Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 68600 invoked from network); 23 Jun 2009 05:55:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 23 Jun 2009 05:55:44 -0000 Received: (qmail 4005 invoked by uid 500); 23 Jun 2009 05:55:54 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 3890 invoked by uid 500); 23 Jun 2009 05:55:54 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 3882 invoked by uid 99); 23 Jun 2009 05:55:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Jun 2009 05:55:54 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [98.136.44.61] (HELO smtp106.prem.mail.sp1.yahoo.com) (98.136.44.61) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 23 Jun 2009 05:55:44 +0000 Received: (qmail 19709 invoked from network); 23 Jun 2009 05:55:21 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-Id:From:To:In-Reply-To:Content-Type:Mime-Version:Subject:Date:References:X-Mailer; b=pnwxnyrjrxwPeIwNFkh7qZwqmodI0Ln3VQ8vg8ZTDI81yJBOTvjImSIaKz6zYQTA7g8btxHzQeuHkJZ2AK2NaQw8PHMCZuwkxdq0r1gKaPiW4AHKqL60XhRwffNXnbHte4ok9YrT8GsZ90hLYYPVj4bWlZX2BJ7QH0mAfafRjv0= ; Received: from 076-076-148-215.pdx.net (david_jencks@76.76.148.215 with plain) by smtp106.prem.mail.sp1.yahoo.com with SMTP; 22 Jun 2009 22:55:19 -0700 PDT X-Yahoo-SMTP: .9oIUzyswBANsYgUm_5uPui0skTnzGJXJQ-- X-YMail-OSG: DB6_3MMVM1n1LgUnB9LpImTA_R9xu7cgjRRJ9fgMywyKB6LmySv1vpw4NNxbtVs9iTmUUB6u.U2Z4o40VL3rEefeYLnOqxryj.RkWqwQRyZUnHgKL6VD005TSWx.4YE6szf5M1KRh7OHoLDTWvh0DOM1l68_EHcWn0d7Ja15gvaCwCYBj6s_Yqp2xFwn.FjhaY89xUcJzxbWJxorFnFVoBJIAqfBaIV01ikJGh32yMWO0ejjSTclkBIXpcyAEnb56FrgZMcW7v7lNbk0cutDbLG5B2_Xd4MTNMrhUdzd8ECmc9C8jCacpwNIqaTRMLWx_9oXy66nQPn6fnOZwDzZ X-Yahoo-Newman-Property: ymail-3 Message-Id: From: David Jencks To: dev@geronimo.apache.org In-Reply-To: <45f744e40906222127i2345113eob41b9d3fcd579abf@mail.gmail.com> Content-Type: multipart/alternative; boundary=Apple-Mail-17--1006137435 Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Re: Possible for G to directly consume a Tomcat server config w/o changes? Date: Mon, 22 Jun 2009 22:55:18 -0700 References: <4A11BBDB.1010101@gmail.com> <5e7fd1eb0906182331v7da1e556wd9004dd872e1864f@mail.gmail.com> <143F9322-C86C-47F9-96F8-E961209524C2@gmail.com> <45f744e40906190851j23cf49bam2b9f5d382dc86f25@mail.gmail.com> <81284BB7-4C41-455B-9928-24922EEA4A09@yahoo.com> <45f744e40906192118v1a791806q8559bdf712bf30eb@mail.gmail.com> <45f744e40906212220k24889bbdiba8af69fada93dd5@mail.gmail.com> <45f744e40906220212k47b7d365va5d15822d7b58d9b@mail.gmail.com> <45f744e40906222127i2345113eob41b9d3fcd579abf@mail.gmail.com> X-Mailer: Apple Mail (2.935.3) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail-17--1006137435 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Jun 22, 2009, at 9:27 PM, Ivan wrote: > After checking the current changes to the realm, in the past, we > will set the geronimo-admin for the Engine, which means that all the > web-apps belong to the Engine will use the realm setting from its > parent if no setting is set for those web-apps. Currently, the realm > for the Engine is remained for Tomcat's default setting, which uses > users.xml. > So far, I did not see any effect to our existing console > applications, I am not sure whether we need to recover it. IMO, keep > the current way is better. Any comment ? Unless I've forgotten something only the jacc realms that are specifically configured for a particular application hook into the geronimo security system. So I don't expect anyone to use any other realms, and what the default realm is doesn't make a lot of difference. thanks david jencks > Ivan > > 2009/6/22 Ivan > > > 2009/6/22 David Jencks > > On Jun 21, 2009, at 10:20 PM, Ivan wrote: > >> >> >> 2009/6/22 David Jencks >> >> On Jun 19, 2009, at 9:18 PM, Ivan wrote: >> >>> Currently, what I can see are >>> 1. Recover those configurations that we used for Tomcat in the >>> server.xml >> >> For connectors, I may have done most of this in my work for (3).... >> could use some checking. I'd also like to see if I can make the >> tomcat connectors use our thread pool -- a new feature I've wanted >> for years :-) >> >>> 2. Update the console codes, and decide whether we need to keep >>> the functions like add/remove connectors. If keep, the way we do >>> it is to add/remove ConnectorGBean or to marshall/remarshall >>> server.xml. >>> 3. Make those settings in the server.xml not hardcoded. >> >> I implemented this here, not sure if I'll get it committed today or >> tomorrow > > I committed this in rev 787153. I exposed the replacement code the > local attribute manager uses. I'm thinking of modifying the > activemq integration to use this method instead of spring property > substitution. > > Native support from Geronimo for the subsitution is better, for > ActiveMQ integration, IIRC, maybe a bit extra work needs, for i add > some extra properties to the property configuration, which are not > contained in the config-substitution. > >> >>> 4. Recover those GBeans that console/other components used, such >>> as AccessLogValve etc. >> >> Maybe the AccessLogValve can fish its valve out of the server like >> the engine gbean now does? >> >> I will try to do it, Valve is a bit different with the Engine, >> for it has no name attribute, and Engine/Host all could hold to a >> list of them. >> My way is to use the "seq" to identify it, like what it is done >> by its object name. > > Looking forward to seeing this! > > DONE with At revision: 787174. > BTW, I guess that we also need to look at the realm setting for > Tomcat. > > thanks > david jencks > >> >> thanks >> david jencks >> >> >>> I would like to work at parts of them, if we have decided to >>> import this feature in 2.2. And I suggest that we open a JIRA for >>> each of them, so that we could track them clearly. >>> Thanks ! >>> Ivan >>> >>> 2009/6/20 David Jencks >>> After fixing the HostGBean in web app plan problem I don't have a >>> very clear idea of what's missing here. If one of you do could >>> you please list in detail what needs to be done? >>> >>> thanks >>> david jencks >>> >>> On Jun 19, 2009, at 8:51 AM, Ivan wrote: >>> >>>> It is easy to add the SSL connector, the things that Jack concens >>>> is that, how do the changes affect other components, I think. >>>> Ivan >>>> >>>> 2009/6/19 Kevan Miller >>>> >>>> On Jun 19, 2009, at 2:31 AM, Jack Cai wrote: >>>> >>>> Looks like this is going be a piece of non-trivial work. >>>> Considering that we are going for a 2.2 release, should we re- >>>> evaluate whether this feature should be in 2.2? My gut feeling is >>>> no. We should really stablize the code and resovle TCK issues. >>>> >>>> If it's *hard* to add the SSL connector configuration, then >>>> something is clearly wrong. Personally, I'd be pretty interested >>>> in seeing this type of support in 2.2. The more Tomcat apps/ >>>> configurations that just run on Geronimo, the better off we are... >>>> >>>> --kevan >>>> >>>> >>>> >>>> -- >>>> Ivan >>> >>> >>> >>> >>> -- >>> Ivan >> >> >> >> >> -- >> Ivan > > > > > -- > Ivan > > > > -- > Ivan --Apple-Mail-17--1006137435 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable
On Jun 22, 2009, = at 9:27 PM, Ivan wrote:

After = checking the current changes to the realm, in the past, we will set the = geronimo-admin for the Engine, which means that all the web-apps belong = to the Engine will use the realm setting from its parent if no setting = is set for those web-apps. Currently, the realm for the Engine is = remained for Tomcat's default setting, which uses users.xml.
So far, = I did not see any effect to our existing console applications, I am not = sure whether we need to recover it. IMO, keep the current way is better. = Any comment ?

Unless I've forgotten = something only the jacc realms that are specifically configured for a = particular application hook into the geronimo security system.  So = I don't expect anyone to use any other realms, and what the default = realm is doesn't make a lot of = difference.

thanks
david = jencks

Ivan

2009/6/22 Ivan <xhhsld@gmail.com>
=


2009/6/22 = David Jencks <david_jencks@yahoo.com>
=

On Jun 21, 2009, at 10:20 PM, Ivan = wrote:



2009/6/22 David Jencks <david_jencks@yahoo.com>
=

On Jun 19, 2009, at 9:18 PM, Ivan = wrote:

Currently, what I can see = are
1. Recover those configurations that we used  for Tomcat in = the server.xml

For connectors, I = may have done most of this in my work for (3).... could use some = checking.  I'd also like to see if I can make the tomcat connectors = use our thread pool -- a new feature I've wanted for years :-)
=
2. Update the console codes, and decide = whether we need to keep the functions like add/remove connectors. If = keep, the way we do it is to add/remove ConnectorGBean or to = marshall/remarshall server.xml.
3. Make those settings in the = server.xml not hardcoded.

I = implemented this here, not sure if I'll get it committed today or = tomorrow
=

I committed this in rev 787153.  I = exposed the replacement code the local attribute manager uses.  I'm = thinking of modifying the activemq integration to use this method = instead of spring property substitution.
=
   
   Native = support from Geronimo for the subsitution is better, for ActiveMQ = integration, IIRC, maybe a bit extra work needs, for i add some extra = properties to the property configuration, which are not contained in the = config-substitution.


= 4. Recover those GBeans that console/other components used, such as = AccessLogValve etc.

Maybe the = AccessLogValve can fish its valve out of the server like the engine = gbean now does?
   =
   I will try to do it, Valve is a bit different with the = Engine, for it has no name attribute, and Engine/Host all could hold to = a list of them.
   My way is to use the "seq" to identify = it, like what it is done by its object = name.

Looking forward = to seeing this!
   
=    DONE with At revision: 787174.
   BTW, I = guess that we also need to look at the realm setting for Tomcat. =
=

thanks
david = jencks

=

thanks
david = jencks


I would = like to work at parts of them, if we have decided to import this feature = in 2.2. And I suggest that we open a JIRA for each of them, so that we = could track them clearly.
Thanks !
Ivan

2009/6/20 David Jencks <david_jencks@yahoo.com>
After fixing = the HostGBean in web app plan problem I don't have a very clear idea of = what's missing here.  If one of you do could you please list in = detail what needs to be done?

thanks
=
david jencks

On Jun = 19, 2009, at 8:51 AM, Ivan wrote:

It = is easy to add the SSL connector, the things that Jack concens is that, = how do the changes affect other components, I think.
= Ivan

2009/6/19 Kevan Miller <kevan.miller@gmail.com>

On Jun = 19, 2009, at 2:31 AM, Jack Cai wrote:

Looks like this is = going be a piece of non-trivial work. Considering that we are going for = a 2.2 release, should we re-evaluate whether this feature should be in = 2.2? My gut feeling is no. We should really stablize the code and = resovle TCK issues.

If it's *hard* to add = the SSL connector configuration, then something is clearly wrong. = Personally, I'd be pretty interested in seeing this type of support in = 2.2. The more Tomcat apps/configurations that just run on Geronimo, the = better off we are...

--kevan
=



-- =
Ivan




--
Ivan
=




-- =
Ivan



--
Ivan
=



-- =
Ivan

= --Apple-Mail-17--1006137435--