It sounds like we had a fairly successful Hack Night! Sent from my iPhone
On Aug 12, 2011, at 5:57, Shane Bryzak <[email protected]> wrote: > Thanks Marek! Either George or I will be sure to merge them in the next > day or so. > > On 12/08/11 18:38, Marek Schmidt wrote: >> Hi Shane! >> >> I have taken the liberty to make some pull requests to the Seam >> Security External module, even though not on the list of issues for >> the Night... >> >> I'd be glad if someone could review them... >> >> Cheers! >> >> -- >> Marek Schmidt >> >> On 08/10/2011 05:28 AM, Shane Bryzak wrote: >>> Hey guys, >>> >>> Sorry about the delay in getting this list of items to work on for the >>> next Seam Hack night - I've come down with the flu and it's hard to get >>> any work done when it feels like an elephant is sitting on your head. >>> Anyways, the two main areas I'd like us to work on for Seam Security are >>> Identity Management and ACLs/Permission Management. In the area of >>> Identity Management, there's a number of JIRA issues relating to >>> JpaIdentityStore, and I'd also like to show some love for our >>> integration with PicketLink's LDAP Identity Store too. For ACL >>> security, we are actually missing this feature altogether in Seam 3.0 >>> (it existed in Seam 2) simply because I ran out of time to port it over >>> in time for the 3.0 release. For anyone that doesn't know, ACL security >>> provides you the ability to grant permissions on individual objects in >>> your application, whether they be entity beans or whatever. >>> >>> To assist us in effectively organising who does which work, I'll give >>> each task a unique number. If you'd like to volunteer for certain >>> task/s, please do so earlier rather than later - first in first served! >>> >>> JpaIdentityStore issues >>> ============== >>> >>> 1) SEAMSECURITY-62 Using identity management to add user in group >>> prevent user to login >>> https://issues.jboss.org/browse/SEAMSECURITY-62 >>> >>> This issue has a comprehensive description and someone has >>> attached a >>> patch. >>> >>> 2) SEAMSECURITY-64 Provide the capability to retrieve the actual entity >>> object when a user is created >>> https://issues.jboss.org/browse/SEAMSECURITY-64 >>> >>> We had this feature in Seam 2, however since we're now using >>> PicketLink in Seam 3 it is a little more challenging to implement this. >>> I don't have any solid ideas as yet, however it would be ideal if we >>> could fire an event for this somehow. >>> >>> 3) SEAMSECURITY-65 Criteria queries executed by JPAIdentityStore are not >>> setup properly >>> https://issues.jboss.org/browse/SEAMSECURITY-65 >>> >>> We seem to be missing a select() call for the Criteria queries, >>> should be easy to fix this one. >>> >>> 4) SEAMSECURITY-70 Calling RoleManager.removeRole(Roletype rt, User u, >>> Group g) throws an NPE >>> https://issues.jboss.org/browse/SEAMSECURITY-70 >>> >>> Should be an easy fix, as the reporter has included a solution. >>> >>> 5) SEAMSECURITY-84 identity.hasRole and identity.addRole do not seem to >>> be interacting with JpaStore >>> https://issues.jboss.org/browse/SEAMSECURITY-84 >>> >>> This one might take a little detective work to reproduce. A user >>> within an application that uses Identity Management should have their >>> roles populated in Identity.roles automatically when they authenticate. >>> One thing to note is that the reporter's assertion at the end of the >>> issue description about identity.addRole() adding the role to the >>> database is incorrect - persistent roles should only be added through >>> the role manager. >>> >>> 6) SEAMSECURITY-69 >>> https://issues.jboss.org/browse/SEAMSECURITY-69 >>> >>> This one might take a little bit of analysis also - possibly the >>> cause is an unimplemented method in JpaIdentityStore. >>> >>> LDAP Identity Store issues >>> ================ >>> >>> 7) SEAMSECURITY-71 Improve LDAP integration in general >>> https://issues.jboss.org/browse/SEAMSECURITY-71 >>> >>> This one is quite a bit of work. The actual LDAP Identity Store >>> class is part of PicketLink, so we can't make any direct changes to it. >>> What we can do however, is ease the configuration process. We currently >>> have a configuration bean for JpaIdentityStore (called >>> JpaIdentityStoreConfiguration), that can be used to configure the >>> Identity Store via Seam Config. It would be nice to have an equivalent >>> class for the LDAP Identity Store. Whoever works on this task will need >>> to become familiar with the LDAP configuration in PicketLink. Any work >>> done in this area would also require documentation in the Seam Security >>> reference guide. >>> >>> 8) Example application that demonstrates authentication via LDAP >>> >>> This goes hand in hand with 7). I don't know if we'll have enough >>> time to implement a full example, however it would be nice to have a >>> basic functioning app that we could point people to. >>> >>> ACL Security >>> ======== >>> >>> 9) Implement PersistentPermissionResolver >>> >>> This class has been "ported" from Seam 2, however it's currently not >>> functional (I think a lot of the code may even be commented out). This >>> is an advanced task, so only volunteer for this one if you feel you're >>> up to the challenge. One of the biggest issues is how we identify >>> users. In Seam 2 this was simple, because all users were local and >>> usernames were unique. In Seam 3 however, we can now have either local >>> users or external users, thanks to OpenID and SAML authentication. >>> >>> 10) Example app for ACL security >>> >>> Goes with 9), we need an example application to demonstrate ACL >>> security. >>> >>> 11) SEAMSECURITY-13 Custom EntityIdentifierStrategy ignored by >>> IdentifierPolicy >>> https://issues.jboss.org/browse/SEAMSECURITY-13 >>> >>> If 9) gets done, then this issue probably needs to be addressed >>> also. >>> >>> Misc >>> ==== >>> >>> 12) SEAMSECURITY-66 Separated API/IMPL jars do not allow compilation of >>> the SimpleAuthenticator example >>> https://issues.jboss.org/browse/SEAMSECURITY-66 >>> >>> Quite an unusual issue, which may have already been solved thanks to >>> the removal of the combined jar. Someone needs to test this and close >>> the issue if it's out of date. >>> >>> 13) SEAMSECURITY-52 security-authorization example - IAE on logout >>> https://issues.jboss.org/browse/SEAMSECURITY-52 >>> >>> Marek has suggested that this is related to SEAMSECURITY-22, which >>> brings us to... >>> >>> 14) SEAMSECURITY-22 Basic authentication with no security drools and no >>> picketlink defined in seam-beans.xml throws exception >>> https://issues.jboss.org/browse/SEAMSECURITY-22 >>> >>> Like 13), I think this has to do with the location of the >>> security.drl file. We should standardise the location of the >>> security.drl file, so someone needs to research the injectable resources >>> feature in Solder and determine where the best place is to put this >>> file. >>> >>> Documentation >>> ========= >>> >>> 15) SEAMSECURITY-78 Typos in documentation >>> https://issues.jboss.org/browse/SEAMSECURITY-78 >>> >>> Jozef has identified a couple of minor typos that need to be fixed. >>> >>> 16) SEAMSECURITY-51 A readme.txt points to incorrect url of >>> security-openid-rp example >>> https://issues.jboss.org/browse/SEAMSECURITY-51 >>> >>> Martin has noticed that the URL in the readme file for this example >>> is wrong. >>> >>> >>> >>> If anyone has any questions about these tasks, or any suggestions, >>> please feel free to bring them up on seam-dev. >>> >>> Thanks! >>> Shane >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> seam-dev mailing list >>> [email protected] >>> https://lists.jboss.org/mailman/listinfo/seam-dev >> > > _______________________________________________ > seam-dev mailing list > [email protected] > https://lists.jboss.org/mailman/listinfo/seam-dev _______________________________________________ seam-dev mailing list [email protected] https://lists.jboss.org/mailman/listinfo/seam-dev
