[jboss-jira] [JBoss JIRA] Commented: (JBAS-7085) Replace ejb3 secured profile service facade with secured remoting proxy
Scott M Stark (JIRA)
jira-events at lists.jboss.org
Tue Jul 14 12:38:29 EDT 2009
[ https://jira.jboss.org/jira/browse/JBAS-7085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12476261#action_12476261 ]
Scott M Stark commented on JBAS-7085:
-------------------------------------
1) The jndi binding names are set by the following 3 jndiName properties of the ProfileServiceProxyFactory:
<bean name="ProfileServiceProxyFactory" class="org.jboss.profileservice.remoting.ProxyFactory">
...
<property name="jndiName">ProfileService</property>
<property name="mgtViewJndiName">ManagementView</property>
<property name="deployMgrJndiName">DeploymentManager</property>
2) the local unsecured ProfileService is only available via injection from the "ProfileService" MC bean. The unsecured ManagementView and DeploymentManager are available from that bean.
Authentication is enabled by default. To disable it the serverProxyInterceptors property of the ProfileServiceProxyFactory bean would have to be removed/set to an empty list vs the following default:
<!-- Server side security interceptor stack -->
<property name="serverProxyInterceptors">
<list>
<bean class="org.jboss.aspects.security.AuthenticationInterceptor">
<constructor>
<parameter>
<!-- AuthenticationManager -->
<value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager"
parameter="jmx-console"/>
</parameter>
</constructor>
</bean>
<bean class="org.jboss.aspects.security.RoleBasedAuthorizationInterceptor">
<constructor>
<!-- AuthenticationManager -->
<parameter>
<value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager"
parameter="jmx-console"/>
</parameter>
<!-- RealmMapping, the AuthenticationManager impl currently supports this -->
<parameter>
<value-factory bean="JNDIBasedSecurityManagement" method="getAuthenticationManager"
parameter="jmx-console"/>
</parameter>
</constructor>
</bean>
</list>
</property>
> Replace ejb3 secured profile service facade with secured remoting proxy
> -----------------------------------------------------------------------
>
> Key: JBAS-7085
> URL: https://jira.jboss.org/jira/browse/JBAS-7085
> Project: JBoss Application Server
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: ProfileService, Security
> Reporter: Scott M Stark
> Assignee: Scott M Stark
> Priority: Critical
> Fix For: JBossAS-5.2.0.Beta1
>
>
> Its been decided to limit the number of dependencies an admin client needs to communicate with a secured profile service. We need to drop the ejb3 facade and provide a secured remoting based proxy bound in global jndi and an unsecured, but security manager controlled unsecured proxy under the java: local jndi namespace.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list