[JBoss-user] [JBossWS] - Re: deploy web services in different connectors please help!
Hi Thomas, Thanks for answering. I need to be able to deploy web services to both connectors, not just the new one, so I think the link you referred (which, by the way, i already knew) is not applicable. I thought that there could be more than meets the eye in your answer, so I reverted the new service creation and moved the new connector definiton into the jboss.web service definition, along with the other connectors 8080, and 8443 already there. Then I hard coded in one of the web service's wsdl a url to the alternative (8081) connector url. I ignored the test deployment directory and deployed this web service in the all/deploy directory, but as expected that hard coding only reflects upon the deployed wsdl. During this deployment i still get the message that the web service is being deployed in the connector associated with the definitons in the ws4ee jboss-service.xml (8080). Note that I set the to false. So, unless I'm missing something obvious, this is not a viable solution to my problem. How can I attach ws deployments to differents connectors ? With servlets, the new tomcat service definition solved it, but how can I trigger wsdeployer when i deploy services in the directory attached to the other service/connectors ? As explained in my original question, that is simply not working. Hey! I'm even open to manualy deploy the ws artifacts. Is this viable ? Any other thoughts ? anyone ? Please do not assume I'm not trying to solve this concurrently. this is no a question of dumping my work on another persons' shoulders. My need for help is still quite real. Thank you very much. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3950402#3950402 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3950402 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: Secure endpoint without secure WSDL
I have a POJO endpoint and in the jboss-web.xml defined | webservice-description | webservice-description-nameyourservicename/webservice-description-name | wsdl-publish-locationfile:../server/all/deploy/wsdls.war/wsdl-publish-location |/webservice-description | These tags are also available in jboss.xml so it should work all the same. wsdls.war is an exploded webapp deployment with empty web.xml and jboss-web.xml defined as follows jboss-web | |context-rootwsdls/context-root | | /jboss-web this allows your client to access the wsdl via http://host.port/wsdls/servicename.wsdl Hope this may be of any help in your particular case. Cheers View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3950451#3950451 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3950451 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: deploy web services in different connectors please help!
any thoughts ? anyone ? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3950087#3950087 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3950087 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Possible to use two port numbers on one Tomcat?
Hello, Thank you so much for the config info. Do you have any idea of how to setup two webapps to be published via these two different connectors ? That would make webapp A available thru connector X and webapp B available thru connector Y. My webapps are webservices but for now I just want to keep things simple, so that people can find it a litle less dificult to help me. I know people's time is a scarce resource but must really depend on outside help for this. I'm completely stuck and have a deadline approaching:( Thank you very much. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949791#3949791 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949791 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - deploy web services in different connectors please help!!
I was able to setup two differnt connectors like this: | Server | |!-- Use a custom version of StandardService that allows the |connectors to be started independent of the normal lifecycle |start to allow web apps to be deployed before starting the |connectors. |-- |Service name=jboss.web | className=org.jboss.web.tomcat.tc5.StandardService | | !-- A HTTP/1.1 Connector on port 8080 -- | Connector port=8080 address=${jboss.bind.address} | maxThreads=250 strategy=ms maxHttpHeaderSize=8192 | emptySessionPath=true | enableLookups=false redirectPort=8443 acceptCount=100 | connectionTimeout=2 disableUploadTimeout=true/ | | !-- Add this option to the connector to avoid problems with | .NET clients that don't implement HTTP/1.1 correctly | restrictedUserAgents=^.*MS Web Services Client Protocol 1.1.4322.*$ | -- | | !-- A AJP 1.3 Connector on port 8009 -- | Connector port=8009 address=${jboss.bind.address} | emptySessionPath=true enableLookups=false redirectPort=8443 | protocol=AJP/1.3/ | | !-- SSL/TLS Connector configuration using the admin devl guide keystore-- | Connector port=8443 address=${jboss.bind.address} |maxThreads=100 strategy=ms maxHttpHeaderSize=8192 |emptySessionPath=true |scheme=https secure=true clientAuth=false |keystoreFile=${jboss.server.home.dir}/conf/localhost.ks |keystorePass=123456 | truststoreFile=${jboss.server.home.dir}/conf/localhost.ks | truststorePass=123456 | sslProtocol=TLS / | | Engine name=jboss.web defaultHost=localhost | | !-- The JAAS based authentication and authorization realm implementation | that is compatible with the jboss 3.2.x realm implementation. | - certificatePrincipal : the class name of the | org.jboss.security.auth.certs.CertificatePrincipal impl | used for mapping X509[] cert chains to a Princpal. | -- | Realm className=org.jboss.web.tomcat.security.JBossSecurityMgrRealm | certificatePrincipal=org.jboss.security.auth.certs.SubjectDNMapping | / | !-- A subclass of JBossSecurityMgrRealm that uses the authentication | behavior of JBossSecurityMgrRealm, but overrides the authorization | checks to use JACC permissions with the current java.security.Policy | to determine authorized access. | Realm className=org.jboss.web.tomcat.security.JaccAuthorizationRealm | certificatePrincipal=org.jboss.security.auth.certs.SubjectDNMapping | / | -- | | Host name=localhost | autoDeploy=false deployOnStartup=false deployXML=false | | !-- Uncomment to enable request dumper. This Valve logs interesting | contents from the specified Request (before processing) and the | corresponding Response (after processing). It is especially useful | in debugging problems related to headers and cookies. | -- | !-- | Valve className=org.apache.catalina.valves.RequestDumperValve / | -- | | !-- Access logger -- | !-- | Valve className=org.apache.catalina.valves.FastCommonAccessLogValve | prefix=localhost_access_log. suffix=.log | pattern=common directory=${jboss.server.home.dir}/log | resolveHosts=false / | -- | | !-- Uncomment to enable single sign-on across web apps | deployed to this host. Does not provide SSO across a cluster. | | If this valve is used, do not use the JBoss ClusteredSingleSignOn | valve shown below. | -- | !-- | Valve className=org.apache.catalina.authenticator.SingleSignOn / | -- | | !-- Uncomment to enable single sign-on across web apps |deployed to this host AND to all other hosts in the cluster. | |If this valve is used, do not use the standard Tomcat SingleSignOn |valve shown above. | |Valve uses a JBossCache instance to support SSO credential |caching and replication across the cluster. The JBossCache |instance must be configured separately. By default, the valve |shares a JBossCache with the service that supports HttpSession |replication. See the tc5-cluster-service.xml file in the |
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Possible to use two port numbers on one Tomcat?
I seem to have solved this but keep needing help. check http://www.jboss.com/index.html?module=bbop=viewtopicp=3949816#3949816 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949817#3949817 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949817 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: web apps(ws) in different tomcat connectors, please help
I posted this question with some further developments in http://www.jboss.com/index.html?module=bbop=viewtopicp=3949816#3949816 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949818#3949818 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949818 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - web apps(ws) in different tomcat connectors, please help!!!
Please, can someone help me with setting up two web apps (web services to be more precise) in different tomcat connectors? I need to run two web services in the same container: one that requires client certs and another that doesn't. I've been led (due to some experiences and some forum participants feeback) that the only way to setup this scenario is to configure different tomcat services. However I can't find out how to do this. I'm getting desperate :( ... Any help whatsoever will be more than welcome! Thank you. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949690#3949690 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949690 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: clientAuth=true disables BASIC AUTH
Had to format it as code to finally show up :( sorry about that. Connector port=8443 address=${jboss.bind.address} | maxThreads=100 strategy=ms maxHttpHeaderSize=8192 | emptySessionPath=true | scheme=https secure=true clientAuth=true | keystoreFile=${jboss.server.home.dir}/conf/localhost.ks | keystorePass=123456 | truststoreFile=${jboss.server.home.dir}/conf/localhost.ks | truststorePass=123456 | sslProtocol=TLS / View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949333#3949333 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949333 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: clientAuth=true disables BASIC AUTH
sorry forgot to include the part about the server.xml file. here it goes. Cheers View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949332#3949332 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949332 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: clientAuth=true disables BASIC AUTH
Hello, thanks for you feedback. Regarding your argument, if I'm not mistaken, there is no distintion bewteen user and client in the servlet spec, so the fact that one web app requiring client certificates forces other clients from other web apps running in completely diferent security domains to also present certificates seems to be non-compliant with the spec. A litle more pragramtically, despite the validity of the theoretic argument, I would like to know if it is so by design in JBoss or due to some misconfiguration on my part. My original problem happened with webservices, but I setup a small servlet app to ilustrate it. Here is what it looks like: the servlet package sslservlet; import java.io.IOException; import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class MyServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { this.doGet(request, response); } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); try{ out.println(ola); }catch(Throwable e) { e.printStackTrace(); } } } web.xml ?xml version=1.0 encoding=UTF-8? web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 servlet-nameMyServlet/servlet-name servlet-clalservlet.MyServlet/servlet-class servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/myservlet/url-pattern /servlet-mapping security-constraint web-resource-collection web-resource-nameMyServlet/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-name*/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config /web-app the excerpt of the server.xml file the keystore (localhost.ks) Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: trut Creation date: 6/Jun/2006 Entry type: trustedCertEntry Owner: CN=localhost Issuer: CN=localhost Serial number: 4485527a Valid from: Tue Jun 06 11:01:30 BST 2006 until: Mon Sep 04 11:01:30 BST 2006 Certificate fingerprints: MD5: 99:B2:EF:4D:F0:1C:5F:22:4B:0B:2B:82:33:6A:AF:BA SHA1: 7B:24:F3:83:4F:08:0A:1B:FC:97:1E:8B:F9:8D:D1:82:00:CF:D7:B6 *** *** Alias name: mykey Creation date: 6/Jun/2006 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=localhost Issuer: CN=localhost Serial number: 4485527a Valid from: Tue Jun 06 11:01:30 BST 2006 until: Mon Sep 04 11:01:30 BST 2006 Certificate fingerprints: MD5: 99:B2:EF:4D:F0:1C:5F:22:4B:0B:2B:82:33:6A:AF:BA SHA1: 7B:24:F3:83:4F:08:0A:1B:FC:97:1E:8B:F9:8D:D1:82:00:CF:D7:B6 *** *** the client package sslservlet; import java.io.InputStream; import java.net.URL; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSession; public class Client { private static class _HostNameVerifier implements HostnameVerifier { public boolean verify(String arg0, SSLSession arg1){ return true; } } public static void main(String[] args) { try{ URL url = new URL(https://localhost:8443/sslservlet/myservlet;); HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); conn.setHostnameVerifier(new _HostNameVerifier()); String msg = ; InputStream istream = conn.getInputStream(); int i = 0;
[JBoss-user] [Security JAAS/JBoss] - Re: clientAuth=true disables BASIC AUTH
Hi, thanks for your anser. I perfectly understand what's going on in my example. It's not that I don't agree with your general way of reasoning. I just feel it's missplaced in the context of servlet apps. I feel that there's no point in being able to specify CLIENT-CERT instead of BASIC AUTH, once you make that dependent on a transport layer concept (the connector) instead of an applicational one (the deployment descriptor). The confusion between client (transport) and user (applicational) was not my idea. It's in the spec, or at least in my reading of the spec. That's my point. However, it seems that I'm going to have to live with this so am going forward in the direction of separate connectors. Hope I'm able to make that work somehow. Will scan these forums for a similar attempt. Thank you very much for your time and good will. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949350#3949350 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949350 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: Possible to use two port numbers on one Tomcat?
Hello cpaul_it, That's exactly what I'm looking for!!! Can you share some config info ? Most importantly, can you give me some pointers about how to tell jboss that a certain webapp should be published in a certain connector ? Thank you very much View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949364#3949364 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949364 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - clientAuth=true disables BASIC AUTH
I configured the server.xml file in tomcat inside jboss4.0.3sp1 with both keystore and truststore, respective pswds, and clientAuth=true. This enables dual ssl. However, it disables basic auth from any clients towards other web apps that don't require cert based auth. I was expecting that different webapps, running in different security domains, with diferent auth-methodvalues (BASIC versus CLIENT-CERT) would be enough for the app server to know when to negociate client cert or not. Apparently it doesn't work like that. I'm already used to not get many answers from this forum. Never know if my questions are to basic or to complex. Even so, I believe that this scenario should be common enough to work. However, if it's not supposed to work like that after all, I need to setup my different web apps in different tomcat connectors with different ssl cfgs. This step I don't know how to do, so if someone has any hints on any of these topics I would as always welcome them. Sincerely hope anyone can help me with this. No point in redirecting me to http://www.jboss.org/wiki/Wiki.jsp?page=SSLSetup either. Been there, done that :) Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949168#3949168 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949168 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: clientAuth=true disables BASIC AUTH
Thank you very much for your answer :) You are correct, but the connector not only allows you to enable server side auth via ssl negotiation, it also allows you to enable client side auth. In fact, there's no point in setting your web app auth-method to CLIENT-CERT unless the connector is enabled for that via clientAuth=true. My point is that once you set this up, all the other webapps that were getting by with BASIC AUTH thru an encrypted , server-only authenticated channel stop working, which seems weird. That's why I mentioned probably having to attach these different web apps to different connectors, so that I could configure one with clientAuth=true and another with clientAuth=false. Seems a litle far-fetched but if it works it will be better than what I have now which is nothing :(. My second problem is I don't know if it is even possible to set this up either. Once again, thank you very much for your help. Even though my problem remains, your answer gives me hope that there's more people out there also willing to share their experience on this issue. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3949253#3949253 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3949253 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - static stub client inside jboss
Hello, I need to program a client for a web service running outside jboss 4.03sp1. The client will be a POJO included in a deployed ejb-jar. For performance reasons I think it would be better to use static clients, instead of dynamic ones. However, I'm anaware of any jboss tool that allows the generation of those stubs. At the same time I am afraid of mixing wsdl2java axis generated code within jboss due to possible classloading issues raised by the overlapping definitions between the axis jars and jboss ones. Finally, to complicate things even more, my client will need to authenticated itself via certificates for mutual ssl comunications. Given this messy array of constraints, can anyone provide some advice on the best strategy ? right now I'm very much inclined to dynamic proxies instead of static (and unaware of the real performance penalties...). The security issue cannot be disregarded either. Not even sure whether it is possible to setup that inside jboss. Ultimately, I may have to build an external j2se web service client, triggered from the jboss server via rmi or something, in the way of a proxy. HELP View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3946629#3946629 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3946629 --- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnkkid=107521bid=248729dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: use jbossws.sar from 4.0.4 in 4.0.3sp1
Not an option, unfortunately :( 09:30:35,571 ERROR [MainDeployer] Could not create deployment: file:/export/home/user01/jboss-4.0.3SP1/server/all/deploy/jmx-console.war/ java.lang.NoSuchMethodError: org.jboss.metadata.WebMetaData.getServletClassMap()Ljava/util/Map; at org.jboss.ws.server.WebServiceDeployerJSE.isWebserviceDeployment(WebServiceDeployerJSE.java:146) at org.jboss.ws.server.WebServiceDeployer.create(WebServiceDeployer.java:101) at org.jboss.ws.server.WebServiceDeployerJSE.create(WebServiceDeployerJSE.java:66) at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.create(SubDeployerInterceptorSupport.java:160) at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:77) at org.jboss.mx.server.Invocation.invoke(Invocation.java:74) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:176) at $Proxy49.create(Unknown Source) at org.jboss.deployment.MainDeployer.create(MainDeployer.java:935) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:789) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:753) at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:118) at org.jboss.mx.server.Invocation.invoke(Invocation.java:74) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127) at org.jboss.mx.server.Invocation.invoke(Invocation.java:74) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:176) at $Proxy6.deploy(Unknown Source) at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:319) at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:507) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:192) at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:265) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:274) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:230) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:943) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:428) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:176) at $Proxy4.start(Unknown Source) at org.jboss.deployment.SARDeployer.start(SARDeployer.java:285) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:989) at
[JBoss-user] [JBossWS] - use jbossws.sar from 4.0.4 in 4.0.3sp1
Hello, In my project there's a lot of distributed commitment towards jboss4.0.3sp1 which makes it unfeasible to move to the 4.0.4 version. It's too late for that now. Still I'm facing problems with deserialization of complex arrays types that, according with some forum threads, would be solved by replacing the jboss-ws4ee.sar with the jbossws.sar. Would it be safe to copy the jbossws.sar from 4.0.4 into 4.0.3 to replace the jboss-ws4ee.sar ? Please, any help on this would be highly appreciated since the problem just surfaced and the deadline is at hand. Thank you very much. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3941409#3941409 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3941409 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - where to get jbossws 1.0.0GA ?
Where can I find the jbossws.sar 1.0.0GA refered to in this link http://wiki.jboss.org/wiki/Wiki.jsp?page=WebServiceStacks ? The latest downloadable version of the AS is the 4.0.4RC2, which according to this link does not include it. I guess I have to locate AS version 4.0.4GA. Where ? Thank you View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3941410#3941410 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3941410 --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: EJB unreachable from POJO endpoint
Solved it like described in http://www.jboss.com/?module=bbop=viewtopicp=3882728 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3922318#3922318 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3922318 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: securing JAR-RPC 1.1 endpoints
Thanks for answering Thomas, but I've already been through that link. It only applies to SLSB though, which is not my problem. Are you saying that to have declarative security in a ws4ee portable way , I should use SLSB endpoints instead of JAX-RPC ones ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3921931#3921931 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3921931 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - Re: EJB unreachable from POJO endpoint
Anyone ? View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3921932#3921932 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3921932 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - EJB unreachable from POJO endpoint
I have the following setup: 1. EJB1 - POJOWS - standalone ws client(outside the container) 2. EJB1 - EJB2 - - standalone RMI-IIOP client (outside the container) 3. EJB1 - standalone RMI-IIOP client (outside the container) Only the last 2 scenarios are working. The first is returning EJB1 not bound. However, the l(remote) ookup code is exactly the same as the code in the client in scenario 3 and in the EJB2 in scenario 2. So, it seems that the EJB1 can be reached from the EJB container, outside the container, but not from the servlet container. These units are being deployed like this: POJOWS-test.war EJB1+EJB2 - test.jar in JBOSS 4.0.3SP1. Can anyone tell me what's going on ? Is this a know issue ? I really need help here, guys. Thanks. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3921740#3921740 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3921740 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - securing JAR-RPC 1.1 endpoints
Hello, I've searched but found no reference on how to specify declarative access control for POJO endpoints. Apparently, authorization would be specified at the url level as in normal servlets, but that would involve knowing how the wsdl operation map to the urls, which I don't know. Furthemore, I need a portable way to do it and I believe ws4ee 1.1 is silent on this. Can anyone help me on this ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3920739#3920739 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3920739 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: WSSecurity
Anyone ? Should I post this question in the web service forum ? Thanks. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3917302#3917302 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3917302 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - WSSecurity
In the link http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecurity, under Core features there's a mention to Username tokens with JBossSX/JAAS integration but no corresponding statement about X.509 tokens, which are also supported. So I would just ask someone to confirm that this isn't a typo and that there is indeed no integration with JBossSX/JAAS for digital signatures authentication via X.509 tokens as there is for the username token (and HTTPS client auth). I already posted this question in the security forum but was redirected here by JBoss CTO so just hope he is right and any other of you guys can help me. Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3917392#3917392 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3917392 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - Re: clustered statefull ejbs require HA-JNDI in colocated sc
Well, does it make sense or not ? Anyone ?... View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3916658#3916658 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3916658 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: restricting SSL ciphersuites
Yes there is :) Tomcat as a connector flag named cipher (or something like that) for that purpose. see the SSL connector docs for details. Furthermore, JBoss 4.0.3 was enhanced with exporting of all the SSL Socket Factory api configuration parameters, ciphersuite being one of them. check http://jira.jboss.com/jira/browse/JBAS-1983 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3916664#3916664 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3916664 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: support to certificate revocation verify
Check this http://www.jboss.com/index.html?module=bbop=viewtopict=74954 and this http://mail-archives.apache.org/mod_mbox/tomcat-users/200512.mbox/[EMAIL PROTECTED] View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=391#391 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=391 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - Re: https through load balancer breaks declarative security
1) Nope. Most major hardware load balancer may act in an SSL offloader role wher they route traffic with server affinity based on layer3-4 info. 2) Still don't know this, posted a question in the tomcat forum but no answer either 3) Haven't found any that doesn't use proprietary mechanisms (like using special HTTP headers, etc), but JBoss also has a saying in this. Check http://www.jboss.com/index.html?module=bbop=viewtopict=74870 View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3916669#3916669 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3916669 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: WSSecurity
In that link, under Core features there's a mention to Username tokens with JBossSX/JAAS integration but no corresponding statement about X.509 tokens, which are also supported. So I would just ask someone to confirm that this isn't a typo and that there is indeed no integration with JBossSX/JAAS for digital signatures authentication via X.509 tokens as there is for the username token (and HTTPS client auth). Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3916689#3916689 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3916689 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - restricting SSL ciphersuites
Hi Is there some way of configuring JBoss AS SSL server to only accept a specific subset of cipher suites ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3916289#3916289 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3916289 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - Re: clustered statefull ejbs require HA-JNDI in colocated sc
Hi Ultimately, the bean is clustered to support clustering of an HTTPSession carrying a remote reference to it. Does this make any sense ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915787#3915787 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915787 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - tomcat version 5.5.12 + CRL
Hello, I read that starting with version 5.5.12 there's an aditional tomcat ssl connector paramater called crlFile that enables tomcat to handle CRLs. It has to be compiled with jdk 1.5 though. Has JBoss already incorporated this behaviour ? Thank you View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915793#3915793 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915793 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: proprietary authentication mechanisms
I really need help on this. Maybe a litle background info helps you helping me :) This question fits in the context of a project where the possibility of using a load balancer working as a SSL acelerator (aka SSL offloader) is being weighted against the power to leverage J2EE native HTTP authentication mechanisms (basic/digest/form). This is a problem because all the load balancers I'm aware of authenticate and transfer the user identity (even the certificate itself) via proprietary mechanisms (eg. special HTTP headers). So since I'm not interested in programming a security infrastructure myself, I wandered whether JBoss highly modular architecture couldn't come to the rescue with some way of plugin-in an authentication mechanism recognized by the rest of the container's security infrastructure, so that after successfull authentication, it still enabled authorization via declarative specs. Any help whatsoever would be higly appreciated. Nuno View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915819#3915819 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915819 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: proprietary authentication mechanisms
Thanks for your help but I've been through all of that already. I finally found an answer (unfortunately a negative one) in the thread http://www.jboss.com/index.html?module=bbop=viewtopict=73966 Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915898#3915898 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915898 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: proprietary authentication mechanisms
Thanks for your help but I've been through all of that already. I finally found an answer (unfortunately a negative one) in the thread http://www.jboss.com/index.html?module=bbop=viewtopict=73966 Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915899#3915899 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915899 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: proprietary authentication mechanisms
Also found this: http://jira.jboss.com/jira/browse/JBAS-2283 The definite NO... View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915902#3915902 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915902 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - support to certificate revocation verify
Does JBoss SSL support include the ability to verify a client's certificate revocation ? If so, is there any tutorial on configuring it ? Thanks in advance View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915471#3915471 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915471 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - proprietary authentication mechanisms
Does JBoss allows the insertion of proprietay authentication mechanisms, (eg. a message that embedds the credentials in some proprietary format). How ? Through a Callback handler ??...how do I access the message from there ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915479#3915479 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915479 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - WSSecurity
Does JBoss accept WS security, namely the user token as an authentication mechanism ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915320#3915320 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915320 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - clustered statefull ejbs require HA-JNDI in colocated scenar
I have colocated web and business layers in each Jboss server and want to replicate HTTPSession instances throughout the cluster (to enable HTTP session fail-over). Furthermore, the session holds a statefull (clustered) ejb remote reference. In this scenario must the remote reference be fetched from HA-JNDI or can it be retrieved from the local JNDI server, since I don't want load balancing anyway ? Thank you in advance View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915141#3915141 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915141 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBossWS] - WSSecurity interoperability
Given the current draft status of the Basic Security Profile 1.0, would anyone recomend the use of JBoss's WSSecurity from an interoperability point of view (with .NET for instance) or is that spec totally irrelevant in the current state of affairs ? Thanks in advance View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915145#3915145 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915145 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - Re: clustered statefull ejbs require HA-JNDI in colocated sc
Thanks for answering. Interesting. I had this (wrong) idea that cluster aware stubs would only be available via HA-JNDI and that plain JNDI servers would still have old non-cluster aware stubs. This raises another problem. In this colocated scenario, it makes no sense to redirect the request to another cluster node. How do I prevent load balancing from happening ? Thank you View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915182#3915182 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915182 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - powerfull/flexible = role per method ????
Hello, I'm working in a project where there?s a requirement that the user must be able to assign users to dynamically defined groups. These groups are constituted in terms of the actions they may perform in the system. The most flexible way of doing this and still leverage ejb declarative security mechanisms would be to create a role per ejb method(action), which sounds a litle cumbersome. Can anyone's experience advise on better practices ? would you recomend programming security proxys instead ? Thanks in advance. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3915186#3915186 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3915186 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - Re: security before/after AJP1.3
can someone please help me ? Maybe I should rephrase my question to Does ajp1.3 leverages the declarative security mechanisms or does it force applicational security ? Thanks in advance View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3914771#3914771 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3914771 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [JBoss jBPM] - jbpm in a cluster
Can anyone please confirm the following statement ? JBPM workflow process descriptions and runtime status are persisted to a database but in a cluster they are not automatically failed-over, which makes sense once you realize that some processing steps may not be idempotent. Therefore, while the process description is persistent, workflow failover must be performed manually. Thank you View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3914582#3914582 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3914582 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Tomcat, HTTPD, Servlets JSP] - security before/after AJP1.3
I have a web app with declarative security setup in the deployment descriptor in a way to force ssl with client authentication. If I insert an apache node in the middle talking AJP1.3 with the server, do the deployment descriptors have to change in any way to maintain the same behavior regarding the identity validation and access control enforcement ? ( Note that I'm describing an arrangement where the apache server would make client authentication (mod-ssl) and transfer that info to JBoss via AJP1.3 (mod_jk) ) Thank you View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3914429#3914429 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3914429 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - cluster aware Timers
I have an ejb that uses the ctx.getTimerService() call to schedule notifications as defined by the EJB 2.1 spec. Are Timers cluster-aware, in the sense of fail-over and if so, starting with what JBoss version ? Thank you View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3914451#3914451 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3914451 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - ssl client auth through load balancer breaks declarative sec
Hello, I posted this question 2 days ago in the clustering forum but after having received no answer I decided that this forum may be a better place to post it. Please forgive me if that isn't the case but I'm desperate for an answer:( My desired setup is for a Jboss cluster serving requests behind a load balancer. Also I intend to use declarative security on the deployed units and have ssl client side authentication. I need someone to please confirm/deny the following statements: 1) ssl has to be negotiated by the load balancer, whether hardware or software based (apache with mod_proxy/mod_jk). 2) if using apache with mod_jk it is possible to configure it to send the client side authentication details (certificate) in such a way that jboss may enforce declarative authorization as if it had done the authentication itself. This also means that the programatic means to get the authenticated user identity described in the ejb and servlet specs will still work. 3) there is no hardware load balancer that supports the behavior described in 2), which means that with a hardware load balancer it is impossible to use declarative authorization enforcement. After a whole lot testing and digging up for info, I'm quite desperate to solve this question, so if someone could help me I would be most thankfull. Nuno View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3914313#3914313 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3914313 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - https through load balancer breaks declarative security
Hello, My desired setup is for a Jboss cluster serving requests behind a load balancer. Also I intend to use declarative security on the deployed units and have ssl client side authentication. I need someone to please confirm/deny the following statements: 1) ssl has to be negotiated by the load balancer, whether hardware or software based (apache with mod_proxy/mod_jk). 2) if using apache with mod_jk it is possible to configure it to send the client side authentication details (certificate) in such a way that jboss may enforce declarative authorization as if it had done the authentication itself. This also means that the programatic means to get the authenticated user identity described in the ejb and servlet specs will still work. 3) there is no hardware load balancer that supports the behavior described in 2), which means that with a hardware load balancer it is impossible to use declarative authorizations After a whole lot testing and digging up for info myself, I'm quite desperate to solve this question, so if someone could help me I would be most thankfull. Nuno View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3914233#3914233 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3914233 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - Re: HTTPSession replication = serializable
Thanks for your answer. If possible I would like to refine my knowedge about JBoss's HTTPSession replication. Will Replication just not work if there is non-serializable content or it works just for the serializable part ? Thank you View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3899534#3899534 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899534 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - HTTPSession replication = serializable
Hello, I read that JBoss's HTTPSession replication demands the session contents to be serializable and that using local EJB references would not respect that because local EJB references where not serializable. Is there any truth to any of this ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3899253#3899253 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899253 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - load balancing per client ?
Hello Just asking to confirm that there's no attempt from JBoss clustering architecture to centralize the client requests load balancing. It seems to me that the idea of dynamic proxies, being scoped to the client, may originate some perverse global effectes like all the clients happening to be routed to the same node at the same time, given that apparently there is no coordination attempt among those requests from different clients. Can anyone confirm that this may be an issue with dynamic proxies ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3899252#3899252 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899252 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Clustering/JBoss] - sticky sessions break declarative https ?
I'm in a bit of a dilema If I need sticky HTTP sessions, then my hardware load balancer needs to have a ssl decoder to handle the https requests. However by doing that, how can I enforce container security for my web app when the request arriving at the servlet container is plain http ? How can I enforce exclusive https access this way ? Must I configure the in the firewall after the HW load balancer ? Or can I just don't worry about session stickiness in JBoss's clustered environment due its HTTPSession replication assurances ? Thanks View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3899363#3899363 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3899363 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Persistence,JBoss/CMP, Hibernate, Database] - Oracle9i connection down = 1rst entity EJB request hangs
Hello I am experiencing a strange behaviour with an entity bean and Oracle 9i. Whenever I disconnect the network cable leading from JBoss to the DB, the first client request just hangs. However, subsequent requests immediately complain with a SQLException about a network adapter being down. If I reduce the idle-timeout-seconds parameter in oracle-ds.xml to 1 sec, the first request complains immediately, as expected. Of course, this setup is not desirable so can anyone explain what's going on here. I also have the valid-connection-checker-class-name option enabled. Why is the first request different from the rest when the netwrok connection is down ? Any help would be highly appreciated. Nuno View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3898228#3898228 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3898228 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - CONFIDENTIAL not working ?
Hello, The following is not preventing me from accessing the associated servlet by plain HTTP. user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint I was hopping that this would make only https available for this web applicaton (which by the way, is working). Am i interpreting the meaning of this flag wrongly or there's something else that needs to be activated to prevent a plain http view of the servlet ? I'm using jboss-4.0.1sp1. Many thanks in advance View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3879907#3879907 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3879907 --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: CONFIDENTIAL not working ?
Please ignore my question. The problem was that the web-resource-collection identification didn't match the servlet name. silly typing mistake :( View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3879960#3879960 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3879960 --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - ejb-ssl with client authentication ?
Hello Is it possible to force client-authentication when using ssl to conect to an ejb ? If so can anyone describe the procedure or point me to some info repository ? Thank you. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3879728#3879728 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3879728 --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user