Google Site Search


Monday, February 21, 2011

JBoss users upgrade to Oracle/Sun JVM JDK 1.6 Update 24

This is a general alert for all Java applications. Hence affects the JBoss ecosystem users also.

Oracle has released update 24 of the JDK 1.6 to resolve the Security vulnerability as outlined in

So, please upgrade to Oracle JVM 1.6u24 asap.

As always, please refer to the community notification page at JBoss.

Wednesday, February 9, 2011

JBoss users upgrade to Oracle/Sun JVM JDK 1.6 Update 23 and apply FP Updater Tool

A serious vulnerability in the JVM was identified via CVE and has been handled by Oracle/Sun. Please see the following article for more details:

This is an issue that affects all Java applications that may be performing Double-String operations.

In summary, JBoss AS users should try to upgrade to JDK 1.6 Update 23 and use the Floating Point Updater Tool from here.

JDK/JRE6 Update 24 (forthcoming) will fix the issue. Until then please run the updater tool.

Reference Page for JBoss AS Security Vulnerabilities:

Additional information is available from Oracle Blog Post.


Tuesday, February 1, 2011

Usage:JBoss XACML

Project PicketBox from JBoss has an XACML engine that can be used in a Java environment.

Assuming that your configuration file is available, something like the following should work for you:

//Get hold of an InputStream to the config file 
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream( MY_CONFIG_FILE );
PolicyDecisionPoint pdp = new JBossPDP(is);
//Form your RequestContext by some means
ResponseContext response = pdp.evaluate(request);
int decision = response.getDecision();
//Decision can be one of XACMLConstants.DECISION_DENY
RequestContext requestContext = RequestResponseContextFactory.createRequestCtx();
//Read the xacml request from input stream
requestContext.readRequest( is );
requestContext.readRequest( node );  //Parse xacml request as DOM node 

If you need to look at code examples: