You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-dev@jakarta.apache.org by Jason Harrop <jh...@bigpond.net.au> on 2001/01/23 16:10:22 UTC
SlideRealm twins
Hi
I'd like to run 2 different SlideRealms at once, so that i can have 2
completely different sets of users using distinct webapps.
Both the webapps use slide, but with different domains, so the
Domain.xml file for each of these realms needs to be different.
I understand that i can achieve this by putting a slide.properties file
on my classpath, and invoking tomcat twice (listening on different
ports), with a separate classpath each time. This means editing the
classpath in catalina.sh though.
Wouldn't it be nicer if we could specify the domainConfigFile as an
attribute on the SlideRealm <Realm> element in server.xml? If
SlideRealm was being used, org.apache.slide.util.Configuration could
then look in this fourth place for the configuration file (overriding
all the others). Then i wouldn't need to edit tomcat's classpath, and i
wouldn't need 2 instances of it either!
If this makes sense, let me know and i'll have a go.
Thanks
Jason
Re: SlideRealm twins
Posted by Remy Maucherat <re...@apache.org>.
> Yep i saw that in Domain.java. Yes, there are extra stores running
> (hell there are extra copies of each webapp running - one in each
> instance of tomcat), but its not too bad - someone with a username in
> slide realm #1 intended to access namespace #1 could potentially access
> namespace #2 (if the credentials token for the relevant principal
> allowed them to). but they've got to know it is running on the port
> used by that instance of tomcat. if they do do something in namespace
> #2, well, we're using persistent stores, so their changes end up
> affecting the same physical things.
Having only two namespaces in one single VM wouldn't really solve that : you
still have to know the name of the namespace.
If you think on demand loading could be useful, I can add it on my todo
list.
> > I also still don't see any way to make the realm deployment any easier.
Note
> > that it's not just the SlideRealm, but any external realm that Catalina
> > would want to use (unless the realm has no dependencies, which makes
> > everything easier all of a sudden, but that's highly unlikely, IMO).
>
> what do you mean by "no dependencies" please Remy?
If your realm doesn't need any additional libraries (except Catalina, the
JDK and its installed extensions, and the servlet API).
Remy
Re: SlideRealm twins
Posted by Jason Harrop <jh...@bigpond.net.au>.
Remy Maucherat wrote:
> Hi Jason,
>
> Sorry for not answering before.
>
Not a worry in the world ;)
>
>> I've looked at this some more, and now i think that the way to achieve
>> my intended result is with a single Domain.xml file with 2 namespaces in
>
> it.
>
>> All that seems to be required is that the server.xml container name (as
>> returned by Container.getName()) match the namespace name used in
>> Domain.xml.
>>
>> There would then be two ways to use 2 distinct namespaces:
>>
>> 1) Define the realms at the Host level in Catalina's server.xml - single
>> instance of Tomcat, but multiple hosts
>
>
> I guess that would be the right thing to do.
I'm doing approach 2 below for now, so i don't have to set up a virtual
host.
>
>> 2) Two instances of Tomcat, two server.xml files each with a realm at
>> the engine level. Each server.xml file would have a unique name
>> attribute for the engine, and its connector would have to be listening
>> on a separate port.
>
>
> Do you plan to run the two Tomcat in the same VM, or diffrent VMs ?
They're running in different VMs
> I just got your second email. When it initializes, the domain initializes
> all the namespaces (I didn't want to bother with any on demand init or
> anything). In your case, that looks bad :(
Yep i saw that in Domain.java. Yes, there are extra stores running
(hell there are extra copies of each webapp running - one in each
instance of tomcat), but its not too bad - someone with a username in
slide realm #1 intended to access namespace #1 could potentially access
namespace #2 (if the credentials token for the relevant principal
allowed them to). but they've got to know it is running on the port
used by that instance of tomcat. if they do do something in namespace
#2, well, we're using persistent stores, so their changes end up
affecting the same physical things.
> I also still don't see any way to make the realm deployment any easier. Note
> that it's not just the SlideRealm, but any external realm that Catalina
> would want to use (unless the realm has no dependencies, which makes
> everything easier all of a sudden, but that's highly unlikely, IMO).
what do you mean by "no dependencies" please Remy?
thanks
Jason
> Remy
Re: SlideRealm twins
Posted by Remy Maucherat <re...@apache.org>.
Hi Jason,
Sorry for not answering before.
> I've looked at this some more, and now i think that the way to achieve
> my intended result is with a single Domain.xml file with 2 namespaces in
it.
>
> All that seems to be required is that the server.xml container name (as
> returned by Container.getName()) match the namespace name used in
> Domain.xml.
>
> There would then be two ways to use 2 distinct namespaces:
>
> 1) Define the realms at the Host level in Catalina's server.xml - single
> instance of Tomcat, but multiple hosts
I guess that would be the right thing to do.
> 2) Two instances of Tomcat, two server.xml files each with a realm at
> the engine level. Each server.xml file would have a unique name
> attribute for the engine, and its connector would have to be listening
> on a separate port.
Do you plan to run the two Tomcat in the same VM, or diffrent VMs ?
I just got your second email. When it initializes, the domain initializes
all the namespaces (I didn't want to bother with any on demand init or
anything). In your case, that looks bad :(
I also still don't see any way to make the realm deployment any easier. Note
that it's not just the SlideRealm, but any external realm that Catalina
would want to use (unless the realm has no dependencies, which makes
everything easier all of a sudden, but that's highly unlikely, IMO).
Remy
Re: SlideRealm twins - registers extra data sources
Posted by Jason Harrop <jh...@bigpond.net.au>.
Jason Harrop wrote:
> I've looked at this some more, and now i think that the way to achieve
> my intended result is with a single Domain.xml file with 2 namespaces in
> it.
>
> All that seems to be required is that the server.xml container name (as
> returned by Container.getName()) match the namespace name used in
> Domain.xml.
>
> There would then be two ways to use 2 distinct namespaces:
>
> 1) Define the realms at the Host level in Catalina's server.xml - single
> instance of Tomcat, but multiple hosts
>
> 2) Two instances of Tomcat, two server.xml files each with a realm at
> the engine level. Each server.xml file would have a unique name
> attribute for the engine, and its connector would have to be listening
> on a separate port.
Executing:
bin/startup.sh -config conf/server-myNamespace1.xml
yields the log:
Wed, 24 Jan 2001 14:02:36 GMT+11:00 - default - INFO - Auto-Initializing
Domain
Wed, 24 Jan 2001 14:02:36 GMT+11:00 - default - INFO - Domain
configuration : {org.apache.slide.security=true}
Wed, 24 Jan 2001 14:02:37 GMT+11:00 - default - INFO - Initializing Domain
Wed, 24 Jan 2001 14:02:37 GMT+11:00 - default - INFO - Domain
configuration : {org.apache.slide.security=true}
Wed, 24 Jan 2001 14:02:37 GMT+11:00 - default - INFO - Initializing
namespace : myNamespace1
Wed, 24 Jan 2001 14:02:37 GMT+11:00 - default - INFO - Loading namespace
definition
Wed, 24 Jan 2001 14:02:37 GMT+11:00 - default - INFO - Registering Data
Source name persistent of class class
org.apache.slide.store.StandardStore with parameters {} on scope /
Wed, 24 Jan 2001 14:02:37 GMT+11:00 - default - INFO - Initializing
service org.apache.slide.store.StandardStore@15e82c85
Wed, 24 Jan 2001 14:02:37 GMT+11:00 - default - INFO - Loading namespace
myNamespace1 base data
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Namespace base
configuration was already done before
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Loading namespace
myNamespace1 configuration
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Namespace
configuration complete
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Initializing
namespace : myNamespace2
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Loading namespace
definition
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Registering Data
Source name persistent of class class
org.apache.slide.store.StandardStore with parameters {} on scope /
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Initializing
service org.apache.slide.store.StandardStore@719d2c86
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Loading namespace
myNamespace2 base data
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Namespace base
configuration was already done before
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Loading namespace
myNamespace2 configuration
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Namespace
configuration complete
Wed, 24 Jan 2001 14:02:38 GMT+11:00 - default - INFO - Domain
initialization complete
Starting service org.apache.catalina.core.StandardService@3122ac85
Apache Tomcat/4.0-m5
-- you can see it initialises both namespaces, instead of just the one
named in the tomcat config file (in this case, SmartRepository). this
is what we expect from org.apache.slide.common.Domain.java
Next, starting the other instance of tomcat by executing:
bin/startup.sh -config conf/server-myNamespace2.xml
yields the log:
Wed, 24 Jan 2001 14:02:51 GMT+11:00 - default - INFO - Auto-Initializing
Domain
Wed, 24 Jan 2001 14:02:51 GMT+11:00 - default - INFO - Domain
configuration : {org.apache.slide.security=true}
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Initializing Domain
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Domain
configuration : {org.apache.slide.security=true}
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Initializing
namespace : myNamespace1
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Loading namespace
definition
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Registering Data
Source name persistent of class class
org.apache.slide.store.StandardStore with parameters {} on scope /
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Initializing
service org.apache.slide.store.StandardStore@5eb62c8c
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Loading namespace
myNamespace1 base data
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Namespace base
configuration was already done before
Wed, 24 Jan 2001 14:02:52 GMT+11:00 - default - INFO - Loading namespace
myNamespace1 configuration
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Namespace
configuration complete
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Initializing
namespace : myNamespace2
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Loading namespace
definition
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Registering Data
Source name persistent of class class
org.apache.slide.store.StandardStore with parameters {} on scope /
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Initializing
service org.apache.slide.store.StandardStore@3aea2c8f
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Loading namespace
myNamespace2 base data
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Namespace base
configuration was already done before
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Loading namespace
myNamespace2 configuration
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Namespace
configuration complete
Wed, 24 Jan 2001 14:02:53 GMT+11:00 - default - INFO - Domain
initialization complete
Starting service org.apache.catalina.core.StandardService@7ad6ac8c
Apache Tomcat/4.0-m5
So Domain.java is performing initNamespace on a namespace which
shouldn't be able to be used.
cheers,
Jason
> I'm going to try the second approach now...
>
> cheers,
>
> Jason
>
Re: SlideRealm twins
Posted by Jason Harrop <jh...@bigpond.net.au>.
I've looked at this some more, and now i think that the way to achieve
my intended result is with a single Domain.xml file with 2 namespaces in it.
All that seems to be required is that the server.xml container name (as
returned by Container.getName()) match the namespace name used in
Domain.xml.
There would then be two ways to use 2 distinct namespaces:
1) Define the realms at the Host level in Catalina's server.xml - single
instance of Tomcat, but multiple hosts
2) Two instances of Tomcat, two server.xml files each with a realm at
the engine level. Each server.xml file would have a unique name
attribute for the engine, and its connector would have to be listening
on a separate port.
I'm going to try the second approach now...
cheers,
Jason
Jason Harrop wrote:
> Hi
>
> I'd like to run 2 different SlideRealms at once, so that i can have 2
> completely different sets of users using distinct webapps.
>
> Both the webapps use slide, but with different domains, so the
> Domain.xml file for each of these realms needs to be different.
>
> I understand that i can achieve this by putting a slide.properties file
> on my classpath, and invoking tomcat twice (listening on different
> ports), with a separate classpath each time. This means editing the
> classpath in catalina.sh though.
>
> Wouldn't it be nicer if we could specify the domainConfigFile as an
> attribute on the SlideRealm <Realm> element in server.xml? If
> SlideRealm was being used, org.apache.slide.util.Configuration could
> then look in this fourth place for the configuration file (overriding
> all the others). Then i wouldn't need to edit tomcat's classpath, and i
> wouldn't need 2 instances of it either!
>
> If this makes sense, let me know and i'll have a go.
>
> Thanks
>
> Jason