geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Re: RTC Certification Authority (CA) portlet
Date Tue, 14 Nov 2006 09:23:41 GMT
Paul,

Thank you for reviewing the CA portlet and providing your comments.  My
response to your queries and comments:

o  On the UI, I did my best.  I have tested the page navigation etc and it
seems to be ok.  There may be some minor issues which I am not aware of.
Those will be addressed as they surface.
o  Copyright headers will be updated before the patch is committed.
o  The helper application is a reference application.  In producton, ideally
it should be running on HTTPS and some of the pages like, request
certificate and download certificate should have restricted access based on
userid, password, etc.
o  The helper application should be started only after completing the CA
initialization part.
o  Regarding making this as a portlet in Console, I wanted to take advantage
of the framework we already have in console UI and spend more time on the CA
functionality.
o  Portlet title will be changed so that it won't wrap.
o  I will take a look at GERONIMO-2007 to take care of the BasicProxyManager
warnings.

Regards,
Vamsi

On 11/14/06, Paul McMahan <paulmcmahan@gmail.com> wrote:
>
> Great work!! This patch represents a tremendous amount of effort and I
> am excited about seeing this new functionality in Geronimo.  I am not
> a security expert so I'm not able to comment on some of the more
> technical aspects of this new feature.  But from a high level I
> understand what is being provided and am in favor of it being made
> available to Geronimo users.
>
> Here are a few questions and comments:
> -  nice job on the UI
> -  the copyright headers should be updated per GERONIMO-2537  (I think
> this applies to JSPs as well but I am not sure)
> -  the helper application does not define any security constraints in
> its web.xml.  I think a constraint is needed since the application
> affects the server's security
> -  the helper application is not started by default.  is that intentional?
>
> I'm not totally clear on why this feature was implemented partly as a
> web application and partly as an admin portlet.  Since CA activities
> are not core to the management of the application server per se it
> seems like an ideal candidate to implement entirely as a pair of web
> applications that can be installed as plugins.  If its possible to
> refactor the CA portion into a webapp without sacrificing too much
> time/effort then I'm highly favor of that approach.
>
> But I may be overlooking some important aspect of the design or just
> need to broaden my view of what the admin console is used for.  So if
> the current implementation remains as is then here are some additional
> comments about the CA portlet:
> -  the portlet title in the console's navigation area wraps
> "Certifcation Authority".  Can a non-breaking space (&nbsp;) be used
> in the title? if not then can it be shortened?
> -  the CA portlet issues warnings, which I think are benign but can
> probably be avoided.  they look like:
> [BasicProxyManager] Could not load interface org.apache.geron
> imo.security.ca.GeronimoCertificationAuthority in provided ClassLoader for
> org.a
> pache.geronimo.configs/j2ee-security/1.2-SNAPSHOT/car?ServiceModule=
> org.apache.g
> eronimo.configs
> /j2ee-security/1.2-SNAPSHOT/car,j2eeType=CertificationAuthority,n
> ame=geronimo-ca
> (see GERONIMO-2007)
>
> Again, great work on this new feature and I look forward to seeing it
> being made available to Geronimo users!
>
> Best wishes,
> Paul
>
> On 11/9/06, Vamsavardhana Reddy <c1vamsi1c@gmail.com> wrote:
> > Hi Paul,
> >
> >  Yes, I intend to make this available in 1.2.  Please review whenever it
> is
> > possible for you..
> >
> >  Thanks,
> >  Vamsi
> >
> > On 11/9/06, Paul McMahan <paulmcmahan@gmail.com> wrote:
> > > I definitely plan to take a look at this but I have a couple of items
> > > to finish up on first.  Do you intend to make this available in 1.2?
> > >
> > > Best wishes,
> > > Paul
> > >
> > > On 11/8/06, Vamsavardhana Reddy < c1vamsi1c@gmail.com> wrote:
> > > > I have posted a patch to "GERONIMO-2413 Add a Certification
> Authority
> > (CA)
> > > > portlet to Geronimo console".  The patch contains CA portlet and CA
> > Helper
> > > > application.  JIRA comment provides a few instructions on  a minimal
> > > > (end-to-end setup of CA and the helper application) task that can be
> > > > performed using the portlet.  Please take time to review the patch,
> try
> > the
> > > > CA portlet and the helper application.
> > > >
> > > >  Thanks,
> > > >  vamsi
> > > >  PS: JIRA also has patch for branches\1.1 .  This patch is only
> intended
> > for
> > > > those who want to try the portlet in 1.1.x.
> > > >
> > >
> >
> >
>

Mime
View raw message