geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@savoirtech.com>
Subject Did we jump the gun on the console?
Date Wed, 10 Aug 2005 19:46:52 GMT
When we moved the console out to the main build and had it launch 
automatically, I found some major issues.

It does not work with Tomcat.

Upon initial launch, Tomcat complains about the fact that there are 
servlet mappings in the console's web.xml that don't have any servlets.

Upon further investigation, sure enough, the following servlet mappings 
are invalid in the console-standard web.xml:

DerbyUsers
DerbyGroups
CertManager

This meant that Jetty was not being compliant and testing for this, so I 
opened GERONIMO-872.

Second, we ended up with a security issue where the references realm is 
not matching the application name.  I discussed this in a previous 
thread...and that I believe we need to follow the standard according to 
Sun on how we name our realms according to application name (See 
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/LoginConfigFile.html).

In the mean time I hacked up the Tomcat that if it sees a 
security-realm-name and it does not have an ancestor named this way, it 
will create a TomcatJAASRealm adapter and name it appropriately.  I have 
not checked it in...yet...I would like to hear from others on this. 
This is a big discussion and we need to make some decisions.  IMHO, this 
is a hack...and we need to look at the root of the problem.

Now to the main issue...

I implore the entire team, that before moving any main web based 
component into G from sandbox, that it is tested on *both* Jetty and 
Tomcat.  This was clearly not tested and it has some nasty bugaboos in 
it, including, but not limited to hard coded Jetty references in the 
console code. See the following for details:

ObjectNameConstants.java
AJP13ConnectorPortlet.java
HttpConnectorPortlet.java
HttpsConnectorPortlet.java
WebManagerPortlet.java

IMHO, this should never have left sandbox until these issues were worked 
out.  As it stands...Tomcat spews when deploying the console.

I blame myself as I had the opportunity to -1 the move, but I did not 
take the time to try it myself.  I would just appreciate it if we could 
all make this part of our process when we play with web based code and 
test both containers.

I can use some help in fixing this up.

Thanks...and sorry for the frustrated tone.

Jeff

Mime
View raw message