You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by Jian Liao <no...@gmail.com> on 2005/12/06 07:55:52 UTC
Re: Fwd: Integration Geronimo with Jetspeed2
Hi all,
Could someone tell me where to download the geronimo-spec source code?
I am working on integration Jetspeed 2 with Geronimo recently. I found a
potential bug in geronimo-spec-j2ee-jacc-1.0-rc5.jar, class:
javax.security.jacc.WebResourcePermission
regards,
- Jian Liao
On 12/6/05, Jeff Genender <jg...@savoirtech.com> wrote:
>
> Jian,
>
> You found a bug. I fixed it and checked it in. It should work now.
>
> Thanks for pointing it out.
>
> Jeff
>
> David Jencks wrote:
> > jeff, I've been working with Jian to get j2 working.... this might be
> > his last problem, but I don't have time to look at it today. Any ideas?
> >
> > thanks
> > david jencks
> >
> >
> > Begin forwarded message:
> >
> >> From: Jian Liao <no...@gmail.com>
> >> Date: December 4, 2005 9:29:58 PM PST
> >> To: David Jencks <da...@yahoo.com>
> >> Subject: Re: Integration Geronimo with Jetspeed2
> >>
> >> Hi dj,
> >> The first issue had been solved according to your suggestion, thanks!
> >>
> >> The current issues:
> >> 1. request.isUserInRole() does not work.
> >> According to JSR-168, a portlet can use isUserInRole() to distinguish
> >> its role. Assume that I login as user role, I use the following code
> >> to distinguish my role in a portlet:
> >> request.isUserInRole("admin")
> >>
> >> I got an NPE, I found the problem maybe caused by
> >> TomcatGeronimoRealm.java (line 281 - 285):
> >>
> >> Request request = (Request) currentRequest.get();
> >> if (currentRequest == null) {
> >> log.error("No currentRequest found.");
> >> return false;
> >> }
> >>
> >> I think it should be:
> >>
> >> Request request = (Request) currentRequest.get();
> >> if (request == null) {
> >> log.error("No request found.");
> >> return false;
> >> }
> >>
> >> What do you think?
> >>
> >> The full stack trace:
> >> java.lang.NullPointerException
> >> at
> >> org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.getServletName(
> TomcatGeronimoRealm.java
> >> :213)
> >> at
> >> org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.hasRole(
> TomcatGeronimoRealm.java:287)
> >>
> >> at
> >> org.apache.catalina.connector.Request.isUserInRole(Request.java:2128)
> >> at org.apache.catalina.connector.RequestFacade.isUserInRole
> >> (RequestFacade.java:761)
> >> at
> >> javax.servlet.http.HttpServletRequestWrapper.isUserInRole(
> HttpServletRequestWrapper.java:163)
> >>
> >> at
> >> javax.servlet.http.HttpServletRequestWrapper.isUserInRole(
> HttpServletRequestWrapper.java
> >> :163)
> >> at
> >> javax.servlet.http.HttpServletRequestWrapper.isUserInRole(
> HttpServletRequestWrapper.java:163)
> >>
> >> at
> >> javax.servlet.http.HttpServletRequestWrapper.isUserInRole(
> HttpServletRequestWrapper.java:163)
> >>
> >> at
> >> org.apache.pluto.core.impl.PortletRequestImpl.isUserInRole(
> PortletRequestImpl.java:265)
> >>
> >> at
> >> org.apache.jsp.WEB_002dINF.demo.security.roles_jsp._jspService(
> org.apache.jsp.WEB_002dINF.demo.security.roles_jsp:175)
> >>
> >> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java
> :97)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
> >> at
> >> org.apache.jasper.servlet.JspServletWrapper.service(
> JspServletWrapper.java
> >> :322)
> >> at
> >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
> :314)
> >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java
> :264)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java :688)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:252)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:173)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.invoke(
> ApplicationDispatcher.java:672)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.doInclude(
> ApplicationDispatcher.java:574)
> >>
> >> at org.apache.catalina.core.ApplicationDispatcher.include
> >> (ApplicationDispatcher.java:499)
> >> at
> >> org.apache.jetspeed.dispatcher.JetspeedRequestDispatcher.include(
> JetspeedRequestDispatcher.java:72)
> >>
> >> at
> >> org.apache.portals.bridges.common.GenericServletPortlet.doView(
> GenericServletPortlet.java
> >> :363)
> >> at javax.portlet.GenericPortlet.doDispatch(GenericPortlet.java:247)
> >> at javax.portlet.GenericPortlet.render(GenericPortlet.java:175)
> >> at org.apache.jetspeed.factory.JetspeedPortletInstance.render(
> >> JetspeedPortletInstance.java:102)
> >> at
> >> org.apache.jetspeed.container.JetspeedContainerServlet.doGet(
> JetspeedContainerServlet.java:230)
> >>
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:252)
> >>
> >> at org.apache.catalina.core.ApplicationFilterChain.doFilter
> >> (ApplicationFilterChain.java:173)
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.invoke(
> ApplicationDispatcher.java:672)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.doInclude(
> ApplicationDispatcher.java
> >> :574)
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.include(
> ApplicationDispatcher.java:499)
> >>
> >> at
> >> org.apache.jetspeed.container.invoker.ServletPortletInvoker.invoke(
> ServletPortletInvoker.java:213)
> >>
> >> at
> >> org.apache.jetspeed.container.invoker.ServletPortletInvoker.render(
> ServletPortletInvoker.java:125)
> >>
> >> at sun.reflect.GeneratedMethodAccessor255.invoke(Unknown Source)
> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> >> (DelegatingMethodAccessorImpl.java:25)
> >> at java.lang.reflect.Method.invoke(Method.java:324)
> >> at
> >> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection
> (AopUtils.java:284)
> >>
> >> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke
> >> (JdkDynamicAopProxy.java:163)
> >> at $Proxy12.render(Unknown Source)
> >> at
> >> org.apache.pluto.PortletContainerImpl.renderPortlet(
> PortletContainerImpl.java:119)
> >>
> >> at
> >>
> org.apache.jetspeed.container.JetspeedPortletContainerWrapper.renderPortlet
> >> (JetspeedPortletContainerWrapper.java:120)
> >> at
> >> org.apache.jetspeed.aggregator.impl.RenderingJobImpl.execute(
> RenderingJobImpl.java:120)
> >>
> >> at
> >> org.apache.jetspeed.aggregator.impl.PortletRendererImpl.renderNow(
> PortletRendererImpl.java
> >> :110)
> >> at
> >>
> org.apache.jetspeed.aggregator.impl.PageAggregatorImpl.aggregateAndRender(
> PageAggregatorImpl.java:199)
> >>
> >> at
> >>
> org.apache.jetspeed.aggregator.impl.PageAggregatorImpl.aggregateAndRender(
> PageAggregatorImpl.java
> >> :182)
> >> at
> >> org.apache.jetspeed.aggregator.impl.PageAggregatorImpl.build(
> PageAggregatorImpl.java:106)
> >>
> >> at
> >> org.apache.jetspeed.aggregator.AggregatorValve.invoke(
> AggregatorValve.java:48)
> >>
> >> at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext
> >> (JetspeedPipeline.java:203)
> >> at
> >> org.apache.jetspeed.pipeline.valve.impl.ActionValveImpl.invoke(
> ActionValveImpl.java:132)
> >>
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at
> >> org.apache.jetspeed.container.ContainerValve.invoke(ContainerValve.java
> :76)
> >>
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at org.apache.jetspeed.profiler.impl.ProfilerValveImpl.invoke
> >> (ProfilerValveImpl.java:179)
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at
> >> org.apache.jetspeed.security.impl.LoginValidationValveImpl.invoke(
> LoginValidationValveImpl.java
> >> :127)
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at
> >> org.apache.jetspeed.security.impl.PasswordCredentialValveImpl.invoke(
> PasswordCredentialValveImpl.java:148)
> >>
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at
> >> org.apache.jetspeed.localization.impl.LocalizationValveImpl.invoke(
> LocalizationValveImpl.java:168)
> >>
> >> at org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext
> >> (JetspeedPipeline.java:203)
> >> at
> >> org.apache.jetspeed.security.impl.AbstractSecurityValve$1.run(
> AbstractSecurityValve.java:117)
> >>
> >> at java.security.AccessController.doPrivileged(Native Method)
> >> at javax.security.auth.Subject.doAsPrivileged (Subject.java:437)
> >> at
> >> org.apache.jetspeed.security.impl.AbstractSecurityValve.invoke(
> AbstractSecurityValve.java:111)
> >>
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at
> >> org.apache.jetspeed.container.url.impl.PortalURLValveImpl.invoke(
> PortalURLValveImpl.java:55)
> >>
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at
> >> org.apache.jetspeed.capabilities.impl.CapabilityValveImpl.invoke
> >> (CapabilityValveImpl.java:128)
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invokeNext(
> JetspeedPipeline.java:203)
> >>
> >> at
> >> org.apache.jetspeed.pipeline.JetspeedPipeline.invoke(
> JetspeedPipeline.java:185)
> >>
> >> at
> >> org.apache.jetspeed.engine.JetspeedEngine.service(JetspeedEngine.java
> :231)
> >>
> >> at
> >> org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java
> :226)
> >>
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java :595)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:252)
> >>
> >> at org.apache.catalina.core.ApplicationFilterChain.doFilter
> >> (ApplicationFilterChain.java:173)
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.invoke(
> ApplicationDispatcher.java:672)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.processRequest(
> ApplicationDispatcher.java
> >> :463)
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.doForward(
> ApplicationDispatcher.java:398)
> >>
> >> at
> >> org.apache.catalina.core.ApplicationDispatcher.forward(
> ApplicationDispatcher.java:301)
> >>
> >> at org.apache.jasper.runtime.PageContextImpl.doForward
> >> (PageContextImpl.java:693)
> >> at
> >> org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java
> :660)
> >>
> >> at org.apache.jsp.index_jsp._jspService(org.apache.jsp.index_jsp:45
> )
> >> at org.apache.jasper.runtime.HttpJspBase.service
> >> (HttpJspBase.java:97)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
> >> at
> >> org.apache.jasper.servlet.JspServletWrapper.service(
> JspServletWrapper.java:322)
> >>
> >> at org.apache.jasper.servlet.JspServlet.serviceJspFile
> >> (JspServlet.java:314)
> >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java
> :264)
> >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
> >> (ApplicationFilterChain.java:252)
> >> at
> >> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:173)
> >>
> >> at
> >> org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java
> >> :213)
> >> at
> >> org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:178)
> >>
> >> at
> >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> AuthenticatorBase.java:432)
> >>
> >> at
> >>
> org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke
> >> (GeronimoStandardContext.java:267)
> >> at
> >> org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(
> DefaultSubjectValve.java:46)
> >>
> >> at
> >> org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(
> PolicyContextValve.java
> >> :50)
> >> at
> >> org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(
> TransactionContextValve.java:53)
> >>
> >> at
> >> org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(
> ComponentContextValve.java:47)
> >>
> >> at
> >> org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(
> InstanceContextValve.java:60)
> >>
> >> at
> >> org.apache.catalina.core.StandardHostValve.invoke(
> StandardHostValve.java:126)
> >>
> >> at org.apache.catalina.valves.ErrorReportValve.invoke
> >> (ErrorReportValve.java:105)
> >> at
> >> org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:107)
> >>
> >> at
> >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java
> :541)
> >> at org.apache.catalina.connector.CoyoteAdapter.service
> >> (CoyoteAdapter.java:148)
> >> at
> >> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :868)
> >>
> >> at
> >>
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
> (Http11BaseProtocol.java
> >> :663)
> >> at
> >> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> PoolTcpEndpoint.java:527)
> >>
> >> at
> >> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
> LeaderFollowerWorkerThread.java:80)
> >>
> >> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
> >> (ThreadPool.java:684)
> >> at java.lang.Thread.run(Thread.java:534)
> >>
> >> - Jian Liao
> >>
> >> On 12/4/05, David Jencks < david_jencks@yahoo.com> wrote:
> >>> On Dec 3, 2005, at 6:08 PM, Jian Liao wrote:
> >>>
> >>> > Hi dj,
> >>> > Thanks for your help and encouragement. It is always my honor to do
> >>> > something for Apache community. I will write detail instructions for
> >>> > both J2 wiki and Geronimo wiki when I finish, you can count on me.
> >>> >
> >>> > There is still some issues I need to solve.
> >>> >
> >>> > 1. Is that possible to reference a datasource within a GBean?
> >>> >
> >>> > Since I don't know if it is possible and how to reference to
> >>> > ext-module(datasource connector) in a Gbean, the
> >>> > Gbean(JetspeedSecurityService), which encapsulate the Jetspeed
> >>> > Security component, use a raw datasource configuration which is
> >>> > implemented by a Spring Bean.
> >>>
> >>> For an example of how to do this, see the
> >>> JDBCStoreThreadPooledTransactionalTimer. The datasource comes from
> the
> >>>
> >>> infoFactory.addReference("ManagedConnectionFactoryWrapper",
> >>> ManagedConnectionFactoryWrapper.class,
> >>> NameFactory.JCA_MANAGED_CONNECTION_FACTORY );
> >>>
> >>> You get the datasource from this gbean by calling
> >>>
> >>> DataSource dataSource =
> >>> (DataSource)managedConnectionFactoryWrapper.$getResource();
> >>>
> >>> In you plan, the reference will look something like:
> >>>
> >>> <reference
> >>> name="ManagedConnectionFactoryWrapper"><moduleType>JCAResource</
> >>> moduleType><name>SystemDatasource</name></reference>
> >>> (from the system-datasource plan. If your datasource is in a separate
> >>> plan, you will need to include a <module> element and perhaps an
> >>> <application> )
> >>>
> >>> Hope this helps. Do you have a pointer to code related to the
> >>> isUserInRole issue? I don't know much about that yet.
> >>>
> >>> thanks
> >>> david jencks
> >>>
> >>>
> >>> >
> >>> > That is to say, there are two places that I need to maintain the
> >>> > database information. I want to use the single one which is defined
> in
> >>> > my plan(ext-module).
> >>> >
> >>> > 2. request.isUerInRole() does not work. This issue is similar as
> >>> > http://issues.apache.org/jira/browse/JS2-262
> >>> > I hope this issue can be fixed by a correct plan.
> >>> >
> >>> > regards,
> >>> >
> >>> > - Jian Liao
> >>> >
> >>> >
> >>> > On 12/3/05, David Jencks < david_jencks@yahoo.com> wrote:
> >>> >>
> >>> >> I would appreciate it if you would at least announce this on the
> dev
> >>> >> list.Even better would be if you could write up some instructions
> on
> >>> >> the wiki or provide a sample application showing how to do it!
> >>> >>
> >>> >> Many thanks for your work, I am very glad to know this is possible.
> >>> >>
> >>> >> david jencks
> >>> >>
> >>> >> On Dec 1, 2005, at 2:47 AM, Jian Liao wrote:
> >>> >>
> >>> >> > Hi dj,
> >>> >> > Thank you so much for your help. Now I have a nice working
> Jetspeed
> >>> >> 2
> >>> >> > with j2-security enabled !!!!!!
> >>> >> >
> >>> >> > Thanks,
> >>> >> >
> >>> >> > - Jian Liao
> >>> >> >
> >>> >> > On 12/1/05, David Jencks < david_jencks@yahoo.com> wrote:
> >>> >> >> :-)I recommend making the gbean name into a login module
> >>> >> >> configuration option so it is not hardcoded into the login
> module.
> >>> >> >>
> >>> >> >> Here's sample code for the login module initialize method:
> >>> >> >>
> >>> >> >> private static final String GBEAN_NAME_OPTION =
> >>> >> >> " org.apache.geronimo.jetspeedsecurityservice.name";
> >>> >> >>
> >>> >> >> public void initialize(Subject subject, CallbackHandler
> >>> >> >> callbackHandler, Map sharedState, Map options) {
> >>> >> >> this.subject = subject;
> >>> >> >> this.handler = callbackHandler;
> >>> >> >> try {
> >>> >> >> String gbeanNameString =
> >>> >> >> (String)options.get(GBEAN_NAME_OPTION);
> >>> >> >> ObjectName gbeanName = new ObjectName(gbeanNameString);
> >>> >> >> Kernel kernel =
> >>> >> >>
> >>> >>
> >>> KernelRegistry.getKernel((String)options.get(JaasLoginModuleUse.KERNEL
> >>> >> >> _N
> >>> >> >> AME_LM_OPTION));
> >>> >> >> Object result = kernel.invoke(gbeanName, "doSomething",
> >>> >> >> new
> >>> >> >> Object[] {this, that}, new String[] { String.class.getName(),
> >>> >> >> String.class.getName()});
> >>> >> >>
> >>> >> >>
> >>> >> >> } catch (Exception e) {
> >>> >> >> log.error("Initialization failed", e);
> >>> >> >> throw new IllegalArgumentException("Unable to configure
> >>> >> >> properties file login module: "+e.getMessage());
> >>> >> >> }
> >>> >> >> }
> >>> >> >>
> >>> >> >> The login configuration will look something like
> >>> >> >>
> >>> >> >> <gbean name="jetspeed-realm"
> >>> >> >>
> >>> >> >> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> >>> >> >> <attribute name="realmName">jetspeed-realm</attribute>
> >>> >> >> <xml-reference name="LoginModuleConfiguration">
> >>> >> >> <lc:login-config
> >>> >> >> xmlns:lc=" http://geronimo.apache.org/xml/ns/loginconfig ">
> >>> >> >> <lc:login-module control-flag="REQUIRED"
> >>> >> >> server-side="true">
> >>> >> >>
> >>> >> >> <lc:login-domain-name>jetspeed-realm</lc:login-domain-name>
> >>> >> >>
> >>> >> >> <lc:login-module-class>
> >>> >> your.login.module.class.Here</lc:login-module-
> >>> >> >> class>
> >>> >> >> <lc:option
> >>> >> >> name=" org.apache.geronimo.jetspeedsecurityservice.name
> >>> >> >> ">geronimo.server:
> >>> >> >> J2EEServer=geronimo,J2EEApplication=null,J2EEModule=org/apache/
> >>> >> >> jetspeed/web,j2eeType=GBean,name=
> >>> >> JetspeedSecurityService</lc:option>
> >>> >> >> </lc:login-module>
> >>> >> >> </lc:login-config>
> >>> >> >> </xml-reference>
> >>> >> >> <reference name="ServerInfo">
> >>> >> >>
> >>> >> >> <module>geronimo/j2ee-system/${geronimo_version}/car</module>
> >>> >> >> <name>ServerInfo</name>
> >>> >> >> </reference>
> >>> >> >> <reference name="LoginService">
> >>> >> >>
> >>> >> >> <module>geronimo/j2ee-security/${geronimo_version}/car</module>
> >>> >> >> <name>JaasLoginService</name>
> >>> >> >> </reference>
> >>> >> >> </gbean>
> >>> >> >>
> >>> >> >> You should definitley check the geronimo log to find the actual
> >>> >> name
> >>> >> >> of
> >>> >> >> the JetspeedSecurityService gbean.
> >>> >> >>
> >>> >> >> Hope this helps, this looks like a good idea to me!
> >>> >> >>
> >>> >> >> thanks
> >>> >> >> david jencks
> >>> >> >>
> >>> >> >>
> >>> >> >>
> >>> >> >> On Nov 30, 2005, at 8:52 PM, Jian Liao wrote:
> >>> >> >>
> >>> >> >> > Hi dj,
> >>> >> >> > I've encapsulated jetspeed security component as a
> >>> >> >> > gbean(JetspeedSecurityServiceGBean) and I have a Jaas
> >>> >> LoginModule. I
> >>> >> >> > want to call JetspeedSecurityServiceGBean in my loginModule
> >>> code.
> >>> >> >> > Could you please give me some code snippet for retrieve a
> gbean
> >>> >> >> > instance or invoke a gbean instance method?
> >>> >> >> >
> >>> >> >> > Thanks,
> >>> >> >> >
> >>> >> >> > The following is my current plan snippet:
> >>> >> >> > <web-app
> >>> >> >> > xmlns=" http://geronimo.apache.org/xml/ns/j2ee/web-1.0"
> >>> >> >> > configId="org/apache/jetspeed/web">
> >>> >> >> >
> >>> >> >> >
> >>> <context-priority-classloader>true</context-priority-classloader>
> >>> >> >> >
> >>> >> >> > <security-realm-name>Jetspeed</security-realm-name>
> >>> >> >> > <container-config>
> >>> >> >> > <tomcat
> >>> >> >> > xmlns="
> >>> http://geronimo.apache.org/xml/ns/web/tomcat/config-1.0">
> >>> >> >> > <cross-context/>
> >>> >> >> > <tomcat-realm>TomcatGeronimoRealm</tomcat-realm>
> >>> >> >> > </tomcat>
> >>> >> >> > </container-config>
> >>> >> >> > <security>
> >>> >> >> > <default-principal>
> >>> >> >> > <principal
> >>> >> >> > class="org.apache.jetspeed.security.impl.UserPrincipalImpl "
> >>> >> >>> name="guest"/>
> >>> >> >> > </default-principal>
> >>> >> >> > <!-- <role-mappings>
> >>> >> >> > <role role-name="admin">
> >>> >> >> > <principal
> >>> >> >> > class="org.apache.jetspeed.security.impl.RolePrincipalImpl "
> >>> >> >> > name="admin" designated-run-as="true"/>
> >>> >> >> > </role>
> >>> >> >> > </role-mappings> -->
> >>> >> >> > </security>
> >>> >> >> > <gbean name="TomcatGeronimoRealm"
> >>> >> >>> class=" org.apache.geronimo.tomcat.RealmGBean ">
> >>> >> >> > <attribute
> >>> >> >> >
> >>> >> >>
> >>> >>
> >>> name="className">org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm<
> >>> >> >> /
> >>> >> >> > attribute>
> >>> >> >> > <attribute name="initParams">
> >>> >> >> > userClassNames=
> >>> >> >> > org.apache.jetspeed.security.impl.UserPrincipalImpl
> >>> >> >> >
> >>> >> >> >
> >>> >> roleClassNames=org.apache.jetspeed.security.impl.RolePrincipalImpl
> >>> >> >> > appName=Jetspeed
> >>> >> >> > useContextClassLoader=false
> >>> >> >> > debug=0
> >>> >> >> > </attribute>
> >>> >> >> > </gbean>
> >>> >> >> > <gbean name="Jetspeed"
> >>> >> >> > class="
> >>> org.apache.geronimo.security.realm.GenericSecurityRealm ">
> >>> >> >> > <attribute name="realmName">Jetspeed</attribute>
> >>> >> >> > <xml-reference name="LoginModuleConfiguration">
> >>> >> >> > <lc:login-config xmlns:lc="
> >>> >> >> > http://geronimo.apache.org/xml/ns/loginconfig-1.0" >
> >>> >> >> > <lc:login-module control-flag="REQUIRED"
> >>> >> >> > server-side="true">
> >>> >> >> >
> >>> >> >> > <lc:login-domain-name>Jetspeed</lc:login-domain-name>
> >>> >> >> >
> >>> >> >> > <lc:login-module-
> >>> >> >> >
> >>> >> >>
> >>> >> class>org.apache.jetspeed.security.impl.DefaultLoginModule
> </lc:login-
> >>> >> >> > module-class>
> >>> >> >> > </lc:login-module>
> >>> >> >> > </lc:login-config>
> >>> >> >> > </xml-reference>
> >>> >> >> > <reference name="ServerInfo">
> >>> >> >> > <application>null</application>
> >>> >> >> > <moduleType>J2EEModule</moduleType>
> >>> >> >> > <module>geronimo/system/1.0-SNAPSHOT/car</module>
> >>> >> >> > <name>ServerInfo</name>
> >>> >> >> > </reference>
> >>> >> >> > <reference name="LoginService">
> >>> >> >> > <application>null</application>
> >>> >> >> > <moduleType>J2EEModule</moduleType>
> >>> >> >> > <module>geronimo/security/1.0-SNAPSHOT/car</module>
> >>> >> >> > <name>JaasLoginService</name>
> >>> >> >> > </reference>
> >>> >> >> > </gbean>
> >>> >> >> > <gbean name="JetspeedSecurityService"
> >>> >> >> >
> >>> >> >>
> >>> >> class="
> >>> org.apache.jetspeed.appservers.security.geronimo.JetspeedSecuri
> >>> >> >> t
> >>> >> >> > yServiceGBean ">
> >>> >> >> > </gbean>
> >>> >> >> > </web-app>
> >>> >> >> >
> >>> >> >> > - Jian Liao
> >>> >> >> >
> >>> >> >> >
> >>> >> >> >
> >>> >> >> > On 11/17/05, Jian Liao < norwaywoods@gmail.com > wrote:Hi dj,
> >>> >> >> >> I finally found what is going on here.
> >>> >> >> >>Your unit test use
> >>> >> >> >> "
> http://geronimo.apache.org/xml/ns/j2ee/web/tomcat/config-1.0
> >>> >> " as
> >>> >> >> >> configNamespace to construct the
> GenericToSpecificPlanConverter
> >>> >> >> >> object.
> >>> >> >> >>
> >>> >> >> >> But the really run time the GenericToSpecificPlanConverter
> >>> >> >> instance's
> >>> >> >> >> configNamespace is constructed by "
> >>> >> >> >> http://geronimo.apache.org/xml/ns/web/tomcat/config-1.0 ".
> >>> >> Have you
> >>> >> >> >> found the difference? Yes, it miss a "j2ee" :-).
> >>> >> >> >>
> >>> >> >> >> That is why I never run into this, bcause of the mismatch of
> >>> >> >> >> configNamespace.:
> >>> >> >> >> if (source.toChild(configNamespace, element)) {
> >>> >> >> >> source.copyXmlContents(cursor);
> >>> >> >>>> }
> >>> >> >> >> Hope it helps.
> >>> >> >> >>
> >>> >> >> >> Anyway, I am learning at the JBoss-J2 integration solution(
> >>> >> >> >> http://issues.apache.org/jira/browse/JS2-297). I think there
> >>> >> >> must be
> >>> >> >> >> something that I can use for reference.
> >>> >> >> >> 1. Separate the whole Jetspeed Security component from
> Jetspeed
> >>> >> >> >> portal and make it as service in geronimo? Then the
> loginModule
> >>> >> >> talk
> >>> >> >> >> to this j2 security service to do authentication.
> >>> >> >> >>
> >>> >> >> >> - Jian Liao
> >>> >> >> >>
> >>> >> >> >>
> >>> >> >> >> On 11/17/05, David Jencks < david_jencks@yahoo.com > wrote:
> >>> >> >> >>> until tomorrow.I'm getting frustrated that I don't have more
> >>> >> time
> >>> >> >> >>> to
> >>> >> >> >>> spend on this.
> >>> >> >> >>>
> >>> >> >> >>> You should be able to run the test cases from the web module
> >>> >> >> >>> (modules/web) with maven -o rebuild.
> >>> >> >> >>>
> >>> >> >> >>> As far as I can tell the test case shows that your plan is
> >>> >> >> converted
> >>> >> >> >>> correctly.I 'll comment on what the code is doing a little
> >>> >> bit; it
> >>> >> >> >>> was
> >>> >> >> >>> hard to get to work.
> >>> >> >> >>> On Nov 16, 2005, at 8:54 PM, Jian Liao wrote:
> >>> >> >> >>>
> >>> >> >> >>> > Hi dj,
> >>> >> >> >>> > I'm still trying to move all my tomcat container config
> >>> >> element
> >>> >> >> >>> into
> >>> >> >> >>> > "container-config" element. But I found that the whole
> >>> >> >> >>> > "container-config" will be removed from plan by the
> >>> following
> >>> >> >> code
> >>> >> >> >>> in
> >>> >> >> >>> > the Class GenericToSpecificPlanConverter,
> >>> >> >> >>> > method:convertToSpecificPlan(...)
> >>> >> >> >>> >
> >>> >> >> >>> > public XmlObject convertToSpecificPlan(XmlObject plan)
> >>> throws
> >>> >> >> >>> > DeploymentException {
> >>> >> >> >>> > XmlCursor rawCursor = plan.newCursor();
> >>> >> >> >>> > try {
> >>> >> >> >>> > if (SchemaConversionUtils.findNestedElement(rawCursor,
> >>> >> >> >>> > "web-app")) {
> >>> >> >> >>> > XmlObject webPlan = rawCursor.getObject().copy();
> >>> >> >> >>> >
> >>> >> >> >>> > XmlCursor cursor = webPlan.newCursor ();
> >>> >> >> >>> > XmlCursor end = cursor.newCursor();
> >>> >> >> >>> > try {
> >>> >> >> >>> > cursor.push();
> >>> >> >> >>> > // Locate the "container-config" element.
> >>> >> >> >>> > if (cursor.toChild (GENERIC_CONFIG_QNAME)) {
> >>> >> >> >>> > XmlCursor source = cursor.newCursor ();
> >>> >> >> >>> //source is now located at the beginning of the
> >>> >> container-config
> >>> >> >> >>> element
> >>> >> >> >>> > cursor.push();
> >>> >> >> >>> //cursor is now located at the beginning of the
> >>> >> container-config
> >>> >> >> >>> element, and we've marked the spot.
> >>> >> >> >>> > cursor.toEndToken();
> >>> >> >> >>> //cursor is now located before the end token for the
> >>> >> >> container-config
> >>> >> >> >>> element
> >>> >> >> >>> > cursor.toNextToken();
> >>> >> >> >>> //cursor is now located after the </container-config>
> element,
> >>> >> >> where
> >>> >> >> >>> we
> >>> >> >> >>> will copy the tomcat elements
> >>> >> >> >>> > try {
> >>> >> >> >>> > // No matter if it can get the "tomcat"
> >>> >> >> >>> > element, nothing to do for source.
> >>> >> >> >>> > if (source.toChild(configNamespace,
> >>> >> >> >>> > element)) {
> >>> >> >> >>> //source is now located at the beginning of the <tomcat>
> >>> >> element
> >>> >> >> >>> > source.copyXmlContents(cursor);
> >>> >> >> >>> //this copied the xml elements inside the <tomcat> element
> to
> >>> >> >> after
> >>> >> >> >>> the
> >>> >> >> >>> </container-config> tag
> >>> >> >> >>> > }
> >>> >> >> >>> >
> >>> >> >> >>> > } finally {
> >>> >> >> >>> > source.dispose();
> >>> >> >> >>>> }
> >>> >> >> >>> > cursor.pop ();
> >>> >> >> >>> //pop returns cursor to the beginning of the
> container-config
> >>> >> >> element
> >>> >> >> >>> > // Then remove it.
> >>> >> >> >>> > cursor.removeXml();
> >>> >> >> >>> > }
> >>> >> >> >>> > .......
> >>> >> >> >>> >
> >>> >> >> >>>
> >>> >> >> >>>
> >>> >> >> >>> hope this helps
> >>> >> >>>>>thanks
> >>> >> >> >>> david jencks
> >>> >> >> >>>
> >>> >> >> >>>
> >>> >> >> >>> > I also try to run your unit test case(maven -o test), but
> >>> >> maven
> >>> >> >> >>> always
> >>> >> >> >>> > says:
> >>> >> >> >>> >
> >>> >> >> >>> > [echo] NOTICE: Skipping tests; they seem to have passed
> >>> >> already
> >>> >> >> >>> > [echo] No tests to run.
> >>> >> >> >>> >
> >>> >> >> >>> > This is my plan:
> >>> >> >> >>> >
> >>> >> >> >>> > ========================================================
> >>> >> >> >>> > <web-app xmlns="
> >>> >> http://geronimo.apache.org/xml/ns/j2ee/web-1.0
> >>> >> >> "
> >>> >> >> >>> > configId="org/apache/jetspeed/web">
> >>> >> >> >>> >
> >>> >> >> >>> >
> >>> >> >>
> <context-priority-classloader>true</context-priority-classloader>
> >>> >> >> >>> >
> >>> >> >> >>> > <container-config>
> >>> >> >> >>> > <tomcat xmlns="
> >>> >> >> >>> >
> >>> >> http://geronimo.apache.org/xml/ns/j2ee/web/tomcat/config-1.0" >
> >>> >> >> >>> > <cross-context/>
> >>> >> >>>>> > <tomcat-realm>TomcatGeronimoRealm</tomcat-realm>
> >>> >> >> >>> > </tomcat>
> >>> >> >> >>> > </container-config>
> >>> >> >> >>> > <security-realm-name>Jetspeed</security-realm-name>
> >>> >> >> >>> > <security>
> >>> >> >> >>> > <default-principal>
> >>> >> >> >>> > <principal class="
> >>> >> >> >>> > org.apache.jetspeed.security.impl.UserPrincipalImpl "
> >>> >> >> name="guest"/>
> >>> >> >> >>> > </default-principal>
> >>> >> >> >>> > <role-mappings>
> >>> >> >> >>> > <role role-name="admin">
> >>> >> >> >>> > <principal
> >>> >> >> >>> > class="
> org.apache.jetspeed.security.impl.RolePrincipalImpl"
> >>> >> >> >>> > name="admin" designated-run-as="true"/>
> >>> >> >> >>> > </role>
> >>> >> >> >>> > </role-mappings>
> >>> >> >>>>> > </security>
> >>> >> >> >>> > <gbean name="TomcatGeronimoRealm"
> >>> >> >> >>> > class=" org.apache.geronimo.tomcat.RealmGBean">
> >>> >> >> >>> > <attribute
> >>> >> >>>>> >
> >>> >> >> >>>
> >>> >> >>
> >>> >> name="className">
> org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm
> >>> >> >> >>> > </attribute>
> >>> >> >> >>> > <attribute name="initParams">
> >>> >> >> >>> >
> >>> >> >> >>> >
> >>> >> >> userClassNames=
> org.apache.jetspeed.security.impl.UserPrincipalImpl
> >>> >> >> >>> >
> >>> >> >> >>> >
> >>> >> >> roleClassNames=
> org.apache.jetspeed.security.impl.RolePrincipalImpl
> >>> >> >>>>> > appName=Jetspeed
> >>> >> >> >>> > useContextClassLoader=false
> >>> >> >> >>> > debug=0
> >>> >> >> >>> > </attribute>
> >>> >> >> >>> > </gbean>
> >>> >> >> >>> > <gbean name="Jetspeed" class="
> >>> >> >> >>> > org.apache.geronimo.security.realm.GenericSecurityRealm ">
> >>> >> >> >>> > <attribute name="realmName">Jetspeed</attribute>
> >>> >> >> >>> > <xml-reference name="LoginModuleConfiguration">
> >>> >> >> >>> > <lc:login-config
> >>> >> >> >>> > xmlns:lc="
> >>> >> http://geronimo.apache.org/xml/ns/loginconfig-1.0" >
> >>> >> >> >>> > <lc:login-module control-flag="REQUIRED"
> >>> >> >> >>> > server-side="true">
> >>> >> >> >>> >
> >>> >> >> >>> > <lc:login-domain-name>Jetspeed</lc:login-domain-name>
> >>> >> >> >>> >
> >>> >> >> >>> > <lc:login-module-
> >>> >> >> >>> >
> >>> >> >> >>> class>org.apache.jetspeed.security.impl.DefaultLoginModule
> >>> </lc:
> >>> >> >> >>> login-
> >>> >> >> >>> > module-class>
> >>> >> >> >>> > </lc:login-module>
> >>> >> >> >>> > </lc:login-config>
> >>> >> >> >>> > </xml-reference>
> >>> >> >> >>> > <reference name="ServerInfo">
> >>> >> >> >>> > <application>null</application>
> >>> >> >> >>> > <moduleType>J2EEModule</moduleType>
> >>> >> >> >>> > <module>org/apache/geronimo/System</module>
> >>> >> >> >>> > <name>ServerInfo</name>
> >>> >> >> >>> > </reference>
> >>> >> >> >>> > <reference name="LoginService">
> >>> >> >> >>> > <application>null</application>
> >>> >> >> >>> > <moduleType>J2EEModule</moduleType>
> >>> >> >> >>> > <module>org/apache/geronimo/Security</module>
> >>> >> >> >>> > <name>JaasLoginService</name>
> >>> >> >> >>> > </reference>
> >>> >> >> >>> > </gbean>
> >>> >> >> >>> > </web-app>
> >>> >> >> >>> > ========================================================
> >>> >> >> >>> >
> >>> >> >> >>> > - Jian Liao
> >>> >> >> >>> >
> >>> >> >> >>> > On 11/17/05, Jian Liao < norwaywoods@gmail.com > wrote:
> >>> >> >> >>>>> You can download Geronimo-j2 from here:
> >>> >> >> >>> >>
> >>> >> http://normad.mofile.com/9439402771736013/9458779543470366/99/
> >>> >> >> >>> >> 24ED6A3B23E783CEA5F1713EAD234C81/Geronimo-J2.zip
> >>> >> >> >>> >>
> >>> >> >> >>> >> There is a readme in it and it will guide you to setup
> all
> >>> >> of
> >>> >> >> it.
> >>> >> >> >>> If
> >>> >> >> >>>>> there is any problem, pls tell me.
> >>> >> >> >>> >>
> >>> >> >> >>> >> - Jian Liao
> >>> >> >> >>> >>
> >>> >> >> >>> >>
> >>> >> >> >>> >>On 11/16/05, Jian Liao < norwaywoods@gmail.com > wrote:
> >>> >> >> >>>>>>I followed your suggestion and question-2 had been fixed,
> >>> >> >> >>> thanks(It
> >>> >> >> >>> >>> blocked me for the whole afternoon, :-( ).
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>But there are two more problems here:
> >>> >> >> >>> >>>1. "cross-context" and "tomcat-realm" in the
> >>> >> "container-config"
> >>> >> >> >>> >>> element does not work, but if they are in the "web-app",
> >>> >> they
> >>> >> >> >>> work
> >>> >> >> >>> >>> perfectly. Is this a bug or my configuration wrong?
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>2. When I try to login, I found that class
> >>> >> >> >>> >>> JaasLoginModuleConfiguration try to load my loginModule
> >>> >> >> >>> >>> (org.apache.jetspeed.security.impl.DefaultLoginModule )
> >>> >> from
> >>> >> >> the
> >>> >> >> >>> >>> classloader which I defined in ear file. But my
> >>> loginModule
> >>> >> >> >>> class is
> >>> >> >> >>> >>> in the war file's WEB-INF/lib, so it can not be loaded.
> I
> >>> >> am
> >>> >> >> >>> blocked
> >>> >> >> >>> >>> at here.
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>As I know, in tomcat, you can overcome this with set
> >>> >> >> >>> >>> useContextClassLoader="false" like the following:
> >>> >> >> >>> >>>
> >>> >> >> >>> >>><Realm className="org.apache.catalina.realm.JAASRealm"
> >>> >> >> >>> >>> appName="Jetspeed"
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>
> >>> >> >> >>>
> >>> >> >>
> >>> userClassNames="org.apache.jetspeed.security.impl.UserPrincipalImpl
> >>> >> >> >>> "
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>
> >>> >> >> >>>
> >>> >> >>
> >>> >> roleClassNames="
> >>> org.apache.jetspeed.security.impl.RolePrincipalImpl "
> >>> >> >> >>> >>> useContextClassLoader="false"
> >>> >> >> >>> >>> debug="0"/>
> >>> >> >> >>>>>>
> >>> >> >> >>> >>>That is why I try to add my customized tomcat-realm in
> >>> >> >> >>> >>> tomcat-container.
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>I will keep moving tomorrow. The following is my current
> >>> >> plan:
> >>> >> >> >>> >>>
> >>> >> >> >>>
> >>> >> >>
> >>> >>>================================================================
> >>> >> >> >>> =
> >>> >> >> >>> >>><web-app xmlns="
> >>> >> http://geronimo.apache.org/xml/ns/j2ee/web-1.0
> >>> >> >> >>> "
> >>> >> >> >>> >>> configId="org/apache/jetspeed/web">
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>
> >>> >> >>
> <context-priority-classloader>true</context-priority-classloader>
> >>> >> >> >>> >>> <!-- Comment out the following can reproduce the
> >>> >> >>>>> >>> problem-1 -->
> >>> >> >> >>> >>><!-- <container-config>
> >>> >> >> >>> >>> <tomcat
> >>> >> >> >>> >>> xmlns="
> >>> >> >> http://geronimo.apache.org/xml/ns/j2ee/web/tomcat/config
> >>> >> >> >>> >>> - 1.0">
> >>> >> >> >>> >>> <cross-context/>
> >>> >> >> >>> >>> <tomcat-realm>TomcatGeronimoRealm</tomcat-realm>
> >>> >> >> >>> >>> </tomcat>
> >>> >> >> >>> >>> </container-config>-->
> >>> >> >> >>> >>> <security-realm-name>Jetspeed</security-realm-name>
> >>> >> >> >>> >>> <!-- Place cross-context and tomcat-realm is ok! -->
> >>> >> >> >>> >>> <cross-context/>
> >>> >> >> >>> >>> <tomcat-realm>TomcatGeronimoRealm</tomcat-realm>
> >>> >> >> >>> >>> <security>
> >>> >> >> >>> >>> <default-principal>
> >>> >> >> >>> >>> <principal
> >>> >> >> >>> >>> class="
> >>> org.apache.jetspeed.security.impl.UserPrincipalImpl"
> >>> >> >> >>> >>> name="guest"/>
> >>> >> >> >>> >>> </default-principal>
> >>> >> >> >>> >>> <!-- Comment out the following element if want to
> >>> >> >> >>> >>> reproduce SecurityBuilder classloader issue. -->
> >>> >> >> >>> >>> <!-- <role-mappings>
> >>> >> >> >>> >>> <role role-name="admin">
> >>> >> >> >>> >>> <principal
> >>> >> >> >>> >>> class="
> >>> >> org.apache.jetspeed.security.impl.RolePrincipalImpl"
> >>> >> >> >>> >>> name="admin" designated-run-as="true"/>
> >>> >> >> >>> >>> </role>
> >>> >> >> >>> >>> </role-mappings> -->
> >>> >> >> >>> >>> </security>
> >>> >> >> >>> >>> <gbean name="TomcatGeronimoRealm"
> >>> >> >> >>> >>> class="org.apache.geronimo.tomcat.RealmGBean ">
> >>> >> >> >>> >>> <attribute
> >>> >> >> >>> >>>
> >>> >> >> >>>
> >>> >> >>
> >>> >> name="className">
> org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm
> >>> >> >> >>> >>> </attribute>
> >>> >> >> >>> >>> <attribute name="initParams">
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>
> >>> >> >> >>>
> >>> >> userClassNames=org.apache.jetspeed.security.impl.UserPrincipalImpl
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>
> >>> >> >> >>>
> >>> >> roleClassNames=org.apache.jetspeed.security.impl.RolePrincipalImpl
> >>> >> >> >>> >>> appName=Jetspeed
> >>> >> >> >>> >>> useContextClassLoader=false
> >>> >> >> >>> >>> debug=0
> >>> >> >> >>> >>> </attribute>
> >>> >> >> >>> >>> </gbean>
> >>> >> >> >>> >>> <gbean name="Jetspeed"
> >>> >> >> >>> >>> class="
> >>> >> >> org.apache.geronimo.security.realm.GenericSecurityRealm ">
> >>> >> >> >>> >>> <attribute name="realmName">Jetspeed</attribute>
> >>> >> >> >>> >>> <xml-reference name="LoginModuleConfiguration">
> >>> >> >> >>> >>> <lc:login-config
> >>> >> >> >>> >>> xmlns:lc="
> >>> >> http://geronimo.apache.org/xml/ns/loginconfig-1.0 ">
> >>> >> >>>>> >>> <lc:login-module control-flag="REQUIRED"
> >>> >> >> >>> >>> server-side="true">
> >>> >> >> >>> >>>
> >>> >> >> >>> >>> <lc:login-domain-name>Jetspeed</lc:login-domain-name>
> >>> >> >> >>> >>>
> >>> >> >> >>> >>> <lc:login-module-
> >>> >> >> >>> >>> class>
> >>> >> >> org.apache.jetspeed.security.impl.DefaultLoginModule</lc:
> >>> >> >> >>> >>> login-module-class>
> >>> >> >> >>> >>> </lc:login-module>
> >>> >> >> >>> >>> </lc:login-config>
> >>> >> >> >>> >>> </xml-reference>
> >>> >> >> >>> >>> <reference name="ServerInfo">
> >>> >> >> >>> >>> <application>null</application>
> >>> >> >> >>> >>> <moduleType>J2EEModule</moduleType>
> >>> >> >> >>> >>> <module>org/apache/geronimo/System</module>
> >>> >> >> >>> >>> <name>ServerInfo</name>
> >>> >> >> >>> >>> </reference>
> >>> >> >> >>> >>> <reference name="LoginService">
> >>> >> >> >>> >>> <application>null</application>
> >>> >> >> >>>>>> <moduleType>J2EEModule</moduleType>
> >>> >> >> >>> >>> <module>org/apache/geronimo/Security</module>
> >>> >> >> >>> >>> <name>JaasLoginService</name>
> >>> >> >> >>> >>> </reference>
> >>> >> >> >>> >>> </gbean>
> >>> >> >> >>> >>> </web-app>
> >>> >> >> >>>
> >>> >> >>
> >>> >>>================================================================
> >>> >> >> >>> =
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>- Jian Liao
> >>> >> >> >>> >>>
> >>> >> >> >>> >>>
> >>> >> >> >>> >>> On 11/16/05, David Jencks < david_jencks@yahoo.com >
> >>> wrote:
> >>> >> >> >>> >>>> On Nov 16, 2005, at 12:15 AM, Jian Liao wrote:
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> > Hi dj,
> >>> >> >> >>> >>>> >I need your suggestion for activate the login module
> >>> >> >> >>> >>>> configuration.
> >>> >> >> >>> >>>> > The following is my current plan and I add my
> >>> comment in
> >>> >> >> it.
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >===========================================
> >>> >> >> >>> >>>> ><web-app xmlns="
> >>> >> >> >>> http://geronimo.apache.org/xml/ns/j2ee/web-1.0"
> >>> >> >> >>> >>>> > configId="org/apache/jetspeed/web">
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >
> >>> >> >> >>>
> >>> >> <context-priority-classloader>true</context-priority-classloader>
> >>> >> >> >>> >>>> > <cross-context/>
> >>> >> >> >>> >>>> >
> >>> >> <security-realm-name>jetspeed-realm</security-realm-name>
> >>> >> >> >>> >>>> > <!-- I need a customize TomcatGeronimoRealm cause my
> >>> >> >> >>> >>>> > loginModule is in the jetspeed/WEB-INF/lib,
> >>> >> userClassNames
> >>> >> >> and
> >>> >> >> >>> >>>> > roleClassNames must be org.apache.jetspeed.*. so I
> can
> >>> >> not
> >>> >> >> use
> >>> >> >> >>> >>>> the one
> >>> >> >> >>> >>>> > which is hard coded in TomcatContainer.addContext ()
> >>> -->
> >>> >> >> >>> >>>><!-- I would leave out tomcat-realm.If you keep it, you
> >>> >> should
> >>> >> >> >>> >>>> follow
> >>> >> >> >>> >>>> the schema and put it in a container-config element.
> see
> >>> >> >> >>> >>>> tomcat-pre.xml
> >>> >> >> >>> >>>> from the recent unit test :-) -->
> >>> >> >> >>> >>>> > <tomcat-realm>TomcatGeronimoRealm</tomcat-realm>
> >>> >> >>>>> >>>> > <security>
> >>> >> >> >>> >>>> > <default-principal>
> >>> >> >> >>> >>>> > <principal
> >>> >> >> >>>>>>> >
> >>> >> >> class="org.apache.jetspeed.security.impl.UserPrincipalImpl "
> >>> >> >> >>> >>>> > name="guest"/>
> >>> >> >> >>> >>>> > </default-principal>
> >>> >> >> >>> >>>> > <!-- Comment out the following element if you want to
> >>> >> >> >>> >>>> > reproduce SecurityBuilder classloader issue. -->
> >>> >> >> >>> >>>> > <!-- <role-mappings>
> >>> >> >> >>> >>>> > <role role-name="admin">
> >>> >> >> >>> >>>>> <principal
> >>> >> >> >>> >>>> >
> >>> >> class="org.apache.jetspeed.security.impl.RolePrincipalImpl"
> >>> >> >> >>> >>>> > name="admin" designated-run-as="true"/>
> >>> >> >> >>> >>>> > </role>
> >>> >> >> >>> >>>> > </role-mappings> -->
> >>> >> >> >>> >>>> > </security>
> >>> >> >> >>> >>>> <!-- I would leave this gbean out too -->
> >>> >> >> >>> >>>> > <gbean name="TomcatGeronimoRealm"
> >>> >> >> >>> >>>> > class=" org.apache.geronimo.tomcat.RealmGBean">
> >>> >> >> >>> >>>> > <attribute
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>>
> >>> >> >> >>>
> >>> >> >>
> >>> >> name="className">
> org.apache.geronimo.tomcat.realm.TomcatGeronimoReal
> >>> >> >> >>> >>>> m</
> >>> >> >> >>> >>>> > attribute>
> >>> >> >> >>> >>>> > <attribute name="initParams">
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >
> >>> >> >> >>>
> >>> >> userClassNames=org.apache.jetspeed.security.impl.UserPrincipalImpl
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >
> >>> >> >> >>> roleClassNames=
> >>> >> org.apache.jetspeed.security.impl.RolePrincipalImpl
> >>> >> >> >>> >>>> > appName=Jetspeed
> >>> >> >> >>> >>>> > useContextClassLoader=false
> >>> >> >> >>> >>>> > debug=0
> >>> >> >> >>> >>>> > </attribute>
> >>> >> >> >>> >>>> > </gbean>
> >>> >> >> >>> >>>> > <gbean name="jetspeed-realm"
> >>> >> >> >>> >>>> >
> >>> >> >> >>> class="
> org.apache.geronimo.security.realm.GenericSecurityRealm
> >>> >> ">
> >>> >> >> >>> >>>> > <attribute name="realmName">Jetspeed</attribute>
> >>> >> >> >>> >>>>> <xml-reference name="LoginModuleConfiguration">
> >>> >> >> >>> >>>> > <lc:login-config
> >>> >> >> >>> >>>> > xmlns:lc="
> >>> >> >> http://geronimo.apache.org/xml/ns/loginconfig-1.0
> >>> >> >> >>> ">
> >>> >> >> >>> >>>> > <lc:login-module control-flag="REQUIRED"
> >>> >> >> >>> >>>> > server-side="true">
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> > <lc:login-domain-name>Jetspeed</lc:login-domain-name>
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> > <lc:login-module-
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>>
> >>> >> >> class> org.apache.jetspeed.security.impl.DefaultLoginModule</lc:
> >>> >> >> >>> >>>> login-
> >>> >> >> >>> >>>> > module-class>
> >>> >> >> >>> >>>> > </lc:login-module>
> >>> >> >> >>> >>>> > </lc:login-config>
> >>> >> >> >>> >>>> > </xml-reference>
> >>> >> >> >>> >>>> > <reference name="ServerInfo">
> >>> >> >> >>> >>>> <!-- you need the module here, and possibly the
> >>> >> application
> >>> >> >> -->
> >>> >> >> >>> >>>> <application>null</application>
> >>> >> >> >>> >>>> <moduleType>J2EEModule</moduleType>
> >>> >> >> >>> >>>> > <module>org/apache/geronimo/System</module>
> >>> >> >> >>> >>>> > <name>ServerInfo</name>
> >>> >> >> >>> >>>> > </reference>
> >>> >> >> >>> >>>> > <reference name="LoginService">
> >>> >> >> >>> >>>> <!-- you need the module here, and possibly the
> >>> >> application
> >>> >> >> -->
> >>> >> >> >>> >>>> <application>null</application>
> >>> >> >> >>> >>>> <moduleType>J2EEModule</moduleType>
> >>> >> >> >>> >>>> <module>org/apache/geronimo/Security</module>
> >>> >> >> >>> >>>> > <name>JaasLoginService</name>
> >>> >> >> >>> >>>> > </reference>
> >>> >> >> >>> >>>> > </gbean>
> >>> >> >> >>> >>>>> </web-app>
> >>> >> >> >>> >>>> >===========================================
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >My questions:
> >>> >> >> >>> >>>> >1. I use TomcatGeronimoRealm which is JACC enabled. Do
> I
> >>> >> in
> >>> >> >> the
> >>> >> >> >>> >>>> right
> >>> >> >> >>> >>>> > direction?
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> I'm not sure.Using the TomcatGeronimoRealm will prevent
> >>> >> your
> >>> >> >> >>> >>>> application from using ejb security, but it may be
> >>> >> possible
> >>> >> >> to
> >>> >> >> >>> get
> >>> >> >> >>> >>>> jetspeed security to work more easily with the tomcat
> >>> >> realm.I
> >>> >> >> >>> >>>> would
> >>> >> >> >>> >>>> try leaving it out, but that may be bad advice.
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >2. I config GenericSecurityRealm gbean in my web plan,
> >>> >> but
> >>> >> >> it
> >>> >> >> >>> >>>> seems
> >>> >> >> >>> >>>> > that it did not add my realm (jetspeed-realm) into
> the
> >>> >> >> >>> >>>> > GeronimoLoginConfiguration's entries.
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> I think that the references were not quite correct,
> >>> see my
> >>> >> >> >>> >>>> additions.
> >>> >> >> >>> >>>> You can tell what happened by looking in the
> >>> >> geronimo.log, it
> >>> >> >> >>> will
> >>> >> >> >>> >>>> tell
> >>> >> >> >>> >>>> you what was preventing your gbean from starting.Search
> >>> >> for
> >>> >> >> >>> >>>> name=jetspeed-realm and make sure the log level is
> DEBUG.
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >3. When I try to login into j2 from j2 bundled login
> >>> >> >> portlet,
> >>> >> >> >>> >>>> tomcat
> >>> >> >> >>>>>>> > form authenticator will call TomcatGeronimoRealm to do
> >>> >> >> >>> >>>> authentication.
> >>> >> >> >>> >>>> > The following code is copy from TomcatGeronimoRealm's
> >>> >> >> >>> authenticate
> >>> >> >> >>> >>>> > method:
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> > try {
> >>> >> >> >>>>>>> > loginContext = new LoginContext(appName,
> >>> >> >> >>> >>>> > callbackHandler);
> >>> >> >> >>> >>>> > } catch (Throwable e) {
> >>> >> >> >>> >>>> > log.error(sm.getString("jaasRealm.unexpectedError "),
> >>> >> >>>>> >>>> > e);
> >>> >> >> >>> >>>> > return (null);
> >>> >> >> >>> >>>> > } finally {
> >>> >> >> >>> >>>> > if (isUseContextClassLoader()) {
> >>> >> >> >>> >>>> > Thread.currentThread().setContextClassLoader(ocl);
> >>> >> >> >>> >>>> > }
> >>> >> >> >>> >>>> > }
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >When LoginContext init, it will try to find the
> >>> >> correponding
> >>> >> >> >>> >>>> login
> >>> >> >> >>> >>>> > configuration of appName. It seems that Geronimo
> >>> >> replaces
> >>> >> >> the
> >>> >> >> >>> >>>> default
> >>> >> >> >>> >>>> > file based Configuration with its
> >>> >> >> GeronimoLoginConfiguration
> >>> >> >> >>> >>>> Class.
> >>> >> >> >>> >>>> > But it can not find my appName entry due to question
> 2.
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >I debug the GeronimoLoginConfiguration's entries, only
> >>> >> >> >>> >>>> > "geronimo-properties-realm" and "JMX" can be found.
> >>> I am
> >>> >> >> >>> >>>> wondering if
> >>> >> >> >>> >>>> > it should add user's loginconfiguration entry in
> >>> >> >> >>> >>>> LoginConfigBuilder?
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> I don't think you need to do anything except fix the
> >>> >> >> references
> >>> >> >> >>> in
> >>> >> >> >>> >>>> your
> >>> >> >> >>> >>>> gbean in order for login to succeed.However, once you
> are
> >>> >> >> >>> >>>>authenticated, it may require a lot more work to get
> >>> >> >> >>> authorization
> >>> >> >> >>> >>>> set
> >>> >> >> >>> >>>> up correctly.But, one thing at a time!
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >Btw, I would love to send you my ear file, but the
> file
> >>> >> is
> >>> >> >> too
> >>> >> >> >>> >>>> big to
> >>> >> >> >>> >>>> > send by email. Do you have ftp, give me a guest
> account
> >>> >> so
> >>> >> >> >>> that I
> >>> >> >> >>> >>>> can
> >>> >> >> >>> >>>> > upload it for you.
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> I don't have the ftp server installed.Can you use
> scp?Can
> >>> >> you
> >>> >> >> >>> >>>> send
> >>> >> >> >>> >>>> me a public key?
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> thanks, and thanks for finding the xml bugs!
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> david jencks
> >>> >> >> >>> >>>>
> >>> >> >> >>> >>>> >
> >>> >> >> >>> >>>> >- Jian Liao
> >>> >> >> >>>>>>>
> >>> >> >> >>> >>>
> >>> >> >> >>> >>
> >>> >> >> >>>
> >>> >> >> >>
> >>> >> >>
> >>> >>
> >>> >
> >>>
> >
>
Re: Fwd: Integration Geronimo with Jetspeed2
Posted by Jian Liao <no...@gmail.com>.
Hi paul,
I've created an issue in J2 Jira to address this and upload the code, please
have a look at this:
http://issues.apache.org/jira/browse/JS2-444.
Download the file
geronimo-j2.zip<http://issues.apache.org/jira/secure/attachment/12321274/geronimo-j2.zip>,
that is a Eclipse project and read the read me file. Don't forget to
replace the geronimo-application.xml with the new one
geronimo-application.xml.20051219<http://issues.apache.org/jira/secure/attachment/12321425/geronimo-application.xml.20051219>,
I've tested it with the Geronimo-20051219(J2-2.0 Final).
Known issue:
request.isUserInRole() does not work.
If you got any problem, please post to here or J2 mail list, I read every
post in Geronimo mail list and J2 mail list. Hope it help.
regards,
- Jian Liao
On 12/22/05, Paul McMahan <pa...@gmail.com> wrote:
>
> Hi Jian. You posted a question to the geronimo dev list a couple of weeks
> ago that AFAIK was not answered. You may have already found the spec source
> code in question but if not its available at :
> http://svn.apache.org/repos/asf/geronimo/specs/branches/1_0/geronimo-spec-j2ee-jacc/src/java/javax/security/jacc/WebResourcePermission.java
>
>
> I am very interested in your progress with the Geronimo+Jetspeed2
> integration. Are there any areas where you could use some help?
>
>
> Best wishes,
> Paul
>
>
> On 12/6/05, Jian Liao <no...@gmail.com> wrote:
> >
> > Hi all,
> > Could someone tell me where to download the geronimo-spec source code?
> > I am working on integration Jetspeed 2 with Geronimo recently. I found a
> > potential bug in geronimo-spec-j2ee-jacc-1.0-rc5.jar, class:
> > javax.security.jacc.WebResourcePermission
> >
> > regards,
> >
> > - Jian Liao
> >
>
>
Re: Fwd: Integration Geronimo with Jetspeed2
Posted by Paul McMahan <pa...@gmail.com>.
Hi Jian. You posted a question to the geronimo dev list a couple of weeks
ago that AFAIK was not answered. You may have already found the spec source
code in question but if not its available at :
http://svn.apache.org/repos/asf/geronimo/specs/branches/1_0/geronimo-spec-j2ee-jacc/src/java/javax/security/jacc/WebResourcePermission.java
I am very interested in your progress with the Geronimo+Jetspeed2
integration. Are there any areas where you could use some help?
Best wishes,
Paul
On 12/6/05, Jian Liao <no...@gmail.com> wrote:
>
> Hi all,
> Could someone tell me where to download the geronimo-spec source code?
> I am working on integration Jetspeed 2 with Geronimo recently. I found a
> potential bug in geronimo-spec-j2ee-jacc-1.0-rc5.jar, class:
> javax.security.jacc.WebResourcePermission
>
> regards,
>
> - Jian Liao
>