You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tuscany.apache.org by Greg Dritschler <gr...@gmail.com> on 2008/07/07 16:49:03 UTC
Re: "Authorization and Security Identity Policy" and JSR250 support
Luciano,
Is the support for the security annotations complete? I gave them a try but
ran into a problem. I see that the policy-security module contains
'skeleton' policy set definitions for the policy sets that are needed to
support the annotations:
<policySet name="runAs" appliesTo="sca:implementation.java"/>
<policySet name="allow" appliesTo="sca:implementation.java"/>
<policySet name="rolesAllowed" appliesTo="sca:implementation.java"/>
<policySet name="permitAll" appliesTo="sca:implementation.java"/>
<policySet name="denyAll" appliesTo="sca:implementation.java"/>
JSR250PolicyProcessor constructs the actual policy based on the role names
in the annotation. It turns off the unresolved flag in the policy model, I
assume in an attempt to bypass resolving the model. However this does not
appear to work. During resolve processing, the policy set references are
resolved to the 'skeleton' policy set definitions, causing the policy
content added by the JSR250PolicyProcessor to be lost.
Greg
On Wed, May 28, 2008 at 11:15 PM, Luciano Resende <lu...@gmail.com>
wrote:
> Support for "Authorization and Security Identity Policy" (rev #661186)
> is now working, and I have created an iTest (rev #661188) that
> exercise this functionality.
>
> I'm also looking into adding support for JSR250 security annotations,
> basically allowing to define these policies direct into your java
> artifacts.
>
> On Wed, May 28, 2008 at 12:21 AM, Luciano Resende <lu...@gmail.com>
> wrote:
> > I have started looking at support for "Authorization and Security
> > Identity Policy" and supporting JSR250. Looks like we have the
> > necessary models and some policy definitions.xml available in the
> > policy-security module to support this, but looks like these
> > processors are not hooked up to the overall runtime. Does anybody have
> > more details on this ?
> >
> > --
> > Luciano Resende
> > Apache Tuscany Committer
> > http://people.apache.org/~lresende<http://people.apache.org/%7Elresende>
> > http://lresende.blogspot.com/
> >
>
>
>
> --
> Luciano Resende
> Apache Tuscany Committer
> http://people.apache.org/~lresende <http://people.apache.org/%7Elresende>
> http://lresende.blogspot.com/
>
Re: "Authorization and Security Identity Policy" and JSR250 support
Posted by Luciano Resende <lu...@gmail.com>.
I have created TUSCANY-2466 to track this issue.
[1] https://issues.apache.org/jira/browse/TUSCANY-2466
On Mon, Jul 7, 2008 at 10:36 AM, Greg Dritschler
<gr...@gmail.com> wrote:
> The problem can be observed using the policy-security-jsr250 itest, by
> setting breakpoints before and after the calls to resolvePolicySets() in
> BaseAssemblyProcessor.resolveImplementation().
>
> On Mon, Jul 7, 2008 at 11:44 AM, Luciano Resende <lu...@gmail.com>
> wrote:
>>
>> Let me look at this issue Greg. Please, I'd appreciate if you could
>> provide a JIRA if you have a failing test case.
>>
>> On Mon, Jul 7, 2008 at 7:49 AM, Greg Dritschler
>> <gr...@gmail.com> wrote:
>> > Luciano,
>> >
>> > Is the support for the security annotations complete? I gave them a try
>> > but
>> > ran into a problem. I see that the policy-security module contains
>> > 'skeleton' policy set definitions for the policy sets that are needed to
>> > support the annotations:
>> >
>> > <policySet name="runAs" appliesTo="sca:implementation.java"/>
>> > <policySet name="allow" appliesTo="sca:implementation.java"/>
>> > <policySet name="rolesAllowed" appliesTo="sca:implementation.java"/>
>> > <policySet name="permitAll" appliesTo="sca:implementation.java"/>
>> > <policySet name="denyAll" appliesTo="sca:implementation.java"/>
>> >
>> > JSR250PolicyProcessor constructs the actual policy based on the role
>> > names
>> > in the annotation. It turns off the unresolved flag in the policy
>> > model, I
>> > assume in an attempt to bypass resolving the model. However this does
>> > not
>> > appear to work. During resolve processing, the policy set references
>> > are
>> > resolved to the 'skeleton' policy set definitions, causing the policy
>> > content added by the JSR250PolicyProcessor to be lost.
>> >
>> > Greg
>> >
>> > On Wed, May 28, 2008 at 11:15 PM, Luciano Resende <lu...@gmail.com>
>> > wrote:
>> >>
>> >> Support for "Authorization and Security Identity Policy" (rev #661186)
>> >> is now working, and I have created an iTest (rev #661188) that
>> >> exercise this functionality.
>> >>
>> >> I'm also looking into adding support for JSR250 security annotations,
>> >> basically allowing to define these policies direct into your java
>> >> artifacts.
>> >>
>> >> On Wed, May 28, 2008 at 12:21 AM, Luciano Resende
>> >> <lu...@gmail.com>
>> >> wrote:
>> >> > I have started looking at support for "Authorization and Security
>> >> > Identity Policy" and supporting JSR250. Looks like we have the
>> >> > necessary models and some policy definitions.xml available in the
>> >> > policy-security module to support this, but looks like these
>> >> > processors are not hooked up to the overall runtime. Does anybody
>> >> > have
>> >> > more details on this ?
>> >> >
>> >> > --
>> >> > Luciano Resende
>> >> > Apache Tuscany Committer
>> >> > http://people.apache.org/~lresende
>> >> > http://lresende.blogspot.com/
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Luciano Resende
>> >> Apache Tuscany Committer
>> >> http://people.apache.org/~lresende
>> >> http://lresende.blogspot.com/
>> >
>> >
>>
>>
>>
>> --
>> Luciano Resende
>> Apache Tuscany Committer
>> http://people.apache.org/~lresende
>> http://lresende.blogspot.com/
>
>
--
Luciano Resende
Apache Tuscany Committer
http://people.apache.org/~lresende
http://lresende.blogspot.com/
Re: "Authorization and Security Identity Policy" and JSR250 support
Posted by Greg Dritschler <gr...@gmail.com>.
The problem can be observed using the policy-security-jsr250 itest, by
setting breakpoints before and after the calls to resolvePolicySets() in
BaseAssemblyProcessor.resolveImplementation().
On Mon, Jul 7, 2008 at 11:44 AM, Luciano Resende <lu...@gmail.com>
wrote:
> Let me look at this issue Greg. Please, I'd appreciate if you could
> provide a JIRA if you have a failing test case.
>
> On Mon, Jul 7, 2008 at 7:49 AM, Greg Dritschler
> <gr...@gmail.com> wrote:
> > Luciano,
> >
> > Is the support for the security annotations complete? I gave them a try
> but
> > ran into a problem. I see that the policy-security module contains
> > 'skeleton' policy set definitions for the policy sets that are needed to
> > support the annotations:
> >
> > <policySet name="runAs" appliesTo="sca:implementation.java"/>
> > <policySet name="allow" appliesTo="sca:implementation.java"/>
> > <policySet name="rolesAllowed" appliesTo="sca:implementation.java"/>
> > <policySet name="permitAll" appliesTo="sca:implementation.java"/>
> > <policySet name="denyAll" appliesTo="sca:implementation.java"/>
> >
> > JSR250PolicyProcessor constructs the actual policy based on the role
> names
> > in the annotation. It turns off the unresolved flag in the policy model,
> I
> > assume in an attempt to bypass resolving the model. However this does
> not
> > appear to work. During resolve processing, the policy set references are
> > resolved to the 'skeleton' policy set definitions, causing the policy
> > content added by the JSR250PolicyProcessor to be lost.
> >
> > Greg
> >
> > On Wed, May 28, 2008 at 11:15 PM, Luciano Resende <lu...@gmail.com>
> > wrote:
> >>
> >> Support for "Authorization and Security Identity Policy" (rev #661186)
> >> is now working, and I have created an iTest (rev #661188) that
> >> exercise this functionality.
> >>
> >> I'm also looking into adding support for JSR250 security annotations,
> >> basically allowing to define these policies direct into your java
> >> artifacts.
> >>
> >> On Wed, May 28, 2008 at 12:21 AM, Luciano Resende <luckbr1975@gmail.com
> >
> >> wrote:
> >> > I have started looking at support for "Authorization and Security
> >> > Identity Policy" and supporting JSR250. Looks like we have the
> >> > necessary models and some policy definitions.xml available in the
> >> > policy-security module to support this, but looks like these
> >> > processors are not hooked up to the overall runtime. Does anybody have
> >> > more details on this ?
> >> >
> >> > --
> >> > Luciano Resende
> >> > Apache Tuscany Committer
> >> > http://people.apache.org/~lresende<http://people.apache.org/%7Elresende>
> >> > http://lresende.blogspot.com/
> >> >
> >>
> >>
> >>
> >> --
> >> Luciano Resende
> >> Apache Tuscany Committer
> >> http://people.apache.org/~lresende<http://people.apache.org/%7Elresende>
> >> http://lresende.blogspot.com/
> >
> >
>
>
>
> --
> Luciano Resende
> Apache Tuscany Committer
> http://people.apache.org/~lresende <http://people.apache.org/%7Elresende>
> http://lresende.blogspot.com/
>
Re: "Authorization and Security Identity Policy" and JSR250 support
Posted by Luciano Resende <lu...@gmail.com>.
Let me look at this issue Greg. Please, I'd appreciate if you could
provide a JIRA if you have a failing test case.
On Mon, Jul 7, 2008 at 7:49 AM, Greg Dritschler
<gr...@gmail.com> wrote:
> Luciano,
>
> Is the support for the security annotations complete? I gave them a try but
> ran into a problem. I see that the policy-security module contains
> 'skeleton' policy set definitions for the policy sets that are needed to
> support the annotations:
>
> <policySet name="runAs" appliesTo="sca:implementation.java"/>
> <policySet name="allow" appliesTo="sca:implementation.java"/>
> <policySet name="rolesAllowed" appliesTo="sca:implementation.java"/>
> <policySet name="permitAll" appliesTo="sca:implementation.java"/>
> <policySet name="denyAll" appliesTo="sca:implementation.java"/>
>
> JSR250PolicyProcessor constructs the actual policy based on the role names
> in the annotation. It turns off the unresolved flag in the policy model, I
> assume in an attempt to bypass resolving the model. However this does not
> appear to work. During resolve processing, the policy set references are
> resolved to the 'skeleton' policy set definitions, causing the policy
> content added by the JSR250PolicyProcessor to be lost.
>
> Greg
>
> On Wed, May 28, 2008 at 11:15 PM, Luciano Resende <lu...@gmail.com>
> wrote:
>>
>> Support for "Authorization and Security Identity Policy" (rev #661186)
>> is now working, and I have created an iTest (rev #661188) that
>> exercise this functionality.
>>
>> I'm also looking into adding support for JSR250 security annotations,
>> basically allowing to define these policies direct into your java
>> artifacts.
>>
>> On Wed, May 28, 2008 at 12:21 AM, Luciano Resende <lu...@gmail.com>
>> wrote:
>> > I have started looking at support for "Authorization and Security
>> > Identity Policy" and supporting JSR250. Looks like we have the
>> > necessary models and some policy definitions.xml available in the
>> > policy-security module to support this, but looks like these
>> > processors are not hooked up to the overall runtime. Does anybody have
>> > more details on this ?
>> >
>> > --
>> > Luciano Resende
>> > Apache Tuscany Committer
>> > http://people.apache.org/~lresende
>> > http://lresende.blogspot.com/
>> >
>>
>>
>>
>> --
>> Luciano Resende
>> Apache Tuscany Committer
>> http://people.apache.org/~lresende
>> http://lresende.blogspot.com/
>
>
--
Luciano Resende
Apache Tuscany Committer
http://people.apache.org/~lresende
http://lresende.blogspot.com/