-
1. Re: [forge-dev] Security addon in Forge
gastaldi Oct 12, 2014 5:05 PM (in response to ivan_stefanov)Have you checked the Picketlink addon?
http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
Check it out, because I believe it already does some stuff that you are looking for.
Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
Hi folks,
I wanted to add a new addon to Forge that handles the Java EE security topics:
- Add constraints to some resources
- Setup authentication mechanism (form, basic, digest, etc.)
- Assign realm to security constraints
- Create security roles
- If the realm is JDBC and JPA facet is installed, add an entity along with some named queries
I looked in the Forge JIRA whether there is something like that and I found this issue created almost a year and a half ago:
https://issues.jboss.org/browse/FORGEPLUGINS-152
I read in the description though, that the addon should be also able to setup groups and users inside a realm. Isn't that too server specific if the realm is not JDBC? Maybe we could continue the communication in the issue, so whoever is interested my add themselves as a watcher there?
Cheers,
Ivan
_______________________________________________
forge-dev mailing list
-
att1.html.zip 1.0 KB
-
-
2. Re: [forge-dev] Security addon in Forge
ivan_stefanov Oct 13, 2014 3:00 AM (in response to gastaldi)Hi George,
Thanks, I'll look at it!
Do you think it is reasonable to close
https://issues.jboss.org/browse/FORGEPLUGINS-152?
Regards,
Ivan
On Mon, Oct 13, 2014 at 12:05 AM, George Gastaldi <ggastald@redhat.com>
wrote:
Have you checked the Picketlink addon?
>
http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
Check it out, because I believe it already does some stuff that you are
looking for.
Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
escreveu:
Hi folks,
I wanted to add a new addon to Forge that handles the Java EE security
topics:
- Add constraints to some resources
- Setup authentication mechanism (form, basic, digest, etc.)
- Assign realm to security constraints
- Create security roles
- If the realm is JDBC and JPA facet is installed, add an entity along
with some named queries
I looked in the Forge JIRA whether there is something like that and I
found this issue created almost a year and a half ago:
https://issues.jboss.org/browse/FORGEPLUGINS-152
I read in the description though, that the addon should be also able to
setup groups and users inside a realm. Isn't that too server specific if
the realm is not JDBC? Maybe we could continue the communication in the
issue, so whoever is interested my add themselves as a watcher there?
Cheers,
Ivan
_______________________________________________
forge-dev mailing list
https://lists.jboss.org/mailman/listinfo/forge-dev
>
_______________________________________________
forge-dev mailing list
https://lists.jboss.org/mailman/listinfo/forge-dev
-
att1.html.zip 1.3 KB
-
-
3. Re: [forge-dev] Security addon in Forge
gastaldi Oct 13, 2014 3:22 AM (in response to ivan_stefanov)I am not sure, since the PicketLink addon is specific to PicketLink, and not plain JavaEE security. Perhaps we need to introduce a new command in the javaee addon.
Em 13/10/2014, às 10:01, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
Hi George,
Thanks, I'll look at it!
Do you think it is reasonable to close https://issues.jboss.org/browse/FORGEPLUGINS-152?
Regards,
Ivan
>> On Mon, Oct 13, 2014 at 12:05 AM, George Gastaldi <ggastald@redhat.com> wrote:
>> Have you checked the Picketlink addon?
>>
>> http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
>>
>> Check it out, because I believe it already does some stuff that you are looking for.
>>
>>> Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
>>>
>>
>>> Hi folks,
>>>
>>> I wanted to add a new addon to Forge that handles the Java EE security topics:
>>>
>>> - Add constraints to some resources
>>> - Setup authentication mechanism (form, basic, digest, etc.)
>>> - Assign realm to security constraints
>>> - Create security roles
>>> - If the realm is JDBC and JPA facet is installed, add an entity along with some named queries
>>>
>>> I looked in the Forge JIRA whether there is something like that and I found this issue created almost a year and a half ago:
>>>
>>> https://issues.jboss.org/browse/FORGEPLUGINS-152
>>>
>>> I read in the description though, that the addon should be also able to setup groups and users inside a realm. Isn't that too server specific if the realm is not JDBC? Maybe we could continue the communication in the issue, so whoever is interested my add themselves as a watcher there?
>>>
>>> Cheers,
>>> Ivan
>>> _______________________________________________
>>> forge-dev mailing list
>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>
>> _______________________________________________
>> forge-dev mailing list
>> https://lists.jboss.org/mailman/listinfo/forge-dev
_______________________________________________
forge-dev mailing list
-
att1.html.zip 1.5 KB
-
-
4. Re: [forge-dev] Security addon in Forge
ivan_stefanov Oct 13, 2014 7:17 AM (in response to gastaldi)OK, George, should I read your answers as: "Yes, Ivan, go on and implement
the security command(s) in the javaee addon. You may use the picketlink
addon as reference, but follow the spec"
On Mon, Oct 13, 2014 at 10:22 AM, George Gastaldi <ggastald@redhat.com>
wrote:
I am not sure, since the PicketLink addon is specific to PicketLink, and
not plain JavaEE security. Perhaps we need to introduce a new command in
the javaee addon.
>
Em 13/10/2014, às 10:01, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
escreveu:
Hi George,
Thanks, I'll look at it!
Do you think it is reasonable to close
https://issues.jboss.org/browse/FORGEPLUGINS-152?
Regards,
Ivan
>
On Mon, Oct 13, 2014 at 12:05 AM, George Gastaldi <ggastald@redhat.com>
wrote:
>> Have you checked the Picketlink addon?
>>
>>
>> http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
>>
>> Check it out, because I believe it already does some stuff that you are
>> looking for.
>>
>> Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
>> escreveu:
>>
>> Hi folks,
>>
>> I wanted to add a new addon to Forge that handles the Java EE security
>> topics:
>>
>> - Add constraints to some resources
>> - Setup authentication mechanism (form, basic, digest, etc.)
>> - Assign realm to security constraints
>> - Create security roles
>> - If the realm is JDBC and JPA facet is installed, add an entity along
>> with some named queries
>>
>> I looked in the Forge JIRA whether there is something like that and I
>> found this issue created almost a year and a half ago:
>>
>> https://issues.jboss.org/browse/FORGEPLUGINS-152
>>
>> I read in the description though, that the addon should be also able to
>> setup groups and users inside a realm. Isn't that too server specific if
>> the realm is not JDBC? Maybe we could continue the communication in the
>> issue, so whoever is interested my add themselves as a watcher there?
>>
>> Cheers,
>> Ivan
>>
>> _______________________________________________
>> forge-dev mailing list
>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>
>>
>> _______________________________________________
>> forge-dev mailing list
>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>
>
_______________________________________________
forge-dev mailing list
https://lists.jboss.org/mailman/listinfo/forge-dev
>
_______________________________________________
forge-dev mailing list
https://lists.jboss.org/mailman/listinfo/forge-dev
-
att1.html.zip 1.5 KB
-
-
5. Re: [forge-dev] Security addon in Forge
gastaldi Oct 13, 2014 8:18 AM (in response to ivan_stefanov)You are an awesome mind-reader
Em 13/10/2014, às 14:17, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
OK, George, should I read your answers as: "Yes, Ivan, go on and implement the security command(s) in the javaee addon. You may use the picketlink addon as reference, but follow the spec"
>> On Mon, Oct 13, 2014 at 10:22 AM, George Gastaldi <ggastald@redhat.com> wrote:
>> I am not sure, since the PicketLink addon is specific to PicketLink, and not plain JavaEE security. Perhaps we need to introduce a new command in the javaee addon.
>>
>>
>>
>>> Em 13/10/2014, às 10:01, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
>>>
>>
>>> Hi George,
>>>
>>> Thanks, I'll look at it!
>>>
>>> Do you think it is reasonable to close https://issues.jboss.org/browse/FORGEPLUGINS-152?
>>>
>>> Regards,
>>> Ivan
>>>
>>>
>>>
>>>> On Mon, Oct 13, 2014 at 12:05 AM, George Gastaldi <ggastald@redhat.com> wrote:
>>>> Have you checked the Picketlink addon?
>>>>
>>>> http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
>>>>
>>>> Check it out, because I believe it already does some stuff that you are looking for.
>>>>
>>>>> Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
>>>>>
>>>>
>>>>> Hi folks,
>>>>>
>>>>> I wanted to add a new addon to Forge that handles the Java EE security topics:
>>>>>
>>>>> - Add constraints to some resources
>>>>> - Setup authentication mechanism (form, basic, digest, etc.)
>>>>> - Assign realm to security constraints
>>>>> - Create security roles
>>>>> - If the realm is JDBC and JPA facet is installed, add an entity along with some named queries
>>>>>
>>>>> I looked in the Forge JIRA whether there is something like that and I found this issue created almost a year and a half ago:
>>>>>
>>>>> https://issues.jboss.org/browse/FORGEPLUGINS-152
>>>>>
>>>>> I read in the description though, that the addon should be also able to setup groups and users inside a realm. Isn't that too server specific if the realm is not JDBC? Maybe we could continue the communication in the issue, so whoever is interested my add themselves as a watcher there?
>>>>>
>>>>> Cheers,
>>>>> Ivan
>>>>> _______________________________________________
>>>>> forge-dev mailing list
>>>>> forge-dev@lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>>
>>>> _______________________________________________
>>>> forge-dev mailing list
>>>> forge-dev@lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>
>>> _______________________________________________
>>> forge-dev mailing list
>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>
>> _______________________________________________
>> forge-dev mailing list
>> https://lists.jboss.org/mailman/listinfo/forge-dev
_______________________________________________
forge-dev mailing list
-
att1.html.zip 1.6 KB
-
-
6. Re: [forge-dev] Security addon in Forge
ivan_stefanov Jan 3, 2015 6:05 PM (in response to ivan_stefanov)So, I am reworking this addon for the third time now.
I reached to the conclusion that I will create a mirroring SecurityFacet
implementation for every ServletFacet implementation (2_5, 3_0, 3_1).
Before you jumping at me, I would like to share some code.
public interface SecurityFacet
wrote:
OK, George, should I read your answers as: "Yes, Ivan, go on and implement
the security command(s) in the javaee addon. You may use the picketlink
addon as reference, but follow the spec"
On Mon, Oct 13, 2014 at 10:22 AM, George Gastaldi <ggastald@redhat.com>
wrote:
>> I am not sure, since the PicketLink addon is specific to PicketLink, and
>> not plain JavaEE security. Perhaps we need to introduce a new command in
>> the javaee addon.
>>
>>
>>
>> Em 13/10/2014, às 10:01, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
>> escreveu:
>>
>> Hi George,
>>
>> Thanks, I'll look at it!
>>
>> Do you think it is reasonable to close
>> https://issues.jboss.org/browse/FORGEPLUGINS-152?
>>
>> Regards,
>> Ivan
>>
>>
>>
>> On Mon, Oct 13, 2014 at 12:05 AM, George Gastaldi <ggastald@redhat.com>
>> wrote:
>>
>>> Have you checked the Picketlink addon?
>>>
>>>
>>> http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
>>>
>>> Check it out, because I believe it already does some stuff that you are
>>> looking for.
>>>
>>> Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
>>> escreveu:
>>>
>>> Hi folks,
>>>
>>> I wanted to add a new addon to Forge that handles the Java EE security
>>> topics:
>>>
>>> - Add constraints to some resources
>>> - Setup authentication mechanism (form, basic, digest, etc.)
>>> - Assign realm to security constraints
>>> - Create security roles
>>> - If the realm is JDBC and JPA facet is installed, add an entity along
>>> with some named queries
>>>
>>> I looked in the Forge JIRA whether there is something like that and I
>>> found this issue created almost a year and a half ago:
>>>
>>> https://issues.jboss.org/browse/FORGEPLUGINS-152
>>>
>>> I read in the description though, that the addon should be also able to
>>> setup groups and users inside a realm. Isn't that too server specific if
>>> the realm is not JDBC? Maybe we could continue the communication in the
>>> issue, so whoever is interested my add themselves as a watcher there?
>>>
>>> Cheers,
>>> Ivan
>>>
>>> _______________________________________________
>>> forge-dev mailing list
>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>
>>>
>>> _______________________________________________
>>> forge-dev mailing list
>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>
>>
>> _______________________________________________
>> forge-dev mailing list
>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>
>>
>> _______________________________________________
>> forge-dev mailing list
>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>
>
-
att1.html.zip 2.2 KB
-
-
7. Re: [forge-dev] Security addon in Forge
ivan_stefanov Jan 3, 2015 6:26 PM (in response to ivan_stefanov)Sorry, forget about it. I put my new methods in the servlet facet
On Sun, Jan 4, 2015 at 1:05 AM, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
wrote:
So, I am reworking this addon for the third time now.
I reached to the conclusion that I will create a mirroring SecurityFacet
implementation for every ServletFacet implementation (2_5, 3_0, 3_1).
Before you jumping at me, I would like to share some code.
public interface SecurityFacet<DESCRIPTOR extends WebAppCommonDescriptor>
{
public void addLoggingConfig(AuthenticationMethod method, String realmName);
}
public interface SecurityFacet_2_5 extends SecurityFacet<org.jboss.shrinkwrap.descriptor.api.webapp25.WebAppDescriptoWebAppDescriptor>
public class SecurityFacetImpl_2_5 extends ServletFacetImpl_2_5 implements SecurityFacet_2_5
Before that though, I wonder is there a possibility to somehow inject the
needed ServletFacetImpl inside its corresponding SecurityFacetImpl, i.e.
compose it? I am doing it now with inheritance, but I don't quite like it
because of the DependencyInstaller dependency in the ServletFacetImpl
constructors. Which I need to explicitly create a constructor in the
SecurityFacetImpl for:
@Inject
public SecurityFacetImpl_2_5(DependencyInstaller installer)
{
super(installer);
}
>
I will share later some code, but please tell me whether composition over
inheritance will work in case of facets?
Thanks,
Ivan
On Mon, Oct 13, 2014 at 2:17 PM, Ivan St. Ivanov <ivan.st.ivanov@gmail.com
wrote:
>> OK, George, should I read your answers as: "Yes, Ivan, go on and
>> implement the security command(s) in the javaee addon. You may use the
>> picketlink addon as reference, but follow the spec"
>>
>> On Mon, Oct 13, 2014 at 10:22 AM, George Gastaldi <ggastald@redhat.com>
>> wrote:
>>
>>> I am not sure, since the PicketLink addon is specific to PicketLink,
>>> and not plain JavaEE security. Perhaps we need to introduce a new command
>>> in the javaee addon.
>>>
>>>
>>>
>>> Em 13/10/2014, às 10:01, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
>>> escreveu:
>>>
>>> Hi George,
>>>
>>> Thanks, I'll look at it!
>>>
>>> Do you think it is reasonable to close
>>> https://issues.jboss.org/browse/FORGEPLUGINS-152?
>>>
>>> Regards,
>>> Ivan
>>>
>>>
>>>
>>> On Mon, Oct 13, 2014 at 12:05 AM, George Gastaldi <ggastald@redhat.com>
>>> wrote:
>>>
>>>> Have you checked the Picketlink addon?
>>>>
>>>>
>>>> http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
>>>>
>>>> Check it out, because I believe it already does some stuff that you are
>>>> looking for.
>>>>
>>>> Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com>
>>>> escreveu:
>>>>
>>>> Hi folks,
>>>>
>>>> I wanted to add a new addon to Forge that handles the Java EE security
>>>> topics:
>>>>
>>>> - Add constraints to some resources
>>>> - Setup authentication mechanism (form, basic, digest, etc.)
>>>> - Assign realm to security constraints
>>>> - Create security roles
>>>> - If the realm is JDBC and JPA facet is installed, add an entity along
>>>> with some named queries
>>>>
>>>> I looked in the Forge JIRA whether there is something like that and I
>>>> found this issue created almost a year and a half ago:
>>>>
>>>> https://issues.jboss.org/browse/FORGEPLUGINS-152
>>>>
>>>> I read in the description though, that the addon should be also able to
>>>> setup groups and users inside a realm. Isn't that too server specific if
>>>> the realm is not JDBC? Maybe we could continue the communication in the
>>>> issue, so whoever is interested my add themselves as a watcher there?
>>>>
>>>> Cheers,
>>>> Ivan
>>>>
>>>> _______________________________________________
>>>> forge-dev mailing list
>>>> forge-dev@lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>>
>>>>
>>>> _______________________________________________
>>>> forge-dev mailing list
>>>> forge-dev@lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>>
>>>
>>> _______________________________________________
>>> forge-dev mailing list
>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>
>>>
>>> _______________________________________________
>>> forge-dev mailing list
>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>
>>
>>
>
-
att1.html.zip 2.3 KB
-
-
8. Re: [forge-dev] Security addon in Forge
gastaldi Jan 3, 2015 7:36 PM (in response to ivan_stefanov)You made the choice... wisely!
Em 03/01/2015, às 21:26, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
Sorry, forget about it. I put my new methods in the servlet facet
>> On Sun, Jan 4, 2015 at 1:05 AM, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> wrote:
>> So, I am reworking this addon for the third time now.
>>
>> I reached to the conclusion that I will create a mirroring SecurityFacet implementation for every ServletFacet implementation (2_5, 3_0, 3_1). Before you jumping at me, I would like to share some code.
>>
>> public interface SecurityFacet OK, George, should I read your answers as: "Yes, Ivan, go on and implement the security command(s) in the javaee addon. You may use the picketlink addon as reference, but follow the spec"
>>>
>>>> On Mon, Oct 13, 2014 at 10:22 AM, George Gastaldi <ggastald@redhat.com> wrote:
>>>> I am not sure, since the PicketLink addon is specific to PicketLink, and not plain JavaEE security. Perhaps we need to introduce a new command in the javaee addon.
>>>>
>>>>
>>>>
>>>>> Em 13/10/2014, às 10:01, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
>>>>>
>>>>
>>>>> Hi George,
>>>>>
>>>>> Thanks, I'll look at it!
>>>>>
>>>>> Do you think it is reasonable to close https://issues.jboss.org/browse/FORGEPLUGINS-152?
>>>>>
>>>>> Regards,
>>>>> Ivan
>>>>>
>>>>>
>>>>>
>>>>>> On Mon, Oct 13, 2014 at 12:05 AM, George Gastaldi <ggastald@redhat.com> wrote:
>>>>>> Have you checked the Picketlink addon?
>>>>>>
>>>>>> http://forge.jboss.org/addon/org.picketlink.tools.forge:picketlink-forge-addon
>>>>>>
>>>>>> Check it out, because I believe it already does some stuff that you are looking for.
>>>>>>
>>>>>>> Em 12/10/2014, às 22:32, Ivan St. Ivanov <ivan.st.ivanov@gmail.com> escreveu:
>>>>>>>
>>>>>>
>>>>>>> Hi folks,
>>>>>>>
>>>>>>> I wanted to add a new addon to Forge that handles the Java EE security topics:
>>>>>>>
>>>>>>> - Add constraints to some resources
>>>>>>> - Setup authentication mechanism (form, basic, digest, etc.)
>>>>>>> - Assign realm to security constraints
>>>>>>> - Create security roles
>>>>>>> - If the realm is JDBC and JPA facet is installed, add an entity along with some named queries
>>>>>>>
>>>>>>> I looked in the Forge JIRA whether there is something like that and I found this issue created almost a year and a half ago:
>>>>>>>
>>>>>>> https://issues.jboss.org/browse/FORGEPLUGINS-152
>>>>>>>
>>>>>>> I read in the description though, that the addon should be also able to setup groups and users inside a realm. Isn't that too server specific if the realm is not JDBC? Maybe we could continue the communication in the issue, so whoever is interested my add themselves as a watcher there?
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Ivan
>>>>>>> _______________________________________________
>>>>>>> forge-dev mailing list
>>>>>>> forge-dev@lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>>>>
>>>>>> _______________________________________________
>>>>>> forge-dev mailing list
>>>>>> forge-dev@lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>>>
>>>>> _______________________________________________
>>>>> forge-dev mailing list
>>>>> forge-dev@lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>>
>>>> _______________________________________________
>>>> forge-dev mailing list
>>>> forge-dev@lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/forge-dev
>>>
>>
_______________________________________________
forge-dev mailing list
-
att1.html.zip 2.4 KB
-