I've changed my plan to this:

<application xmlns="http://geronimo.apache.org/xml/ns/j2ee/application" configId="org/apache/jetspeed">
    <!-- these dependencies must be kept here so that their classes are loaded in the "EARs" classloader. -->
    <dependency>
        <groupId>portlet-api</groupId>
        <artifactId>portlet-api</artifactId>
        <version>1.0</version>
    </dependency>
    <dependency>
        <groupId>org.apache.pluto</groupId>
        <artifactId>pluto</artifactId>
        <version>1.0.1</version>
    </dependency>
    <dependency>
        <groupId>jetspeed2</groupId>
        <artifactId>jetspeed-api</artifactId>
        <version>2.0-M4-SNAPSHOT</version>
    </dependency>
    <dependency>
        <groupId>jetspeed2</groupId>
        <artifactId>jetspeed-commons</artifactId>
        <version>2.0-M4-SNAPSHOT</version>
    </dependency>
    <dependency>
        <groupId>portals-bridges</groupId>
        <artifactId>portals-bridges-common</artifactId>
        <version>0.4-SNAPSHOT</version>
    </dependency>
    <module>
        <web>jetspeed.war</web>
        <web-app xmlns="http://geronimo.apache.org/xml/ns/web" configId="org/apache/jetspeed/web">
            <!-- are you sure about this setting? -->
            <context-priority-classloader>true</context-priority-classloader>
            <cross-context/>
            <container-config container="Tomcat">
                <config-param name="TomcatRealm">TomcatJAASRealm</config-param>
            </container-config>
            <security-realm-name>Jetspeed</security-realm-name>
            <security>
                <default-principal>
                    <principal class="org.apache.jetspeed.security.impl.UserPrincipalImpl" name="guest"/>
                </default-principal>
                <role-mappings>
                    <role role-name="admin">
                        <principal class="org.apache.jetspeed.security.impl.RolePrincipalImpl" name="admin" designated-run-as="true"/>
                    </role>
                </role-mappings>
            </security>
            <gbean name="TomcatJAASRealm" class="org.apache.geronimo.tomcat.RealmGBean">
                <attribute name="className">org.apache.geronimo.tomcat.realm.TomcatJAASRealm</attribute>
                <attribute name="initParams">
                    userClassNames=org.apache.jetspeed.security.impl.UserPrincipalImpl
                    roleClassNames=org.apache.jetspeed.security.impl.RolePrincipalImpl
                    appName=Jetspeed
                    useContextClassLoader=false
                    debug=0
                </attribute>
            </gbean>
        </web-app>
    </module>
    <!-- Portlet application: demo -->
    <module>
        <web>demo.war</web>
        <web-app xmlns="http://geronimo.apache.org/xml/ns/web" configId="org/apache/jetspeed/demo">
            <!-- are you sure about this setting? -->
            <context-priority-classloader>true</context-priority-classloader>
            <resource-ref>
                <ref-name>jdbc/demo</ref-name>
                <resource-link>jdbc/jetspeed</resource-link>
            </resource-ref>
        </web-app>
    </module>
    <!-- Portlet application: security -->
    <module>
        <web>security.war</web>
        <web-app xmlns="http://geronimo.apache.org/xml/ns/web" configId="org/apache/jetspeed/web">
            <!-- are you sure about this setting? -->
            <context-priority-classloader>true</context-priority-classloader>
            <!-- According to j2 default configuration, I need to set crossContext -->
            <cross-context/>
        </web-app>
    </module>
    <!-- by using ext-module you can use the existing copy of the tranql connector-->
    <ext-module>
        <connector>org/apache/jetspeed/datasource</connector>
        <external-path>tranql/rars/tranql-connector-1.0.rar</external-path>
        <connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector" configId="OracleDatabase" parentId="org/apache/geronimo/Server">
            <dependency>
                <uri>oracle/jars/classes12-10gr2.jar</uri>
            </dependency>
            <resourceadapter>
                <outbound-resourceadapter>
                    <connection-definition>
                        <connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
                        <connectiondefinition-instance>
                            <name>jdbc/jetspeed</name>
                            <config-property-setting name="UserName">JETSPEED2_PRODUCTION</config-property-setting>
                            <config-property-setting name="Password">PRODUCTION</config-property-setting>
                            <config-property-setting name="Driver">oracle.jdbc.driver.OracleDriver</config-property-setting>
                            <config-property-setting name="ConnectionURL">jdbc:oracle:thin:@pek-wkst116:1521:orcl</config-property-setting>
                            <config-property-setting name="CommitBeforeAutocommit">false</config-property-setting>
                            <config-property-setting name="ExceptionSorterClass">org.tranql.connector.NoExceptionsAreFatalSorter</config-property-setting>
                        <connectionmanager>
                            <local-transaction/>
                            <single-pool>
                                <max-size>100</max-size>
                                <min-size>0</min-size>
                                <blocking-timeout-milliseconds>10000</blocking-timeout-milliseconds>
                                <idle-timeout-minutes>30</idle-timeout-minutes>
                                <match-one/>
                            </single-pool>
                        </connectionmanager>
                    </connectiondefinition-instance>
            </connection-definition>
        </outbound-resourceadapter>
    </resourceadapter>
</connector>
    </ext-module>
</application>

But I encounter a ClassNotFoundException during the deployment.
Stack trace:
java.security.PrivilegedActionException: java.lang.ClassNotFoundException: org.apache.jetspeed.secur
ity.impl.RolePrincipalImpl
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.geronimo.security.util.ConfigurationUtil.generatePrincipal(ConfigurationUtil.j
ava:76)
        at org.apache.geronimo.security.util.ConfigurationUtil.generatePrincipal(ConfigurationUtil.j
ava:71)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildRolePrincipalMap(SecurityBui
lder.java:119)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildSecurityConfiguration(Securi
tyBuilder.java:64)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildSecurityConfiguration(Securi
tyBuilder.java:57)
        at org.apache.geronimo.tomcat.deployment.TomcatModuleBuilder.initContext(TomcatModuleBuilder
.java:382)
        at org.apache.geronimo.tomcat.deployment.TomcatModuleBuilder$$FastClassByCGLIB$$6f85ec2c.inv
oke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.j2ee.deployment.ModuleBuilder$$EnhancerByCGLIB$$5b56c83e.initContext(
<generated>)
        at org.apache.geronimo.j2ee.deployment.SwitchingModuleBuilder.initContext(SwitchingModuleBui
lder.java:154)
        at org.apache.geronimo.j2ee.deployment.SwitchingModuleBuilder$$FastClassByCGLIB$$d0c31844.in
voke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.j2ee.deployment.ModuleBuilder$$EnhancerByCGLIB$$5b56c83e.initContext(
<generated>)
        at org.apache.geronimo.j2ee.deployment.EARConfigBuilder.buildConfiguration(EARConfigBuilder.
java:344)
        at org.apache.geronimo.j2ee.deployment.EARConfigBuilder$$FastClassByCGLIB$$38e56ec6.invoke(<
generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.deployment.ConfigurationBuilder$$EnhancerByCGLIB$$6743d0b0.buildConfi
guration(<generated>)
        at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:178)
        at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:85)
        at org.apache.geronimo.deployment.Deployer$$FastClassByCGLIB$$734a235d.invoke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:814)
        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:180)
        at org.apache.geronimo.kernel.KernelGBean.invoke(KernelGBean.java:125)
        at org.apache.geronimo.kernel.KernelGBean$$FastClassByCGLIB$$1cccefc9.invoke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:814)
        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:180)
        at org.apache.geronimo.kernel.jmx.MBeanServerDelegate.invoke(MBeanServerDelegate.java:117)
        at mx4j.remote.rmi.RMIConnectionInvoker.invoke(RMIConnectionInvoker.java:219)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at mx4j.remote.rmi.RMIConnectionProxy.invoke(RMIConnectionProxy.java:34)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.chain(RMIConnectionSubjectInvoker.java:99)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.access$000(RMIConnectionSubjectInvoker.java:3
1)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker$1.run(RMIConnectionSubjectInvoker.java:90)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
        at mx4j.remote.MX4JRemoteUtils.subjectInvoke(MX4JRemoteUtils.java:163)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.subjectInvoke(RMIConnectionSubjectInvoker.jav
a:86)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.invoke(RMIConnectionSubjectInvoker.java:80)
        at $Proxy0.invoke(Unknown Source)
        at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:221)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
        at sun.rmi.transport.Transport$1.run(Transport.java:148)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
        at java.lang.Thread.run(Thread.java:534)
Caused by: java.lang.ClassNotFoundException: org.apache.jetspeed.security.impl.RolePrincipalImpl
        at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:187)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
        at org.apache.geronimo.kernel.config.MultiParentClassLoader.loadClass(MultiParentClassLoader
.java:209)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:141)
        at org.apache.geronimo.security.util.ConfigurationUtil$1.run(ConfigurationUtil.java:78)
        ... 79 more
java.lang.ClassNotFoundException: org.apache.jetspeed.security.impl.RolePrincipalImpl
        at java.net.URLClassLoader$1.run(URLClassLoader.java:199)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.net.URLClassLoader.findClass(URLClassLoader.java:187)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
        at org.apache.geronimo.kernel.config.MultiParentClassLoader.loadClass(MultiParentClassLoader
.java:209)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
        at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:141)
        at org.apache.geronimo.security.util.ConfigurationUtil$1.run(ConfigurationUtil.java:78)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.geronimo.security.util.ConfigurationUtil.generatePrincipal(ConfigurationUtil.j
ava:76)
        at org.apache.geronimo.security.util.ConfigurationUtil.generatePrincipal(ConfigurationUtil.j
ava:71)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildRolePrincipalMap(SecurityBui
lder.java:119)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildSecurityConfiguration(Securi
tyBuilder.java:64)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildSecurityConfiguration(Securi
tyBuilder.java:57)
        at org.apache.geronimo.tomcat.deployment.TomcatModuleBuilder.initContext(TomcatModuleBuilder
.java:382)
        at org.apache.geronimo.tomcat.deployment.TomcatModuleBuilder$$FastClassByCGLIB$$6f85ec2c.inv
oke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.j2ee.deployment.ModuleBuilder$$EnhancerByCGLIB$$5b56c83e.initContext(
<generated>)
        at org.apache.geronimo.j2ee.deployment.SwitchingModuleBuilder.initContext(SwitchingModuleBui
lder.java:154)
        at org.apache.geronimo.j2ee.deployment.SwitchingModuleBuilder$$FastClassByCGLIB$$d0c31844.in
voke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.j2ee.deployment.ModuleBuilder$$EnhancerByCGLIB$$5b56c83e.initContext(
<generated>)
        at org.apache.geronimo.j2ee.deployment.EARConfigBuilder.buildConfiguration(EARConfigBuilder.
java:344)
        at org.apache.geronimo.j2ee.deployment.EARConfigBuilder$$FastClassByCGLIB$$38e56ec6.invoke(<
generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.deployment.ConfigurationBuilder$$EnhancerByCGLIB$$6743d0b0.buildConfi
guration(<generated>)
        at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:178)
        at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:85)
        at org.apache.geronimo.deployment.Deployer$$FastClassByCGLIB$$734a235d.invoke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:814)
        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:180)
        at org.apache.geronimo.kernel.KernelGBean.invoke(KernelGBean.java:125)
        at org.apache.geronimo.kernel.KernelGBean$$FastClassByCGLIB$$1cccefc9.invoke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:814)
        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:180)
        at org.apache.geronimo.kernel.jmx.MBeanServerDelegate.invoke(MBeanServerDelegate.java:117)
        at mx4j.remote.rmi.RMIConnectionInvoker.invoke(RMIConnectionInvoker.java:219)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at mx4j.remote.rmi.RMIConnectionProxy.invoke(RMIConnectionProxy.java:34)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.chain(RMIConnectionSubjectInvoker.java:99)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.access$000(RMIConnectionSubjectInvoker.java:3
1)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker$1.run(RMIConnectionSubjectInvoker.java:90)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
        at mx4j.remote.MX4JRemoteUtils.subjectInvoke(MX4JRemoteUtils.java:163)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.subjectInvoke(RMIConnectionSubjectInvoker.jav
a:86)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.invoke(RMIConnectionSubjectInvoker.java:80)
        at $Proxy0.invoke(Unknown Source)
        at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:221)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
        at sun.rmi.transport.Transport$1.run(Transport.java:148)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
        at java.lang.Thread.run(Thread.java:534)
17:57:12,345 ERROR [Deployer] Deployment failed due to
java.lang.SecurityException: ?????? java.security.Principal ??????????? Principal
??
        at javax.security.auth.Subject$SecureSet.add(Subject.java:1072)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildRolePrincipalMap(SecurityBui
lder.java:122)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildSecurityConfiguration(Securi
tyBuilder.java:64)
        at org.apache.geronimo.security.deployment.SecurityBuilder.buildSecurityConfiguration(Securi
tyBuilder.java:57)
        at org.apache.geronimo.tomcat.deployment.TomcatModuleBuilder.initContext(TomcatModuleBuilder
.java:382)
        at org.apache.geronimo.tomcat.deployment.TomcatModuleBuilder$$FastClassByCGLIB$$6f85ec2c.inv
oke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.j2ee.deployment.ModuleBuilder$$EnhancerByCGLIB$$5b56c83e.initContext(
<generated>)
        at org.apache.geronimo.j2ee.deployment.SwitchingModuleBuilder.initContext(SwitchingModuleBui
lder.java:154)
        at org.apache.geronimo.j2ee.deployment.SwitchingModuleBuilder$$FastClassByCGLIB$$d0c31844.in
voke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.j2ee.deployment.ModuleBuilder$$EnhancerByCGLIB$$5b56c83e.initContext(
<generated>)
        at org.apache.geronimo.j2ee.deployment.EARConfigBuilder.buildConfiguration(EARConfigBuilder.
java:344)
        at org.apache.geronimo.j2ee.deployment.EARConfigBuilder$$FastClassByCGLIB$$38e56ec6.invoke(<
generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:779)
        at org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
        at org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:36)
        at org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.
java:96)
        at org.apache.geronimo.deployment.ConfigurationBuilder$$EnhancerByCGLIB$$6743d0b0.buildConfi
guration(<generated>)
        at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:178)
        at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:85)
        at org.apache.geronimo.deployment.Deployer$$FastClassByCGLIB$$734a235d.invoke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:814)
        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:180)
        at org.apache.geronimo.kernel.KernelGBean.invoke(KernelGBean.java:125)
        at org.apache.geronimo.kernel.KernelGBean$$FastClassByCGLIB$$1cccefc9.invoke(<generated>)
        at net.sf.cglib.reflect.FastMethod.invoke(FastMethod.java:53)
        at org.apache.geronimo.gbean.runtime.FastMethodInvoker.invoke(FastMethodInvoker.java:38)
        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:118)
        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:814)
        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:180)
        at org.apache.geronimo.kernel.jmx.MBeanServerDelegate.invoke(MBeanServerDelegate.java:117)
        at mx4j.remote.rmi.RMIConnectionInvoker.invoke(RMIConnectionInvoker.java:219)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at mx4j.remote.rmi.RMIConnectionProxy.invoke(RMIConnectionProxy.java:34)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.chain(RMIConnectionSubjectInvoker.java:99)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.access$000(RMIConnectionSubjectInvoker.java:3
1)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker$1.run(RMIConnectionSubjectInvoker.java:90)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
        at mx4j.remote.MX4JRemoteUtils.subjectInvoke(MX4JRemoteUtils.java:163)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.subjectInvoke(RMIConnectionSubjectInvoker.jav
a:86)
        at mx4j.remote.rmi.RMIConnectionSubjectInvoker.invoke(RMIConnectionSubjectInvoker.java:80)
        at $Proxy0.invoke(Unknown Source)
        at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:221)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
        at sun.rmi.transport.Transport$1.run(Transport.java:148)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
        at java.lang.Thread.run(Thread.java:534)
Class org.apache.jetspeed.security.impl.RolePrincipalImpl is in the jetspeed-api.jar which is specified in the ear dependence. But it seems that the jar file will not be load during deployment.

- Jian Liao

On 11/14/05, Jian Liao <norwaywoods@gmail.com> wrote:
Hi dj,
Sorry for my poor English :). What I mean is I've read Geronimo Tomcat wiki many times but I still don't how to config security.

Let me try to explain how j2 use JAAS authentication:
1. j2 did have a default login module(org.apache.jetspeed.security.impl.DefaultLoginModule)

2. j2 config this login module in a file named login.conf, this is just a standard config according to JAAS specification:
Jetspeed {
   org.apache.jetspeed.security.impl.DefaultLoginModule required;
};

3. j2 call "System.setProperty("java.security.auth.login.config", loginConfigUrl.toString());" when a spring component init. This component is initialized while j2 engine startup.

4. j2 leverage tomcat JAASRealm to run JAAS authentication like calling loginContext.login().

5. After successfully login, the subject object will contain at least one UserPrincipal object and one PasswordCredential object.

That is why I try to config a TomcatJAASRealm in Geronimo plan.

Any thoughts?


- Jian Liao

On 11/14/05, David Jencks < david_jencks@yahoo.com> wrote:
I'm sorry but I will have to wait until tomorrow to look into this much
further.

I think it will be best to set up a GenericSecurityRealm gbean for the
login, such as this:

     <gbean name="jetspeed-realm"
         class="org.apache.geronimo.security.realm.GenericSecurityRealm">
         <attribute name="realmName">jetspeed-realm</attribute>
         <xml-reference name="LoginModuleConfiguration">
             <lc:login-config
xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig ">
                 <lc:login-module control-flag="REQUIRED"
server-side="true">

<lc:login-domain-name>jetspeed-realm</lc:login-domain-name>

<lc:login-module-
class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginMo
dule</lc:login-module-class>
                     <lc:option
name="usersURI">var/security/users.properties</lc:option>
                     <lc:option
name="groupsURI">var/security/groups.properties</lc:option>
                 </lc:login-module>
             </lc:login-config>
         </xml-reference>
         <reference name="ServerInfo">
             <module>org/apache/geronimo/System</module>
             <name>ServerInfo</name>
         </reference>
         <reference name="LoginService">
             <name>JaasLoginService</name>
         </reference>
     </gbean>

However, there is a lot I don't know about how jetspeed uses security.
From reading the jetspeed list I think that they are adding a lot of
principals to the Subject for use inside jetspeed.  If this is true,
you will probably need to use a LoginModule from jetspeed rather than
the geronimo sample properties file login module.  I can't see from the
tomcat configuration where the login module to use is specified.

You will also need to map principals from the login module to roles
used in the web app.  The default-principal element no longer has a
realm-name attribute.

Other than this your geronimo plan looks fine to me.

I don't understand your second question, could you ask again with more
or different words?

thanks, and congratulations on getting it running!

david jencks



On Nov 14, 2005, at 12:27 AM, Jian Liao wrote:

> Hi Dj,
>  Thanks for your respond.
>  I think I need more Geronimo knowledge and keep learning Geronimo.
> But I think that is right way to go in future.
>
>  Anyway, I am working on my first proposal and get some progress. Now
> I've made j2 run on Geronimo tomcat without security successfully. I
> have a question about security realm in Geronimo.
>  1. How to enabled TomcatJAASRealm in Jetspeed application.
>
>  The following are j2 context configuration on Tomcat-5.5.9:
>  =============================================================
>  <Context path="/@CONTEXT@" docBase="@CONTEXT@" crossContext="true">
>   <!-- How to config this in Geronimo? -->
>   <Realm className="org.apache.catalina.realm.JAASRealm"
>   appName="Jetspeed"
>  
> userClassNames="org.apache.jetspeed.security.impl.UserPrincipalImpl "
>  
> roleClassNames="org.apache.jetspeed.security.impl.RolePrincipalImpl"
>   useContextClassLoader="false"
>   debug="0"/>
>
>   <!--The following is done. -->
>   <Resource name="jdbc/jetspeed" auth="Container"
>   factory="org.apache.commons.dbcp.BasicDataSourceFactory"
>   type="javax.sql.DataSource" username="@USERNAME@"
> password="@PASSWORD@"
>   driverClassName="@DRIVER@" url="@URL@"
>   maxActive="100" maxIdle="30" maxWait="10000"/>
>
>  </Context>
>  =============================================================
>
>  And this is my current geronimo-application.xml:
>
>  =============================================================
>  <application
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
> configId="org/apache/jetspeed">
>   <!-- these dependencies must be kept here so that their classes
> are loaded in the "EARs" classloader. -->
>   <dependency>
>   <groupId>portlet-api</groupId>
>   <artifactId>portlet-api</artifactId>
>   <version> 1.0</version>
>   </dependency>
>   <dependency>
>   <groupId>org.apache.pluto</groupId>
>   <artifactId>pluto</artifactId>
>   <version>1.0.1 </version>
>   </dependency>
>   <dependency>
>   <groupId>jetspeed2</groupId>
>   <artifactId>jetspeed-api</artifactId>
>   <version>2.0-M4-SNAPSHOT</version>
>   </dependency>
>   <dependency>
>   <groupId>jetspeed2</groupId>
>   <artifactId>jetspeed-commons</artifactId>
>   <version>2.0-M4-SNAPSHOT</version>
>   </dependency>
>   <dependency>
>   <groupId>portals-bridges</groupId>
>   <artifactId>portals-bridges-common</artifactId>
>   <version>0.4-SNAPSHOT </version>
>   </dependency>
>   <module>
>   <web>jetspeed.war</web>
>   <web-app xmlns=" http://geronimo.apache.org/xml/ns/web "
> configId="org/apache/jetspeed/web">
>   <!-- are you sure about this setting? -->
>  
> <context-priority-classloader>false</context-priority-classloader>
>   <cross-context/>
>   <!-- I have no idea how to continue from here. -->
>   <security-realm-name>Jetspeed</security-realm-name>
>   <security>
>   <default-principal
> realm-name="tomcat-properties-realm">
>   <principal
> class="org.apache.jetspeed.security.impl.UserPrincipalImpl"
> name="guest"/>
>   </default-principal>
>   </security>
>   <gbean name="TomcatJAASRealm"
> class="org.apache.geronimo.tomcat.RealmGBean">
>   <attribute
> name="className">org.apache.geronimo.tomcat.realm.TomcatJAASRealm </
> attribute>
>   <attribute name="initParams">
>  
> userClassNames=org.apache.jetspeed.security.impl.UserPrincipalImpl
>  
> roleClassNames=org.apache.jetspeed.security.impl.RolePrincipalImpl
>   appName=Jetspeed
>   useContextClassLoader=false
>   debug=0
>   </attribute>
>   </gbean>
>   </web-app>
>   </module>
>   <!-- Portlet application: demo -->
>   <module>
>   <web>demo.war</web>
>   <web-app xmlns=" http://geronimo.apache.org/xml/ns/web"
> configId="org/apache/jetspeed/demo">
>   <!-- are you sure about this setting? -->
>  
> <context-priority-classloader>false</context-priority-classloader>
>   <resource-ref>
>   <ref-name>jdbc/demo</ref-name>
>   <resource-link>jdbc/jetspeed</resource-link>
>   </resource-ref>
>   </web-app>
>   </module>
>   <!-- Portlet application: security -->
>   <module>
>   <web>security.war</web>
>   <web-app xmlns="http://geronimo.apache.org/xml/ns/web "
> configId="org/apache/jetspeed/web">
>   <!-- are you sure about this setting? -->
>  
> <context-priority-classloader>false</context-priority-classloader>
>   <!-- According to j2 default configuration, I need to set
> crossContext -->
>   <cross-context/>
>   </web-app>
>   </module>
>   <!-- by using ext-module you can use the existing copy of the
> tranql connector-->
>   <ext-module>
>   <connector>org/apache/jetspeed/datasource</connector>
>  
> <external-path>tranql/rars/tranql-connector-1.0.rar</external-path>
>   <connector
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector"
> configId="OracleDatabase" parentId="org/apache/geronimo/Server">
>   <dependency>
>   <uri>oracle/jars/classes12-10gr2.jar</uri>
>   </dependency>
>   <resourceadapter>
>   <outbound-resourceadapter>
>   <connection-definition>
>  
> <connectionfactory-interface>javax.sql.DataSource</connectionfactory-
> interface>
>   <connectiondefinition-instance>
>   <name>jdbc/jetspeed</name>
>   <config-property-setting
> name="UserName">JETSPEED2_PRODUCTION</config-property-setting>
>   <config-property-setting
> name="Password">PRODUCTION</config-property-setting>
>   <config-property-setting
> name="Driver">oracle.jdbc.driver.OracleDriver</config-property-
> setting>
>   <config-property-setting
> name="ConnectionURL"> jdbc:oracle:thin:@pek-wkst116:1521:orcl</config-
> property-setting>
>   <config-property-setting
> name="CommitBeforeAutocommit">false</config-property-setting>
>   <config-property-setting
> name="ExceptionSorterClass">org.tranql.connector.NoExceptionsAreFatalSo
> rter</config-property-setting>
>   <connectionmanager>
>   <local-transaction/>
>   <single-pool>
>   <max-size>100</max-size>
>   <min-size>0</min-size>
>  
> <blocking-timeout-milliseconds>10000</blocking-timeout-milliseconds>
>  
> <idle-timeout-minutes>30</idle-timeout-minutes>
>   <match-one/>
>   </single-pool>
>   </connectionmanager>
>   </connectiondefinition-instance>
>   </connection-definition>
>   </outbound-resourceadapter>
>   </resourceadapter>
>  </connector>
>   </ext-module>
>  </application>
>  =============================================================
>
>  I've Geronimo Tomcat wiki hundreds of times, but still have no idea.
> Could you please give a sample? Thanks!
>
>  - Jian Liao
>
> On 11/14/05, David Jencks < david_jencks@yahoo.com> wrote:
>> figure out a good way to integrate this with geronimo, but I'm not
>> happy with anything I've thought of yet.
>>
>> Ideally I would like a solution where we have a jetspeed deployer and
>> a
>> pluto deployer, and they can both find a portlet.xml in a war file and
>> do whatever is necessary to deploy the portlets into jetspeed or pluto
>> respectively (or, some other portal).This will take some more
>> thought: I don't know how to do this at the moment.
>>
>> I'm not sure how the jetspeed components relate to portals.If I have
>> two portals at /foo and /bar, would I have two jetspeed containers, or
>> just one?Or is there a JetspeedContainerServlet for each portlet
>> application (war file with portlet.xml inside)?Or if you want
>> torun
>> 2 portals would you deploy 2 instances of jetspeed.war, suitably
>> customized?
>>
>> I'm wondering if something like the following might work:
>>
>> -- the web module builder has a reference to an additional module
>> builder, the portlet builder
>> -- in each of the lifecycle methods, it calls the delegate (if
>> present):
>>
>> --- the createModule methods would return a module, which we'd track
>> as
>> a submodule of the WebModule.
>> --- installModule might not do anything
>> --- initContext might or might not do anything
>> --- addGBeans would add the JetspeedContainerServlet and also add a
>> gbean that would, when started, feed the portlet.xml into the jetspeed
>> deployment process.
>>
>> If we can preprocess the portlet.xml into something that can just be
>> started rather than "deployed" that would be even better.For
>> instance, if the jetspeed deployment process results in starting
>> Spring
>> components for each portlet, perhaps we could generate the Spring
>> configuration during our deployment process.
>>
>> This would more or less fit into the geronimo deployment process.i
>> think it is somewhat similar to your second proposal.
>>
>> I think you should keep working on your first proposal.If you can
>> get
>> it to work that will be a major advance and would let us try other
>> ideas for a closer integration much more easily.
>>
>> Thanks!
>> david jencks
>>
>>
>> On Nov 12, 2005, at 10:47 PM, Jian Liao wrote:
>>
>> > Hi dj,
>> >I've made some progress on integrate j2 with geronimo. I can not
>> find
>> > any document about portlet deployment process of j2, so I have to do
>> > investigation by myself.
>> >Firstly, I would like try to explain how j2 deploy portlet
>> > application in Tomcat application server.
>> >1. All the portlet apps are stored in /jetspeed/WEB-INF/deploy at
>> the
>> > beginning.
>> >
>> >2. When J2 web app startup it will create a thread to monitor
>> folder
>> > "/jetspeed/WEB-INF/deploy", this thread will copy all the standard
>> > portlet apps to tomcat "webapps" folder (native portlet app to
>> > /jetspeed/WEB-INF/apps).
>> >
>> >3. Then j2 leverage tomcat hot-deployment mechanism to
>> automatically
>> > start these new context(include expand the war files and init the
>> > context according to web.xml).
>> >
>> >4. Each Portlet app's web.xml must contains the following config at
>> > least:
>> ><servlet>
>> > <servlet-name>JetspeedContainer</servlet-name>
>> > <display-name>Jetspeed Container</display-name>
>> > <description>MVC Servlet for Jetspeed Portlet
>> > Applications</description>
>> >
>> > <servlet-
>> >
>> class>org.apache.jetspeed.container.JetspeedContainerServlet</
>> servlet-
>>  > class>
>> > <init-param>
>> > <param-name>contextName</param-name>
>> > <param-value>${ context.name}</param-value>
>> > </init-param>
>> > <load-on-startup>0</load-on-startup>
>> ></servlet>
>> >
>> >5. JetspeedContainer servlet will registry this context to jetspeed
>> > engine.
>> >
>> >6. done.
>> >
>>  >According to the j2 portlet deployment process that I know so
>> far, I
>> > think there are two ways to integration with Geronimo, let me try to
>> > explain them, If there is anything you don't understand, pls tell me
>> > since English is not my mother tongue.
>> >
>> >1. Abandon the J2 auto-deployment mechanism, package all the
>> portlet
>> > apps and j2 app into the same ear (As I know, someone had made it on
>> > JBoss successfully).
>> >The directory will look like:
>> >jetspeed.ear
>> > |
>> > |--------META-INF
>> > |
>> > |--------jetspeed.war
>> > |--------portletApp_1.war
>> > |--------portletApp_2.war
>>  >
>> >The plan will look like this:
>> >application.xml===================================
>> >
>> ><application
>> > xmlns=" http://java.sun.com/xml/ns/j2ee "
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:schemaLocation=" http://java.sun.com/xml/ns/j2ee
>> > http://java.sun.com/xml/ns/j2ee/application_1_4.xsd"
>> > version="1.4">
>> > <module>
>> > <web>
>> > <web-uri>jetspeed.war</web-uri>
>> > <context-root>/jetspeed</context-root>
>> > </web>
>> > </module>
>> > <module>
>> > <web>
>> > <web-uri> demo.war</web-uri>
>> > <context-root>/demo</context-root>
>> > </web>
>> > </module>
>> ></application>
>> >==============================================
>> >
>> >geronimo-application.xml============================
>> >
>> ><application
>> > xmlns="http://geronimo.apache.org/xml/ns/j2ee/application "
>> > configId="org/apache/jetspeed">
>> > <!-- these dependencies must be kept here so that their classes
>> > are
>> >loaded in the "EARs" classloader. -->
>> > <dependency>
>> > <groupId>portlet-api</groupId>
>> > <artifactId>portlet-api</artifactId>
>> > <version>1.0</version>
>> > </dependency>
>> > <dependency>
>> > <groupId> org.apache.pluto</groupId>
>> > <artifactId>pluto</artifactId>
>> > <version>1.0.1</version>
>> > </dependency>
>> > <dependency>
>> > <groupId>jetspeed2</groupId>
>> > <artifactId>jetspeed-api</artifactId>
>> > <version>2.0-M4-SNAPSHOT</version>
>> > </dependency>
>> > <dependency>
>> > <groupId>jetspeed2</groupId>
>> > <artifactId>jetspeed-commons</artifactId>
>> > <version>2.0-M4-SNAPSHOT</version>
>> > </dependency>
>> > <dependency>
>> > <groupId>portals-bridges</groupId>
>> > <artifactId>portals-bridges-common</artifactId>
>> > <version> 0.4-SNAPSHOT</version>
>> > </dependency>
>> > <module>
>> > <web>jetspeed.war</web>
>> > <web-app xmlns=" http://geronimo.apache.org/xml/ns/web"
>> > configId="org/apache/jetspeed/web">
>> > <!-- are you sure about this setting? -->
>> >
>> > <context-priority-classloader>false</context-priority-classloader>
>> >
>> > </web-app>
>> > </module>
>> > <module>
>> > <web>demo.war</web>
>> > <web-app xmlns=" http://geronimo.apache.org/xml/ns/web"
>> > configId="org/apache/jetspeed/demo">
>> > <!-- are you sure about this setting? -->
>> >
>> > <context-priority-classloader>false</context-priority-classloader>
>> > <resource-ref>
>> > <ref-name>jdbc/demo</ref-name>
>> > <resource-link>jdbc/jetspeed</resource-link>
>> > </resource-ref>
>> > </web-app>
>> > </module>
>> > <!-- by using ext-module you can use the existing copy of the
>> > tranql
>> > connector-->
>> > <ext-module>
>> > <connector>org/apache/jetspeed/datasource</connector>
>> >
>> > <external-path>tranql/rars/tranql-connector-1.0.rar</external-path>
>> > <connector
>> > xmlns=" http://geronimo.apache.org/xml/ns/j2ee/connector"
>> > configId="OracleDatabase" parentId="org/apache/geronimo/Server">
>> > <dependency>
>> > <uri>oracle/jars/classes12- 10gr2.jar</uri>
>> > </dependency>
>> > <resourceadapter>
>> > <outbound-resourceadapter>
>> > <connection-definition>
>> >
>> > <connectionfactory-interface>
>> javax.sql.DataSource</connectionfactory-
>> > interface>
>> > <connectiondefinition-instance>
>> > <name>jdbc/jetspeed</name>
>> > <config-property-setting
>> > name="UserName">JETSPEED2_PRODUCTION</config-property-setting>
>> > <config-property-setting
>> > name="Password">PRODUCTION</config-property-setting>
>> > <config-property-setting
>> > name="Driver">oracle.jdbc.driver.OracleDriver </config-property-
>> > setting>
>> > <config-property-setting
>> >
>> name="ConnectionURL">jdbc:oracle:thin:@pek-wkst116:1521:orcl</config-
>> > property-setting>
>> > <config-property-setting
>> > name="CommitBeforeAutocommit">false</config-property-setting>
>> > <config-property-setting
>> >
>> name="ExceptionSorterClass">org.tranql.connector.NoExceptionsAreFatalS
>> o
>>  > rter</config-property-setting>
>> > <connectionmanager>
>> > <local-transaction/>
>> > <single-pool>
>> > <max-size>100</max-size>
>> > <min-size>0</min-size>
>> >
>> > <blocking-timeout-milliseconds>10000</blocking-timeout-milliseconds>
>> >
>> > <idle-timeout-minutes>30</idle-timeout-minutes>
>> > <match-one/>
>> > </single-pool>
>> > </connectionmanager>
>> > </connectiondefinition-instance>
>> > </connection-definition>
>> > </outbound-resourceadapter>
>> > </resourceadapter>
>> ></connector>
>> > </ext-module>
>> ></application>
>> >==============================================
>> >
>> >That is to say, if you want to deploy new portlet app, you have to
>> > redeploy the whole ear file. Put portlet app into
>> > "/jetspeed/WEB-INF/deploy" is meaningless, cause j2 will only copy
>> > them to the "config-store/35" e.g. And Geronimo will not expand and
>> > start them automatically for now.
>> >I am currently work on this way to integrate j2 with Geronimo.
>> >
>> >2. Encapsulate the whole j2 as a standard service (Gbean?).
>> >
>> >All the user customize portal instances rely on it. This gbean will
>> > register itself that I am interested in all the portlet applications
>> > and portal instances.
>> >
>> >When a portlet app is deployed, portal service gbean will be
>> notified
>> > (Gbean framwork support this, right?), then this portlet app will be
>> > registered to portal service and be visible to user through specific
>> > portal instances according to some security rule.
>> >
>> >There should also have many maven plugins to simplify the portal
>> > instance customization (actually j2 team did have a portal plugin
>> for
>>  > this purpose) and portlet app deployment.I hope I am not dreaming
>> :).
>> >
>> >Cheers,
>> >
>> > -Jian Liao
>> >
>> > On 11/12/05, David Jencks < david_jencks@yahoo.com > wrote:
>> >> On Nov 11, 2005, at 6:56 PM, Jian Liao wrote:
>> >>
>> >> > Hi,
>> >> > J2 Finalis going to release soon, I would like to integrateit
>> with
>> >> > Geronimo. The progress that I made on last weekinclude ( Thanks
>> for
>> >> > David Jencks ):
>> >> > 1.Package J2 into ear file.
>> >> > 2. Deploy it to geronimo successfully.
>> >> > 3. J2 engine startup successfully(both jetty and tomcat 5.5.9).
>> >> >
>> >> > The issues thatneed to beresolved:
>> >> > 1. Integrate J2 security with geronimo security gbean.
>> >>
>> >> Do you have a reference for any j2 security documentation?It should
>> >> be easy to deploy a login module provided with j2 in geronimo.From
>> >> that you can map principals to roles using a standard geronimo
>> >> security
>> >> configuration.However I seem to recall that j2 has its own portlet
>> >> security framework that involves access to the Subject.I might be
>> >> able to suggest a way to integrate this if I knew more about it
>> :-).
>> >> > 2. Classloader confliction issues(Springframework, Jdom)
>> >>
>> >> This __ought__ to be moderately simple to resolve by careful use of
>> >> geronimo dependenciesand configuration parents.More details would
>> >> be helpful.
>> >> > 3. Portlet application auto-deploy issue.
>> >>
>> >>This is apt to be more difficult, since the geronimo model is I
>> >> believe
>> >> rather different from what I think J2 is doing.For Jetty,we
>> >> process
>> >> every web artifact (servlet, filter, filter mapping etc.) into a
>> gbean
>> >>whose configuration is stored in a binary configuration
>> object.This
>> >> can then be started with no further deployment steps.(the tomcat
>> >> process still involves some runtime deployment activity). I'm not
>> >> quite sure how J2 relates portlets to servlets.To fit Pluto into
>> >> this
>> >> model, we would configure a gbean for each portlet that would be a
>> >> servlet wrapping the portlet.If j2 uses a different model, such as
>> >> deploying the portlets as spring components, we would ideally do
>> >> something like configuring a gbean that would register the
>> appropriate
>> >> component with spring.
>> >>
>> >> Again, if you can point me to some J2 documentation for what the
>> >> deploy
>> >> process does, I might be able to offer some more concrete
>> suggestions.
>> >>
>> >> thanks
>> >> david jencks
>> >>
>> >> >
>> >> > - Jian Liao
>> >> >
>> >> >
>> >> > On 11/12/05, Lawrence Tilly <mail.list.tilly@gmail.com > wrote:
>> Thanx
>> >> > for the info so far.I'm happy to hear Pluto is already
>> >> >> leveraged in Geronimo and there is some success getting
>> Jetspeed2
>> >> >> running.I may not have time to tinker around with it as a
>> complete
>> >> >> learning experience for a few weeks, so I'mholding out hope
>> someone
>> >> >> already blazed the basic trail and left a map.If not, then I'll
>> be
>> >> >>sure to pass on info / lessons learned when I make progress.
>> >> >>
>> >> >> Any other replies / input are appreciated!:-)
>> >> >>
>> >> >> -L
>> >>
>>