Archive for the ‘Uncategorized’ Category

2013 in review

Posted: 5 January 2014 in Uncategorized

The WordPress.com stats helper monkeys prepared a 2013 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 13,000 times in 2013. If it were a concert at Sydney Opera House, it would take about 5 sold-out performances for that many people to see it.

Click here to see the complete report.

Part of what I was developing for this sprint has been to check the permissions when attempting to change the owner of a task.

The commands

laurent@laurent-Aspire-5742:~/Projects/development/LapisServer/bin$ ./wflist.sh -u laurent -p xxxxx -host localhost -port 12345
test [32bbae32-8944-4c31-b370-60024bf533b3]
	=>	4f480ffe-21a3-4d82-8697-436c2a9fa506 [pause [laurent] [070d3c83-d658-4c22-bc1a-7c4f83660b49] => Complete]
	=>	a12ded01-ce52-4cef-81b6-274954cf8443 [Another pause [laurent] [4ff04705-9818-4637-87dc-5080bc35a50e] => Complete]
	=>	5bbf56c7-10d0-4da7-b3e7-0dc99bccd751 [verify [sarah] [30bd0552-7c1b-4fb7-97ae-34923789e9ed] => Active]
		=>	finish
		=>	start subworkflow
	=>	eab0c785-f523-4fea-afbd-c9589dc73088 [hello [laurent] [fe69d6ad-10b5-4ec8-9f1b-def5fdaa9505] => Complete]
	=>	6dbf3510-aef9-4840-9bf8-3c30bc2930dd [subWorkflow [laurent] [f9c21bfa-fa9d-46ec-950b-88b9d367d6af] => Rejected]

The user task should have been completed by the user Sarah. I then issue the command to change the owner for the task to myself, but since I don’t have the permission to change the task ownership, the engine raises an exception:

laurent@laurent-Aspire-5742:~/Projects/development/LapisServer/bin$ ./wfchown.sh -u laurent -p xxxxx -host localhost -port 12345 -w 32bbae32-8944-4c31-b370-60024bf533b3  -t 5bbf56c7-10d0-4da7-b3e7-0dc99bccd751 -o "laurent"
Exception in thread "main" java.security.AccessControlException: access denied ("fukoka.lapis.engine.security.authorisation.FukokaPermission" "wfchown")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
	at java.security.AccessController.checkPermission(AccessController.java:559)
	at fukoka.lapis.engine.security.authorisation.FukokaPrivilegedAction.run(FukokaPrivilegedAction.java:38)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
	at fukoka.lapis.engine.workflow.remote.RemoteNode.setOwner(RemoteNode.java:134)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)
	at sun.rmi.transport.Transport$1.run(Transport.java:177)
	at sun.rmi.transport.Transport$1.run(Transport.java:174)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.rmi.transport.Transport.serviceCall(Transport.java:173)
	at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:808)
	at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:667)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:724)
	at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:273)
	at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:251)
	at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:160)
	at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:194)
	at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:148)
	at com.sun.proxy.$Proxy5.setOwner(Unknown Source)
	at fukoka.lapis.client.clt.WFchown.main(WFchown.java:63)

In order to succeed, I then edit the server policy file to grant the permission:

grant principal fukoka.lapis.engine.security.authentication.FukokaPrincipal "laurent" {
    permission fukoka.lapis.engine.security.authorisation.FukokaPermission "shutdown";
    permission fukoka.lapis.engine.security.authorisation.FukokaPermission "wfchown";
};

The listing now gives me the ownership of the task

Related articles

workflow system

Posted: 5 September 2013 in Uncategorized

Today, I made a breakthough in my custom workflow system. I have implemented a remote security proxy to my objects using JAAS.  This means that now, users need to be authenticated to perform workflow operations.  Below is the code I use to connect to the Lapis Serser (a server that does a few things), get a client, obtain a workflow engine and start a workflow.

        Registry registry = LocateRegistry.getRegistry("localhost", 12345);
        LapisClientFactory factory = (LapisClientFactory)registry.lookup("lapisClientFactory");
        LapisClient client = factory.getClient("laurent", "xxxxxxxxx");

        WorkflowEngine workflowEngine = client.getWorkflowEngine();
        File workflowFile = new File(workflowFilePath);
        GraphExecution graphExecution = workflowEngine.instantiate(workflowFile, wfMapEnv);
        graphExecution.start();

snapshot1

I have created three command line tools to interact with the system.

  • wfstart.sh, which starts a given workflow,
  • wflist.sh, which list started workflows and their activation tokens and their tasks,
  • wfcomplete.sh, to complete a node token (an active task if you will) and choose a transition arc to the next task.

The workflow allows for automated tasks (which decide how to transition to the next task) and also for user tasks (which do nothing until a user indicates they have completed their tasks). A series of events get triggered whenever a workflow is started or a task gets activated, which later could be used for user notification [via email or JMS or whatever else you want to plug in].

Below is an example custom task definition and the java code that gets executed:

 

  <node name="task1" start="true">
    <arc name="toTask3" to="task3"/>
    <arc name="toEnd" to="end"/>
    <parameter name="onSuccess" value="toTask3" />
    <parameter name="onFailure" value="toEnd" />
    <lapis:extension qname="NODESET" xpath="/parameters/parameter" />
  </node>



    @Override
    public void execute(NodeToken token, Map<String, String> parameters) throws RemoteException {
        String who = null;
        try {
            who = token.getNode().getProperties().getProperty("who");
        } catch (RemoteException e) {
            e.printStackTrace();
        }
        System.out.println("Hello " + who);
        try {
            token.complete(token.getNode().getProperties().getProperty("onSuccess")); // follow the successful route
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

Hello world! There is still so much to do but this is making real progress.

Revert a branch to a specific edition

– submit the content of your workarea to ensure your work gets recorded in an edition

– publish an edition

– create a temporary workarea named "tmp_current", based on the last edition you just published

– create a temporary workarea named "tmp_revert", based on the edition you want to revert to (e.g. ed_0001).

– submit the entire "tmp_revert" workarea, with overwrite all flag on.

– compare the "tmp_revert" workarea with the content of the "tmp_current" workarea

– delete the files in the "tmp_current" workarea that show only in "tmp_current" and not in the "tmp_revert" workarea

– submit the modified files in "tmp_current"

– compare the edition you wanted to revert to (e.g. ed_0001) with STAGING. there should be no differences.

I have now created a TeamSite/SitePublisher training course. After a lot of blood and absolutely no tears whatsoever, I can now produce the agenda of the 5 days long program. Let’s see where it will take us.

Day 1