-
1. Re: Pulling security out as a separate module
starksm64 Apr 14, 2008 5:39 AM (in response to anil.saldhana)I think the issue is just duplicate code. Between aspects, security and ejb2 there seems to be a lot of duplication.
-
2. Re: Pulling security out as a separate module
alrubinger Apr 14, 2008 5:45 AM (in response to anil.saldhana)"anil.saldhana@jboss.com" wrote:
What about the security interceptors (AuthenticationInterceptorv2, RoleBasedInterceptorv2 etc) in ejb3 core? Should they be moved to the ejb3-interceptors using the ejb3-security module code base?
EJB3 Interceptors is the scaffolding for implementation of EJB3 Core Spec Chapter 12.
Individual interceptors, now referred as "aspects" for differentiation, live in jbossas/projects/jboss-aspects. If these are EJB3-specific, you can make a new component under jbossas/projects/ejb3.
S,
ALR -
3. Re: Pulling security out as a separate module
wolfc Apr 14, 2008 6:05 AM (in response to anil.saldhana)We need a more stable core and a more stable security implementation. So everything mandated in chapter 17 should be in one component. The only question is whether that component is EJB 3 specific or just EJB. My guess is that's actually a general security component with an aspect on top of it. The aspect should then be in jboss-aspects-security as long as it does not require any EJB API classes (so some configuration like exceptionType thrown should be configurable).
If there is anything EJB 3 specific in chapter 17, then that should go in ejb3-security.
If it's easier for the moment to have everything in ejb3-security, then make it so. We can separate out the generic stuff later on. -
4. Re: Pulling security out as a separate module
anil.saldhana Apr 14, 2008 10:13 AM (in response to anil.saldhana)"scott.stark@jboss.org" wrote:
I think the issue is just duplicate code. Between aspects, security and ejb2 there seems to be a lot of duplication.
Aspects security is not being used (apart from the SecurityClientInterceptor which will be moved to ejb3 core). I am not sure about what classes the embedded version uses.
I extracted the common code base between ejb2 and ejb3 into helper classes in the AS/security module, sometime ago. -
5. Re: Pulling security out as a separate module
kabirkhan Apr 14, 2008 10:15 AM (in response to anil.saldhana)"anil.saldhana@jboss.com" wrote:
Aspects security is not being used (apart from the SecurityClientInterceptor which will be moved to ejb3 core). I am not sure about what classes the embedded version uses.
I extracted the common code base between ejb2 and ejb3 into helper classes in the AS/security module, sometime ago.
We do have tests in the AS testsuite to test these aspects, and there are some users using them as well -
6. Re: Pulling security out as a separate module
anil.saldhana Apr 14, 2008 10:37 AM (in response to anil.saldhana)All that the ejb3 security interceptors were doing were to extend the aspects security interceptors with bulk of the processing done in the aspects layer. Carlo wanted the ejb3 sec interceptors to implement aspects interceptor and do all the processing there. I think he is right.
Moving the aspects security code into the ejb3 security code enabled me to extract common code (with ejb2). -
7. Re: Pulling security out as a separate module
anil.saldhana Apr 16, 2008 2:16 PM (in response to anil.saldhana)http://jira.jboss.com/jira/browse/EJBTHREE-1296
I have started work on this. -
8. Re: Pulling security out as a separate module
anil.saldhana Apr 16, 2008 4:15 PM (in response to anil.saldhana)Currently I have made ejb3 core independent of JBossAS/security code base. There is some redundancy in ejb3/security submodule. But I am in the process of removing that.
-
9. Re: Pulling security out as a separate module
anil.saldhana Apr 22, 2008 12:51 AM (in response to anil.saldhana)I have separated out the security stuff into ejb3/security module. Additional refactor of security code from the ejb3 core will be done after the first cut of ejb3 release.
http://jira.jboss.org/jira/browse/EJBTHREE-1306 -
10. Re: Pulling security out as a separate module
jesper.pedersen Apr 22, 2008 3:50 AM (in response to anil.saldhana)Anil, I get a lot of
org/jboss/ejb3/security/client/SecurityActions$PrincipalInfoAction java.lang.NoClassDefFoundError: org/jboss/ejb3/security/client/SecurityActions$PrincipalInfoAction at org.jboss.ejb3.security.client.SecurityActions.getPrincipal(SecurityActions.java:359) at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:49) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:73) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.stateful.StatefulRemoteProxy.invoke(StatefulRemoteProxy.java:133) at $Proxy3.isArjunaTransactedRequired(Unknown Source)
in the EJB3 testsuite - can you look into this ? -
11. Re: Pulling security out as a separate module
jesper.pedersen Apr 22, 2008 8:56 AM (in response to anil.saldhana)Anil, we need a jboss-ejb3-security-client.jar file that contains all the security related classes for the client side.
Can you produce such an archive which we can include in our installer ? -
12. Re: Pulling security out as a separate module
jesper.pedersen Apr 22, 2008 9:03 AM (in response to anil.saldhana)You can see a sample in the core/jboss-ejb3-client.xml -- we will remove the security classes from this file.
-
13. Re: Pulling security out as a separate module
anil.saldhana Apr 22, 2008 10:01 AM (in response to anil.saldhana)"jesper.pedersen" wrote:
Anil, we need a jboss-ejb3-security-client.jar file that contains all the security related classes for the client side.
Can you produce such an archive which we can include in our installer ?
It was added to core/jboss-ejb3-client.xml. I am not creating a separate jar with 2-3 classes, even if it means an imperfect world. -
14. Re: Pulling security out as a separate module
jesper.pedersen Apr 22, 2008 10:07 AM (in response to anil.saldhana)I have committed an update version, since inner interfaces and inner classes wasn't included.
Can you go through it and see which are actually needed ?