geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Deployment error in Geronimo v2.1 with security elements in web-xml
Date Mon, 12 Jan 2009 09:34:11 GMT
Hi Gary,

After some thought we decided that if someone went to the trouble to  
include security constraints in their web.xml we should assume that  
they really want their app secured and to refuse to deploy it if the  
non standard parts of the security configuration are missing from the  
geronimo plan.  In this way it is harder to accidentally deploy your  
app without security.

The additional information you need in the geronimo plan is the name  
of a security realm to use for logins and the mapping information  
between principals added to the Subject security identity by the login  
modules and the application level roles used in the security  
constraints.

I don't see any good documentation on how to set this up but there is  
a little bit of info at the end of this page:

http://cwiki.apache.org/GMOxDOC22/configuring-run-as-and-default-subjects-and-principal-role-mapping.html

What might be more useful is an example to look at such as this one  
from our integration testsuite:

https://svn.apache.org/repos/asf/geronimo/server/trunk/testsuite/security-testsuite/test-security/src/main/webapp/WEB-INF/geronimo-web.xml

thanks
david jencks




On Jan 11, 2009, at 2:24 PM, Gary Marshall wrote:

> Hello all:
> I am trying to deploy application app01a from Budi Kurniawan's book  
> Struts 2 Design and Programming - A Tutorial.  You can download the   
> app01a application here: http://jtute.com.  Click on "Book Code  
> Download"  then Struts 2 Design and Programming: A Tutorial.
>
> Here is the Deployment Descriptor (web.xml) file provided in this app:
>  <?xml version="1.0" encoding="ISO-8859-1"?>
> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
> xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd

> " xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd

> " version="2.5">
> <servlet>
> <servlet-name>Controller</servlet-name>
> <servlet-class>app01a.ControllerServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>Controller</servlet-name>
> <url-pattern>*.action</url-pattern>
> </servlet-mapping>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>JSPs</web-resource-name>
> <url-pattern>/jsp/*</url-pattern>
> </web-resource-collection>
> <auth-constraint/>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> </login-config>
> </web-app>
> As you can see there exists a <security-constraint> element.  When I  
> try to deploy this app in my Geronimo v2.1, I get this error:
>
> web.xml for web app default/app01a/1.0/car includes security  
> elements but Geronimo deployment plan is not provided or does not  
> contain <security-realm-name> element necessary to configure  
> security accordingly.
> org.apache.geronimo.common.DeploymentException: web.xml for web app  
> default/app01a/1.0/car includes security elements but Geronimo  
> deployment plan is not provided or does not contain <security-realm- 
> name> element necessary to configure security accordingly.
>  at  
> org 
> .apache 
> .geronimo 
> .web25 
> .deployment 
> .AbstractWebModuleBuilder 
> .basicInitContext(AbstractWebModuleBuilder.java:349)
>  at  
> org 
> .apache 
> .geronimo 
> .tomcat 
> .deployment.TomcatModuleBuilder.initContext(TomcatModuleBuilder.java: 
> 330)
>  at  
> org 
> .apache 
> .geronimo 
> .j2ee 
> .deployment 
> .SwitchingModuleBuilder.initContext(SwitchingModuleBuilder.java:159)
>  at  
> org 
> .apache 
> .geronimo 
> .j2ee 
> .deployment 
> .EARConfigBuilder.buildConfiguration(EARConfigBuilder.java:595)
>  at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:254)
>  at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:133)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  at  
> sun 
> .reflect 
> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>  at  
> sun 
> .reflect 
> .DelegatingMethodAccessorImpl 
> .invoke(DelegatingMethodAccessorImpl.java:25)
>  at java.lang.reflect.Method.invoke(Method.java:597)
>  at  
> org 
> .apache 
> .geronimo 
> .gbean 
> .runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java: 
> 34)
>  at  
> org 
> .apache 
> .geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
>  at  
> org 
> .apache 
> .geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:867)
>  at  
> org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java: 
> 239)
>  at  
> org 
> .apache 
> .geronimo 
> .deployment 
> .plugin 
> .local.AbstractDeployCommand.doDeploy(AbstractDeployCommand.java:116)
>  at  
> org 
> .apache 
> .geronimo 
> .deployment 
> .plugin.local.DistributeCommand.run(DistributeCommand.java:61)
>  at java.lang.Thread.run(Thread.java:619)
> I have tried Google searches to try and find out how to get around  
> this error.  I found one posting that showed what looked like this  
> was fixed in an earlier version of G.  I would like to keep the  
> <security-constraint> element if at all possible.
>
> Can somebody please assist?  Is this fixed in the version of G that  
> I have?  Is there a workaround or should I just take out the  
> <security-constraint> element?  Do I need some kind of deployment  
> plan that I have to add to my G installation?
>
> Thanks to all for your time.
>
> Gary
>


Mime
View raw message