Hide Forgot
Date of First Response: 2008-10-06 05:18:57 project_key: SOA The security_basic quickstart has a very poor readme.txt. It does not explain the interesting areas of the quickstart and how it works overall. Also the HttpClient.java should be in the "test" sub-package. It is presently in the same directory as the actions.
Link: Added: This issue is a dependency of JBESB-2091
It has been fixed by Revision: 23318 in JBoss ESB CP Branch. which was done by Dan.
The HttpClient class is in the correct tree [ldimaggi@ldimaggi security_basic]$ tree . |-- build.xml |-- deployment.xml |-- jbm-queue-service.xml |-- jbmq-queue-service.xml |-- jboss-esb.xml |-- jbossesb-properties.xml |-- jndi.properties |-- juddi.properties |-- lib |-- listener.log |-- log4j.xml |-- publicKeyStore |-- readme.txt `-- src `-- org `-- jboss `-- soa `-- esb `-- samples `-- quickstart `-- securitybasic |-- MyListenerAction.java `-- test |-- HttpClient.java `-- SendEsbMessage.java 10 directories, 15 files And the readme file now contains: What to look for in this quickstart =================================== # Security configuration <service category="Security" name="SimpleListenerSecured" description="Hello World"> <security moduleName="messaging" rolesAllowed="esbrole"/> The security element declares that this service requires authentication to be executed and that the authenticated users be a member in the role 'esbrole'. The role is determined by the JAAS login module being used, in this case by the 'messaging' module specified in login-config.xml. # src/org/jboss/soa/esb/samples/quickstart/securitybasic/test/HttpClient.java This is a JBossRemoting client that uses http to invoke the JBossRemoting gateway. # src/org/jboss/soa/esb/samples/quickstart/securitybasic/test/SendEsbMessage.java This class uses the ServiceInvoker to invoke the ESB service directly, by-passing the gateway. You can see how an AuthenticationRequest is created then encrypted, and passed to the ESB by attaching the authentication request to the ESB Message object. # src/org/jboss/soa/esb/samples/quickstart/securitybasic/MyListenerAction.java This ESB Action show how the currently autenticated JAAS Subject can be accessed: System.out.println("Subject in MyListenerAction : " + Subject.getSubject(AccessController.getContext())); # Please refer to the "Security" section of the ServiceGuide.pdf for more details on the security features of JBossESB.
But... This line should be removed from the readme: # Please refer to the "Security" section of the ServiceGuide.pdf for more details on the security features of JBossESB. As there is no "Security" section in the Service_Guide.pdf (or the admin guide or programmers' guide)
The platform docs would appear to be out of sync with the project ones in that case.
Attachment: Added: Screenshot-ServicesGuide.png
Link: Added: This issue is a dependency of SOA-978
Service Guide updated with missing content, included the Security Chapter.
has been fixed by Darrin.
This is fixed indeed.