[jboss-dev-forums] [JBoss AS 7 Development] - Re: JAR blacklist for deployment

Nicholas DiPiazza do-not-reply at jboss.com
Fri Dec 28 16:40:39 EST 2012 

Nicholas DiPiazza [https://community.jboss.org/people/ndipiazza] created the discussion

"Re: JAR blacklist for deployment"

To view the discussion, visit: https://community.jboss.org/message/785269#785269

--------------------------------------------------------------
First of all, thanks for the feedback. I'm glad you think it's a good idea.

So as a follow up: what do you I'm looking for your opinions on the best strategy for coming up with the best default list of blacklisted JARs. In other words, JARs that are NEVER ok to have in your deployment.

I need to:

a) how to check to see if a JAR has been blacklisted. 
b) getting a list of blacklisted JARs

My ideas for (a):

* Collect store a SHA1 checksum for all blacklisted JARs and store in text file *conf/blacklist.properties*. Load the checksum list as a dictionary during server startup. Validate SHA1 checksum for JARs deployed to verify none match a blacklisted JAR from the dictionary.
* Just store the MANIFEST.MF for all blacklisted JARs in a special directory within *conf/blacklisted-jar-manifests*. During deployment, check all JAR manifests don't match a blacklisted one.
* Instead of blacklisting JARs, blacklist certain Classes that if found in any JAR within your deployment will cause the warning. ----> This is the one I'm leaning towards.



My ideas for (b):

List of all JBoss system JARs:

>From AS7+: Blacklist some or all JARs from modules\org\jboss
For AS4-6: Blacklist all JARs in client/jboss*.jar, server/default/lib/jboss*.jar, and server/all/lib/jboss*.jar

That is a good default list for now.

Any ideas on this? 
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/785269#785269]

Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20121228/876ae02b/attachment.html

More information about the jboss-dev-forums mailing list