Guru Nanak was born around 500 yrs back in 1469 on 20th Oct and he lived for 70 years 5 months 7 days and got his realization at the age of 30. He was born in talvandi in pakistan.
When he was 13 his family decided to get the “janaiu” done but he refused it as to what can a thread provide me – in terms of purification. Understanding his bent towards spirituality his family decided to marry him at the age of 16. So he had two children also. He used to work as an accountant and used to work with dedication. In the morning he used to get up and meditate and also at night. When he used to count – he used to go into “complete silence” when saying “Terah – 13″ which in turn can be heard as “Tera -” meaning Yours only God Almighty.
One day he had gone to take a bath in the river Ben and there he was inside the water for 3 days and he got God Realization – Complete revelation and complete knowledge of the divine and existence. Mardana was his dear disciple.
At that time when Guru Nanaka was born there was a lot of darkness . On this darkness He had said – that the times are like knife, the king like butchers and religion has taken wings and fly away.
Baba Farid (who was Guru of Nizamudin Auliya ) had successor Ibrahim. Guru Nanaka went to meet Ibrahim and he asked what is the right way Hindu or Islam – So Guru Nanaka said there is only one way – that which has been there since Anadi Kaal. (Ancient times ) and that way is the way to grow the Chakras and Kundalini – there is no short cut or long cut to know God. 
Guru Nanaka had two principles: Two things – that people are equal and belief in service of humanity
So the style of Guru Nanaka was a mild one where as Kabira was revolutionary. Kabira challenged things and proved them wrong – all superstitious things. Like he went to Maghar (earlier was Marg Har – a place where one lost the way to go and ppl had the doubt that anybody who died there would go to hell ). And Kabira at the age of 125 to prove everybody wrong died at that place only.
Also there was an incident of Saint Farid going to meet Kabir – travelled, walked a difficult path all the way and when they met – they were silent for 3 days !! Kabira’s disciples were wondering what they two would talk about – but both of them were silent. So after Baba Farid went away – their disicples asked Kabira why did you not talk something? Kabira said where were you? Did you not hear that we talked all the time 3 days – but it was all done in silence !! -
God is expressed in silence only.
Where there is any problem or any calamity – it is best to go in thoughtless awareness – that is the greatest solution available.
The Love of Spirit is the only way to Purify the Attention – not through discipline or anger. And Kundalini is the shakti of the Spirit.
When you enjoy the Nature you can enjoy the beauty and it makes you thoughtless.
And then you feel the bliss of nature inside you . When you get complete self realization then you become beauty and fragrance yourself – like a flower.
Kartik maas ki purnima has the brightest moon, though it is not full.
Kala – the art – 16 phases of moon – are 16 phases of growth inside us. Sharad_Indu = Indu is moon – so already Sahaja Yogis have got 12 phases right upto Agya (6th chakra – two parts left – right so 12) and then from 13 to 16 we need to travel with dedication.
So after Sahasrara, we have Ardh bindu then bindu and then Valay. Bindu is the complete 16 phase of moon. Completeness. Mother is in the form of complete moon – giving blessings and love
Only a thankful heart can get the knowledge of this Divine love and keep the atma awakened. So one must remember to be grateful to Almighty Mother for this beautiful blessing and love.
One can get complete 100% realization – only with the Grace of Mother and her Compassion. Completely flowered with Her Love.
A complete sahaja yogi is one who is a Guru and being a Guru means that your Swadhistan which revolves in Nabhi has to be very strong and you need to have Motherly qualities in you. Even the greatest Muni’s and greatest Tapasvis that have been there had to worship the Adi Mother to gain the Completeness.
1986 – Mahakali Puja – Mother said everything has to happen on its own time – and you must know worry – why it is not happening at your own set time – there are deep reasons for things happening the way they are.
====================================
Today’s meditation was Yummy Sweet Candy Amazing and in the end we had the bhajan Durga – Arti wow thank you Thank you very very very much.
Hostname: name of machine where jboss is running
portnumber : is the port of jmxremote property and NOT jni and NOT RMI port defined in jboss-service.xml file.
So if you need to connect to jboss mbean through jconsole: add the following the run.conf file JAVA_OPTS
-Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djboss.platform.mbeanserver -Djavax.management.builder.initial=org.jboss.system.server.jmx.MBeanServerBuilderImpl
And then you can connect either remotely: localhost:12345
OR
through the JMX service url
service:jmx:rmi:///jndi/rmi://HostName:portnumber/jmxrmi
The identities of a user(username, SSN, employeeID, etc.) are stored as java.security.Principal objects in the Subject Principals set. The roles assigned to a user are also stored in the Principals set, but they are stored in named role sets using java.security.acl.Group instances. The Group interface is a subinterface of java.security.Principal. A Group is a collection of Principals and or Groups. There can be any number of role sets assigned to a Subject. Currently the JBossSX framework uses two well known roles sets named “Roles” and “CallerPrincipal”. The “Roles” set is the set of Principals for the named roles as known in the application domain the Subject has been assigned. This role set is used by methods like the EJBContext.isCallerInRole(String) which is used by EJBs to see if the current caller belongs to the named application domain role. The CallerPrincipal role set consists of the Principal identity assigned to the user in the application domain. It is used by the EJBContext.getCallerPrincipal() method to allow the application domain to map from the operation environment identity to a user identity suitable for the application. If a Subject does not have a CallerPrincipal role set then the application identity is that of the operational environment identity.
extend UsernamePasswordLoginModule
validatePassword (Authenticates user against LDAP)
getRoleSets (This adds the user role that was found in LDAP and you must hve valid role as well.
Here is a sample test cas restful java client.
To validate the service ticket you can use the code that is similar to yale cas client SecureUtil.java class sending an https request to /serviceValidate URL of CAS.
public static boolean validateFromCAS(String username, String password) throws Exception
{
String url = "https://myPC.com:8443/cas/v1/tickets";
try
{
HttpsURLConnection hsu = (HttpsURLConnection)openConn(url);
String s = URLEncoder.encode("username","UTF-8") + "=" + URLEncoder.encode("adriza","UTF-8");
s+="&" +URLEncoder.encode("password","UTF-8") + "=" + URLEncoder.encode("adriza","UTF-8");
System.out.println(s);
OutputStreamWriter out = new OutputStreamWriter(hsu.getOutputStream());
BufferedWriter bwr = new BufferedWriter(out);
bwr.write(s);
bwr.flush();
String tgt = hsu.getHeaderField("location");
System.out.println( hsu.getResponseCode());
if(tgt != null && hsu.getResponseCode() != 400)
{
System.out.println(tgt);
System.out.println("Tgt is : " + tgt.substring( tgt.lastIndexOf("/") +1));
tgt = tgt.substring( tgt.lastIndexOf("/") +1);
bwr.close();
closeConn(hsu);
String serviceURL = "http://myPC.com:8080/testingWebSvc";
s = URLEncoder.encode("service","utf-8") +"=" + URLEncoder.encode(serviceURL,"utf-8");
hsu = (HttpsURLConnection)openConn(url+ "/"+ tgt);
System.out.println("Response code is: " + hsu.getResponseCode());
BufferedReader isr = new BufferedReader( new
InputStreamReader(hsu.getInputStream()));
String line;
System.out.println( hsu.getResponseCode());
while ((line = isr.readLine()) != null) {
System.out.println( line);
}
isr.close();
hsu.disconnect();
return true;
}
else
{
return false;
}
}
catch(MalformedURLException mue)
{
mue.printStackTrace();
throw mue;
}
catch(IOException ioe)
{
ioe.printStackTrace();
throw ioe;
}
}
[Original : November 2007]
[rubik:/tmp/jboss-3.2.3/bin] % ./shutdown.sh -s jnp://myremotemachineOrIP:1099Shutdown message has been posted to the server.Server shutdown may take a while – check logfiles for completion
Stopping JBoss when running multiple JBoss instances using the Service Binding Manager
./shutdown.sh -s jnp://myserver:31099 -S
You will again use the lower-case -s flag but you will need to look in your bindings file to find the port of each Naming service.
<service-bindings>
<server name=”ports-default”> <
service-config name=”jboss:service=Naming” delegateClass=”org.jboss.services.binding.AttributeMappingDelegate” >
<delegate-config portName=”Port” hostName=”BindAddress”>
<attribute name=”RmiPort”>1098
</attribute> </delegate-config>
<binding port=”1099″ host=”${jboss.bind.address}”/>
</service-config>
UPDATE – 22-Oct-2009
-> Default behavior is to shutdown (S)
Other operations:
-S, –shutdown Shutdown the server
-e, –exit= Force the VM to exit with a status code
-H, --halt= Force the VM to halt with a status code
And default port for shutdown used is jnp 1099. You can test this by experimenting with jnp port in jboss-service.xml
Another point is that usage of username , password for authentication for shutdown. (u,p)
If you have enabled the interceptor in jmx-invoker-service.xml file in deploy folder.
<!-- Uncomment to require authenticated users -->
<interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor"
securityDomain="java:/jaas/jmx-console"/>
Then it will refer to the security Domain jmx-console from the login-config.xml in the conf folder to check if user credentials.If user is not valid then it will throw the following Exception:
jboss-4.2.3.GA\bin>shutdown.bat -S
Exception in thread “main” java.lang.SecurityException: Failed to authenticate principal=null, securityDomain=jmx-console
at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:97)
In login-config.xml you can define your own login class that will check if the user has valid roles and credentials for doing the op.
Inspektr library is an auditing aspect built inside CAS server.
This library has two aspects built in – one is AuditTrailManagementAspect and other is StatisticManagementAspect.
Like any other aspect class the above two classes are annotated with
@Aspect at top class definition and
@Around for managing aop method execution.
The notable points wrt this library are:
There is a custom annotation that is created called @Auditable (similarly @Statistics)
To create a custom annotation we need to define the class as follows:
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.METHOD)
public @interface Auditable {}
Then there are three parts to Auditing: (user info, resource info, action info)
Principal: User info
Resource: Ticket info (ST or TGT)
Action : type of ticket created info (Failure or success)
So classes providing this info are injected along to the AuditAspect class along with the name of the class that will know how to publish this information to the right output.
User info, we have the class called TicketOrCredentialBasedAuditablePrincipalResolver.
Resource: Service ticket info, ServiceResourceResolver
Action: ObjectCreationAuditableActionResolver (prefixes failure/success based on null value check of object)
One question can come is why are we keeping all the resources in the list of of constructer. Example if I only need to audit the service ticket creation or validation then should the references of other resources is needed? . The answer is that object creation of these resources takes place one time only in the construction of the aspect class so that these object handlers of resources can be used in different places (be it TGT or ST creation etc.) .
If there is no @Auditable tag kept only at the level of service ticket creation then only one resource resolver an be kept at the list level which is ServiceResourceResolver. (Note you would need to remove @auditable annotation from other places to avoid error)
<bean id="auditTrailManagementAspect" class="org.inspektr.audit.AuditTrailManagementAspect">
<constructor-arg index="0" ref="auditablePrincipalResolver" />
<constructor-arg index="1">
<list>
<bean class="org.jasig.cas.audit.spi.CredentialsAsFirstParameterResourceResolver" />
<bean class="org.jasig.cas.audit.spi.TicketAsFirstParameterResourceResolver" />
<bean class="org.jasig.cas.audit.spi.ServiceResourceResolver" />
</list>
</constructor-arg>
<constructor-arg index="2">
<list>
<bean class="org.inspektr.audit.support.ConsoleAuditTrailManager" />
</list>
</constructor-arg>
<constructor-arg index="3" value="CAS" />
</bean>
<bean id="auditablePrincipalResolver"
class="org.jasig.cas.audit.spi.TicketOrCredentialBasedAuditablePrincipalResolver">
<constructor-arg index="0" ref="ticketRegistry" />
</bean>
The class that manages the final bundle of information – i.e clubbing of complete info related to resource, principal and action is AuditableActionContext that stores all the data (strings of info) in it and the object of this class is then used by the manager that “records” the information in the right output. So for example the ConsoleTrailManager will do a simple sysout of the information.
public void record(final AuditableActionContext auditableActionContext) {
System.out.println("Audit trail record BEGIN");
System.out.println("=============================================================");
System.out.println("WHO: " + auditableActionContext.getPrincipal());
System.out.println("WHAT: " + auditableActionContext.getResourceOperatedUpon());
System.out.println("ACTION: " + auditableActionContext.getActionPerformed());
System.out.println("APPLICATION: " + auditableActionContext.getApplicationCode());
System.out.println("WHEN: " + auditableActionContext.getWhenActionWasPerformed());
System.out.println("CLIENT IP ADDRESS: " + auditableActionContext.getClientIpAddress());
System.out.println("SERVER IP ADDRESS: " + auditableActionContext.getServerIpAddress());
System.out.println("=============================================================");
System.out.println("\n");
}
So if you need to record additional information like browser info, session id , etc, then you need to see if you wish to extend Auditable or create your own custom Aspect class that will handle all the data.
jointpoint : where – the place of application (the method invoke, class init , obj init)
advice: action to be performed
pointcuts: conditions or boolean expressions to add details to jointpoint – so that conditionally advise performed.
(eg: which method to invoke)
Aspect = advice + pointcut.
—————————
Weaving: Compile time,Runtime: advantage no need to recompile code.
—————————
ProxyFactoryBean in spring to enable aop.
ThreadLocal class and the other could be using ThreadLocalTargetSource
If you need to log the following information :
- browser info, service url info, service ticket granted, etc… you can do that in the submission information itself.
in service validation – since the http request is triggered from java client – browser info is missing.
So there was in the ancient times a guru and a disciple and the disciple asks that every seeker needs to be guided with some light. In the day we have the sun and in the night the moon.
what if there is complete darkness and no moon and no sun. what would guide us then, Then the Guru replies that sound – or the shabhd would be the guiding factor.
The crackers that we burst on this day symbolize this guiding factor of sound.
But what if there are certain conditions that even sound cannot exist then only guiding light is the Atma which is a reflection of the Param Atma that is the God Almighty. That can exist in all conditions and in our heart it exists as a flicker of light and when that light goes out we cease to exist.
Lord krishna, And sanatana dharma dayananda- samadhi and left body.
Mahavira on the left side, controlling us – he too got the nirvana on this day.
Swami Dayananad, Swami Ramtirth also came and exit on diwali day,Mahavira got nirvana on this day.
Brahama Murata – Mother has said many a times that it is MUST to get up this time. There is a reason behind this,1 to 1.5 hr before the sun rise there is Brahama Murata time that is the time of Brahama which is the Divine power and it is in this time that all creation grows – the trees, the flowers and the animals.
The whole day they do not grow – it is only during that time that they grow. But why is man not aware – because he has been given desire – so only if man desire’s would he be able to experience this heavenly time where we do not even need to balance – where even at the cosmic level the complete Nature is in balance and NO negativities are active during this time. So it is at this time that you should meditate and establish the thoughtless awareness.
Brahama Murata is the time of Golden Silence – when God HIMSELF comes and all the blessings are showered.
But only the Sahaja Yogis have been given this special privelege of staying in Brahma Murata all the time and how is that so? That is so by staying in Nirvicharita.If we need to check if we are in Nirvicharita or not then we need to come to the Heart chakra and see if we are in the Heart connected or not – if we are then we are in nirvicharita. When we are at the Sahasrara then all the blessings are there.In the morning this energy manifests and in the cosmic level and the attention that at collective level – this energy is present.
Nirvichar chetna is bhrahma.
Ten times the growth would be more if you get up and meditate at brahma mutra.
Seven chakras – the six chakras are all lit up and knotted as a string of garland and offered to the Almighty Goddess and all the Chakras leave their places to come to Sahasrara. Chakras are nothing but Kurushetra – (me:and place of war. ) Brain and heart both needs to be connected. Heart is the place of nirakara, formless and that is manifested through Brain and brain needs heart to function. If these are connected one can move forward towards the higher conscious realms of divine.All these animals are under will power of God Almighty SadaShiva and they are controlled by God – so he is called Pashupati Nath. But DESIRE was given to man to allow this evolution to take place – by Adishakti herself. And this desire when we use outside .Growth – Transformation – Evolution after human beings.Human being’s attention to grow higher in consciouness and this period is transition period. You need to jump – to this stage.
If we say NO then we are using Ego and if allow things to happen to us then we are using our superego. But in a way we really need these both to enforce our decisions – then how do we understand that Ego and Superego are good and yet harmful for us as they cover our Sahasrara where we wish to be. Overactivity of right sides results in Ego. The solution is to remember the “MAHAT-AHANKRA” the Ego of the God almighty and remember that who is DOER. New dimension in brain – wisdom comes inside after desire was implanted in man,
If SadaShiva stops to witness the power will go inside Him. It is very impt for Him to witness.
Dhyan karte nahin hain -we dont DO meditation but we BE in meditation and – it is often seen that we meditate and after we getup all the meditation feeling is lost and we get engrossed in outer world. To retain the dhyan then we get “dharna” and to retain even deeper than “dharna” we get “samadhi”
We gather all the enlightened chakras and make a garland out of them and offer to Mother’s feet.So when we rise, all chakras unite at the seventh chakra place and then this seed grows to become the tree which gives flowers and then the fruit comes on the tree – this fruit is offered to the Divine’s lotus feet.
So, it is the growth of Ganesha that is taking place, and Ganesha is helping us grow higher,and then we reach Mothers place.Shri Ganesha is nothing but innocence which when comes on Agya manifests as forgiveness. Mother is Compassion and Father is witness. When Ganesha surrenders at the feet of Mother then this innocence is merged with Compassion and Mother takes her child to Father and seeing this – Father is overjoyed!! and filled with this joy when all three merge – there there is only ONE – the LIGHT – the Almighty that is there.
To clear heart take left hand’s grace and put on it on right side. Also can put left hand on the heart and pray to Sada shiva and Parvati for clearance. After these prayers we were all blessed and felt the bliss in heart.
Assuming that I have two login modules defined. And I need that if the first login module’s server is down then the second login module’s authentication process is executed. For this the following would be the configuration:
SampleLogin {
com.auth.CASLoginModule requisite;
com.auth.JNDILoginModule requisite;
};
Now requisite flag means that :
requisite – the LoginModule must succeed: it must return true from the login()
method. Unlike required LoginModules, the failure of a requisite LoginModule prevents the login() method of the remaining LoginModules from being called. However in case of success the remaining stack of login modules will be called.
The only thing that took me some time to understand was – what is the difference between returning false and throwing LoginException in JAAS. The difference is that “false” implies ignore this module and LoginException implies an authentication failure. Quote from the JAAS book by Cote:
To authenticate, the login() method first saves the username entered as a private field for later use to create Principals and credentials, and then returns true. Otherwise, a sub-class of LoginException,
javax.security.auth.login.FailedLoginException, is thrown. Returning false from the login() method signals to JAAS to ignore this LoginModule. You may want the LoginModule ignored if it has nothing to contribute to the Subject
So if our CAS authentication Server is down – return false. Otherwise return LoginException for authentication failure.
Other flags in JAAS:
required: other login modules called irrespective of the status of the current login module.
sufficient: if A succeeds, B is not called, but if A authentication fails(i.e LoginException) then B is called.
optional: It is optional, success or failure does not matter. Authentication passes down the stack.
UPDATE
The below matrix explains the stacking clearly. The required flag determines the result of aggregate authentication result.
|
Login2 Authentication Status |
|||||||||
| SampleLoginModule | required | pass | pass | pass | pass | fail | fail | fail | fail |
| NTLoginModule | sufficient | pass | fail | fail | fail | pass | fail | fail | fail |
| SmartCard | requisite | * | pass | pass | fail | * | pass | pass | fail |
| Kerberos | optional | * | pass | fail | * | * | pass | fail | * |
| Overall Authentication | pass | pass | pass | fail | fail | fail | fail | fail | |
* = trivial value due to control returning to the application because a previous requisite module failed or a previous sufficient module succeeded.
We cannot use required or optional flag because in both cases the next login module is always executed irrespective of the status of the current login module. Requires mandates authentication where as optional makes authentication optional. So we are left with two flags : requisite and sufficient. Sufficient does not make authentication mandatory – and so this flag cannot be used. Thus we need to use the requisite flag. The requisite flag makes authentication mandatory and calls the next login module if authentication succeeds and returns to application immediately if authentication fails. Ideally for failover we would have liked to create our own custom control flag that only calls the next login module if the current login module throws a specific exception or sets a specific value.
Since that is not available, (I did not see any example of custom control flag) and it is expensive to call the second login module every time when user is authenticated successfully – what we can do instead of stacking is to do nesting of modules.
Now in Jboss if you are extending the UsernamePasswordLoginModule then the behavior or exception or flag as discussed above is no longer valid. Firstly the three methods that you would need to override are:
protected Group[] getRoleSets() throws LoginException protected boolean validatePassword(String password, String expectedPassword) protected String getUsersPassword()
And in the validatePassword you cannot throw LoginException ! Instead you can catch “any” exception and call method setValidateError(e); Now that also makes the task of stacking for fail over tricky unless one directly extends AbstractLoginModule in jboss and studies its implementation . (Need to study this – would post an update on this later…)
<application-policy name="JBossWS"> <authentication> <login-module code="com.jboss.CASLoginModule" flag="requisite"> <module-option name="FailOverLoginModule"> com.jboss.JNDILoginModule </module-option> </login-module> </authentication> </application-policy>
sleep is sweeter,
than
harsh moments of reality,
of incompleteness,
of disconnects and to-dos
that clutter lives to chaos.
sleep is our savior,
until the divine light
merges the day and night,
and takes us to the higher realms
sleep,
sweet sleep,
the abode of all creations around,
for spending few moments,
at God’s place.
the beautiful Healer that whispers.
dreams in our hearts
charming our senses away
to the Other worlds
