You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2006/05/10 00:24:33 UTC
svn commit: r405556 - in /geronimo/branches/1.1/configs:
client-corba/src/plan/plan.xml j2ee-corba/project.xml
j2ee-corba/src/plan/plan.xml
Author: djencks
Date: Tue May 9 15:24:28 2006
New Revision: 405556
URL: http://svn.apache.org/viewcvs?rev=405556&view=rev
Log:
GERONIMO-1893 fix corba module startup problems by supplied keystore properties. Comment out sample css/tss beans
Modified:
geronimo/branches/1.1/configs/client-corba/src/plan/plan.xml
geronimo/branches/1.1/configs/j2ee-corba/project.xml
geronimo/branches/1.1/configs/j2ee-corba/src/plan/plan.xml
Modified: geronimo/branches/1.1/configs/client-corba/src/plan/plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/configs/client-corba/src/plan/plan.xml?rev=405556&r1=405555&r2=405556&view=diff
==============================================================================
--- geronimo/branches/1.1/configs/client-corba/src/plan/plan.xml (original)
+++ geronimo/branches/1.1/configs/client-corba/src/plan/plan.xml Tue May 9 15:24:28 2006
@@ -23,24 +23,47 @@
-->
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
+ <gbean name="CORBASystemProperties" class="org.apache.geronimo.system.properties.SystemProperties">
+ <attribute name="systemProperties">
+ javax.rmi.CORBA.UtilClass=org.openejb.corba.util.UtilDelegateImpl
+ org.openejb.corba.UtilDelegateClass=com.sun.corba.se.internal.POA.ShutdownUtilDelegate
+ org.omg.CORBA.ORBSingletonClass=com.sun.corba.se.internal.corba.ORBSingleton
+ org.omg.CORBA.ORBClass=org.openejb.corba.sunorb.OpenEJBORB
+ javax.rmi.CORBA.PortableRemoteObjectClass=com.sun.corba.se.internal.javax.rmi.PortableRemoteObject
+ javax.net.ssl.keyStorePassword=secret
+ javax.net.ssl.trustStorePassword=secret
+ </attribute>
+ <attribute name="systemPathProperties">
+ javax.net.ssl.keyStore=var/security/keystores/geronimo-default
+ javax.net.ssl.trustStore=var/security/keystores/geronimo-default
+ </attribute>
+
+ <reference name="ServerInfo">
+ <name>ServerInfo</name>
+ </reference>
+ </gbean>
+
<gbean name="DyanmicStubClassLoader" class="org.openejb.corba.util.DynamicStubClassLoader"/>
<gbean name="Server" class="org.openejb.corba.CORBABean">
<reference name="ThreadPool">
- <module>geronimo/client/${pom.currentVersion}/car</module>
<name>DefaultThreadPool</name>
</reference>
- <reference name="SecurityService">
- <module>*</module>
- <name>SecurityService</name>
- </reference>
<!-- PlanORBSSLPort was 9683-->
- <attribute name="args">-ORBPort, ${PlanORBSSLPort}, -ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
+ <attribute name="args">-ORBPort, ${PlanORBSSLPort}, -ORBInitRef,
+ NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
<attribute name="props">
com.sun.CORBA.ORBServerHost=${PlanORBSSLHost}
</attribute>
+ <dependency>
+ <name>SecurityService</name>
+ </dependency>
+ <dependency>
+ <name>CORBASystemProperties</name>
+ </dependency>
</gbean>
-
+<!-- a few sample css beans for the app client -->
+ <!--
<gbean name="SSLClientCert" class="org.openejb.corba.CSSBean">
<reference name="ThreadPool">
<module>geronimo/client/${pom.currentVersion}/car</module>
@@ -57,7 +80,8 @@
<css:compoundSecMechTypeList>
<css:compoundSecMech>
<css:SSL>
- <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
+ <css:supports>Integrity Confidentiality EstablishTrustInTarget
+ EstablishTrustInClient</css:supports>
<css:requires></css:requires>
</css:SSL>
</css:compoundSecMech>
@@ -69,7 +93,8 @@
<css:compoundSecMechTypeList>
<css:compoundSecMech>
<css:SSL>
- <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
+ <css:supports>Integrity Confidentiality EstablishTrustInTarget
+ EstablishTrustInClient</css:supports>
<css:requires>Integrity Confidentiality EstablishTrustInClient</css:requires>
</css:SSL>
<css:sasMech>
@@ -97,7 +122,8 @@
<css:compoundSecMechTypeList>
<css:compoundSecMech>
<css:SSL>
- <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
+ <css:supports>Integrity Confidentiality EstablishTrustInTarget
+ EstablishTrustInClient</css:supports>
<css:requires></css:requires>
</css:SSL>
</css:compoundSecMech>
@@ -112,7 +138,7 @@
<css:supports>Integrity Confidentiality EstablishTrustInClient</css:supports>
<css:requires>Integrity Confidentiality</css:requires>
</css:SSL>
- <css:GSSUPDynamic domain="default" />
+ <css:GSSUPDynamic domain="default"/>
<css:sasMech>
<css:ITTAbsent/>
</css:sasMech>
@@ -139,7 +165,8 @@
<css:compoundSecMechTypeList>
<css:compoundSecMech>
<css:SSL>
- <css:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</css:supports>
+ <css:supports>Integrity Confidentiality EstablishTrustInTarget
+ EstablishTrustInClient</css:supports>
<css:requires></css:requires>
</css:SSL>
</css:compoundSecMech>
@@ -147,5 +174,5 @@
</css:css>
</xml-attribute>
</gbean>
-
+ -->
</module>
Modified: geronimo/branches/1.1/configs/j2ee-corba/project.xml
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/configs/j2ee-corba/project.xml?rev=405556&r1=405555&r2=405556&view=diff
==============================================================================
--- geronimo/branches/1.1/configs/j2ee-corba/project.xml (original)
+++ geronimo/branches/1.1/configs/j2ee-corba/project.xml Tue May 9 15:24:28 2006
@@ -71,6 +71,15 @@
</dependency>
<dependency>
<groupId>geronimo</groupId>
+ <artifactId>j2ee-security</artifactId>
+ <version>${geronimo_version}</version>
+ <type>car</type>
+ <properties>
+ <geronimo.import>true</geronimo.import>
+ </properties>
+ </dependency>
+ <dependency>
+ <groupId>geronimo</groupId>
<artifactId>geronimo-system</artifactId>
<version>${geronimo_version}</version>
</dependency>
@@ -131,11 +140,6 @@
<dependency>
<groupId>geronimo</groupId>
<artifactId>geronimo-transaction</artifactId>
- <version>${geronimo_version}</version>
- </dependency>
- <dependency>
- <groupId>geronimo</groupId>
- <artifactId>geronimo-security</artifactId>
<version>${geronimo_version}</version>
</dependency>
<dependency>
Modified: geronimo/branches/1.1/configs/j2ee-corba/src/plan/plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.1/configs/j2ee-corba/src/plan/plan.xml?rev=405556&r1=405555&r2=405556&view=diff
==============================================================================
--- geronimo/branches/1.1/configs/j2ee-corba/src/plan/plan.xml (original)
+++ geronimo/branches/1.1/configs/j2ee-corba/src/plan/plan.xml Tue May 9 15:24:28 2006
@@ -19,32 +19,11 @@
<!-- $Rev$ $Date$ -->
<!--
-Configuration for corba on a Geronimo serverl, including client and target security examples.
- parentId="${pom.groupId}/j2ee-server/${pom.currentVersion}/car"
-
+Configuration for corba on a Geronimo server, including client and target security examples.
-->
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
- <environment>
- <moduleId>
- <groupId>geronimo</groupId>
- <artifactId>j2ee-corba</artifactId>
- <version>${geronimo_version}</version>
- <type>car</type>
- </moduleId>
- <dependencies>
- <dependency>
- <groupId>geronimo</groupId>
- <artifactId>j2ee-security</artifactId>
- <type>car</type>
- <import>services</import>
- </dependency>
- </dependencies>
- <hidden-classes/>
- <non-overridable-classes/>
- </environment>
-
- <gbean name="SystemProperties" class="org.apache.geronimo.system.properties.SystemProperties">
+ <gbean name="CORBASystemProperties" class="org.apache.geronimo.system.properties.SystemProperties">
<attribute name="systemProperties">
javax.rmi.CORBA.UtilClass=org.openejb.corba.util.UtilDelegateImpl
org.openejb.corba.UtilDelegateClass=com.sun.corba.se.internal.POA.ShutdownUtilDelegate
@@ -54,8 +33,17 @@
javax.net.ssl.keyStorePassword=secret
javax.net.ssl.trustStorePassword=secret
</attribute>
+ <attribute name="systemPathProperties">
+ javax.net.ssl.keyStore=var/security/keystores/geronimo-default
+ javax.net.ssl.trustStore=var/security/keystores/geronimo-default
+ </attribute>
+
+ <reference name="ServerInfo">
+ <name>ServerInfo</name>
+ </reference>
</gbean>
+
<!-- CORBA -->
<gbean name="DynamicORBStubClassLoader" class="org.openejb.corba.util.DynamicStubClassLoader">
<dependency>
@@ -79,12 +67,6 @@
<reference name="ThreadPool">
<name>DefaultThreadPool</name>
</reference>
- <reference name="NameService">
- <name>NameServer</name>
- </reference>
- <reference name="SecurityService">
- <name>SecurityService</name>
- </reference>
<attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
<attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
<xml-attribute name="tssConfig">
@@ -111,24 +93,29 @@
<dependency>
<name>SystemProperties</name>
</dependency>
+ <dependency>
+ <name>NameServer</name>
+ </dependency>
+ <dependency>
+ <name>SecurityService</name>
+ </dependency>
</gbean>
- <gbean name="SSLClientCert" class="org.openejb.corba.TSSBean">
- <attribute name="POAName">SSLClientCert</attribute>
- <reference name="Server">
- <name>Server</name>
+ <!-- orb with no security whatsoever -->
+ <gbean name="UnprotectedServer" class="org.openejb.corba.CORBABean">
+ <reference name="ThreadPool">
+ <name>DefaultThreadPool</name>
</reference>
+ <attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
+ <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
<xml-attribute name="tssConfig">
<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
<tss:default-principal>
<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
</tss:default-principal>
- <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
- <tss:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>
- <tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
- </tss:SSL>
<tss:compoundSecMechTypeList>
<tss:compoundSecMech>
+ <tss:GSSUP required="true" targetName="default"/>
<tss:sasMech>
<tss:identityTokenTypes>
<tss:ITTAbsent/>
@@ -139,12 +126,24 @@
</tss:tss>
</xml-attribute>
<dependency>
+ <type>CORBABean</type>
+ <name>Server</name>
+ </dependency>
+ <dependency>
<name>SystemProperties</name>
</dependency>
+ <dependency>
+ <name>NameServer</name>
+ </dependency>
+ <dependency>
+ <name>SecurityService</name>
+ </dependency>
</gbean>
- <gbean name="SSLClientPassword" class="org.openejb.corba.TSSBean">
- <attribute name="POAName">SSLClientPassword</attribute>
+<!-- tss bean examples, specify requirements for connection to orb. Provide a ref in an ejb -->
+ <!--
+ <gbean name="SSLClientCert" class="org.openejb.corba.TSSBean">
+ <attribute name="POAName">SSLClientCert</attribute>
<reference name="Server">
<name>Server</name>
</reference>
@@ -154,12 +153,11 @@
<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
</tss:default-principal>
<tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
- <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
- <tss:requires>Integrity Confidentiality</tss:requires>
+ <tss:supports>Integrity Confidentiality EstablishTrustInTarget EstablishTrustInClient</tss:supports>
+ <tss:requires>Integrity Confidentiality EstablishTrustInClient</tss:requires>
</tss:SSL>
<tss:compoundSecMechTypeList>
<tss:compoundSecMech>
- <tss:GSSUP required="true" targetName="default"/>
<tss:sasMech>
<tss:identityTokenTypes>
<tss:ITTAbsent/>
@@ -169,13 +167,10 @@
</tss:compoundSecMechTypeList>
</tss:tss>
</xml-attribute>
- <dependency>
- <name>SystemProperties</name>
- </dependency>
</gbean>
- <gbean name="SSLIdentityToken" class="org.openejb.corba.TSSBean">
- <attribute name="POAName">SSLIdentityToken</attribute>
+ <gbean name="SSLClientPassword" class="org.openejb.corba.TSSBean">
+ <attribute name="POAName">SSLClientPassword</attribute>
<reference name="Server">
<name>Server</name>
</reference>
@@ -190,12 +185,10 @@
</tss:SSL>
<tss:compoundSecMechTypeList>
<tss:compoundSecMech>
+ <tss:GSSUP required="true" targetName="default"/>
<tss:sasMech>
<tss:identityTokenTypes>
- <tss:ITTAnonymous/>
- <tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
- <tss:ITTDistinguishedName/>
- <tss:ITTX509CertChain/>
+ <tss:ITTAbsent/>
</tss:identityTokenTypes>
</tss:sasMech>
</tss:compoundSecMech>
@@ -207,30 +200,28 @@
</dependency>
</gbean>
- <!-- orb with no security whatsoever -->
- <gbean name="UnprotectedServer" class="org.openejb.corba.CORBABean">
- <reference name="ThreadPool">
- <name>DefaultThreadPool</name>
- </reference>
- <reference name="NameService">
- <name>NameServer</name>
- </reference>
- <reference name="SecurityService">
- <name>SecurityService</name>
+ <gbean name="SSLIdentityToken" class="org.openejb.corba.TSSBean">
+ <attribute name="POAName">SSLIdentityToken</attribute>
+ <reference name="Server">
+ <name>Server</name>
</reference>
- <attribute name="args">-ORBInitRef, NameService=corbaloc::${PlanCOSNamingHost}:${PlanCOSNamingPort}/NameService</attribute>
- <attribute name="configAdapter">org.openejb.corba.sunorb.SunORBConfigAdapter</attribute>
<xml-attribute name="tssConfig">
<tss:tss xmlns:tss="http://www.openejb.org/xml/ns/corba-tss-config-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1">
<tss:default-principal>
<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="guest"/>
</tss:default-principal>
+ <tss:SSL port="${PlanORBSSLPort}" hostname="${PlanORBSSLHost}">
+ <tss:supports>Integrity Confidentiality EstablishTrustInTarget</tss:supports>
+ <tss:requires>Integrity Confidentiality</tss:requires>
+ </tss:SSL>
<tss:compoundSecMechTypeList>
<tss:compoundSecMech>
- <tss:GSSUP required="true" targetName="default"/>
<tss:sasMech>
<tss:identityTokenTypes>
- <tss:ITTAbsent/>
+ <tss:ITTAnonymous/>
+ <tss:ITTPrincipalNameGSSUP principal-class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
+ <tss:ITTDistinguishedName/>
+ <tss:ITTX509CertChain/>
</tss:identityTokenTypes>
</tss:sasMech>
</tss:compoundSecMech>
@@ -238,10 +229,6 @@
</tss:tss>
</xml-attribute>
<dependency>
- <type>CORBABean</type>
- <name>Server</name>
- </dependency>
- <dependency>
<name>SystemProperties</name>
</dependency>
</gbean>
@@ -307,8 +294,9 @@
<name>SystemProperties</name>
</dependency>
</gbean>
-
+-->
<!--CSS beans for client security. These specify what the client is willing to provide -->
+ <!--
<gbean name="SSLClientCert" class="org.openejb.corba.CSSBean">
<reference name="ThreadPool">
<name>DefaultThreadPool</name>
@@ -574,5 +562,5 @@
<name>SystemProperties</name>
</dependency>
</gbean>
-
+-->
</module>