You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by McClain Looney <m...@loonsoft.com> on 2004/01/05 03:41:53 UTC
Domain.xml and the immortal john2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I've edited my domain.xml file (slide-cvs) to include a couple of users, their
passwords, and group memberships for testing purposes, and configured tomcat
to use the SlideRealm for authentication. All the bits seem to start up fine,
with no warnings, other than tomcat complaining about a role being referenced
without being defined in the web.xml.
Then something weird happens..
I can't authenticate with my users, b/c slide doesn't see them in the roles
i've assigned them. When ACLSecurityImpl looks into the group-member-set
property for all the defined roles, it only ever sees john2, root and john as
members of the "user" role (as in the distributed Domain.xml file)!
I have no idea how they get in there, I've removed them from everwhere i've
found them, even grepped through the class files to suss out hardcoding, I've
grepped through everything i can imagine, and still can find no mention of
john2 anywhere in my source tree (i even deleted the sample domain.xml
files).
The _really_ bizarre thing, is that ACLSecurityImpl actually finds the proper
passwords for these users (though it cannot find a password for root, even if
i set one up).
what could be the origin of these phantom users?
- --
McClain Looney
LoonSoft LLC
m@loonsoft.com
Public key E3122EF8 available
at http://wwwkeys.us.pgp.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/+M7zJY6NG+MSLvgRAnVUAJ9n5PIJsZXgq1kc/ywdymkqLTyEFACgpdda
N8oumlnb1DIVbyr3vHvbNTQ=
=h4IB
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Domain.xml and the immortal john2
Posted by Martin Holz <ho...@fiz-chemie.de>.
McClain Looney <m...@loonsoft.com> writes:
> well, this does indeed seem to be the case. though i could not find this
> phantom store, hardcoding a known non-existent path to a new store did the
> trick.
By the default, file stores are created relative to the current
working directory. Changing the working directory before
starting slide is a common cause for confusion.
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Domain.xml and the immortal john2
Posted by McClain Looney <m...@loonsoft.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
well, this does indeed seem to be the case. though i could not find this
phantom store, hardcoding a known non-existent path to a new store did the
trick.
thanks for the pointers.
On Monday 05 January 2004 08:20 am, McClain Looney wrote:
> right, the store is brand new (to my knowlege, i'll check again), there
> are no existing users.
>
> On Monday 05 January 2004 12:07 am, Oliver Zeigermann wrote:
> > Domain.xml is for initialization only. Changes to existing users will
> > have no effect.
> >
> > Oliver
- --
McClain Looney
LoonSoft LLC
m@loonsoft.com
Public key E3122EF8 available
at http://wwwkeys.us.pgp.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/+XVJJY6NG+MSLvgRAn6eAKCmVlQkIZ160Q47z9l23cjULsyP7ACgsCCw
FrBYtbLHo0rngDIoTSxaS7U=
=4ZeQ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Domain.xml and the immortal john2
Posted by McClain Looney <m...@loonsoft.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
right, the store is brand new (to my knowlege, i'll check again), there are
no existing users.
On Monday 05 January 2004 12:07 am, Oliver Zeigermann wrote:
> Domain.xml is for initialization only. Changes to existing users will
> have no effect.
>
> Oliver
>
- --
McClain Looney
LoonSoft LLC
m@loonsoft.com
Public key E3122EF8 available
at http://wwwkeys.us.pgp.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/+XLGJY6NG+MSLvgRAltKAJoCvIMaou4+Hk3RLh5sMRo67Oga6QCeMBCA
DMna5JUlzBHA+zC4/kUBnXA=
=0qvY
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Domain.xml and the immortal john2
Posted by Oliver Zeigermann <ol...@zeigermann.de>.
Domain.xml is for initialization only. Changes to existing users will
have no effect.
Oliver
McClain Looney wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello,
>
> I've edited my domain.xml file (slide-cvs) to include a couple of users, their
> passwords, and group memberships for testing purposes, and configured tomcat
> to use the SlideRealm for authentication. All the bits seem to start up fine,
> with no warnings, other than tomcat complaining about a role being referenced
> without being defined in the web.xml.
>
> Then something weird happens..
>
> I can't authenticate with my users, b/c slide doesn't see them in the roles
> i've assigned them. When ACLSecurityImpl looks into the group-member-set
> property for all the defined roles, it only ever sees john2, root and john as
> members of the "user" role (as in the distributed Domain.xml file)!
>
> I have no idea how they get in there, I've removed them from everwhere i've
> found them, even grepped through the class files to suss out hardcoding, I've
> grepped through everything i can imagine, and still can find no mention of
> john2 anywhere in my source tree (i even deleted the sample domain.xml
> files).
>
> The _really_ bizarre thing, is that ACLSecurityImpl actually finds the proper
> passwords for these users (though it cannot find a password for root, even if
> i set one up).
>
> what could be the origin of these phantom users?
>
>
> - --
> McClain Looney
> LoonSoft LLC
> m@loonsoft.com
>
> Public key E3122EF8 available
> at http://wwwkeys.us.pgp.net/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQE/+M7zJY6NG+MSLvgRAnVUAJ9n5PIJsZXgq1kc/ywdymkqLTyEFACgpdda
> N8oumlnb1DIVbyr3vHvbNTQ=
> =h4IB
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org
Re: Domain.xml and the immortal john2
Posted by Julian <ce...@yahoo.com>.
McClain,
It may be possible that the users defined in the
configurations were created the first time you started
the server. Once they are created the objectnodes
representing the users will be found in one of the
stores you defined from Domain.xml (I believe it is
the descriptor store). I would check to see if they
are still there. If so, do a clean install and remove
this possible phantom source.
Secondly, without having the roles assigned to your
users match the roles defined in web.xml, I believe
you should continue to have authentication problems.
Please check the servlet container's web.xml for the
following for each of the roles you are using (e.g.
root, guest, user).
<security-role>
<description>
An example role
</description>
<role-name>guest</role-name>
</security-role>
Finally, I am no expert on Slide, but IMHO these seem
to be the causes of your problems.
Hope this Helps,
__Julian
--- McClain Looney <m...@loonsoft.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello,
>
> I've edited my domain.xml file (slide-cvs) to
> include a couple of users, their
> passwords, and group memberships for testing
> purposes, and configured tomcat
> to use the SlideRealm for authentication. All the
> bits seem to start up fine,
> with no warnings, other than tomcat complaining
> about a role being referenced
> without being defined in the web.xml.
>
> Then something weird happens..
>
> I can't authenticate with my users, b/c slide
> doesn't see them in the roles
> i've assigned them. When ACLSecurityImpl looks into
> the group-member-set
> property for all the defined roles, it only ever
> sees john2, root and john as
> members of the "user" role (as in the distributed
> Domain.xml file)!
>
> I have no idea how they get in there, I've removed
> them from everwhere i've
> found them, even grepped through the class files to
> suss out hardcoding, I've
> grepped through everything i can imagine, and still
> can find no mention of
> john2 anywhere in my source tree (i even deleted the
> sample domain.xml
> files).
>
> The _really_ bizarre thing, is that ACLSecurityImpl
> actually finds the proper
> passwords for these users (though it cannot find a
> password for root, even if
> i set one up).
>
> what could be the origin of these phantom users?
>
>
> - --
> McClain Looney
> LoonSoft LLC
> m@loonsoft.com
>
> Public key E3122EF8 available
> at http://wwwkeys.us.pgp.net/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
>
iD8DBQE/+M7zJY6NG+MSLvgRAnVUAJ9n5PIJsZXgq1kc/ywdymkqLTyEFACgpdda
> N8oumlnb1DIVbyr3vHvbNTQ=
> =h4IB
> -----END PGP SIGNATURE-----
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> slide-user-help@jakarta.apache.org
>
=====
Live simply so others may simply live.
�
-Ghandi
�
Pluralitas non est ponenda sine neccesitate.
"Entities should not be multiplied unneccesarily"
�
-William of Occam
__________________________________
Do you Yahoo!?
Find out what made the Top Yahoo! Searches of 2003
http://search.yahoo.com/top2003
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org