You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org> on 2006/04/27 21:56:37 UTC
[jira] Created: (GERONIMO-1930) Make security real types into
GBeans so they can be added in new/updated configurations
Make security real types into GBeans so they can be added in new/updated configurations
---------------------------------------------------------------------------------------
Key: GERONIMO-1930
URL: http://issues.apache.org/jira/browse/GERONIMO-1930
Project: Geronimo
Type: Improvement
Security: public (Regular issues)
Components: security, console
Versions: 1.1
Reporter: Aaron Mulder
Assigned to: Aaron Mulder
Fix For: 1.1
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
Re: [jira] Created: (GERONIMO-1930) Make security real types into GBeans so they can be added in new/updated configurations
Posted by David Jencks <da...@yahoo.com>.
Huh? could you explain what you mean a little bit? Would an
xmlattribute builder work as well, like we use for environments?
Also I think dain did something related for openejb2 in trunk.
thanks
david jencks
On Apr 27, 2006, at 12:56 PM, Aaron Mulder (JIRA) wrote:
> Make security real types into GBeans so they can be added in new/
> updated configurations
> ----------------------------------------------------------------------
> -----------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Type: Improvement
> Security: public (Regular issues)
> Components: security, console
> Versions: 1.1
> Reporter: Aaron Mulder
> Assigned to: Aaron Mulder
> Fix For: 1.1
>
>
>
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the
> administrators:
> http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:
> http://www.atlassian.com/software/jira
>
Re: [jira] Commented: (GERONIMO-1930) Make security realm types into GBeans so they can be added in new/updated configurations
Posted by Vamsavardhana Reddy <c1...@gmail.com>.
There is a System Properties GBean that allows you to add system properties
without having to set those on the command line.
++Vamsi
On Feb 6, 2008 7:57 PM, Sakari Maaranen (JIRA) <ji...@apache.org> wrote:
>
> [
> https://issues.apache.org/jira/browse/GERONIMO-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566140#action_12566140]
>
> Sakari Maaranen commented on GERONIMO-1930:
> -------------------------------------------
>
> One detail to remember here is to enable the truststoreFileName and
> password for these GBeans.
> It took me a couple of days to try to figure out how to configure the
> trusted security authorities keystore for my Secure LDAP(S) realm.
> In the end I had to use command line options for my JVM before starting
> Geronimo:
> -Djavax.net.ssl.trustStore=<geronimo-home>/var/security/keystores/<keystore-filename>
> -Djavax.net.ssl.trustStorePassword=<password>
>
> Would be nice to have those configurable with GBeans or a similar means.
> Preferrably with a web GUI.
>
> > Make security realm types into GBeans so they can be added in
> new/updated configurations
> >
> ----------------------------------------------------------------------------------------
> >
> > Key: GERONIMO-1930
> > URL: https://issues.apache.org/jira/browse/GERONIMO-1930
> > Project: Geronimo
> > Issue Type: Improvement
> > Security Level: public(Regular issues)
> > Components: console, security
> > Affects Versions: 1.1
> > Reporter: Aaron Mulder
> > Fix For: 1.x
> >
> >
>
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
>
[jira] Updated: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1930?page=all ]
Vamsavardhana Reddy updated GERONIMO-1930:
------------------------------------------
Fix Version/s: 1.x
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x, 1.1.2
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "Sakari Maaranen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566140#action_12566140 ]
Sakari Maaranen commented on GERONIMO-1930:
-------------------------------------------
One detail to remember here is to enable the truststoreFileName and password for these GBeans.
It took me a couple of days to try to figure out how to configure the trusted security authorities keystore for my Secure LDAP(S) realm.
In the end I had to use command line options for my JVM before starting Geronimo:
-Djavax.net.ssl.trustStore=<geronimo-home>/var/security/keystores/<keystore-filename> -Djavax.net.ssl.trustStorePassword=<password>
Would be nice to have those configurable with GBeans or a similar means. Preferrably with a web GUI.
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: https://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "Kevan Miller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566295#action_12566295 ]
Kevan Miller commented on GERONIMO-1930:
----------------------------------------
> You probably mean SystemPropertyGBean? I wonder why is it undocumented. Hardly anything on the web.
Is a very good idea. Could you raise a Jira? Maybe if you learn about it, you could kickstart a little documentation for it?
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: https://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1930?page=all ]
Aaron Mulder updated GERONIMO-1930:
-----------------------------------
Summary: Make security realm types into GBeans so they can be added in new/updated configurations (was: Make security real types into GBeans so they can be added in new/updated configurations)
Fix Version/s: 1.1.2
(was: Wish List)
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security, console
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.1.2
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1930?page=all ]
Vamsavardhana Reddy updated GERONIMO-1930:
------------------------------------------
Fix Version/s: (was: 1.1.2)
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: security, console
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-1930) Make security real types into
GBeans so they can be added in new/updated configurations
Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1930?page=all ]
Aaron Mulder updated GERONIMO-1930:
-----------------------------------
Assign To: (was: Aaron Mulder)
> Make security real types into GBeans so they can be added in new/updated configurations
> ---------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Type: Improvement
> Security: public(Regular issues)
> Components: security, console
> Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: Wish List
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "Aaron Mulder (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12461843 ]
Aaron Mulder commented on GERONIMO-1930:
----------------------------------------
Right now you can't add new login module types to the console dynamically. We have to manually configure each type of login module that a user should be able to select/configure in the security realm screen in the console.
It would be better if there was a GBean that represented a login module type, like we now have for database drivers, etc. That way, if someone develops a new login module, they can distribute it in a plugin that includes one of the GBeans described here, and then anyone who installs that can use the console to create/configure login modules of that type for their security realms.
So the GBean should have properties like the friendly name of this type of login module, the implementation class name, a list of possible configuration properties (with type, description, and required flag for each), and so on. Then the console can build a list of login modules dynamically and build the screens for whatever the user selects (though perhaps still supporting an override flag, e.g. the current DB module uses a special screen rather than dynamically building one).
Then we'd change the console to include GBeans of this type for the standard login module types (DB, LDAP, properties file, etc.).
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "Sakari Maaranen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566221#action_12566221 ]
Sakari Maaranen commented on GERONIMO-1930:
-------------------------------------------
You probably mean SystemPropertyGBean? I wonder why is it undocumented. Hardly anything on the web.
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: https://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566184#action_12566184 ]
David Jencks commented on GERONIMO-1930:
----------------------------------------
I don't think it's appropriate for any of our existing login modules to be aware of a truststore because they all assume any certificate chain they see results from an already estabished ssl/tls connection. Thus, in order to get to the login module, the truststore must have been known by the connection machinery. So, generally the solution to this kind of problem should be to make the connection machinery aware of the geronimo keystore machinery, as is for instance done in the jetty integration.
As Vamsi pointed out in a mailing list reply you can always use a SystemPropertiesGBean to set system properties if you can't make the connection machinery geronimo-keystore-aware.
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: https://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-1930) Make security real types into
GBeans so they can be added in new/updated configurations
Posted by "Matt Hogstrom (JIRA)" <de...@geronimo.apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1930?page=all ]
Matt Hogstrom updated GERONIMO-1930:
------------------------------------
Fix Version: Wish List
(was: 1.1)
> Make security real types into GBeans so they can be added in new/updated configurations
> ---------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Type: Improvement
> Security: public(Regular issues)
> Components: security, console
> Versions: 1.1
> Reporter: Aaron Mulder
> Assignee: Aaron Mulder
> Fix For: Wish List
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-1930) Make security realm types into
GBeans so they can be added in new/updated configurations
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-1930?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12461836 ]
David Jencks commented on GERONIMO-1930:
----------------------------------------
Can you elaborate on what you have in mind?
> Make security realm types into GBeans so they can be added in new/updated configurations
> ----------------------------------------------------------------------------------------
>
> Key: GERONIMO-1930
> URL: http://issues.apache.org/jira/browse/GERONIMO-1930
> Project: Geronimo
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 1.1
> Reporter: Aaron Mulder
> Fix For: 1.x
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira