dev@glassfish.java.net

Re: message-security-config discrepancies

From: Lloyd Chambers <Lloyd.Chambers_at_Sun.COM>
Date: Fri, 19 Jun 2009 11:28:45 -0700

I've made the change to make it a non-singleton and tested that this
generates all the right MBeans.


v3:pp=/domain/configs/config[server-config]/security-
service,type=message-security-config,name=FOOBAR
v3:pp=/domain/configs/config[server-config]/security-
service,type=message-security-config,name=SOAP
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR],type=provider-config,name=ClientProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR],type=provider-config,name=ServerProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR],type=provider-config,name=XWS_ClientProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR],type=provider-config,name=XWS_ServerProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ClientProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ClientProvider],type=property,name=dynamic.username.password
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ClientProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ClientProvider],type=property,name=security.config
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ClientProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-config[ClientProvider],type=request-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-config[ClientProvider],type=response-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ServerProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ServerProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ServerProvider],type=property,name=security.config
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[ServerProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-config[ServerProvider],type=request-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-config[ServerProvider],type=response-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ClientProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ClientProvider],type=property,name=dynamic.username.password
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ClientProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ClientProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ClientProvider],type=request-policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ClientProvider],type=response-policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ServerProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ServerProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ServerProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ServerProvider],type=request-policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[FOOBAR]/provider-
config[XWS_ServerProvider],type=response-policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP],type=provider-config,name=ClientProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP],type=provider-config,name=ServerProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP],type=provider-config,name=XWS_ClientProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP],type=provider-config,name=XWS_ServerProvider
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ClientProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ClientProvider],type=property,name=dynamic.username.password
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ClientProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ClientProvider],type=property,name=security.config
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ClientProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-config[ClientProvider],type=request-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-config[ClientProvider],type=response-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ServerProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ServerProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ServerProvider],type=property,name=security.config
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[ServerProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-config[ServerProvider],type=request-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-config[ServerProvider],type=response-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ClientProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ClientProvider],type=property,name=dynamic.username.password
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ClientProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ClientProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-config[XWS_ClientProvider],type=request-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ClientProvider],type=response-policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ServerProvider],type=property,name=debug
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ServerProvider],type=property,name=encryption.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ServerProvider],type=property,name=signature.key.alias
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-config[XWS_ServerProvider],type=request-
policy
v3:pp=/domain/configs/config[server-config]/security-service/message-
security-config[SOAP]/provider-
config[XWS_ServerProvider],type=response-policy



On Jun 19, 2009, at 11:15 AM, Lloyd Chambers wrote:

> (too many typos!)
>
> If indeed @Configured MessageSecurityConfig is *not* a singleton,
> then it has a bug. The 'AuthLayer' attribute will need to be
> annotated as its key value so that it has a name, and so that more
> than one can exist without an MBean ObjectName conflict.
>
> Proposed change marks the attribute as a key value:
>
> @Attribute(key=true) <=== add key=true
> @NotNull
> public String getAuthLayer();
>
> Lloyd
>
>
> On Jun 19, 2009, at 11:11 AM, Lloyd Chambers wrote:
>
>> If indeed @Configured MessageSecurityConfig is *not* a singleton,
>> then it has a bug. The 'AuthLayer' attribute will need to marked as
>> its key value so that it has a name, and so that more than one can
>> exist with an MBean name conflict.
>>
>> Proposed changed:
>>
>> @Attribute(key=true) <=== add key=true
>> @NotNull
>> public String getAuthLayer();
>>
>> Lloyd
>>
>> On Jun 19, 2009, at 3:06 AM, Kumar Jayanti wrote:
>>
>>> Anissa Lam wrote:
>>>>
>>>>
>>>> I have some questions regarding <message-security-config>
>>>>
>>>> sun-domain_1_3.dtd specifies
>>>>
>>>> <!ENTITY % message-layer "(SOAP | HttpServlet)">
>>>> <!ELEMENT security-service
>>>> (auth-realm+, jacc-provider+, audit-module*, message-
>>>> security-config*, property*)>
>>>> <!ATTLIST message-security-config
>>>> auth-layer %message-layer; #REQUIRED
>>>> default-provider CDATA #IMPLIED
>>>> default-client-provider CDATA #IMPLIED>
>>>>
>>>> Kumar mentioned user can create as many as they want.
>>> It maynot be as many as they want (i should have been more clear)
>>> but there have to be atleast 2 one for message-layer SOAP and
>>> another one for HttpServlet.
>>>> However, in CLI, there is no create-message-security-
>>>> config command. (both v2 and v3)
>>> The command in V2 is :
>>> Usage: create-message-security-provider [--terse=false] [--
>>> echo=false] [--interactive=true] [--host localhost] [--port 4848|
>>> 4849] [--secure | -s] [--user admin_user] [--passwordfile
>>> file_name] [--target target(Default server)] --classname
>>> provider_class [--layer message_layer=SOAP] [--providertype
>>> provider_type] [--requestauthsource request_auth_source] [--
>>> requestauthrecipient request_auth_recipient] [--responseauthsource
>>> response_auth_source] [--responseauthrecipient
>>> response_auth_recipient] [--isdefaultprovider] [--property
>>> (name=value)[:name=value]*] provider_name
>>>
>>> And you can see the message_layer argument there which is
>>> defaulted to SOAP.
>>>>
>>>> In MessageSecurityConfig.java, it is declared as Singleton:
>>>>
>>>>
>>>> @org
>>>> .glassfish
>>>> .api
>>>> .amx
>>>> .AMXConfigInfo
>>>> ( amxInterfaceName
>>>> ="com.sun.appserv.management.config.MessageSecurityConfig",
>>>> singleton=true)
>>>> @Configured
>>>> public interface MessageSecurityConfig extends
>>>> ConfigBeanProxy, Injectable
>>>>
>>>> So, how can we have a message-security-config with a message-
>>>> layer of "HttpServlet" ?
>>>>
>>> I guess this needs to be corrected
>>>> Is <message-security-config> a singleton ?
>>>>
>>> No.
>>>
>>> regards,
>>> kumar
>>>
>>>> If this is not singleton, then AMX needs to make changes.
>>>> Currently, it is v3:pp=/domain/configs/config[server-config]/
>>>> security-service,type=message-security-config without any unique
>>>> identifier.
>>>>
>>>> Should GUI support the creation of additional message-security-
>>>> config ? Can the security team let me know please ?
>>>>
>>>> thanks
>>>> Anissa.
>>>>
>>>>
>>>> --------------------------------------------------------------------- To
>>>> unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net For
>>>> additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>
>>
>> Lloyd Chambers
>> lloyd.chambers_at_sun.com
>> GlassFish Team
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> Lloyd Chambers
> lloyd.chambers_at_sun.com
> GlassFish Team
>
>
>

Lloyd Chambers
lloyd.chambers_at_sun.com
GlassFish Team
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.