I am able to deploy my web-application from IDEA without problems using annotation-based url-mappings, so why does IDEA nevertheless highlight the tag as a violation of the schema-definition here?
(using IDEA 12.1.4, Tomcat 7)
IDEA is validating your XML according to the schema and it is correctly saying that Element metadata-complete is not allowed here.
If you look at the schema web-app_3.0.xsd you'll see that it imports web-commmon_3.0.xsd. And this web-common schema has defined metadata-complete to be part of the web-common-attributes.
<xsd:attributeGroup name="web-common-attributes">
<xsd:attribute name="version"
type="javaee:web-app-versionType"
use="required"/>
<xsd:attribute name="id"
type="xsd:ID"/>
<xsd:attribute name="metadata-complete"
type="xsd:boolean">
...
In summary this means that metadata-complete is an attribute to web-app element.
Change your xml to this instead:
<?xml version=1.0 encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3.0.xsd"
version="3.0"
metadata-complete="false">
<display-name>Hello World</display-name>
</web-app>
Related
When I set up a camunda BPMN platform, I got the following error
HTTP Status 500 -
org.camunda.bpm.webapp.impl.IllegalWebAppConfigurationException: No
process engine found. camunda Webapp cannot work without a process
engine
Confirming that the both the '/camunda' and '/engine-rest' is deployed and running in Tomcat.
But /engine-rest returns 404 with following error.
description : The requested resource is not available.
Please help!.
You need to configure the shared process engine for your server as described in https://docs.camunda.org/manual/7.5/installation/full/tomcat/manual/#add-bpm-platform-xml
Have added bpm-platform.xml to '/conf'
<?xml version="1.0" encoding="UTF-8"?>
<bpm-platform xmlns="http://www.camunda.org/schema/1.0/BpmPlatform"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.camunda.org/schema/1.0/BpmPlatform http://www.camunda.org/schema/1.0/BpmPlatform ">
<job-executor>
<job-acquisition name="default" />
</job-executor>
<process-engine name="default">
<job-acquisition>default</job-acquisition>
<configuration>org.camunda.bpm.engine.impl.cfg.StandaloneProcessEngineConfiguration</configuration>
<datasource>java:jdbc/ProcessEngine</datasource>
<properties>
<property name="history">full</property>
<property name="databaseSchemaUpdate">true</property>
<property name="authorizationEnabled">true</property>
<property name="jobExecutorDeploymentAware">true</property>
</properties>
</process-engine>
</bpm-platform>
While deploying war file using weblogic-10.3.6 I am getting the exceptions like
* The error is weblogic.descriptor.DescriptorException: VALIDATION PROBLEMS WERE FOUND
problem: cvc-enumeration-valid: string value '3.0' is not a valid enumeration value for web-app-versionType in namespace http://java.sun.com/xml/ns/javaee:*
Can anyone tell me what is the problem ?
Normally this problem indicates there is an issue with your weblogic/WSDL header information. In this case:
Weblogic 10.3.6. does not support servlet spec 3
Upgrade to 12c or choose a different version of the spec in your code/WSDL/etc
Specifically switch from something like:
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
to:
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
I'm trying to write an XACML policy that will utilize a custom attribute. I'm thinking of something like:
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyId="deny-demo100"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Description> </Description>
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Rule Effect="Deny" RuleId="rule-deny-demo100">
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<Resource>
<AnyResource/>
</Resource>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">customAttribute</AttributeValue>
<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action- id" MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</ActionMatch>
</Action>
</Actions>
</Target>
</Rule>
<Rule RuleId="deny-demo100-catch-all" Effect="Permit" />
</Policy>
(We're using Fedora's XACML implementation).
I'm sure I'm missing something really simple and fundamental here, but cannot figure out what. Could someone point me in the right direction please?
What do you mean by custom attribute? What is it you want to express in 'plain old English'?
In XACML you can use any attribute you like such as role, citizenship, clearance, resource classification, time of day... Of course the availability of the attribute depends on the type of app you are protecting. How are you using the Fedora implementation? Is it for access control within Fedora Linux OS?
If you want to compare an attribute to a value e.g. citizenship == Canadian, then use a <Target/>. If you want to compare 2 attributes together e.g. clearance > classification, then use a <Condition>.
I am not sure what you are actually looking for, but I guess you need to do some attribute-based access control.
In XACML there is a component called PIP (Policy Information Point), where you can retrieve attributes from external sources and check authorization.
This may help you: Understanding PIP (Policy Information Point).
If you need to create XACML policies in a easier way, you can follow this: XACML Policy Editor in WSO2 Identity Server.
I have to admit I'm kinda new to XACML and Fedora's implementation of it, but my understanding is you should be able to query any value that appears when checking the user object. The URL on a default Fedora Commons install should be "localhost:8080/fedora/user" and yields the following object on my server after logging in a previously created LDAP user called "Joe User":
<user id="Joe User">
<attribute name="uid">
<value>userj</value>
</attribute>
<attribute name="mail">
<value>UserJ#ldap.test.user.uconn.edu</value>
</attribute>
<attribute name="sn">
<value>User</value>
</attribute>
<attribute name="ou">
<value>DPT</value>
</attribute>
<attribute name="cn">
<value>Joe User</value>
</attribute>
<attribute name="description">
<value>sample user</value>
</attribute>
<attribute name="role"/>
<attribute name="fedoraRole"/>
<attribute name="objectClass">
<value>organizationalPerson</value>
<value>person</value>
<value>inetOrgPerson</value>
<value>top</value>
</attribute>
<attribute name="displayName">
<value>Joe User (LDAP)</value>
</attribute>
</user>
Once a value has been injected into the user object via some JAAS authentication module (as in the above case using the LDAP module) or even an environment variable you should be able to query it. In the example policy below I've set Fedora to grant fedoraAdmin like access to API-M calls if a user has an OU set to "DPT":
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
PolicyId="permit-apim-to-ldap-ou"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
>
<!-- test policy to approve API-M operations if a specific LDAP OU exists -->
<!-- make sure access to API-M in premitted from the current client IP address first (check "deny-apim-if-not-in-list.xml" or "deny-apim-if-not-localhost.xml" ) -->
<Description>note that other policies may provide exceptions to this broad policy. This policy assumes api-m users have to be authenticated</Description>
<Target>
<Subjects>
<Subject>
<!-- specific OU - need to get this working with a range of values -->
<SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DPT</AttributeValue>
<SubjectAttributeDesignator AttributeId="ou" MustBePresent="false" DataType="http://www.w3.org/2001/XMLSchema#string"/>
</SubjectMatch>
</Subject>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<AnyAction/>
</Actions>
</Target>
<Rule RuleId="1" Effect="Permit"/>
</Policy>
Custom attributes can even be added the Fedora XML User file (not the Tomcat user file) rather than using LDAP. Likely there is a better way to do this, but as I stated before I'm rather new to XACML and don't fully understand it. This rule works on my localhost test server based on the other rules also in place. Your mileage may vary.
Also, as stated in the sample policy file, make sure that the client you are testing from can both be permitted and then later denied API-M access before you put a rule like this in place as debugging XACML policies in Fedora seems to be extremely difficult with little data being written to the log file even in Debug mode (you will see an operation passed or failed but never the name of the rule that caused the pass/fail result to happen).
How can I create JDBCResources, -Pools and Security Realms in a Glassfish 3.1 Server from within my Application, if they are not already created? I am writing an application that relies on this resources, however I don't want to configure the server manually every time the application is deployed on a different server.
Doing this with a shell script feels like a workaround.
Glassfish provides a REST interface. You can create a new security (authentication) realm in a certain configuration (say, server-config in a DAS on localhost, admin port 4848) with a POST to:
http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm
Do a GET to that resource to see the parameters.
You can use the same interface to create connection pools.
Ok, I found a solution for half of the Question.
I created a file called glassfish-resources.xml in my WEB-INF folder and added the following content to it:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">
<resources>
<jdbc-connection-pool
name="java:app/jdbc/BeerUserPool"
res-type="javax.sql.DataSource"
datasource-classname="org.postgresql.ds.PGSimpleDataSource"
pool-resize-quantity="2"
max-pool-size="32"
steady-pool-size="0"
statement-timeout-in-seconds="30">
<property name="User" value="USERNAME"></property>
<property name="Password" value="PASSWORD"></property>
<property name="PortNumber" value="12345678"></property>
<property name="dataBaseName" value="DATABASE_NAME"></property>
<property name="ServerName" value="yourDBUrl.com"></property>
<property name="Ssl" value="false"></property>
<property name="ProtocolVersion" value="0"></property>
</jdbc-connection-pool>
<jdbc-resource
pool-name="java:app/jdbc/BeerUserPool"
jndi-name="java:app/jdbc/BeerUser"></jdbc-resource>
<
</resources>
Addingt the java:app/ to the names is important, without it it won't work correctly. This connection pool is also only application scoped and gets destroyed after the application is undebloyed (except you add an additional argument).
This pool can now be accessed with JPA with the following persistence.xml.
<?xml version="1.0" encoding="UTF-8"?>
<persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence">
<persistence-unit name="jsf-jpa-war" transaction-type="JTA">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
<jta-data-source>java:app/jdbc/BeerUser</jta-data-source>
<properties>
<property name="eclipselink.logging.level" value="FINE"/>
</properties>
</persistence-unit>
</persistence>
However I found no soultion how I can define the security realms in the same way.
I've built a simple Spring WS (1.5.9) and I'm trying to deploy it to Glassfish v3. Unfortunately the deployment fails for the above reason. I've struggled to resolve the issue myself but it clearly not able to resolve the "bean" element.
Heres me spring-ws-servlet.xml (bean definitions):
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
...bean definitions
</beans>
I've also tried it with the schemaLocation set to spring-beans-3.0.xsd with the same result.
My WAR only has one dependency and that is Spring-WS.
You haven't provided the standard collection of schema locations, particularly not the required schema location for the beans schema.
Here's one of mine:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:gate="http://gate.ac.uk/ns/spring"
xsi:schemaLocation="
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://gate.ac.uk/ns/spring http://gate.ac.uk/ns/spring.xsd
">
</beans>
The same fail was happened to me when I copied the beans tag from another file on internet, you have to secure that you've typped a space between the html sentences.
<beans xmlns="http://www.springframework.org/schema/beans"(space)xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"(space)
xmlns:context="http://www.springframework.org/schema/context"(space)
....
">
</beans>