geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Forrest Xia (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
Date Tue, 10 Mar 2009 05:56:50 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680384#action_12680384
] 

Forrest Xia commented on GERONIMO-4553:
---------------------------------------

Some tries on this jira, here are my understandings and findings:
1. Actually geronimo default security realm(used by admin console and other modules) is named
"geronimo-admin", not "geronimo-realm". It is created via system module "org.apache.geronimo.framework/server-security-config//car".

2. Noticed David's proposed instruction to replace a default realm, I do not figure out a
way to substitue it with a new generated duplicate-named "geronimo-admin". Because the default
geronimo security realm "geronimo-admin" is created via "org.apache.geronimo.framework/server-security-config//car".
The default "geronimo-admin" realm is not a standalone module and to be replacable via artifact
alias method.
3. Joe's patch just fix the case when the security realm is a standalone module, it cannot
stop creation of duplicate-named security realm when it's not a standalone module.
4. If this JIRA's goal is to make admin console shows some error message(whenever a security
realm name is duplicated in standalone or not standalone) same as those in the server.log,
I don't think current patch reaches that goal. 
However, if the goal is to allow user creating a self-defined security realm duplicate-named
"geronimo-admin", then use it to replace the default geronimo one to login admin console(or
for other module use). I think we might need to make "geronimo-admin" realm separated from
"server-security-config" module first, then use artifact alias method to substitute it.

Any thoughts? thanks!

> Admin console does not show error when creating duplicate security realm
> ------------------------------------------------------------------------
>
>                 Key: GERONIMO-4553
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4553
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console, security
>    Affects Versions: 2.1.4, 2.2
>            Reporter: David Jencks
>            Assignee: Joe Bohn
>             Fix For: 2.1.4, 2.2
>
>
> If you create a security realm with a duplicate name (such as geronimo-admin) using the
admin console, everything appears to work in the ui however the command line console shows
the error:
> 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception
> java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already
registered
>         at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112)
>         at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97)
>         at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102)
>         at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96)
>         at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180)
>         at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538)
>         at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377)
>         at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:456)
>         at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:190)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:546)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:527)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34)
>         at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:815)
>         at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>         at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>         at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>         at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$150f4df4.startConfiguration(<generated>)
>         at org.apache.geronimo.deployment.plugin.local.StartCommand.run(StartCommand.java:67)
>         at java.lang.Thread.run(Thread.java:613)
> IMO we should allow users to create such duplicate realms but not try to start them but
rather show instructions on how to substitute their realm for the existing one, namely:
> - edit var/config/config.xml to have load="false" for the plugin with the existing security
realm
> - edit var/config/artifact-aliases.properties to use the new plugin instead of the old
plugin
> - edit var/config/config.xml to start the new plugin (this is probably unnecessary as
the new one will probably be started due to dependencies)
> I tried this on trunk and a user found it on 2.1.2.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message