You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Vamsavardhana Reddy <c1...@gmail.com> on 2006/09/15 21:28:18 UTC

How about a Certification Authority (CA) portlet in Geronimo Console?

Hi,

How about having a Certificate Authority portlet in Geronimo Console?  A
full fledged CA may be a long way to go.  But what ever minimum function is
required to process CSR's etc. is not hard and the users can issue their own
digital certificates instead of getting trial certificates from some CA.  I
have already given it a try and the minimum required function can be derived
from what ever is available in geronimo-util module.

I will wait for comments from community before proceeding further.

Thanks,
Vamsi

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Hernan Cunico <hc...@gmail.com>.

OK, let's forget for a sec about the geronimo-plugins. The original note was about input for adding a new CA feature.

AFAIK we don't have that feature, do we?

I mentioned geronimo-plugins having in mind the chance to choose whether you want that feature or not. I did not mean to diverge the discussion.

Cheers!
Hernan

Jason Dillon wrote:
> Can't we just deploy new portlet things as wars or something?  ANd then 
> pack up each bit of console functionality into its own module?
> 
> --jason
> 
> 
> On Sep 15, 2006, at 12:55 PM, Guillaume Nodet wrote:
> 
>> I think it has already been done.
>> It is a bit of a hack, as it requires
>> a modification of the console configuration when the
>> plugin is installed and a server restart iiirc.
>> I guess Aaron may tell more about that.
>>
>> On 9/15/06, Jason Dillon <ja...@planet57.com> wrote:
>>> Can plugins add new portlets?
>>>
>>> --jason
>>>
>>>
>>> On Sep 15, 2006, at 12:42 PM, Hernan Cunico wrote:
>>>
>>> > I would love to see that functionality included in Geronimo.
>>> >
>>> > Do you think it could eventually become available as a geronimo-
>>> > plugin?
>>> >
>>> > Cheers!
>>> > Hernan
>>> >
>>> > Vamsavardhana Reddy wrote:
>>> >> Hi,
>>> >> How about having a Certificate Authority portlet in Geronimo
>>> >> Console?  A full fledged CA may be a long way to go.  But what
>>> >> ever minimum function is required to process CSR's etc. is not
>>> >> hard and the users can issue their own digital certificates
>>> >> instead of getting trial certificates from some CA.  I have
>>> >> already given it a try and the minimum required function can be
>>> >> derived from what ever is available in geronimo-util module.
>>> >> I will wait for comments from community before proceeding further.
>>> >> Thanks,
>>> >> Vamsi
>>>
>>>
>>
>>
>> --Cheers,
>> Guillaume Nodet
> 
>

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Aaron Mulder <am...@alumni.princeton.edu>.

You can deploy new portlets as WARs.  But in order for the portal to
include them, you have to use the hacky GBean that updates the portal
config files, and then either hit a hand-crafted URL or restart the
server to make the console notice.  The main problem is that the
console isn't very happy if you later remove said WARs, though I
haven't looked into that problem in detail.  The latest version of
Pluto should eliminate most of these problems, though we still need to
think of some way to provide a hook to take action when the WAR is
uninstalled.

Anyway, I think a CA portlet would be cool.

Thanks,
     Aaron

On 9/15/06, Jason Dillon <ja...@planet57.com> wrote:
> Can't we just deploy new portlet things as wars or something?  ANd
> then pack up each bit of console functionality into its own module?
>
> --jason
>
>
> On Sep 15, 2006, at 12:55 PM, Guillaume Nodet wrote:
>
> > I think it has already been done.
> > It is a bit of a hack, as it requires
> > a modification of the console configuration when the
> > plugin is installed and a server restart iiirc.
> > I guess Aaron may tell more about that.
> >
> > On 9/15/06, Jason Dillon <ja...@planet57.com> wrote:
> >> Can plugins add new portlets?
> >>
> >> --jason
> >>
> >>
> >> On Sep 15, 2006, at 12:42 PM, Hernan Cunico wrote:
> >>
> >> > I would love to see that functionality included in Geronimo.
> >> >
> >> > Do you think it could eventually become available as a geronimo-
> >> > plugin?
> >> >
> >> > Cheers!
> >> > Hernan
> >> >
> >> > Vamsavardhana Reddy wrote:
> >> >> Hi,
> >> >> How about having a Certificate Authority portlet in Geronimo
> >> >> Console?  A full fledged CA may be a long way to go.  But what
> >> >> ever minimum function is required to process CSR's etc. is not
> >> >> hard and the users can issue their own digital certificates
> >> >> instead of getting trial certificates from some CA.  I have
> >> >> already given it a try and the minimum required function can be
> >> >> derived from what ever is available in geronimo-util module.
> >> >> I will wait for comments from community before proceeding further.
> >> >> Thanks,
> >> >> Vamsi
> >>
> >>
> >
> >
> > --
> > Cheers,
> > Guillaume Nodet
>
>

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Hernan Cunico <hc...@gmail.com>.

OK, let's forget for a sec about the geronimo-plugins. The original note was about input for adding a new CA feature.

AFAIK we don't have that feature, do we?

I mentioned geronimo-plugins having in mind the chance to choose whether you want that feature or not. I did not mean to diverge the discussion.

Cheers!
Hernan

Jason Dillon wrote:
> Can't we just deploy new portlet things as wars or something?  ANd then 
> pack up each bit of console functionality into its own module?
> 
> --jason
> 
> 
> On Sep 15, 2006, at 12:55 PM, Guillaume Nodet wrote:
> 
>> I think it has already been done.
>> It is a bit of a hack, as it requires
>> a modification of the console configuration when the
>> plugin is installed and a server restart iiirc.
>> I guess Aaron may tell more about that.
>>
>> On 9/15/06, Jason Dillon <ja...@planet57.com> wrote:
>>> Can plugins add new portlets?
>>>
>>> --jason
>>>
>>>
>>> On Sep 15, 2006, at 12:42 PM, Hernan Cunico wrote:
>>>
>>> > I would love to see that functionality included in Geronimo.
>>> >
>>> > Do you think it could eventually become available as a geronimo-
>>> > plugin?
>>> >
>>> > Cheers!
>>> > Hernan
>>> >
>>> > Vamsavardhana Reddy wrote:
>>> >> Hi,
>>> >> How about having a Certificate Authority portlet in Geronimo
>>> >> Console?  A full fledged CA may be a long way to go.  But what
>>> >> ever minimum function is required to process CSR's etc. is not
>>> >> hard and the users can issue their own digital certificates
>>> >> instead of getting trial certificates from some CA.  I have
>>> >> already given it a try and the minimum required function can be
>>> >> derived from what ever is available in geronimo-util module.
>>> >> I will wait for comments from community before proceeding further.
>>> >> Thanks,
>>> >> Vamsi
>>>
>>>
>>
>>
>> --Cheers,
>> Guillaume Nodet
> 
>

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Jason Dillon <ja...@planet57.com>.

Can't we just deploy new portlet things as wars or something?  ANd  
then pack up each bit of console functionality into its own module?

--jason


On Sep 15, 2006, at 12:55 PM, Guillaume Nodet wrote:

> I think it has already been done.
> It is a bit of a hack, as it requires
> a modification of the console configuration when the
> plugin is installed and a server restart iiirc.
> I guess Aaron may tell more about that.
>
> On 9/15/06, Jason Dillon <ja...@planet57.com> wrote:
>> Can plugins add new portlets?
>>
>> --jason
>>
>>
>> On Sep 15, 2006, at 12:42 PM, Hernan Cunico wrote:
>>
>> > I would love to see that functionality included in Geronimo.
>> >
>> > Do you think it could eventually become available as a geronimo-
>> > plugin?
>> >
>> > Cheers!
>> > Hernan
>> >
>> > Vamsavardhana Reddy wrote:
>> >> Hi,
>> >> How about having a Certificate Authority portlet in Geronimo
>> >> Console?  A full fledged CA may be a long way to go.  But what
>> >> ever minimum function is required to process CSR's etc. is not
>> >> hard and the users can issue their own digital certificates
>> >> instead of getting trial certificates from some CA.  I have
>> >> already given it a try and the minimum required function can be
>> >> derived from what ever is available in geronimo-util module.
>> >> I will wait for comments from community before proceeding further.
>> >> Thanks,
>> >> Vamsi
>>
>>
>
>
> -- 
> Cheers,
> Guillaume Nodet

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Guillaume Nodet <gn...@gmail.com>.

I think it has already been done.
It is a bit of a hack, as it requires
a modification of the console configuration when the
plugin is installed and a server restart iiirc.
I guess Aaron may tell more about that.

On 9/15/06, Jason Dillon <ja...@planet57.com> wrote:
> Can plugins add new portlets?
>
> --jason
>
>
> On Sep 15, 2006, at 12:42 PM, Hernan Cunico wrote:
>
> > I would love to see that functionality included in Geronimo.
> >
> > Do you think it could eventually become available as a geronimo-
> > plugin?
> >
> > Cheers!
> > Hernan
> >
> > Vamsavardhana Reddy wrote:
> >> Hi,
> >> How about having a Certificate Authority portlet in Geronimo
> >> Console?  A full fledged CA may be a long way to go.  But what
> >> ever minimum function is required to process CSR's etc. is not
> >> hard and the users can issue their own digital certificates
> >> instead of getting trial certificates from some CA.  I have
> >> already given it a try and the minimum required function can be
> >> derived from what ever is available in geronimo-util module.
> >> I will wait for comments from community before proceeding further.
> >> Thanks,
> >> Vamsi
>
>


-- 
Cheers,
Guillaume Nodet

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Joe Bohn <jo...@earthlink.net>.

Well ... sorta and sorta not ...

Aaron did some work in the Quartz plugin that included a brute force 
method to add new items to the admin console via a GBean included with 
the Quartz plugin that modifies the Pluto portal config.  It's really 
creative stuff within the limits of the current Pluto implementation 
.... but it has its limits.  It is only additive at the moment and isn't 
really integrated with core Geronimo (as it's a super-intelligent GBean 
that just knows the Pluto structure and this Gbean is currently bundled 
with the plugin).   Aaron, please correct anything that I didn't get 
right ... I think what you've done is really cool.

I'd like to see if the newer Pluto includes some more dynamic update 
capabilities (as I've heard that it does) but I haven't had a chance to 
look yet.

So, back to your question ... yes it's possible but IMO, we really don't 
have a complete solution for console plugability yet.

Joe

Jason Dillon wrote:
> Can plugins add new portlets?
> 
> --jason
> 
> 
> On Sep 15, 2006, at 12:42 PM, Hernan Cunico wrote:
> 
>> I would love to see that functionality included in Geronimo.
>>
>> Do you think it could eventually become available as a geronimo- plugin?
>>
>> Cheers!
>> Hernan
>>
>> Vamsavardhana Reddy wrote:
>>
>>> Hi,
>>> How about having a Certificate Authority portlet in Geronimo  
>>> Console?  A full fledged CA may be a long way to go.  But what  ever 
>>> minimum function is required to process CSR's etc. is not  hard and 
>>> the users can issue their own digital certificates  instead of 
>>> getting trial certificates from some CA.  I have  already given it a 
>>> try and the minimum required function can be  derived from what ever 
>>> is available in geronimo-util module.
>>> I will wait for comments from community before proceeding further.
>>> Thanks,
>>> Vamsi
> 
> 
>

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Jason Dillon <ja...@planet57.com>.

Can plugins add new portlets?

--jason


On Sep 15, 2006, at 12:42 PM, Hernan Cunico wrote:

> I would love to see that functionality included in Geronimo.
>
> Do you think it could eventually become available as a geronimo- 
> plugin?
>
> Cheers!
> Hernan
>
> Vamsavardhana Reddy wrote:
>> Hi,
>> How about having a Certificate Authority portlet in Geronimo  
>> Console?  A full fledged CA may be a long way to go.  But what  
>> ever minimum function is required to process CSR's etc. is not  
>> hard and the users can issue their own digital certificates  
>> instead of getting trial certificates from some CA.  I have  
>> already given it a try and the minimum required function can be  
>> derived from what ever is available in geronimo-util module.
>> I will wait for comments from community before proceeding further.
>> Thanks,
>> Vamsi

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Hernan Cunico <hc...@gmail.com>.

I would love to see that functionality included in Geronimo.

Do you think it could eventually become available as a geronimo-plugin?

Cheers!
Hernan

Vamsavardhana Reddy wrote:
> Hi,
> 
> How about having a Certificate Authority portlet in Geronimo Console?  A 
> full fledged CA may be a long way to go.  But what ever minimum function 
> is required to process CSR's etc. is not hard and the users can issue 
> their own digital certificates instead of getting trial certificates 
> from some CA.  I have already given it a try and the minimum required 
> function can be derived from what ever is available in geronimo-util module.
> 
> I will wait for comments from community before proceeding further.
> 
> Thanks,
> Vamsi

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Hernan Cunico <hc...@gmail.com>.

I would love to see that functionality included in Geronimo.

Do you think it could eventually become available as a geronimo-plugin?

Cheers!
Hernan

Vamsavardhana Reddy wrote:
> Hi,
> 
> How about having a Certificate Authority portlet in Geronimo Console?  A 
> full fledged CA may be a long way to go.  But what ever minimum function 
> is required to process CSR's etc. is not hard and the users can issue 
> their own digital certificates instead of getting trial certificates 
> from some CA.  I have already given it a try and the minimum required 
> function can be derived from what ever is available in geronimo-util module.
> 
> I will wait for comments from community before proceeding further.
> 
> Thanks,
> Vamsi

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Vamsavardhana Reddy <c1...@gmail.com>.

I do not know if this should affect the export classification of G, but we
will still need to ascertain this.  If it does, we could provide the CA
functionality with parameters and key sizes etc that will not impose any
restrictions on export classification.  We can provide a configuration file
that will let the users configure these parameters easily.
modules\geronimo-util and some classes in J2SE are enough to piece together
most functions required by a CA.

Ideas, suggestions and comments will be very helpful.

Thanks,
Vamsi

On 9/16/06, Paul McMahan <pa...@gmail.com> wrote:
>
> Vamsi,  interesting idea.  This is probably a dumb question, but could
> implementing the necessary cryptographic functions for a CA affect
> Geronimo's export classification?  I think the answer is no but hope
> someone on the list might know for sure.
>
> Best wishes,
> Paul
>
> On 9/15/06, Vamsavardhana Reddy <c1...@gmail.com> wrote:
> > Hi,
> >
> > How about having a Certificate Authority portlet in Geronimo Console?  A
> > full fledged CA may be a long way to go.  But what ever minimum function
> is
> > required to process CSR's etc. is not hard and the users can issue their
> own
> > digital certificates instead of getting trial certificates from some
> CA.  I
> > have already given it a try and the minimum required function can be
> derived
> > from what ever is available in geronimo-util module.
> >
> > I will wait for comments from community before proceeding further.
> >
> > Thanks,
> > Vamsi
> >
>

Re: How about a Certification Authority (CA) portlet in Geronimo Console?

Posted by Paul McMahan <pa...@gmail.com>.

Vamsi,  interesting idea.  This is probably a dumb question, but could
implementing the necessary cryptographic functions for a CA affect
Geronimo's export classification?  I think the answer is no but hope
someone on the list might know for sure.

Best wishes,
Paul

On 9/15/06, Vamsavardhana Reddy <c1...@gmail.com> wrote:
> Hi,
>
> How about having a Certificate Authority portlet in Geronimo Console?  A
> full fledged CA may be a long way to go.  But what ever minimum function is
> required to process CSR's etc. is not hard and the users can issue their own
> digital certificates instead of getting trial certificates from some CA.  I
> have already given it a try and the minimum required function can be derived
> from what ever is available in geronimo-util module.
>
> I will wait for comments from community before proceeding further.
>
> Thanks,
> Vamsi
>