You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "David Jencks (JIRA)" <de...@geronimo.apache.org> on 2005/04/29 23:31:57 UTC
[jira] Closed: (GERONIMO-639) GenericSecurityRealm doesn't express its gbean dependencies
[ http://issues.apache.org/jira/browse/GERONIMO-639?page=all ]
David Jencks closed GERONIMO-639:
---------------------------------
Resolution: Fixed
Fix Version: 1.0-M4
fixed in geronimo rev 165344 and in openejb using the "lots of little linked gbeans" solution.
> GenericSecurityRealm doesn't express its gbean dependencies
> -----------------------------------------------------------
>
> Key: GERONIMO-639
> URL: http://issues.apache.org/jira/browse/GERONIMO-639
> Project: Geronimo
> Type: Bug
> Components: security
> Versions: 1.0-M3
> Reporter: David Jencks
> Assignee: David Jencks
> Fix For: 1.0-M4
>
> A GenericSecurityRealm depends on a bunch of LoginModuleGBeans to express the login modules that must be logged into to log into the realm. Currently these are listed by gbean name + other info in a properties file format. This does nothing to assure that the login modules are in fact started before the GSR is started, although the LMs are used in the GSR constructor.
> Sometimes the GSR will start, but the same configuration sometimes will not start due to system variations in gbean start order.
> One solution is to make a LoginModule holder gbean that forms a linked list of gbeans, similar to the JettyFilterMapping. This can be implemented easily with no core changes, but it results in a profusion of gbeans that do almost nothing.
> Another possible solution is to introduce a core gbean feature that lets you have something like an ordered list of explicit references, all of which must be started for the gbean to start. This would be of more general use but would require some thought to figure out the best functionality.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
Re: More Tomcat Updates
Posted by Jeff Genender <jg...@savoirtech.com>.
Fixed. Thanks.
Tom McQueeney wrote:
> Jeff,
>
> Thank you for the Tomcat integration work. I look forward to trying out
> the changes.
>
> There's a typo in the comment on line 182 of the new
> j2ee-server-tomcat-plan.xml I'm hoping you could fix:
>
> ===================================================================
> --- modules/assembly/src/plan/j2ee-server-tomcat-plan.xml (revision
> 167861)
> +++ modules/assembly/src/plan/j2ee-server-tomcat-plan.xml (working copy)
> @@ -182,7 +182,7 @@
> </gbean>
>
> <!-- Valve -->
> - <! -- Uncomment this section to add a valve chain. This example
> consists of the Tomcat
> + <!-- Uncomment this section to add a valve chain. This example
> consists of the Tomcat
> SingleSignOn and AccessLogValve. Notice the dependency that
> chains the FirstValve with the
> SecondValve. The valves will be added in the order that they
> are chained.
> <gbean name="FirstValve"
> class="org.apache.geronimo.tomcat.ValveGBean">
>
> -Tom
>
>
> Jeff Genender wrote:
>
>> I have finally implemented the Valve chains to the Tomcat integration
>> and finalized the context configuration. I would suffice to say
>> Tomcat is pretty much/mostly integrated into Geronimo (short of major
>> testing).
>>
>> The context configuration does not use the context.xml file, but uses
>> the geronimo-tomcat.xml file instead. It is in this file that we do
>> the similar type of setup as you would have in the Tomcat context.xml,
>> but you use gbeans instead. You may set up context specific valves
>> (in a chain I might add) and set up a custom realm here as well. This
>> is where you would use/declare the TomcatGeronimoRealm for JACC for
>> your context.
>>
>> I will be updating the wiki next with a full description/howto for
>> using Tomcat in geronimo using the GBean configuration paradigm. The
>> above is just a quick summary.
>>
>> After I have completed this I will add on some periphery Tomcat GBean
>> wrapper objects for listeners, etc.
>>
>> I encourage folks to kick the tires and give it a spin.
>>
Re: More Tomcat Updates
Posted by Tom McQueeney <to...@mcqueeney.com>.
Jeff,
Thank you for the Tomcat integration work. I look forward to trying out
the changes.
There's a typo in the comment on line 182 of the new
j2ee-server-tomcat-plan.xml I'm hoping you could fix:
===================================================================
--- modules/assembly/src/plan/j2ee-server-tomcat-plan.xml (revision 167861)
+++ modules/assembly/src/plan/j2ee-server-tomcat-plan.xml (working copy)
@@ -182,7 +182,7 @@
</gbean>
<!-- Valve -->
- <! -- Uncomment this section to add a valve chain. This example
consists of the Tomcat
+ <!-- Uncomment this section to add a valve chain. This example
consists of the Tomcat
SingleSignOn and AccessLogValve. Notice the dependency that
chains the FirstValve with the
SecondValve. The valves will be added in the order that
they are chained.
<gbean name="FirstValve"
class="org.apache.geronimo.tomcat.ValveGBean">
-Tom
Jeff Genender wrote:
> I have finally implemented the Valve chains to the Tomcat integration
> and finalized the context configuration. I would suffice to say Tomcat
> is pretty much/mostly integrated into Geronimo (short of major testing).
>
> The context configuration does not use the context.xml file, but uses
> the geronimo-tomcat.xml file instead. It is in this file that we do the
> similar type of setup as you would have in the Tomcat context.xml, but
> you use gbeans instead. You may set up context specific valves (in a
> chain I might add) and set up a custom realm here as well. This is
> where you would use/declare the TomcatGeronimoRealm for JACC for your
> context.
>
> I will be updating the wiki next with a full description/howto for using
> Tomcat in geronimo using the GBean configuration paradigm. The above is
> just a quick summary.
>
> After I have completed this I will add on some periphery Tomcat GBean
> wrapper objects for listeners, etc.
>
> I encourage folks to kick the tires and give it a spin.
>
RE: More Tomcat Updates
Posted by si...@insession.com.
Done.
I added some questions to the end of the Wiki page (I haven't had a chance
to investigate them) if you know the answers, please update the Wiki page.
Thanks,
John
This e-mail message and any attachments may contain confidential,
proprietary or non-public information. This information is intended
solely for the designated recipient(s). If an addressing or transmission
error has misdirected this e-mail, please notify the sender immediately
and destroy this e-mail. Any review, dissemination, use or reliance upon
this information by unintended recipients is prohibited. Any opinions
expressed in this e-mail are those of the author personally.
"Jeff Genender" <jg...@savoirtech.com> wrote on 11/05/2005 12:12:19
AM:
> John,
>
> Thanks for the comments. However...I highly invite the changing of
> my work. This is a community project and I really can use the help.
> The more people who find issues, then this is good. It means people
> are playing around with this. I want that people show some interest
> in this component. So thanks for taking the time to comment on it.
>
> Your ideas are great. Update the Wiki!!!! I emplore you to rush in!
>
> Thanks,
>
> Jeff
>
> From: sissonj@insession.com [mailto:sissonj@insession.com]
> Sent: Tuesday, May 10, 2005 7:08 AM
> To: dev@geronimo.apache.org
> Subject: Re: More Tomcat Updates
>
> A couple of comments on the Tomcat wiki to get your opinion, rather
> than me rushing in and changing your great work...
>
> * It might be safer (for newbies) to have the example not specify
> configids as arguments when geronimo is started. The reason being
> they may have deployed other configurations when previously running
> Geronimo, before they get around to setting up Tomcat. The current
> example also does not start org/apache/geronimo/RuntimeDeployer,
> which may cause some problems. I have seen a few newbies caught
> out by this in the past.
>
> Instead of:
>
> java -Djava.endorsed.dirs=lib/endorsed -jar bin/server.jar
> org/apache/geronimo/Tomcat
>
> have:
>
> java -Djava.endorsed.dirs=lib/endorsed -jar bin/server.jar
>
> Start another shell and start the Tomcat configuration using the
command:
>
> java -jar bin/deployer.jar --user system --password manager
> start org/apache/geronimo/Tomcat
>
> * Instead of saying "NOTE: CATALINA_HOME environment variable is
> required to run Tomcat. It's set to var/catalina/ via the GBean
> attribute catalinaHome in j2ee-server-tomcat-plan.xml" would the
> following be clearer?:
>
> NOTE: The CATALINA_HOME environment variable is not used by Tomcat
> when running inside Geronimo. The Catalina home directory is set to
> var/catalina/ via the GBean attribute catalinaHome in j2ee-server-
> tomcat-plan.xml"
>
> * Could you explain how a module builder is selected when a web-app
> is deployed. E.G. what happens if I have both a geronimo-jetty.xml
> and a geronimo-tomcat.xml file in the WEB-INF directory and both
> Jetty and Geronimo are configured.
>
> * It might be worth showing the steps on how to disable Jetty and
> only have Tomcat. I would imagine the majority of users would want
> to use one or the other, but not both.
>
> Regards,
>
> John
>
> This e-mail message and any attachments may contain confidential,
> proprietary or non-public information. This information is intended
> solely for the designated recipient(s). If an addressing or
> transmission error has misdirected this e-mail, please notify the
> sender immediately and destroy this e-mail. Any review,
> dissemination, use or reliance upon this information by unintended
> recipients is prohibited. Any opinions expressed in this e-mail are
> those of the author personally.
>
>
> Jeff Genender <jg...@apache.org>
> 09-May-2005 12:56 PM
>
> Please respond to
> dev@geronimo.apache.org
>
> To
>
> dev@geronimo.apache.org
>
> cc
>
> Subject
>
> Re: More Tomcat Updates
>
>
>
>
> Ok...disregard the point on showing me the links to Tomcat and
> deprecated min/maxProcessor. The Tomcat SSL doc appears to be old...the
> server.xml file that is included in the Tomcat 5.5.9 source contains the
> thread versions. I have made the and will commit the file shortly.
>
> Thanks again for pointing this out.
>
> Jeff
>
> Jeff Genender wrote:
> >
> >
> > > sissonj@insession.com wrote:
> >
> >>
> >> Hi Jeff,
> >>
> >> Great work!
> >
> >
> > Thanks!
> >
> >> In your the example SSL configuration in
> >> geronimo\modules\assembly\src\plan\j2ee-server-tomcat-plan.xml , the
> >> connector attributes minProcessor and maxProcessor have been
> >> deprecated (according to the Tomcat doco). AFAICS, from reading the
> >> Tomcat mailing list the maxThreads, minSpareThreads and
> >> maxSpareThreads attributes should be used instead.
> >
> >
> > I used the example setup from
> > http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html which
> > appears to be the official documentation for Tomcat 5.5 SSL
> > configuration. I am more than happy to remove those parameters and
use
> > the threaded versions...if you can direct me to those new parameters
and
> > the Tomcat pages explaining that they should be used in lieu of the
> > processor version (for 5.5.9). Thanks for pointing this out.
> >
> >>
> >> FYI.. I haven't been able to find any links to
> >> http://wiki.apache.org/geronimo/Tomcat on the Wiki (maybe this was
> >> intended at this stage).
> >>
> >
> > Are you talking about a link off the Front Page or other indexed
> > location? No it was not intentional at all. I definately want the
> > world to know its available for use. It may be my own ignorance of
the
> > Wiki's setup, and perhaps there already is an index page...I would
very
> > much like to have the Tomcat Wiki description on an index of some
form.
> > I am open to being educated on this subject ;-) In the mean time, if
> > anyone has a good location for the link, let me know or just go ahead
> > and add it ;-)
> >
> > Jeff
> >
> >
> >> John
> >>
> >>
> >>
> >> Jeff Genender <jg...@apache.org> wrote on 03/05/2005 02:20:08 PM:
> >>
> >> > I have finally implemented the Valve chains to the Tomcat
integration
> >> > and finalized the context configuration. I would suffice to say
> >> Tomcat
> >> > is pretty much/mostly integrated into Geronimo (short of major
> >> testing).
> >> >
> >> > The context configuration does not use the context.xml file, but
uses
> >> > the geronimo-tomcat.xml file instead. It is in this file that we
> >> do the
> >> > similar type of setup as you would have in the Tomcat context.xml,
but
> >> > you use gbeans instead. You may set up context specific valves
(in a
> >> > chain I might add) and set up a custom realm here as well. This
is
> >> > where you would use/declare the TomcatGeronimoRealm for JACC for
your
> >> > context.
> >> >
> >> > I will be updating the wiki next with a full description/howto for
> >> using
> >> > Tomcat in geronimo using the GBean configuration paradigm. The
> >> above is
> >> > just a quick summary.
> >> >
> >> > After I have completed this I will add on some periphery Tomcat
GBean
> >> > wrapper objects for listeners, etc.
> >> >
> >> > I encourage folks to kick the tires and give it a spin.
> >> >
> >> > --
> >> > Jeff Genender
> >> > http://geronimo.apache.org
> >> >
> >
> >
>
> --
> Jeff Genender
> http://geronimo.apache.org
>
RE: More Tomcat Updates
Posted by Jeff Genender <jg...@savoirtech.com>.
John,
Thanks for the comments. However...I highly invite the changing of my work.
This is a community project and I really can use the help. The more people
who find issues, then this is good. It means people are playing around with
this. I want that people show some interest in this component. So thanks
for taking the time to comment on it.
Your ideas are great. Update the Wiki!!!! I emplore you to rush in!
Thanks,
Jeff
_____
From: sissonj@insession.com [mailto:sissonj@insession.com]
Sent: Tuesday, May 10, 2005 7:08 AM
To: dev@geronimo.apache.org
Subject: Re: More Tomcat Updates
A couple of comments on the Tomcat wiki to get your opinion, rather than me
rushing in and changing your great work...
* It might be safer (for newbies) to have the example not specify configids
as arguments when geronimo is started. The reason being they may have
deployed other configurations when previously running Geronimo, before they
get around to setting up Tomcat. The current example also does not start
org/apache/geronimo/RuntimeDeployer, which may cause some problems. I have
seen a few newbies caught out by this in the past.
Instead of:
java -Djava.endorsed.dirs=lib/endorsed -jar bin/server.jar
org/apache/geronimo/Tomcat
have:
java -Djava.endorsed.dirs=lib/endorsed -jar bin/server.jar
Start another shell and start the Tomcat configuration using the command:
java -jar bin/deployer.jar --user system --password manager start
org/apache/geronimo/Tomcat
* Instead of saying "NOTE: CATALINA_HOME environment variable is required to
run Tomcat. It's set to var/catalina/ via the GBean attribute catalinaHome
in j2ee-server-tomcat-plan.xml" would the following be clearer?:
NOTE: The CATALINA_HOME environment variable is not used by Tomcat when
running inside Geronimo. The Catalina home directory is set to var/catalina/
via the GBean attribute catalinaHome in j2ee-server-tomcat-plan.xml"
* Could you explain how a module builder is selected when a web-app is
deployed. E.G. what happens if I have both a geronimo-jetty.xml and a
geronimo-tomcat.xml file in the WEB-INF directory and both Jetty and
Geronimo are configured.
* It might be worth showing the steps on how to disable Jetty and only have
Tomcat. I would imagine the majority of users would want to use one or the
other, but not both.
Regards,
John
This e-mail message and any attachments may contain confidential,
proprietary or non-public information. This information is intended solely
for the designated recipient(s). If an addressing or transmission error has
misdirected this e-mail, please notify the sender immediately and destroy
this e-mail. Any review, dissemination, use or reliance upon this
information by unintended recipients is prohibited. Any opinions expressed
in this e-mail are those of the author personally.
Jeff Genender <jg...@apache.org>
09-May-2005 12:56 PM
Please respond to
dev@geronimo.apache.org
To
dev@geronimo.apache.org
cc
Subject
Re: More Tomcat Updates
Ok...disregard the point on showing me the links to Tomcat and
deprecated min/maxProcessor. The Tomcat SSL doc appears to be old...the
server.xml file that is included in the Tomcat 5.5.9 source contains the
thread versions. I have made the and will commit the file shortly.
Thanks again for pointing this out.
Jeff
Jeff Genender wrote:
>
>
> > sissonj@insession.com wrote:
>
>>
>> Hi Jeff,
>>
>> Great work!
>
>
> Thanks!
>
>> In your the example SSL configuration in
>> geronimo\modules\assembly\src\plan\j2ee-server-tomcat-plan.xml , the
>> connector attributes minProcessor and maxProcessor have been
>> deprecated (according to the Tomcat doco). AFAICS, from reading the
>> Tomcat mailing list the maxThreads, minSpareThreads and
>> maxSpareThreads attributes should be used instead.
>
>
> I used the example setup from
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html which
> appears to be the official documentation for Tomcat 5.5 SSL
> configuration. I am more than happy to remove those parameters and use
> the threaded versions...if you can direct me to those new parameters and
> the Tomcat pages explaining that they should be used in lieu of the
> processor version (for 5.5.9). Thanks for pointing this out.
>
>>
>> FYI.. I haven't been able to find any links to
>> http://wiki.apache.org/geronimo/Tomcat on the Wiki (maybe this was
>> intended at this stage).
>>
>
> Are you talking about a link off the Front Page or other indexed
> location? No it was not intentional at all. I definately want the
> world to know its available for use. It may be my own ignorance of the
> Wiki's setup, and perhaps there already is an index page...I would very
> much like to have the Tomcat Wiki description on an index of some form.
> I am open to being educated on this subject ;-) In the mean time, if
> anyone has a good location for the link, let me know or just go ahead
> and add it ;-)
>
> Jeff
>
>
>> John
>>
>>
>>
>> Jeff Genender <jg...@apache.org> wrote on 03/05/2005 02:20:08 PM:
>>
>> > I have finally implemented the Valve chains to the Tomcat integration
>> > and finalized the context configuration. I would suffice to say
>> Tomcat
>> > is pretty much/mostly integrated into Geronimo (short of major
>> testing).
>> >
>> > The context configuration does not use the context.xml file, but uses
>> > the geronimo-tomcat.xml file instead. It is in this file that we
>> do the
>> > similar type of setup as you would have in the Tomcat context.xml, but
>> > you use gbeans instead. You may set up context specific valves (in a
>> > chain I might add) and set up a custom realm here as well. This is
>> > where you would use/declare the TomcatGeronimoRealm for JACC for your
>> > context.
>> >
>> > I will be updating the wiki next with a full description/howto for
>> using
>> > Tomcat in geronimo using the GBean configuration paradigm. The
>> above is
>> > just a quick summary.
>> >
>> > After I have completed this I will add on some periphery Tomcat GBean
>> > wrapper objects for listeners, etc.
>> >
>> > I encourage folks to kick the tires and give it a spin.
>> >
>> > --
>> > Jeff Genender
>> > http://geronimo.apache.org
>> >
>
>
--
Jeff Genender
http://geronimo.apache.org
Re: More Tomcat Updates
Posted by si...@insession.com.
A couple of comments on the Tomcat wiki to get your opinion, rather than
me rushing in and changing your great work...
* It might be safer (for newbies) to have the example not specify
configids as arguments when geronimo is started. The reason being they
may have deployed other configurations when previously running Geronimo,
before they get around to setting up Tomcat. The current example also does
not start org/apache/geronimo/RuntimeDeployer, which may cause some
problems. I have seen a few newbies caught out by this in the past.
Instead of:
java -Djava.endorsed.dirs=lib/endorsed -jar bin/server.jar
org/apache/geronimo/Tomcat
have:
java -Djava.endorsed.dirs=lib/endorsed -jar bin/server.jar
Start another shell and start the Tomcat configuration using the
command:
java -jar bin/deployer.jar --user system --password manager start
org/apache/geronimo/Tomcat
* Instead of saying "NOTE: CATALINA_HOME environment variable is required
to run Tomcat. It's set to var/catalina/ via the GBean attribute
catalinaHome in j2ee-server-tomcat-plan.xml" would the following be
clearer?:
NOTE: The CATALINA_HOME environment variable is not used by Tomcat when
running inside Geronimo. The Catalina home directory is set to
var/catalina/ via the GBean attribute catalinaHome in
j2ee-server-tomcat-plan.xml"
* Could you explain how a module builder is selected when a web-app is
deployed. E.G. what happens if I have both a geronimo-jetty.xml and a
geronimo-tomcat.xml file in the WEB-INF directory and both Jetty and
Geronimo are configured.
* It might be worth showing the steps on how to disable Jetty and only
have Tomcat. I would imagine the majority of users would want to use one
or the other, but not both.
Regards,
John
This e-mail message and any attachments may contain confidential,
proprietary or non-public information. This information is intended
solely for the designated recipient(s). If an addressing or transmission
error has misdirected this e-mail, please notify the sender immediately
and destroy this e-mail. Any review, dissemination, use or reliance upon
this information by unintended recipients is prohibited. Any opinions
expressed in this e-mail are those of the author personally.
Jeff Genender <jg...@apache.org>
09-May-2005 12:56 PM
Please respond to
dev@geronimo.apache.org
To
dev@geronimo.apache.org
cc
Subject
Re: More Tomcat Updates
Ok...disregard the point on showing me the links to Tomcat and
deprecated min/maxProcessor. The Tomcat SSL doc appears to be old...the
server.xml file that is included in the Tomcat 5.5.9 source contains the
thread versions. I have made the and will commit the file shortly.
Thanks again for pointing this out.
Jeff
Jeff Genender wrote:
>
>
> > sissonj@insession.com wrote:
>
>>
>> Hi Jeff,
>>
>> Great work!
>
>
> Thanks!
>
>> In your the example SSL configuration in
>> geronimo\modules\assembly\src\plan\j2ee-server-tomcat-plan.xml , the
>> connector attributes minProcessor and maxProcessor have been
>> deprecated (according to the Tomcat doco). AFAICS, from reading the
>> Tomcat mailing list the maxThreads, minSpareThreads and
>> maxSpareThreads attributes should be used instead.
>
>
> I used the example setup from
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html which
> appears to be the official documentation for Tomcat 5.5 SSL
> configuration. I am more than happy to remove those parameters and use
> the threaded versions...if you can direct me to those new parameters and
> the Tomcat pages explaining that they should be used in lieu of the
> processor version (for 5.5.9). Thanks for pointing this out.
>
>>
>> FYI.. I haven't been able to find any links to
>> http://wiki.apache.org/geronimo/Tomcat on the Wiki (maybe this was
>> intended at this stage).
>>
>
> Are you talking about a link off the Front Page or other indexed
> location? No it was not intentional at all. I definately want the
> world to know its available for use. It may be my own ignorance of the
> Wiki's setup, and perhaps there already is an index page...I would very
> much like to have the Tomcat Wiki description on an index of some form.
> I am open to being educated on this subject ;-) In the mean time, if
> anyone has a good location for the link, let me know or just go ahead
> and add it ;-)
>
> Jeff
>
>
>> John
>>
>>
>>
>> Jeff Genender <jg...@apache.org> wrote on 03/05/2005 02:20:08 PM:
>>
>> > I have finally implemented the Valve chains to the Tomcat
integration
>> > and finalized the context configuration. I would suffice to say
>> Tomcat
>> > is pretty much/mostly integrated into Geronimo (short of major
>> testing).
>> >
>> > The context configuration does not use the context.xml file, but
uses
>> > the geronimo-tomcat.xml file instead. It is in this file that we
>> do the
>> > similar type of setup as you would have in the Tomcat context.xml,
but
>> > you use gbeans instead. You may set up context specific valves (in
a
>> > chain I might add) and set up a custom realm here as well. This is
>> > where you would use/declare the TomcatGeronimoRealm for JACC for
your
>> > context.
>> >
>> > I will be updating the wiki next with a full description/howto for
>> using
>> > Tomcat in geronimo using the GBean configuration paradigm. The
>> above is
>> > just a quick summary.
>> >
>> > After I have completed this I will add on some periphery Tomcat
GBean
>> > wrapper objects for listeners, etc.
>> >
>> > I encourage folks to kick the tires and give it a spin.
>> >
>> > --
>> > Jeff Genender
>> > http://geronimo.apache.org
>> >
>
>
--
Jeff Genender
http://geronimo.apache.org
Re: More Tomcat Updates
Posted by Jeff Genender <jg...@apache.org>.
Ok...disregard the point on showing me the links to Tomcat and
deprecated min/maxProcessor. The Tomcat SSL doc appears to be old...the
server.xml file that is included in the Tomcat 5.5.9 source contains the
thread versions. I have made the and will commit the file shortly.
Thanks again for pointing this out.
Jeff
Jeff Genender wrote:
>
>
> > sissonj@insession.com wrote:
>
>>
>> Hi Jeff,
>>
>> Great work!
>
>
> Thanks!
>
>> In your the example SSL configuration in
>> geronimo\modules\assembly\src\plan\j2ee-server-tomcat-plan.xml , the
>> connector attributes minProcessor and maxProcessor have been
>> deprecated (according to the Tomcat doco). AFAICS, from reading the
>> Tomcat mailing list the maxThreads, minSpareThreads and
>> maxSpareThreads attributes should be used instead.
>
>
> I used the example setup from
> http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html which
> appears to be the official documentation for Tomcat 5.5 SSL
> configuration. I am more than happy to remove those parameters and use
> the threaded versions...if you can direct me to those new parameters and
> the Tomcat pages explaining that they should be used in lieu of the
> processor version (for 5.5.9). Thanks for pointing this out.
>
>>
>> FYI.. I haven't been able to find any links to
>> http://wiki.apache.org/geronimo/Tomcat on the Wiki (maybe this was
>> intended at this stage).
>>
>
> Are you talking about a link off the Front Page or other indexed
> location? No it was not intentional at all. I definately want the
> world to know its available for use. It may be my own ignorance of the
> Wiki's setup, and perhaps there already is an index page...I would very
> much like to have the Tomcat Wiki description on an index of some form.
> I am open to being educated on this subject ;-) In the mean time, if
> anyone has a good location for the link, let me know or just go ahead
> and add it ;-)
>
> Jeff
>
>
>> John
>>
>>
>>
>> Jeff Genender <jg...@apache.org> wrote on 03/05/2005 02:20:08 PM:
>>
>> > I have finally implemented the Valve chains to the Tomcat integration
>> > and finalized the context configuration. I would suffice to say
>> Tomcat
>> > is pretty much/mostly integrated into Geronimo (short of major
>> testing).
>> >
>> > The context configuration does not use the context.xml file, but uses
>> > the geronimo-tomcat.xml file instead. It is in this file that we
>> do the
>> > similar type of setup as you would have in the Tomcat context.xml, but
>> > you use gbeans instead. You may set up context specific valves (in a
>> > chain I might add) and set up a custom realm here as well. This is
>> > where you would use/declare the TomcatGeronimoRealm for JACC for your
>> > context.
>> >
>> > I will be updating the wiki next with a full description/howto for
>> using
>> > Tomcat in geronimo using the GBean configuration paradigm. The
>> above is
>> > just a quick summary.
>> >
>> > After I have completed this I will add on some periphery Tomcat GBean
>> > wrapper objects for listeners, etc.
>> >
>> > I encourage folks to kick the tires and give it a spin.
>> >
>> > --
>> > Jeff Genender
>> > http://geronimo.apache.org
>> >
>
>
--
Jeff Genender
http://geronimo.apache.org
Re: More Tomcat Updates
Posted by Jeff Genender <jg...@apache.org>.
> sissonj@insession.com wrote:
>
> Hi Jeff,
>
> Great work!
Thanks!
> In your the example SSL configuration in
> geronimo\modules\assembly\src\plan\j2ee-server-tomcat-plan.xml , the
> connector attributes minProcessor and maxProcessor have been deprecated
> (according to the Tomcat doco). AFAICS, from reading the Tomcat mailing
> list the maxThreads, minSpareThreads and maxSpareThreads attributes
> should be used instead.
I used the example setup from
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html which
appears to be the official documentation for Tomcat 5.5 SSL
configuration. I am more than happy to remove those parameters and use
the threaded versions...if you can direct me to those new parameters and
the Tomcat pages explaining that they should be used in lieu of the
processor version (for 5.5.9). Thanks for pointing this out.
>
> FYI.. I haven't been able to find any links to
> http://wiki.apache.org/geronimo/Tomcat on the Wiki (maybe this was
> intended at this stage).
>
Are you talking about a link off the Front Page or other indexed
location? No it was not intentional at all. I definately want the
world to know its available for use. It may be my own ignorance of the
Wiki's setup, and perhaps there already is an index page...I would very
much like to have the Tomcat Wiki description on an index of some form.
I am open to being educated on this subject ;-) In the mean time, if
anyone has a good location for the link, let me know or just go ahead
and add it ;-)
Jeff
> John
>
>
>
> Jeff Genender <jg...@apache.org> wrote on 03/05/2005 02:20:08 PM:
>
> > I have finally implemented the Valve chains to the Tomcat integration
> > and finalized the context configuration. I would suffice to say Tomcat
> > is pretty much/mostly integrated into Geronimo (short of major testing).
> >
> > The context configuration does not use the context.xml file, but uses
> > the geronimo-tomcat.xml file instead. It is in this file that we do the
> > similar type of setup as you would have in the Tomcat context.xml, but
> > you use gbeans instead. You may set up context specific valves (in a
> > chain I might add) and set up a custom realm here as well. This is
> > where you would use/declare the TomcatGeronimoRealm for JACC for your
> > context.
> >
> > I will be updating the wiki next with a full description/howto for using
> > Tomcat in geronimo using the GBean configuration paradigm. The above is
> > just a quick summary.
> >
> > After I have completed this I will add on some periphery Tomcat GBean
> > wrapper objects for listeners, etc.
> >
> > I encourage folks to kick the tires and give it a spin.
> >
> > --
> > Jeff Genender
> > http://geronimo.apache.org
> >
--
Jeff Genender
http://geronimo.apache.org
Re: More Tomcat Updates
Posted by si...@insession.com.
Hi Jeff,
Great work!
In your the example SSL configuration in
geronimo\modules\assembly\src\plan\j2ee-server-tomcat-plan.xml , the
connector attributes minProcessor and maxProcessor have been deprecated
(according to the Tomcat doco). AFAICS, from reading the Tomcat mailing
list the maxThreads, minSpareThreads and maxSpareThreads attributes should
be used instead.
FYI.. I haven't been able to find any links to
http://wiki.apache.org/geronimo/Tomcat on the Wiki (maybe this was
intended at this stage).
John
Jeff Genender <jg...@apache.org> wrote on 03/05/2005 02:20:08 PM:
> I have finally implemented the Valve chains to the Tomcat integration
> and finalized the context configuration. I would suffice to say Tomcat
> is pretty much/mostly integrated into Geronimo (short of major testing).
>
> The context configuration does not use the context.xml file, but uses
> the geronimo-tomcat.xml file instead. It is in this file that we do the
> similar type of setup as you would have in the Tomcat context.xml, but
> you use gbeans instead. You may set up context specific valves (in a
> chain I might add) and set up a custom realm here as well. This is
> where you would use/declare the TomcatGeronimoRealm for JACC for your
> context.
>
> I will be updating the wiki next with a full description/howto for using
> Tomcat in geronimo using the GBean configuration paradigm. The above is
> just a quick summary.
>
> After I have completed this I will add on some periphery Tomcat GBean
> wrapper objects for listeners, etc.
>
> I encourage folks to kick the tires and give it a spin.
>
> --
> Jeff Genender
> http://geronimo.apache.org
>
More Tomcat Updates
Posted by Jeff Genender <jg...@apache.org>.
I have finally implemented the Valve chains to the Tomcat integration
and finalized the context configuration. I would suffice to say Tomcat
is pretty much/mostly integrated into Geronimo (short of major testing).
The context configuration does not use the context.xml file, but uses
the geronimo-tomcat.xml file instead. It is in this file that we do the
similar type of setup as you would have in the Tomcat context.xml, but
you use gbeans instead. You may set up context specific valves (in a
chain I might add) and set up a custom realm here as well. This is
where you would use/declare the TomcatGeronimoRealm for JACC for your
context.
I will be updating the wiki next with a full description/howto for using
Tomcat in geronimo using the GBean configuration paradigm. The above is
just a quick summary.
After I have completed this I will add on some periphery Tomcat GBean
wrapper objects for listeners, etc.
I encourage folks to kick the tires and give it a spin.
--
Jeff Genender
http://geronimo.apache.org
Re: [jira] Closed: (GERONIMO-639) GenericSecurityRealm doesn't express its gbean dependencies
Posted by David Jencks <dj...@gluecode.com>.
On Apr 30, 2005, at 7:13 PM, sissonj@insession.com wrote:
>
> I have got the impression from the mail discussions that this is a
> temporary solution.
in its current form as way too many xml gbean definitions, yes.
However I'm about to commit a xml-reference builder similar in concept
to the xml-attribute builders that will at least hide all the
complexity of the too many gbeans.
> If that is the case it would be a good idea to raise another JIRA
> issue so that the need for a long term solution isn't forgotten.
I think the exact nature of a long term solution that reduces the
number of "helper" gbeans needs quite a bit of thought and discussion
that might be better done on the dev list... not sure. Anyway I don't
have a firm idea yet what I would want such a Jira issue to say :-) If
you have an idea, please go ahead.
>
> Should we be aiming to have a long term solution in place before we
> get to a 1.0 release so that security plans will be upwardly
> compatible?
Lets take a look at the xml I will be proposing shortly and discuss how
well it works. I think it might provide a usable "user interface" to
either the current implementation or a hypothetical one based on some
kind of list of references.
thanks!
david jencks
>
> John
>
> This e-mail message and any attachments may contain confidential,
> proprietary or non-public information. This information is intended
> solely for the designated recipient(s). If an addressing or
> transmission error has misdirected this e-mail, please notify the
> sender immediately and destroy this e-mail. Any review,
> dissemination, use or reliance upon this information by unintended
> recipients is prohibited. Any opinions expressed in this e-mail are
> those of the author personally.
>
> "David Jencks (JIRA)" <de...@geronimo.apache.org> wrote on 30/04/2005
> 07:31:57 AM:
>
> > [ http://issues.apache.org/jira/browse/GERONIMO-639?page=all ]
> >
> > David Jencks closed GERONIMO-639:
> > ---------------------------------
> >
> > Resolution: Fixed
> > Fix Version: 1.0-M4
> >
> > fixed in geronimo rev 165344 and in openejb using the "lots of
> > little linked gbeans" solution.
> >
> > > GenericSecurityRealm doesn't express its gbean dependencies
> > > -----------------------------------------------------------
> > >
> > > Key: GERONIMO-639
> > > URL: http://issues.apache.org/jira/browse/GERONIMO-639
> > > Project: Geronimo
> > > Type: Bug
> > > Components: security
> > > Versions: 1.0-M3
> > > Reporter: David Jencks
> > > Assignee: David Jencks
> > > Fix For: 1.0-M4
> >
> > >
> > > A GenericSecurityRealm depends on a bunch of LoginModuleGBeans to
> > express the login modules that must be logged into to log into the
> > realm. Currently these are listed by gbean name + other info in a
> > properties file format. This does nothing to assure that the login
> > modules are in fact started before the GSR is started, although the
> > LMs are used in the GSR constructor.
> > > Sometimes the GSR will start, but the same configuration sometimes
> > will not start due to system variations in gbean start order.
> > > One solution is to make a LoginModule holder gbean that forms a
> > linked list of gbeans, similar to the JettyFilterMapping. This can
> > be implemented easily with no core changes, but it results in a
> > profusion of gbeans that do almost nothing.
> > > Another possible solution is to introduce a core gbean feature
> > that lets you have something like an ordered list of explicit
> > references, all of which must be started for the gbean to start.
> > This would be of more general use but would require some thought to
> > figure out the best functionality.
> >
> > --
> > This message is automatically generated by JIRA.
> > -
> > If you think it was sent incorrectly contact one of the
> administrators:
> > http://issues.apache.org/jira/secure/Administrators.jspa
> > -
> > For more information on JIRA, see:
> > http://www.atlassian.com/software/jira
> >
Re: [jira] Closed: (GERONIMO-639) GenericSecurityRealm doesn't express its
gbean dependencies
Posted by si...@insession.com.
I have got the impression from the mail discussions that this is a
temporary solution. If that is the case it would be a good idea to raise
another JIRA issue so that the need for a long term solution isn't
forgotten.
Should we be aiming to have a long term solution in place before we get to
a 1.0 release so that security plans will be upwardly compatible?
John
This e-mail message and any attachments may contain confidential,
proprietary or non-public information. This information is intended
solely for the designated recipient(s). If an addressing or transmission
error has misdirected this e-mail, please notify the sender immediately
and destroy this e-mail. Any review, dissemination, use or reliance upon
this information by unintended recipients is prohibited. Any opinions
expressed in this e-mail are those of the author personally.
"David Jencks (JIRA)" <de...@geronimo.apache.org> wrote on 30/04/2005
07:31:57 AM:
> [ http://issues.apache.org/jira/browse/GERONIMO-639?page=all ]
>
> David Jencks closed GERONIMO-639:
> ---------------------------------
>
> Resolution: Fixed
> Fix Version: 1.0-M4
>
> fixed in geronimo rev 165344 and in openejb using the "lots of
> little linked gbeans" solution.
>
> > GenericSecurityRealm doesn't express its gbean dependencies
> > -----------------------------------------------------------
> >
> > Key: GERONIMO-639
> > URL: http://issues.apache.org/jira/browse/GERONIMO-639
> > Project: Geronimo
> > Type: Bug
> > Components: security
> > Versions: 1.0-M3
> > Reporter: David Jencks
> > Assignee: David Jencks
> > Fix For: 1.0-M4
>
> >
> > A GenericSecurityRealm depends on a bunch of LoginModuleGBeans to
> express the login modules that must be logged into to log into the
> realm. Currently these are listed by gbean name + other info in a
> properties file format. This does nothing to assure that the login
> modules are in fact started before the GSR is started, although the
> LMs are used in the GSR constructor.
> > Sometimes the GSR will start, but the same configuration sometimes
> will not start due to system variations in gbean start order.
> > One solution is to make a LoginModule holder gbean that forms a
> linked list of gbeans, similar to the JettyFilterMapping. This can
> be implemented easily with no core changes, but it results in a
> profusion of gbeans that do almost nothing.
> > Another possible solution is to introduce a core gbean feature
> that lets you have something like an ordered list of explicit
> references, all of which must be started for the gbean to start.
> This would be of more general use but would require some thought to
> figure out the best functionality.
>
> --
> This message is automatically generated by JIRA.
> -
> If you think it was sent incorrectly contact one of the administrators:
> http://issues.apache.org/jira/secure/Administrators.jspa
> -
> For more information on JIRA, see:
> http://www.atlassian.com/software/jira
>