7 > > > The direct query procedure and the native-query support for views/procedures should be added to the new SimpleDB translator. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2915) Support consuming REST based service that is secured by Kerberos

by Ramesh Reddy (JIRA)

[ https://issues.jboss.org/browse/TEIID-2915?page=com.atlassian.jira.plugin... ] Ramesh Reddy commented on TEIID-2915: ------------------------------------- SPENGO does provide a way to capture the GSSCredential in EAP 6.1. Alpha version. It is on NegotiationContext object. > Support consuming REST based service that is secured by Kerberos > ---------------------------------------------------------------- > > Key: TEIID-2915 > URL: https://issues.jboss.org/browse/TEIID-2915 > Project: Teiid > Issue Type: Feature Request > Components: Misc. Connectors > Reporter: Ramesh Reddy > Assignee: Ramesh Reddy > Fix For: 8.7.1 > > > Add SSO based support for consuming the REST based services that are secured by Kerberos. > In order to support Kerberos at data source level, the engine needs to support Credential Delegation, then it can be used with CXF as shown in > http://cxf.apache.org/docs/jaxrs-kerberos.html#JAXRSKerberos-CredentialDe... > The SPENGO module needs to check getCredDelegState() flag on the GSS Context, and should provide a way to return the GSSCredential object then Teiid needs to propagate this as session payload and use it in the web-service connector as the delegate to target consumer service. > As of JBoss EAP 6.1.Alpha, I do not see the delegation in the SPENGO module, so support needs to be available in SPENGO module. Needs to investigate which version of SPENGO module supports this. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2914) Infinispan Connector didn't have the advanced searching option exposed

by Van Halbert (JIRA)

[ https://issues.jboss.org/browse/TEIID-2914?page=com.atlassian.jira.plugin... ] Van Halbert updated TEIID-2914: ------------------------------- Git Pull Request: https://github.com/teiid/teiid/pull/219 > Infinispan Connector didn't have the advanced searching option exposed > ---------------------------------------------------------------------- > > Key: TEIID-2914 > URL: https://issues.jboss.org/browse/TEIID-2914 > Project: Teiid > Issue Type: Bug > Components: Misc. Connectors > Affects Versions: 8.7, 8.7.1 > Reporter: Van Halbert > Assignee: Van Halbert > > The advanced searching option (i.e, lucene searching) that is defined in the .rar was not being picked up in the connector. > Also, it was incorrectly defined on the translator, because the translator cannot override how the cache is configured. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

[JBoss JIRA] (TEIID-2914) Infinispan Connector didn't have the advanced searching option exposed

by Van Halbert (JIRA)

[ https://issues.jboss.org/browse/TEIID-2914?page=com.atlassian.jira.plugin... ] Work on TEIID-2914 stopped by Van Halbert. > Infinispan Connector didn't have the advanced searching option exposed > ---------------------------------------------------------------------- > > Key: TEIID-2914 > URL: https://issues.jboss.org/browse/TEIID-2914 > Project: Teiid > Issue Type: Bug > Components: Misc. Connectors > Affects Versions: 8.7, 8.7.1 > Reporter: Van Halbert > Assignee: Van Halbert > > The advanced searching option (i.e, lucene searching) that is defined in the .rar was not being picked up in the connector. > Also, it was incorrectly defined on the translator, because the translator cannot override how the cache is configured. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira

10 years, 9 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

teiid-issues April 2014