P Lavti

Ranch Hand
+ Follow
since Mar 27, 2007
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by P Lavti

Hi Everybody,

My Requirement:
1. remove the usage of cleartext password from mysql-ds.xml
2. Use the custom password manager to retrieve the password

Given Solution by extend the SecureIdentityLoginModule:
JBoss connector API�s provides SecureIdentityLoginModule to encrypt database passwords rather than using clear text passwords in the datasource configuration. I have extended this class and overridden the commit method, which will call password manager to retrieve the password.

Problem:
By going thru the custom login module, JBoss JCA takes ~25 milliseconds to return the connection. And this 25 milliseconds doesn't count the time to call password manager. But if I don't use cleartext password, it takes hardly 1 millisecond.

I want to understand:
1. what is done by JCA when login module is used which takes !25 milliseconds.
2. Is there any way I can configure JBoss JCA to verify the password only for the 1st time, and for the subsequent calls, it just returns the connection in ~1 milliseconds.

Thanks in advance,
Priyaka
15 years ago
Hi,

I am also looking for solution for the same problem, making the application XSS safe.

one way as suggested by you is to use of c:out tags.

But my problem is application is already deployed at customer site and now if try to use this tag at all the places, it involes a huge and time taking work.

Is there any other way to achieve it which will do the encoding for e.g. every request to the server is going thru a filter to encode the HTML special chars.

Thanks!
[ July 08, 2008: Message edited by: P Lavti ]
15 years ago
Hi All,

I am using mysql with Jboss AS.

Is it required to give the the database name in connection URL?
<connection-url>jdbc:mysql://hostname:port/<I>database-name</I></connection-url>

My application is using 2 databases, to connect to both the databases, do I need to have two JNDI names declared in mysql-ds.xml?

Or is there any way to avoid having two JNDI names declaration and still I can connect to both the databases?

Thanks!
This is what actually my next question was.

Having my custom class in the same package and then using it in production, Is it legal?

If not, then what kind off licencing formalities are required?

Otherwise I need write complete login module itself.

Thanks!
15 years ago

Originally posted by Jaikiran Pai:


What error do you get? Can you post it? Is it a compiler error or a classloader error (when JBoss is starting)?



For the import of org.jboss.resource.security.SubjectActions, I get the compiler error "The type org.jboss.resource.security.SubjectActions is not visible", since SubjectActions has visibility only within the package. By keeping my custome class in package "org.jboss.resource.security" removes the error.

Originally posted by Peter Johnson:


There is no problem with keeping your class in that same package - but you should package your class in your own jar.



I have kept it in my own jar

Thanks!
15 years ago
Thanks Peter.

I tried it using the SecureIdentityLoginModule as template for my class, and its working fine as well.

The only issue is I need to keep my custom class also in the same package "org.jboss.resource.security" else i'll get compiler error. I am not sure if its acceptable. Any suggetions!!!

Thanks!
15 years ago
Yes, I ahve already gone thru this.

But I need to use my own encryption-decryption algorithms.
15 years ago
hi,

I am using Jboss4.0.4 GA server and My SQL as DB.
I can not not use cleartext password in mysql-ds.xml.

I have my own encryption and decryption API for the same.

Could you please let me know how to write an plugin for Jboss which will use my decryption API to decrypt the data source password and provide me the connection pooling for MySQL.

Thanks!
15 years ago
Got it finally!!!

The version was wrong(2.5) in web.xml for web-app tag

Thanks for the help. ServletsWebXml helped in finding out the reason.
15 years ago
JSP
I just studied HFSJ and its written there that each application needs to have jstl.jar in its WEB-INF/lib.

I also removed it from jboss-home/server/default/lib and copied it in WEB-INF/lib, But still its not working
15 years ago
JSP
I am using Jboss-4.0.4 server. And I have copied below jar files in server/default/lib

jstl.jar version 1.1.2
standard.jar
commons-el-1.0.jar

Please let me know if I am missing smoething.

Thanks!
15 years ago
JSP
Hi All,

I am learning writing EL and the first step I did was printing one of EL implicit variable ${pageContext.request.requestURI}.

My JSP page looks like:



And the output is:
Request URI: ${pageContext.request.requestURI}

Please let me know why is it not evaluating the EL expression.

Thanks!
15 years ago
JSP
Hi all,

Is there any way to get the path of log4j.xml, if we have a reference to RepositorySelector or LoggerRepository or LogManager?

I chekcked the API's but couldn't figure out how to get it

Thanks!
yeah.. I don't have any restriction of having city name in the method name.

I initially thought of using enum & switch-case approach, but I have constraint using that. We can not have enum variables starting with number. I have similar method call based on categories too, and those can start with a number.

I can use factory pattern, but that will end-up in 15-16 classes with just one method, one for each city & category.

I think best will be to go for reflection, that way my calling method will never change. And more methods can be added whenever required.
15 years ago