Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@geronimo.apache.org
Received-SPF: pass (athena.apache.org: domain of jaydmchugh@gmail.com
 designates 64.233.166.180 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding;
        b=ZDzZ/1AkDWJ0Bsl+KBb4rIAD7fpWvZkSxlzg33bg1URzxcVLXUvXgnBDetfJF+3uffRq8o7HCxzakQaAAGm/6FAgeQYmEm9ZoadCbBWjAQWvwCcyNs3keQyX1v3FNDa599fRwvJDcrxdvnt7eoiouqpVD7dK69m1LHj0CeRCoTM=
Message-ID: <47BB8BE3.70507@gmail.com>
Date: Tue, 19 Feb 2008 20:09:39 -0600
From: "Jay D. McHugh" <jaydmchugh@gmail.com>
User-Agent: Thunderbird 2.0.0.9 (X11/20071031)
MIME-Version: 1.0
To: dev@geronimo.apache.org
Subject: Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in
 Plugins portlet
References: <326162684.1203456763344.JavaMail.jira@brutus>
 <47BB4F1D.5090806@earthlink.net> <47BB718D.7070905@gmail.com>
 <47BB8787.6090906@earthlink.net>
In-Reply-To: <47BB8787.6090906@earthlink.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Joe,

I went one revision id newer than the one that you previously built 
(just so the artifact names would be different).

I agree that we need to keep an eye on Pluto.  I think (I may be wrong 
though) that we will want to keep track of what is going on with the 2.0 
version (trunk) because that is where the 'pluggable' feature was 
added.  Also, that is where the new jsr-286 spec is being fleshed out.

There have not been any releases against Pluto trunk yet - and when I 
tried to build it over the weekend, the build hit an error (I don't 
remember what though).

Jay

Joe Bohn wrote:
> Yes, I think this is a good short-term solution (as I mentioned 
> below).  However I think we still need a longer term solution since it 
> appears that pluto is building on a new base.
>
> Are you planning to pull in additional fixes or are you building the 
> same level of Pluto that I built earlier?  ...  I'm not sure if they 
> even applied any additional maintenance to the old trunk before they 
> created the tag ... have you checked?
>
> Joe
>
>
> Jay D. McHugh wrote:
>> Hey Joe (and everyone else),
>>
>> I took a look at both the trunk and 1.1.* branches of Pluto and they 
>> have not (or at least -appear- to have not) gotten around to 
>> implementing the same 'secure portlet page' functionality that was in 
>> 1.0.x.
>>
>> But, I tried a suggestion that was on one of the Pluto mailing list 
>> of simply commenting out the throwing of the exception (the only 
>> thing that the setSecure() method does is throw an exception saying 
>> that setSecure is not implemented).
>>
>> In my testing, the https protocol is being carried along to the 
>> successive pages though - so until Pluto does implement (or we submit 
>> a patch for) secure portlet pages - It seems to me that we at least 
>> need a functioning console.  Once Pluto trunk or a release begins 
>> supporting secure portlet pages - then we can get back onto an 
>> unmodified copy.
>>
>> I am in the middle of running through a full build with tests before 
>> committing a new pinned version of Pluto.
>>
>> Does anyone have any other thoughts before I do my commit?
>>
>> Jay
>>
>>
>> Joe Bohn wrote:
>>> Hi Jay,
>>>
>>> Do you have a fix in mind for this issue?  I had started to look 
>>> into it.  Here's what I discovered so far:
>>>
>>> 1)  Pluto has essentially dropped the 1.2 release.  This was 
>>> formerly their trunk.  It has now been saved to a tag in favor of a 
>>> new trunk that is the merger of the 286 portlet work and the 1.1.* 
>>> base.  I do not know if this code base has the necessary 
>>> infrastructure (ie. spring based portal driver) that we require for 
>>> the pluggable console.
>>>
>>> 2) The new Pluto trunk (2.0-SNAPSHOT) is substantially different 
>>> primarily because of the inclusion of the JSR-286 work.  A quick 
>>> attempt to just replace the pluto version in our build resulted in 
>>> some build failures in Geronimo.
>>>
>>> 3) The issue we are hitting with the PortletSecurityException was 
>>> discussed on the pluto dev list here: 
>>> http://www.nabble.com/Pluto-1.1.2-vs-1.1.4-td14194243.html
>>>
>>>    So, one possible fix would be to make some of the changes 
>>> recommended in on the pluto dev thread above in our private build. 
>>> However, this now concerns me because it means that we are 
>>> continuing to build on a base that it seems Pluto has recently 
>>> abandoned.
>>>    The other alternative would be to attempt to move to 2.0-SNAPSHOT 
>>> or 1.1.5-SNAPSHOT assuming we can work out any challenges these 
>>> releases bring, they have the necessary fix for the 
>>> PortletSecurityException, and they contain the necessary portal 
>>> driver structure for our pluggable console support.  This is 
>>> certainly not a quick fix but gets us on a more stable base.
>>>
>>> Joe
>>>
>>>
>>>
>>> Jay D. McHugh (JIRA) wrote:
>>>>      [ 
>>>> https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel 
>>>> ]
>>>>
>>>> Jay D. McHugh reassigned GERONIMO-3855:
>>>> ---------------------------------------
>>>>
>>>>     Assignee: Jay D. McHugh
>>>>
>>>>> PortletSecurityException in Plugins portlet
>>>>> -------------------------------------------
>>>>>
>>>>>                 Key: GERONIMO-3855
>>>>>                 URL: 
>>>>> https://issues.apache.org/jira/browse/GERONIMO-3855
>>>>>             Project: Geronimo
>>>>>          Issue Type: Bug
>>>>>      Security Level: public(Regular issues)          Components: 
>>>>> console
>>>>>    Affects Versions: 2.1
>>>>>            Reporter: Paul McMahan
>>>>>            Assignee: Jay D. McHugh
>>>>>
>>>>> Cannot take any actions in the Plugins portlet.
>>>>> Recreate:
>>>>> Go to the Plugins portlet in the admin console
>>>>> Click any action-- "Update Repository List" or "Add Repository" or 
>>>>> "Export a Plugin" or "Assemble a Server"
>>>>> Note the exception:
>>>>> javax.servlet.ServletException: 
>>>>> javax.portlet.PortletSecurityException: No Supported
>>>>>     
>>>>> org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:116) 
>>>>>
>>>>>     
>>>>> org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) 
>>>>>
>>>>>     javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
>>>>>     javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>>>>> root cause
>>>>> javax.portlet.PortletSecurityException: No Supported
>>>>>     
>>>>> org.apache.pluto.driver.services.container.PortletURLProviderImpl.setSecure(PortletURLProviderImpl.java:67) 
>>>>>
>>>>>     
>>>>> org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:261) 
>>>>>
>>>>>     
>>>>> org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:112) 
>>>>>
>>>>>     
>>>>> org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) 
>>>>>
>>>>>     javax.servlet.http.HttpServlet.service(HttpServlet.java:713)
>>>>>     javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
>>>>
>>>
>>
>>
>