geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Woods (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-1642) Deployment plan namespace validation
Date Wed, 16 May 2007 21:32:16 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-1642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12496412
] 

Donald Woods commented on GERONIMO-1642:
----------------------------------------

Hmmmm - this patch is causing a build time failure in client-security.  Will have to look
into it more before committing....

[INFO] -------------------------------------------------------------------------
---
[INFO] Building Geronimo Configs :: J2EE Client Security
[INFO]    task-segment: [install]
[INFO] -------------------------------------------------------------------------
---
[INFO] [enforcer:enforce {execution: default}]
[INFO] [tools:copy-legal-files {execution: install-legal-files}]
[INFO] Created dir: E:\g20\g20\configs\client-security\target\classes\META-INF
[INFO] Copying 2 files to E:\g20\g20\configs\client-security\target\classes\META
-INF
[INFO] [resources:resources]
[INFO] Using default encoding to copy filtered resources.
[INFO] [car:prepare-plan]
[INFO] Generated: E:\g20\g20\configs\client-security\target\plan\plan.xml
[INFO] [car:package]
[INFO] Packaging module configuration: E:\g20\g20\configs\client-security\target
\plan\plan.xml
[INFO] ------------------------------------------------------------------------
[ERROR] BUILD ERROR
[INFO] ------------------------------------------------------------------------
[INFO] org.apache.xmlbeans.XmlException: Cannot find desiredElement "application" with namespace={http://geronimo.apache.org/xml/ns/j2ee/application-1.2}
in plan=
<!--Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
    this work for additional information regarding copyright ownership.
    The ASF licenses this file to You under the Apache License, Version 2.0
    (the "License"); you may not use this file except in compliance with
    the License.  You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.-->
<!--$Rev: 480572 $ $Date: 2006-11-29 09:01:50 -0500 (Wed, 29 Nov 2006) $-->
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
  <!--required-->
  <environment>
    <moduleId>
      <groupId>org.apache.geronimo.configs</groupId>
      <artifactId>client-security</artifactId>
      <version>2.0-SNAPSHOT</version>
      <type>car</type>
    </moduleId>
    <dependencies>
      <dependency>
        <groupId>org.apache.geronimo.configs</groupId>
        <artifactId>client</artifactId>
        <type>car</type>
      </dependency>
      <dependency>
        <groupId>org.apache.geronimo.modules</groupId>
        <artifactId>geronimo-security</artifactId>
        <version>2.0-SNAPSHOT</version>
        <type>jar</type>
        <import>classes</import>
      </dependency>
    </dependencies>
    <hidden-classes/>
    <non-overridable-classes/>
  </environment>
  <gbean name="SecurityService" class="org.apache.geronimo.security.SecurityServ
iceImpl">
    <reference name="ServerInfo">
      <name>ServerInfo</name>
    </reference>
    <attribute name="policyConfigurationFactory">org.apache.geronimo.security.ja
cc.GeronimoPolicyConfigurationFactory</attribute>
    <attribute name="policyProvider">org.apache.geronimo.security.jacc.GeronimoP
olicy</attribute>
    <attribute name="keyStore">var/security/clientcert.jks</attribute>
    <attribute name="keyStorePassword">changeit</attribute>
    <attribute name="trustStore">var/security/clientcert.jks</attribute>
    <attribute name="trustStorePassword">changeit</attribute>
  </gbean>
  <!--required-->
  <gbean name="LoginConfiguration" class="org.apache.geronimo.security.jaas.Gero
nimoLoginConfiguration">
    <references name="Configurations">
      <pattern>
        <type>SecurityRealm</type>
      </pattern>
      <pattern>
        <type>ConfigurationEntry</type>
      </pattern>
    </references>
  </gbean>
  <!--use for app client: logs into server remotely-->
  <gbean name="ServerLoginStubDCE" class="org.apache.geronimo.security.jaas.Dire
ctConfigurationEntry">
    <attribute name="applicationConfigName">server-login</attribute>
    <attribute name="controlFlag">REQUIRED</attribute>
    <reference name="Module">
      <name>ServerLoginCoordinator</name>
    </reference>
  </gbean>
  <gbean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.
LoginModuleGBean">
    <attribute name="loginModuleClass">org.apache.geronimo.security.jaas.client.
JaasLoginCoordinator</attribute>
    <attribute name="serverSide">false</attribute>
    <attribute name="options">host=localhost
            port=4242
            realm=geronimo-admin</attribute>
    <attribute name="loginDomainName">geronimo-admin</attribute>
  </gbean>
  <!--useful for corba: logs into a local realm, and server must reauthenticate
each call-->
  <gbean name="client-properties-realm" class="org.apache.geronimo.security.real
m.GenericSecurityRealm">
    <attribute name="realmName">client-properties-realm</attribute>
    <xml-reference name="LoginModuleConfiguration">
      <lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-1
.2">
        <lc:login-module control-flag="REQUIRED" server-side="true" wrap-princip
als="true">
          <lc:login-domain-name>client-properties-realm</lc:login-domain-name>
          <lc:login-module-class>org.apache.geronimo.security.realm.providers.Pr
opertiesFileLoginModule</lc:login-module-class>
          <lc:option name="usersURI">var/security/users.properties</lc:option>
          <lc:option name="groupsURI">var/security/groups.properties</lc:option>

        </lc:login-module>
        <lc:login-module control-flag="REQUIRED" server-side="true" wrap-princip
als="true">
          <lc:login-domain-name>default</lc:login-domain-name>
          <lc:login-module-class>org.apache.geronimo.security.jaas.NamedUPCreden
tialLoginModule</lc:login-module-class>
          <lc:option name="org.apache.geronimo.jaas.NamedUPCredentialLoginModule
.Name">default</lc:option>
        </lc:login-module>
      </lc:login-config>
    </xml-reference>
    <reference name="ServerInfo">
      <name>ServerInfo</name>
    </reference>
    <reference name="LoginService">
      <name>JaasLoginService</name>
    </reference>
  </gbean>
  <!--this is really a server-side only gbean but its needed to make the client
side GenericSecurityRealm work-->
  <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.server
.JaasLoginService">
    <reference name="Realms">
      <name>client-properties-realm</name>
    </reference>
    <!--<attribute name="reclaimPeriod">100000</attribute>-->
    <attribute name="algorithm">HmacSHA1</attribute>
    <attribute name="password">secret</attribute>
  </gbean>
  <gbean name="KeystoreManager" class="org.apache.geronimo.security.keystore.Fil
eKeystoreManager">
    <attribute name="keystoreDir">var/security/keystores</attribute>
    <reference name="ServerInfo">
      <name>ServerInfo</name>
    </reference>
    <references name="KeystoreInstances">
      <pattern>
        <type>Keystore</type>
      </pattern>
    </references>
  </gbean>
  <gbean name="geronimo-default" class="org.apache.geronimo.security.keystore.Fi
leKeystoreInstance">
    <attribute name="keystoreName">geronimo-default</attribute>
    <attribute name="keystorePath">var/security/keystores/geronimo-default</attr
ibute>
    <attribute name="keystorePassword">secret</attribute>
    <attribute name="keyPasswords">geronimo=secret</attribute>
    <reference name="ServerInfo">
      <name>ServerInfo</name>
    </reference>
  </gbean>
</module>


> Deployment plan namespace validation
> ------------------------------------
>
>                 Key: GERONIMO-1642
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-1642
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: deployment, OpenEJB, web
>    Affects Versions: 1.1
>            Reporter: Aaron Mulder
>         Assigned To: Donald Woods
>            Priority: Critical
>             Fix For: 2.0-M6
>
>         Attachments: namespace1642.patch
>
>
> When you deploy with a geronimo deployment plan packaged in the archive, but it has the
wrong namespace, the file is ignored.  If anything, you get a message saying the plan is required,
or that the archive is not a WAR/JAR/etc.  We should have special detection for geronimo-application.xml,
geronimo-ra.xml, geronimo-web.xml, and openejb-jar.xml that notices if the file is present
but has the wrong namespace, and prints a suggestive WARN or ERROR message to the console.
 Probably for the application.xml, web.xml, ra.xml, and ejb-jar.xml too.
> People have asked for help on the mailing list several times recently when they had this
(bad namespace) problem.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message