geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
Date Tue, 10 Mar 2009 16:50:50 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680535#action_12680535
] 

David Jencks commented on GERONIMO-4553:
----------------------------------------

I haven't looked at what joe's patch does yet.

My goal at this point is mostly to nofity the user that there is a problem that needs further
investigation when a duplicate security realm name is defined.  Supplying them with hints
about how to fix it would be even better.  IMO however we can't automatically fix the problem
they have caused.  On the other hand we do need to let them create a duplicate realm because
they may need to switch from one to another.  After doing so, they will have to edit some
configuration files by hand.    We could try to automate switching but I don't think it is
worth the effort because it is too likely that the user will be left with no way at all to
log on as the old realm has stopped and the new one not started in case of any error.

Forrest-- server-security-config is designed to contain everything you will want to change
if you want to customize the admin security for geronimo.  As such it should not have anything
removed.  We might want to create a way of creating a plugin with everything that is in server-security-config
from the console.

For trunk I actually have a different plan in mind.  I think we should make the security realms
scoped to the ancestor plugins of whatever needs the realm, just like we do with gbean searches
for references.  When I first worked on the code I didn't realize it was possible to pass
the LoginConfiguration in to the LoginContext constructor; however we can use this to prevent
interference between realms.

> Admin console does not show error when creating duplicate security realm
> ------------------------------------------------------------------------
>
>                 Key: GERONIMO-4553
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4553
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console, security
>    Affects Versions: 2.1.4, 2.2
>            Reporter: David Jencks
>            Assignee: Joe Bohn
>             Fix For: 2.1.4, 2.2
>
>
> If you create a security realm with a duplicate name (such as geronimo-admin) using the
admin console, everything appears to work in the ui however the command line console shows
the error:
> 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception
> java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already
registered
>         at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112)
>         at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97)
>         at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102)
>         at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96)
>         at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180)
>         at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538)
>         at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377)
>         at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:456)
>         at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:190)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:546)
>         at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:527)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34)
>         at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130)
>         at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:815)
>         at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>         at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>         at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>         at org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$150f4df4.startConfiguration(<generated>)
>         at org.apache.geronimo.deployment.plugin.local.StartCommand.run(StartCommand.java:67)
>         at java.lang.Thread.run(Thread.java:613)
> IMO we should allow users to create such duplicate realms but not try to start them but
rather show instructions on how to substitute their realm for the existing one, namely:
> - edit var/config/config.xml to have load="false" for the plugin with the existing security
realm
> - edit var/config/artifact-aliases.properties to use the new plugin instead of the old
plugin
> - edit var/config/config.xml to start the new plugin (this is probably unnecessary as
the new one will probably be started due to dependencies)
> I tried this on trunk and a user found it on 2.1.2.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message