You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by rnieto <ga...@yahoo.com> on 2011/07/20 10:15:53 UTC
Tomcat Servlet Filters (or Valves) and OpenEJB
When deploying openejb through tomcat, does OpenEJB use the tomcat filters
defined in the web.xml. Or does it somehow replace or ignore it?
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3680204.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Romain Manni-Bucau wrote:
>
> maybe you can put it directly into tomcat web.xml.
>
> if it is not exactly the behavior you want you extend the valve and filter
> webapps (keeping only "" or example).
>
> - romain
>
Nope, still doesn't work. I even tried creating a servlet forwarder wherein
it forwards to the web service that's exposed. It only always indicates that
"The requested resource (/Service) is not available" .
Think of it like this: within tomcat, OpenEJB is creating another complete
instance of tomcat, wherein they have the same port and the external tomcat
container cannot control what goes on on OpenEJB. (Of course this isn't the
real explanation, but given how it works it's easiest to think of it this
way.)
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3683063.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Romain Manni-Bucau <rm...@gmail.com>.
maybe you can put it directly into tomcat web.xml.
if it is not exactly the behavior you want you extend the valve and filter
webapps (keeping only "" or example).
- romain
2011/7/21 rnieto <ga...@yahoo.com>
>
> Romain Manni-Bucau wrote:
> >
> > Yep that what i said, webservices are deployed into a context created
> > called
> > "" so you can't modify it if it is not a global config. All configuration
> > managed are the one you can put into openejb-jar.xml.
> >
> > I think jon suggessted to enhance OpenEJB.
> >
> > @Jon: Am i wrong?
> >
>
> This is just a clarification, as it was initially indicated that it would
> run filters. Should anyone else be reading this thread, they'd have a
> confirmation that indeed it doesn't do it. The explanation about it
> deploying on a different, non-configurable (outside OpenEJB) context was
> brought to light during the discussion.
>
> And my problem still persists, which Jon has indicated that this would need
> to be either:
> 1.) added to OpenEJB as an additional feature
> 2.) add it to the OpenEJB core and cxf library (which would be a guaranteed
> pain for someone who isn't a regular developer for OpenEJB).
>
> Too bad I'm restricted by time and probably can't wait for option 1, hope
> that I could move to another EE framework (but even that seems not doable
> with my timeframe).
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3682880.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
FYI, JIRA https://issues.apache.org/jira/browse/OPENEJB-1529
is now closed. Thanks Romain for the fix.
It's available only in the trunk but we'll see to merge it in the branch
3.2.x as well.
Jean-Louis
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3686632.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
I even added the spnego valve: (
http://spnego.sourceforge.net/tomcat_valve.html )
IMHO, his installation is already highly invasive as it modifies core tomcat
files. But even this can't capture the requests made to OpenEJB web
services, no negotiate header was ever received by tomcat (by looking at the
request dumper valve).
Since I'm already on this road, I'm thinking already of creating a valve
that's as high as the request dumper valve. As it seems the deployed ws
context by OpenEJB/cxf cannot be seen or controlled through normal means.
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3685916.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
SpNego is LGPL so you should be able to use it. If it was purely GPL, even I
wouldn't be able to use it.
Oh, if you're going to do what I did with the SpnegoHttpFilter class, (on
the doFilter method) you'd need to assign the principal directly onto the
request before moving onto the next valve. I have no idea why when turning
it into a valve, the request object doesn't get updated with the principal.
The other nasty bit I have to do with this, is now that the request object
gets populated with the user principal I need to have some httprequest
retrieval on my EJB web service. I wish I could do this cleanly (without my
EJB code having http code), but that's probably one of my "things to
improve-on" later.
Thanks for the help!
David Blevins-2 wrote:
>
> On Jul 22, 2011, at 12:28 AM, rnieto wrote:
>
> That's really excellent!! I'm also under a deadline (speaking at OSCON on
> Monday), but about to dig out the 3.1.4 code and prose a hack to get you a
> hook into the code so you could extend that part of the system.
>
> The valve approach is better :) Perhaps not as cool as filters, but they
> get the job done.
>
> Spnego appears to be GPL so we couldn't take it anyway. But you could
> certainly contribute it back to Spnego.
>
> Anyway, wonderful to hear it's working. We'll definitely fix up the WS
> context thing on our end. The WS Servlets we create should go right into
> the app where they came from.
>
> -David
>
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3686321.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by David Blevins <da...@gmail.com>.
On Jul 22, 2011, at 12:28 AM, rnieto wrote:
> I've implemented a Valve which just converts the SpNegoHttpFilter into a
> class that extends ValveBase instead. Then I did declare it on the same
> level as the RequestDumper Valve (on server.xml), and now it works! I'm
> seeing on the request dumps that the invocation of the web-service now has
> authentication info in it.
That's really excellent!! I'm also under a deadline (speaking at OSCON on Monday), but about to dig out the 3.1.4 code and prose a hack to get you a hook into the code so you could extend that part of the system.
The valve approach is better :) Perhaps not as cool as filters, but they get the job done.
> Though, I wouldn't really recommend this due to two things:
> - Tomcat is deprecating Valves in Tomcat 7, and people seem to want/advise
> using Filters instead.
> - It's literally authenticating every request (I'd just need to add a
> configuration parameter).
>
> I won't be able to upload the source as it was just about getting the spnego
> source, reading the SpnegoHttpFilter and converting it into some class that
> extends ValveBase instead. (It would take just about 5~10 minutes to do
> that)
Spnego appears to be GPL so we couldn't take it anyway. But you could certainly contribute it back to Spnego.
Anyway, wonderful to hear it's working. We'll definitely fix up the WS context thing on our end. The WS Servlets we create should go right into the app where they came from.
-David
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
I've implemented a Valve which just converts the SpNegoHttpFilter into a
class that extends ValveBase instead. Then I did declare it on the same
level as the RequestDumper Valve (on server.xml), and now it works! I'm
seeing on the request dumps that the invocation of the web-service now has
authentication info in it.
Though, I wouldn't really recommend this due to two things:
- Tomcat is deprecating Valves in Tomcat 7, and people seem to want/advise
using Filters instead.
- It's literally authenticating every request (I'd just need to add a
configuration parameter).
I won't be able to upload the source as it was just about getting the spnego
source, reading the SpnegoHttpFilter and converting it into some class that
extends ValveBase instead. (It would take just about 5~10 minutes to do
that)
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3686148.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Romain Manni-Bucau <rm...@gmail.com>.
well, you can still do it using AOP (just take care to really filter
packages) but not in a JEE standard way...
- Romain
2011/7/22 rnieto <ga...@yahoo.com>
> Nope, doesn't work even if I deploy it in the ROOT web-app. Even if I can
> access static resources with the forwarder, I always would just seem to get
> 404.
>
> I think this is what it looks like after the tomcat server has started
>
> Tomcat Server (the one who catches HTTP/HTTPS requests)
> -Request Dumper Valve
> -- Tomcat Context (/)
> --- Filters
> --- ROOT web-app
> --- OpenEJB web-app
> -- OpenEJB Web Services (/)
>
> It seems that when I say '/' it means 2 things, one that gets processed by
> the OpenEJB WebServices and the ROOT web-app within tomcat. Even though
> they
> have the same address, they're completely two different locations; and the
> only way it seems to be able to get to the OpenEJB web services is by a raw
> http/https request. If you want to try anything funny, you can't access the
> openejb web services as you're already too late.
>
>
>
> David Blevins-2 wrote:
> >
> > HTTP
> > |
> > |
> > SpnegoHttpFilter
> > SpnegoSecurityServiceFilter (optional)
> > CustomForwardingFilter
> > |
> > RequestDispatcher.forward
> > |
> > \---> WebService URL
> >
> > Tomcat should be doing that all with the same thread and same
> > request/response objects.
> >
> >
> > -David
> >
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3686049.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Nope, doesn't work even if I deploy it in the ROOT web-app. Even if I can
access static resources with the forwarder, I always would just seem to get
404.
I think this is what it looks like after the tomcat server has started
Tomcat Server (the one who catches HTTP/HTTPS requests)
-Request Dumper Valve
-- Tomcat Context (/)
--- Filters
--- ROOT web-app
--- OpenEJB web-app
-- OpenEJB Web Services (/)
It seems that when I say '/' it means 2 things, one that gets processed by
the OpenEJB WebServices and the ROOT web-app within tomcat. Even though they
have the same address, they're completely two different locations; and the
only way it seems to be able to get to the OpenEJB web services is by a raw
http/https request. If you want to try anything funny, you can't access the
openejb web services as you're already too late.
David Blevins-2 wrote:
>
> HTTP
> |
> |
> SpnegoHttpFilter
> SpnegoSecurityServiceFilter (optional)
> CustomForwardingFilter
> |
> RequestDispatcher.forward
> |
> \---> WebService URL
>
> Tomcat should be doing that all with the same thread and same
> request/response objects.
>
>
> -David
>
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3686049.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by David Blevins <da...@gmail.com>.
On Jul 21, 2011, at 8:15 PM, rnieto wrote:
> I had to add the created spnego jar in the tomcat\lib folder, along with the
> openejb-loader and openejb-tomcat. It seems to initialise well, until
> openejb starts initialising and pops-up with this error:
>
> 21 Jul 2011 19:59:31.243 [main] Jndi name could not be bound; it may be
> taken by another ejb.
> Jndi(name=openejb/Deployment/openejb/ConfigurationInfo/org.apache.openejb.assembler.classic.cmd.ConfigurationInfo!Remote)
> 21 Jul 2011 19:59:31.243 [main] Undeploying app: classpath.ear
> 21 Jul 2011 19:59:31.263 [main] Application could not be deployed:
> classpath.ear
> org.apache.openejb.OpenEJBException: Creating application failed:
> classpath.ear: Unable to bind business remote deployment in jndi.
>
>
> (I don't have a classpath.ear deployed anywhere) It seems that if I create
> an instance of the custom filter that was made, it initialises the core of
> OpenEJB too early. Even with this error, OpenEJB continues loading and I
> could access my web service. But then it fails on the same point as the
> original thing I did with the spnego filter, *the filter doesn't get called
> when accessing OpenEJB web services*. It gets invoked when accessing any
> other web resource within the server, even things under the OpenEJB folder
> just not the web services.
Did you try out my suggestion of making a Filter that uses a RequestDispatcher to forward(req, res); the call to the web service? Assuming you can forward to another servlet context it should work.
Theoretically the call chain would look like so:
HTTP
|
|
SpnegoHttpFilter
SpnegoSecurityServiceFilter (optional)
CustomForwardingFilter
|
RequestDispatcher.forward
|
\---> WebService URL
Tomcat should be doing that all with the same thread and same request/response objects.
-David
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
I had to add the created spnego jar in the tomcat\lib folder, along with the
openejb-loader and openejb-tomcat. It seems to initialise well, until
openejb starts initialising and pops-up with this error:
21 Jul 2011 19:59:31.243 [main] Jndi name could not be bound; it may be
taken by another ejb.
Jndi(name=openejb/Deployment/openejb/ConfigurationInfo/org.apache.openejb.assembler.classic.cmd.ConfigurationInfo!Remote)
21 Jul 2011 19:59:31.243 [main] Undeploying app: classpath.ear
21 Jul 2011 19:59:31.263 [main] Application could not be deployed:
classpath.ear
org.apache.openejb.OpenEJBException: Creating application failed:
classpath.ear: Unable to bind business remote deployment in jndi.
(I don't have a classpath.ear deployed anywhere) It seems that if I create
an instance of the custom filter that was made, it initialises the core of
OpenEJB too early. Even with this error, OpenEJB continues loading and I
could access my web service. But then it fails on the same point as the
original thing I did with the spnego filter, *the filter doesn't get called
when accessing OpenEJB web services*. It gets invoked when accessing any
other web resource within the server, even things under the OpenEJB folder
just not the web services.
I'm thinking that in order to make this work, something a heck of a lot more
needs to be done to the OpenEJB WSContainer. I'm not a 100% sure if this is
related to how CXF does things, but Axis web services does work okay with
tomcat filters. I saw that there's an openejb-axis package on the source
code, but it isn't included in the distribution packages (which might mean
that there's no official way to switch to Axis).
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3685837.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Romain Manni-Bucau <rm...@gmail.com>.
are you sure you have it in the good classloader? i think common.loader
should be enough
- Romain
2011/7/21 rnieto <ga...@yahoo.com>
> I've tried attaching the SpNegoSecurityService, and it seems to be being
> initialised by tomcat properly:
> "Configuring Service(id=SpnegoSecurityService, type=SecurityService,
> provider-id=SpnegoSecurityService)"
>
> But I think the filter's not being invoked at all. I've tried debugging it
> and no calls were made to it.
>
> I've tried adding the created filter to the web.xml of tomcat and openejb,
> but it fails to initialise:
> SEVERE: Exception starting filter SpnegoHttpFilter
> java.lang.NoClassDefFoundError: org/apache/openejb/loader/SystemInstance
>
> Which I'm thinking is the wrong way to initialise it (even though the
> tomcat-loader jar is beside the spnego jar). Is there any other
> configuration I should do for the filter to be attached to the instance of
> openejb? (I haven't seen any documentation on how to do this, aside from
> the
> tomcat filters).
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3683425.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
I've tried attaching the SpNegoSecurityService, and it seems to be being
initialised by tomcat properly:
"Configuring Service(id=SpnegoSecurityService, type=SecurityService,
provider-id=SpnegoSecurityService)"
But I think the filter's not being invoked at all. I've tried debugging it
and no calls were made to it.
I've tried adding the created filter to the web.xml of tomcat and openejb,
but it fails to initialise:
SEVERE: Exception starting filter SpnegoHttpFilter
java.lang.NoClassDefFoundError: org/apache/openejb/loader/SystemInstance
Which I'm thinking is the wrong way to initialise it (even though the
tomcat-loader jar is beside the spnego jar). Is there any other
configuration I should do for the filter to be attached to the instance of
openejb? (I haven't seen any documentation on how to do this, aside from the
tomcat filters).
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3683425.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by David Blevins <da...@gmail.com>.
On Jul 21, 2011, at 3:01 AM, rnieto wrote:
> Hi,
>
> I'm trying out what you've created, but there's one thing that seems to be
> missing:
> org.apache.openejb.BeanContext
>
> Couldn't find this one on any of the OpenEJB 3.1.4 release jars. Would this
> be available with some other openejb jar that I haven't downloaded, or could
> this be replaced with the DeploymentInfo object?
Oh, right, we renamed that in trunk :) Yes, DeploymentInfo is the former name.
-David
>
> David Blevins-2 wrote:
>>
>> I had a look at the SpnegoHttpFilter source and it seems the primary thing
>> they're doing is wrapping the HttpServletRequest with a
>> SpnegoHttpServletRequest -- I'm guessing to alter the behavior of the
>> getUserPrincipal() method.
>>
>> I did some digging into Tomcat on the various ways you can redirect and it
>> looks like RequestDispatcher.forward() will preserve the original http
>> request and response. So setting up the SpnegoHttpFilter against a
>> servlet (or another filter) that uses a RequestDispatcher.forward() to
>> forward to the webservice should do the trick.
>>
>> That should get you the same service you would get in any other EE impl.
>>
>> I think it could be better. Wrapping the servlet request and overriding
>> that one method isn't going to get that totally unified "feel" as when you
>> travel into EJB land which also has a getCallerPrincipal method as well as
>> method based security via @RolesAllowed, the "wrap the servletrequest"
>> trick isn't going to have any effect.
>>
>> I hacked you up a little Spnego security service for OpenEJB based on our
>> Tomcat security service. No reason to have OpenEJB setup to use the
>> Tomcat security Realm APIs when Spnego doesn't use them. Better to have
>> OpenEJB just use the work the SpnegoFilter did. Not tested but should
>> work
>>
>> https://gist.github.com/1096823
>>
>> Primary thing is to make sure the SpnegoSecurityServiceFilter is run after
>> the SpnegoFilter. Then move this jar and the spnego jars into either the
>> tomcat/lib/ dir or the tomcat/webapps/openejb/lib/ dir.
>>
>> Hope this helps!
>>
>>
>> -David
>>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3683269.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Hi,
I'm trying out what you've created, but there's one thing that seems to be
missing:
org.apache.openejb.BeanContext
Couldn't find this one on any of the OpenEJB 3.1.4 release jars. Would this
be available with some other openejb jar that I haven't downloaded, or could
this be replaced with the DeploymentInfo object?
David Blevins-2 wrote:
>
> I had a look at the SpnegoHttpFilter source and it seems the primary thing
> they're doing is wrapping the HttpServletRequest with a
> SpnegoHttpServletRequest -- I'm guessing to alter the behavior of the
> getUserPrincipal() method.
>
> I did some digging into Tomcat on the various ways you can redirect and it
> looks like RequestDispatcher.forward() will preserve the original http
> request and response. So setting up the SpnegoHttpFilter against a
> servlet (or another filter) that uses a RequestDispatcher.forward() to
> forward to the webservice should do the trick.
>
> That should get you the same service you would get in any other EE impl.
>
> I think it could be better. Wrapping the servlet request and overriding
> that one method isn't going to get that totally unified "feel" as when you
> travel into EJB land which also has a getCallerPrincipal method as well as
> method based security via @RolesAllowed, the "wrap the servletrequest"
> trick isn't going to have any effect.
>
> I hacked you up a little Spnego security service for OpenEJB based on our
> Tomcat security service. No reason to have OpenEJB setup to use the
> Tomcat security Realm APIs when Spnego doesn't use them. Better to have
> OpenEJB just use the work the SpnegoFilter did. Not tested but should
> work
>
> https://gist.github.com/1096823
>
> Primary thing is to make sure the SpnegoSecurityServiceFilter is run after
> the SpnegoFilter. Then move this jar and the spnego jars into either the
> tomcat/lib/ dir or the tomcat/webapps/openejb/lib/ dir.
>
> Hope this helps!
>
>
> -David
>
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3683269.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by David Blevins <da...@gmail.com>.
On Jul 20, 2011, at 10:55 PM, rnieto wrote:
>
> Romain Manni-Bucau wrote:
>>
>> Yep that what i said, webservices are deployed into a context created
>> called
>> "" so you can't modify it if it is not a global config. All configuration
>> managed are the one you can put into openejb-jar.xml.
>>
>> I think jon suggessted to enhance OpenEJB.
>>
>> @Jon: Am i wrong?
>>
>
> This is just a clarification, as it was initially indicated that it would
> run filters. Should anyone else be reading this thread, they'd have a
> confirmation that indeed it doesn't do it. The explanation about it
> deploying on a different, non-configurable (outside OpenEJB) context was
> brought to light during the discussion.
>
> And my problem still persists, which Jon has indicated that this would need
> to be either:
> 1.) added to OpenEJB as an additional feature
> 2.) add it to the OpenEJB core and cxf library (which would be a guaranteed
> pain for someone who isn't a regular developer for OpenEJB).
We'll definitely need to fix this. The web services should be added to the webapp itself.
> Too bad I'm restricted by time and probably can't wait for option 1, hope
> that I could move to another EE framework (but even that seems not doable
> with my timeframe).
I had a look at the SpnegoHttpFilter source and it seems the primary thing they're doing is wrapping the HttpServletRequest with a SpnegoHttpServletRequest -- I'm guessing to alter the behavior of the getUserPrincipal() method.
I did some digging into Tomcat on the various ways you can redirect and it looks like RequestDispatcher.forward() will preserve the original http request and response. So setting up the SpnegoHttpFilter against a servlet (or another filter) that uses a RequestDispatcher.forward() to forward to the webservice should do the trick.
That should get you the same service you would get in any other EE impl.
I think it could be better. Wrapping the servlet request and overriding that one method isn't going to get that totally unified "feel" as when you travel into EJB land which also has a getCallerPrincipal method as well as method based security via @RolesAllowed, the "wrap the servletrequest" trick isn't going to have any effect.
I hacked you up a little Spnego security service for OpenEJB based on our Tomcat security service. No reason to have OpenEJB setup to use the Tomcat security Realm APIs when Spnego doesn't use them. Better to have OpenEJB just use the work the SpnegoFilter did. Not tested but should work
https://gist.github.com/1096823
Primary thing is to make sure the SpnegoSecurityServiceFilter is run after the SpnegoFilter. Then move this jar and the spnego jars into either the tomcat/lib/ dir or the tomcat/webapps/openejb/lib/ dir.
Hope this helps!
-David
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Romain Manni-Bucau wrote:
>
> Yep that what i said, webservices are deployed into a context created
> called
> "" so you can't modify it if it is not a global config. All configuration
> managed are the one you can put into openejb-jar.xml.
>
> I think jon suggessted to enhance OpenEJB.
>
> @Jon: Am i wrong?
>
This is just a clarification, as it was initially indicated that it would
run filters. Should anyone else be reading this thread, they'd have a
confirmation that indeed it doesn't do it. The explanation about it
deploying on a different, non-configurable (outside OpenEJB) context was
brought to light during the discussion.
And my problem still persists, which Jon has indicated that this would need
to be either:
1.) added to OpenEJB as an additional feature
2.) add it to the OpenEJB core and cxf library (which would be a guaranteed
pain for someone who isn't a regular developer for OpenEJB).
Too bad I'm restricted by time and probably can't wait for option 1, hope
that I could move to another EE framework (but even that seems not doable
with my timeframe).
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3682880.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Yep that what i said, webservices are deployed into a context created called
"" so you can't modify it if it is not a global config. All configuration
managed are the one you can put into openejb-jar.xml.
I think jon suggessted to enhance OpenEJB.
@Jon: Am i wrong?
- Romain
2011/7/21 rnieto <ga...@yahoo.com>
> Looking back, it seems that OpenEJB deployed web services *do not* run any
> tomcat filter that you would attach. OpenEJB under tomcat seems to run a
> whole new container inside tomcat, wherein the only thing that you can
> configure is what the OpenEJB guys have added.
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3682746.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Looking back, it seems that OpenEJB deployed web services *do not* run any
tomcat filter that you would attach. OpenEJB under tomcat seems to run a
whole new container inside tomcat, wherein the only thing that you can
configure is what the OpenEJB guys have added.
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3682746.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Jonathan Gallimore-2 wrote:
>
> I did a bit of research on this last night and at lunchtime - looks like
> CXF
> 2.4 (I think trunk was upgraded to cxf 2.4 a couple of days ago?) has
> support for this:
> https://cwiki.apache.org/confluence/display/CXF20DOC/Client+HTTP+Transport+%28including+SSL+support%29
>
> I guess we could probably add this authentication mechanism so the
> relevant
> setting can just be picked up from openejb-jar.xml like we do for the
> other
> webservice security mechanisms. What do you reckon? I was going have more
> of
> a play around with this tonight.
>
> Jon
>
Interesting, I'd look around on how to add this to my project (the
deadline's coming close). Seems like it wasn't as straightforward as I
originally thought it would be.
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3682696.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Jonathan Gallimore <jo...@gmail.com>.
I did a bit of research on this last night and at lunchtime - looks like CXF
2.4 (I think trunk was upgraded to cxf 2.4 a couple of days ago?) has
support for this:
https://cwiki.apache.org/confluence/display/CXF20DOC/Client+HTTP+Transport+%28including+SSL+support%29
I guess we could probably add this authentication mechanism so the relevant
setting can just be picked up from openejb-jar.xml like we do for the other
webservice security mechanisms. What do you reckon? I was going have more of
a play around with this tonight.
Jon
On Wed, Jul 20, 2011 at 2:51 PM, Romain Manni-Bucau
<rm...@gmail.com>wrote:
> the context is programatically created, not sure you can modify its
> web.xml...
>
> the handler idea is probably better
>
> - Romain
>
> 2011/7/20 rnieto <ga...@yahoo.com>
>
> >
> > Jean-Louis MONTEIRO wrote:
> > >
> > > Okay, I got it.
> > > Actually, WebServices are deployed in the root context. You need to add
> a
> > > servlet filter on the root webapp not on the one owning the web
> service.
> > > That is definitely not a good way, that's why I created a JIRA few
> month
> > > ago.
> > >
> > > https://issues.apache.org/jira/browse/OPENEJB-1529
> > >
> > > What are you trying to achieve?
> > > May be you can use JAX-WS Handlers?
> > >
> > > Jean-Louis
> > >
> >
> > Odd, I've tried adding it to the web.xml on the webapps\ROOT, web.xml on
> > conf and it still seems to be not picking up my filter. Guess I'll have
> to
> > poke around some more, thanks for the idea though.
> >
> > --
> > View this message in context:
> >
> http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3680800.html
> > Sent from the OpenEJB User mailing list archive at Nabble.com.
> >
>
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Romain Manni-Bucau <rm...@gmail.com>.
the context is programatically created, not sure you can modify its
web.xml...
the handler idea is probably better
- Romain
2011/7/20 rnieto <ga...@yahoo.com>
>
> Jean-Louis MONTEIRO wrote:
> >
> > Okay, I got it.
> > Actually, WebServices are deployed in the root context. You need to add a
> > servlet filter on the root webapp not on the one owning the web service.
> > That is definitely not a good way, that's why I created a JIRA few month
> > ago.
> >
> > https://issues.apache.org/jira/browse/OPENEJB-1529
> >
> > What are you trying to achieve?
> > May be you can use JAX-WS Handlers?
> >
> > Jean-Louis
> >
>
> Odd, I've tried adding it to the web.xml on the webapps\ROOT, web.xml on
> conf and it still seems to be not picking up my filter. Guess I'll have to
> poke around some more, thanks for the idea though.
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3680800.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Jean-Louis MONTEIRO wrote:
>
> Okay, I got it.
> Actually, WebServices are deployed in the root context. You need to add a
> servlet filter on the root webapp not on the one owning the web service.
> That is definitely not a good way, that's why I created a JIRA few month
> ago.
>
> https://issues.apache.org/jira/browse/OPENEJB-1529
>
> What are you trying to achieve?
> May be you can use JAX-WS Handlers?
>
> Jean-Louis
>
Odd, I've tried adding it to the web.xml on the webapps\ROOT, web.xml on
conf and it still seems to be not picking up my filter. Guess I'll have to
poke around some more, thanks for the idea though.
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3680800.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
Okay, I got it.
Actually, WebServices are deployed in the root context. You need to add a
servlet filter on the root webapp not on the one owning the web service.
That is definitely not a good way, that's why I created a JIRA few month
ago.
https://issues.apache.org/jira/browse/OPENEJB-1529
What are you trying to achieve?
May be you can use JAX-WS Handlers?
Jean-Louis
2011/7/20 rnieto <ga...@yahoo.com>
>
> Jean-Louis MONTEIRO wrote:
> >
> > Hi,
> >
> > not sure to understand the question/issue.
> > Tomcat is responsible for managing Servlet filters and OpenEJB does not
> > skip them.
> >
> > Hope it helps
> > Jean-Louis
> >
>
> I've added the SPNEGO servlet filter on my tomcat instance (
> http://spnego.sourceforge.net/spnego_tomcat.html ), and it seems that any
> request to the web service skips the additional filter. Upon debugging
> deeply on the tomcat source, I've found that when I try to request pages in
> root or other directories it picks-up the thing I added on the filter
> chain.
> When I try to access any of my webservices it seems to always not pick-up
> anything in the filter-chain.
>
> My filter url is: "/*"
>
> It is able to capture:
> /hello.jsp
> /hello.asp
> /hello
> /openejb/hello.jsp
> /openejb/hello.asp
>
> It doesn't run on the web service call:
> /ApplicationWebService
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3680473.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by rnieto <ga...@yahoo.com>.
Jean-Louis MONTEIRO wrote:
>
> Hi,
>
> not sure to understand the question/issue.
> Tomcat is responsible for managing Servlet filters and OpenEJB does not
> skip them.
>
> Hope it helps
> Jean-Louis
>
I've added the SPNEGO servlet filter on my tomcat instance (
http://spnego.sourceforge.net/spnego_tomcat.html ), and it seems that any
request to the web service skips the additional filter. Upon debugging
deeply on the tomcat source, I've found that when I try to request pages in
root or other directories it picks-up the thing I added on the filter chain.
When I try to access any of my webservices it seems to always not pick-up
anything in the filter-chain.
My filter url is: "/*"
It is able to capture:
/hello.jsp
/hello.asp
/hello
/openejb/hello.jsp
/openejb/hello.asp
It doesn't run on the web service call:
/ApplicationWebService
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3680473.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: Tomcat Servlet Filters (or Valves) and OpenEJB
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
Hi,
not sure to understand the question/issue.
Tomcat is responsible for managing Servlet filters and OpenEJB does not skip
them.
Hope it helps
Jean-Louis
--
View this message in context: http://openejb.979440.n4.nabble.com/Tomcat-Servlet-Filters-or-Valves-and-OpenEJB-tp3680204p3680238.html
Sent from the OpenEJB User mailing list archive at Nabble.com.