geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul McMahan" <paulmcma...@gmail.com>
Subject Re: RTC Certification Authority (CA) portlet
Date Mon, 13 Nov 2006 22:06:38 GMT
Great work!! This patch represents a tremendous amount of effort and I
am excited about seeing this new functionality in Geronimo.  I am not
a security expert so I'm not able to comment on some of the more
technical aspects of this new feature.  But from a high level I
understand what is being provided and am in favor of it being made
available to Geronimo users.

Here are a few questions and comments:
-  nice job on the UI
-  the copyright headers should be updated per GERONIMO-2537  (I think
this applies to JSPs as well but I am not sure)
-  the helper application does not define any security constraints in
its web.xml.  I think a constraint is needed since the application
affects the server's security
-  the helper application is not started by default.  is that intentional?

I'm not totally clear on why this feature was implemented partly as a
web application and partly as an admin portlet.  Since CA activities
are not core to the management of the application server per se it
seems like an ideal candidate to implement entirely as a pair of web
applications that can be installed as plugins.  If its possible to
refactor the CA portion into a webapp without sacrificing too much
time/effort then I'm highly favor of that approach.

But I may be overlooking some important aspect of the design or just
need to broaden my view of what the admin console is used for.  So if
the current implementation remains as is then here are some additional
comments about the CA portlet:
-  the portlet title in the console's navigation area wraps
"Certifcation Authority".  Can a non-breaking space (&nbsp;) be used
in the title? if not then can it be shortened?
-  the CA portlet issues warnings, which I think are benign but can
probably be avoided.  they look like:
[BasicProxyManager] Could not load interface org.apache.geron
imo.security.ca.GeronimoCertificationAuthority in provided ClassLoader for org.a
pache.geronimo.configs/j2ee-security/1.2-SNAPSHOT/car?ServiceModule=org.apache.g
eronimo.configs/j2ee-security/1.2-SNAPSHOT/car,j2eeType=CertificationAuthority,n
ame=geronimo-ca
(see GERONIMO-2007)

Again, great work on this new feature and I look forward to seeing it
being made available to Geronimo users!

Best wishes,
Paul

On 11/9/06, Vamsavardhana Reddy <c1vamsi1c@gmail.com> wrote:
> Hi Paul,
>
>  Yes, I intend to make this available in 1.2.  Please review whenever it is
> possible for you..
>
>  Thanks,
>  Vamsi
>
> On 11/9/06, Paul McMahan <paulmcmahan@gmail.com> wrote:
> > I definitely plan to take a look at this but I have a couple of items
> > to finish up on first.  Do you intend to make this available in 1.2?
> >
> > Best wishes,
> > Paul
> >
> > On 11/8/06, Vamsavardhana Reddy < c1vamsi1c@gmail.com> wrote:
> > > I have posted a patch to "GERONIMO-2413 Add a Certification Authority
> (CA)
> > > portlet to Geronimo console".  The patch contains CA portlet and CA
> Helper
> > > application.  JIRA comment provides a few instructions on  a minimal
> > > (end-to-end setup of CA and the helper application) task that can be
> > > performed using the portlet.  Please take time to review the patch, try
> the
> > > CA portlet and the helper application.
> > >
> > >  Thanks,
> > >  vamsi
> > >  PS: JIRA also has patch for branches\1.1 .  This patch is only intended
> for
> > > those who want to try the portlet in 1.1.x.
> > >
> >
>
>

Mime
View raw message