Thanks Marek! Either George or I will be sure to merge them in the next day or so.
On 12/08/11 18:38, Marek Schmidt wrote: > Hi Shane! > > I have taken the liberty to make some pull requests to the Seam > Security External module, even though not on the list of issues for > the Night... > > I'd be glad if someone could review them... > > Cheers! > > -- > Marek Schmidt > > On 08/10/2011 05:28 AM, Shane Bryzak wrote: >> Hey guys, >> >> Sorry about the delay in getting this list of items to work on for the >> next Seam Hack night - I've come down with the flu and it's hard to get >> any work done when it feels like an elephant is sitting on your head. >> Anyways, the two main areas I'd like us to work on for Seam Security are >> Identity Management and ACLs/Permission Management. In the area of >> Identity Management, there's a number of JIRA issues relating to >> JpaIdentityStore, and I'd also like to show some love for our >> integration with PicketLink's LDAP Identity Store too. For ACL >> security, we are actually missing this feature altogether in Seam 3.0 >> (it existed in Seam 2) simply because I ran out of time to port it over >> in time for the 3.0 release. For anyone that doesn't know, ACL security >> provides you the ability to grant permissions on individual objects in >> your application, whether they be entity beans or whatever. >> >> To assist us in effectively organising who does which work, I'll give >> each task a unique number. If you'd like to volunteer for certain >> task/s, please do so earlier rather than later - first in first served! >> >> JpaIdentityStore issues >> ============== >> >> 1) SEAMSECURITY-62 Using identity management to add user in group >> prevent user to login >> https://issues.jboss.org/browse/SEAMSECURITY-62 >> >> This issue has a comprehensive description and someone has >> attached a >> patch. >> >> 2) SEAMSECURITY-64 Provide the capability to retrieve the actual entity >> object when a user is created >> https://issues.jboss.org/browse/SEAMSECURITY-64 >> >> We had this feature in Seam 2, however since we're now using >> PicketLink in Seam 3 it is a little more challenging to implement this. >> I don't have any solid ideas as yet, however it would be ideal if we >> could fire an event for this somehow. >> >> 3) SEAMSECURITY-65 Criteria queries executed by JPAIdentityStore are not >> setup properly >> https://issues.jboss.org/browse/SEAMSECURITY-65 >> >> We seem to be missing a select() call for the Criteria queries, >> should be easy to fix this one. >> >> 4) SEAMSECURITY-70 Calling RoleManager.removeRole(Roletype rt, User u, >> Group g) throws an NPE >> https://issues.jboss.org/browse/SEAMSECURITY-70 >> >> Should be an easy fix, as the reporter has included a solution. >> >> 5) SEAMSECURITY-84 identity.hasRole and identity.addRole do not seem to >> be interacting with JpaStore >> https://issues.jboss.org/browse/SEAMSECURITY-84 >> >> This one might take a little detective work to reproduce. A user >> within an application that uses Identity Management should have their >> roles populated in Identity.roles automatically when they authenticate. >> One thing to note is that the reporter's assertion at the end of the >> issue description about identity.addRole() adding the role to the >> database is incorrect - persistent roles should only be added through >> the role manager. >> >> 6) SEAMSECURITY-69 >> https://issues.jboss.org/browse/SEAMSECURITY-69 >> >> This one might take a little bit of analysis also - possibly the >> cause is an unimplemented method in JpaIdentityStore. >> >> LDAP Identity Store issues >> ================ >> >> 7) SEAMSECURITY-71 Improve LDAP integration in general >> https://issues.jboss.org/browse/SEAMSECURITY-71 >> >> This one is quite a bit of work. The actual LDAP Identity Store >> class is part of PicketLink, so we can't make any direct changes to it. >> What we can do however, is ease the configuration process. We currently >> have a configuration bean for JpaIdentityStore (called >> JpaIdentityStoreConfiguration), that can be used to configure the >> Identity Store via Seam Config. It would be nice to have an equivalent >> class for the LDAP Identity Store. Whoever works on this task will need >> to become familiar with the LDAP configuration in PicketLink. Any work >> done in this area would also require documentation in the Seam Security >> reference guide. >> >> 8) Example application that demonstrates authentication via LDAP >> >> This goes hand in hand with 7). I don't know if we'll have enough >> time to implement a full example, however it would be nice to have a >> basic functioning app that we could point people to. >> >> ACL Security >> ======== >> >> 9) Implement PersistentPermissionResolver >> >> This class has been "ported" from Seam 2, however it's currently not >> functional (I think a lot of the code may even be commented out). This >> is an advanced task, so only volunteer for this one if you feel you're >> up to the challenge. One of the biggest issues is how we identify >> users. In Seam 2 this was simple, because all users were local and >> usernames were unique. In Seam 3 however, we can now have either local >> users or external users, thanks to OpenID and SAML authentication. >> >> 10) Example app for ACL security >> >> Goes with 9), we need an example application to demonstrate ACL >> security. >> >> 11) SEAMSECURITY-13 Custom EntityIdentifierStrategy ignored by >> IdentifierPolicy >> https://issues.jboss.org/browse/SEAMSECURITY-13 >> >> If 9) gets done, then this issue probably needs to be addressed >> also. >> >> Misc >> ==== >> >> 12) SEAMSECURITY-66 Separated API/IMPL jars do not allow compilation of >> the SimpleAuthenticator example >> https://issues.jboss.org/browse/SEAMSECURITY-66 >> >> Quite an unusual issue, which may have already been solved thanks to >> the removal of the combined jar. Someone needs to test this and close >> the issue if it's out of date. >> >> 13) SEAMSECURITY-52 security-authorization example - IAE on logout >> https://issues.jboss.org/browse/SEAMSECURITY-52 >> >> Marek has suggested that this is related to SEAMSECURITY-22, which >> brings us to... >> >> 14) SEAMSECURITY-22 Basic authentication with no security drools and no >> picketlink defined in seam-beans.xml throws exception >> https://issues.jboss.org/browse/SEAMSECURITY-22 >> >> Like 13), I think this has to do with the location of the >> security.drl file. We should standardise the location of the >> security.drl file, so someone needs to research the injectable resources >> feature in Solder and determine where the best place is to put this >> file. >> >> Documentation >> ========= >> >> 15) SEAMSECURITY-78 Typos in documentation >> https://issues.jboss.org/browse/SEAMSECURITY-78 >> >> Jozef has identified a couple of minor typos that need to be fixed. >> >> 16) SEAMSECURITY-51 A readme.txt points to incorrect url of >> security-openid-rp example >> https://issues.jboss.org/browse/SEAMSECURITY-51 >> >> Martin has noticed that the URL in the readme file for this example >> is wrong. >> >> >> >> If anyone has any questions about these tasks, or any suggestions, >> please feel free to bring them up on seam-dev. >> >> Thanks! >> Shane >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> seam-dev mailing list >> [email protected] >> https://lists.jboss.org/mailman/listinfo/seam-dev > _______________________________________________ seam-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/seam-dev
