geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <djen...@gluecode.com>
Subject Re: GBean Last Startup
Date Wed, 27 Apr 2005 17:25:05 GMT

On Apr 27, 2005, at 9:12 AM, Mark wrote:

> David Jencks wrote:
>
>>
>> On Apr 26, 2005, at 9:06 PM, David Blevins wrote:
>>
>>> On Tue, Apr 26, 2005 at 11:16:16PM -0400, Mark wrote:
>>>
>>>> Hi all,
>>>>
>>>> I have a need to start Geronimo as the root user under Solaris and 
>>>> then
>>>> once it’s started switch the effective user of the process to a user
>>>> with fewer privileges. Part of the requirement is to allow Geronimo 
>>>> to
>>>> startup using ports lower than 1024. Once all the server sockets 
>>>> have
>>>> been created the process user can be switched.
>>>>
>>>> Does the Geronimo kernel have the ability to load a GBean last? I am
>>>> thinking that I could create a GBean to perform the user switch. If 
>>>> this
>>>> GBean was started last, then I would know that Tomcat, Jetty, 
>>>> OpenEJB
>>>> and other server services would have already initialized their 
>>>> server
>>>> sockets.
>>>>
>>>> Alternatively, I could create a GBean that has a collection or 
>>>> reference
>>>> to other network service GBeans. Once I get this reference, I know 
>>>> the
>>>> kernel has loaded the GBeans, but I may not know their status 
>>>> (started,
>>>> stopped or waiting). I’ve noticed that in GBeanInstance, there is a
>>>> magic attribute to get a GBeans state.
>>>>
>>>> Sound possible or am I way off here?
>>>>
>>>
>>> You could take the code from the maven-geronimo-plugin and expand off
>>> the waitForStarted goal which is basically just code that blocks 
>>> till the
>>> configuration you are waiting for starts.
>>>
>>> -David
>>
>>
>> that will work if the code you want to wait is in a different process 
>> than the gbean you are waiting for.
>> If you want a gbean to start after some others in a single kernel the 
>> best way is to have dependencies on them.
>>
>> Depending on a configuration does not guarantee that all gbeans in 
>> the configuration will have been started: the framework will have 
>> tried to start them at least once, but if a contained gbean depends 
>> on a non-existent or non-started gbean the configuration will start 
>> anyway.
>>
>> I'm not exactly sure what you are trying to do here or how you plan 
>> to do it.  If you open a socket on a reserved port as root and then 
>> change user won't there be a time during which connections will be 
>> accepted and code from the accepted request run as root?  Is this a 
>> security hole?
>>
>> thanks
>> david jencks
>>
> Correct, there will be time between when the server sockets are 
> created and the last GBean is executed that switches the effective 
> user id.    The difference between Geronimo and what I have is that I 
> can create all my server sockets, block them, make the user switch and 
> then allow incomming connections.  However, the GBeans running in 
> Geronimo can create their own server sockets and start accepting 
> connections when they determine they are ready to accept them.
> If I could set a ServerSocket factory for java.net.ServerSocket then I 
> could at least create the server sockets in a suspended state until 
> the OS user switch has occurred.
>
> Its possible that Geronimo could create all instances of ServerSockets 
> in the constructor for a GBean and then use the life cycle method 
> doStart() to accept the incomming connections.  The user switch could 
> happen on the last GBean to be constructed.  I am assuming that the 
> kernel would then invoke the doStart().
>
> Mark
>

I may not understand exactly what you are proposing but I think it 
won't work :-)  When a gbean is started, the constructor is called, all 
the attributes and references not present as constructor args are set, 
and doStart() is called before the framework goes on to another gbean.

Here's what I think you can do:

1. create a gbean that sets the ServerSocketFactory in its constructor. 
  Include the xml for an instance of this gbean in system-plan.xml.  
There isn't really any good way of preventing other stuff from starting 
if starting this gbean fails, but I don't see why it would fail.  
(there is an "anonymous dependency" feature request that would be able 
to prevent other stuff from starting, but it's not implemented yet)

2. jetty etc start, but won't get requests due to your custom 
ServerSocketFactory

3. create a gbean with individual dependencies on each service  that 
creates a ServerSocket.  It will get started after all these services 
create their (blocked) ServerSockets.  This gbean can switch users and 
enable the ServerSockets.

I'm wondering if at least the gbean for (1) might be of general use?  
If so, we might want to extend it to a "server socket factory gbean" 
that you'd call to get a ServerSocket and see if we can modify jetty 
etc to use it.  I really don't know how useful this would be.  Any 
ideas?

thanks
david jencks


Mime
View raw message