geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: JAAS configuration in geronimo
Date Wed, 22 Mar 2006 19:16:50 GMT

On Mar 22, 2006, at 9:46 AM, EricCho@kryos.com wrote:

>
> Hi David,
>
> Thanks for the help..... but as with most things....."2 steps  
> forward... 1 step back"
>
> As you suggested, I put the security gbean at the end of my web  
> deploy plan (geronimo-web.xml) and I put the login dependency at  
> the top of the web app plan since it is just a single web app.
> This surely beats having a separate deploy plan for the security  
> realm.
>
> At any rate, now when I attempt to go to the login page I get a  
> series of NoClassDefFoundErrors.  I figure its because the class  
> doesn't exist in the JAR file.  So, I tried adding the class it's  
> complaining about into the JAR, but after every addition, it  
> complains about another.  Shouldn't it be looking for the class in  
> the WAR if it doesn't find it in the dependent JAR?

It should, but due to the way the web classloaders in 1.0 and trunk  
work, it won't :-(  This is fixed in the (currently taken apart into  
small pieces spread all over the floor, i.e. not working) 1.1 branch.
>
> Do you recommend I just JAR up all the classes?
>

yes, at least until 1.1 is available.
> Note: I do have the context priority classloader set to false in  
> the web deploy plan.
>

That's probably going to help things work :-)

thanks
david jencks

> Thanks again,
> Eric
>
>
>
>
> David Jencks <david_jencks@yahoo.com>
> 21/03/2006 12:32 PM
> Please respond to
> user@geronimo.apache.org
>
>
> To
> user@geronimo.apache.org
> cc
> Subject
> Re: JAAS configuration in geronimo
>
>
>
>
>
>
> On Mar 21, 2006, at 10:40 AM, EricCho@kryos.com wrote:
>
>
> Thanks guys,
>
> I think I've made some headway.... although I'm still having problems.
> Here's the latest.....
>
> In the thisSiteLoginCode-1.0.jar I have the loginModule and custom  
> userCallback classes (and a custom exception).
>
> In my custom loginModule, I create a callback array:
>         Callback[] callbacks = new Callback[3];
>         callbacks[0] = new NameCallback("Enter user name");
>         callbacks[1] = new PasswordCallback("Enter password",true);
>         callbacks[2] = new UserCallback();
>
> then I ask the callbackHandler to handle it....
>
> callBackHandler.handle(callbacks);
>
> Then it goes into the loginCallBackHandler and I iterate through  
> the callback array
>     for (int i=0; i < callbacks.length; i++)
>     {
>         if (callbacks[i] instanceof NameCallback)
>         {
>             ((NameCallback)callbacks[i]).setName(getEmail());
>         }
>         else if (callbacks[i] instanceof PasswordCallback)
>         {
>         blah blah
>
>         }
>        else if (callbacks[i] instanceof UserCallback)
>         {
>         ((UserCallback) callbacks[i]).setUser(retrievedUser);
>      }
>         else
>         {
>             throw new UnsupportedCallbackException(callbacks[i]);
>         }
> }
>
>
> It gets through i = 0 , then i=1 but when i =2 it seems as though  
> "callbacks[2] instanceof UserCallback" doesn't work.
>
> I put some debug code in there (System.out.println(callbacks 
> [2].toString());) and it does show the appropriate class name.
>
> So, I'm wondering if perhaps when the original UserCallback was  
> instantiated and put into the callbacks array, it was the class  
> from the separated jar file.  And now when it does the instanceof,  
> is it possible that it's referencing the UserCallback in the  
> packaged WAR file?
>
> yes, that is definitely a possibility.  If you have  
> contextPriorityClassloading=true (I think that's the default) that  
> is almost certainly happening.
> Has anyone else had a problem with this?
>
> yes, in various ways.  At least some fixes for it will be in 1.1.
>  Should I not be including the JARed classes in the WAR?
>
> I think that will help a lot.  I'm not exactly sure how many plans/ 
> configurations/application parts you have here.  If you have a  
> single web app  what I would do is combine everything into one  
> plan: take the gbean configurations out of the console-generated  
> plan and put them at the end of your web app plan, and put the  
> dependency at the beginning of your web app plan, and take the  
> login module jar out of the WEB-INF/lib.  This should make very  
> sure that you login module classes are only loaded in one classloader.
>
> If this is not practical, you need to make sure that the login  
> configuration is loaded as a parent of your application.  You can  
> do this by including something like
>
> <import>
>   <groupId>foo</groupId>
>   <artifactId>bar</artifactId>
>   <version>42</version>
> </import>
>
> where the login configuration has configId="foo/bar/42/car"
>
> You can probably see why I think having only one plan is simpler :-)
>
> I hope the syntax here is sufficiently accurate, I've been immersed  
> in 1.1 where we have significantly changed the syntax....
>
> hope this helps
> david jencks
>
>
> Thanks,
> Eric
>
>
>
> "Aaron Mulder" <ammulder@alumni.princeton.edu>
> Sent by: ammulder@gmail.com
> 21/03/2006 08:25 AM
> Please respond to
> user@geronimo.apache.org
>
>
>
> To
> user@geronimo.apache.org
> cc
> Subject
> Re: JAAS configuration in geronimo
>
>
>
>
>
>
>
> The console does not yet let you specify a JAR where it should look
> for the login module code -- there's an outstanding JIRA issue for
> this.  So what you need to do is configure things in the console (but
> don't have it try a login), and then instead of deploying the security
> realm right there, have it generate a plan for you, put the
> <dependency> element David described into the plan (at the top, just
> inside the main element), and then save that to a file and deploy it
> on the command line like:
>
> java -jar bin/deployer.jar deploy my-security-plan.xml
>
> Thanks,
>    Aaron
>
> On 3/21/06, David Jencks <david_jencks@yahoo.com> wrote:
> >
> >
> > On Mar 20, 2006, at 6:50 PM, EricCho@kryos.com wrote:
> >
> > OK.....
> >
> > Since I've got a custom login module I've went ahead and packaged  
> the
> > module, callback, callbackHandler and principal into a jar and  
> threw it into
> > the /repository/login/thisSiteLoginCode-1.0.jar.
> >
> > Assuming this is the geronimo repository, it should be in
> > repository/login/jars/thisSiteLoginCode-1.0.jar
> >
> > The plan that defines the GenericSecurityRealm and the  
> LoginModule gbean
> > needs to include
> >
> > <dependency>
> >   <groupId>login</groupId>
> >   <artifactId>thisSiteLoginCode</artifactId>
> >   <version>1.0</version>
> > </dependency>
> >
> >
> >
> > Then I created a securty realm using the console defining, the  
> module class,
> > control flag to "requred", servier side to "servier side" and  
> "no" support
> > advanced mapping.
> >
> > Restarted the server and when I try a login, I get the following  
> exception:
> >
> > org.apache.geronimo.common.GeronimoSecurityException:
> > Unable to instantiate login module
> > at
> >  
> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration. 
> getLoginModule(JassLoginModuleConfiguration.java:71)
> > ........
> > further down:
> >
> > Caused by: java.lang.ClassNotFoundException:
> > com.company.site.jaas.siteLoginModule.......
> >
> > I checked the common libraries and the jar seems to be  
> there...... so what
> > am I missing.
> >
> >
> >
> > <snip>
> > I'm not exactly sure what the console does, so I recommend  
> checking the
> > plans it generates and posting them if the above doesn't work.
> >
> > thanks
> > david jencks
> >
> >
>
>


Mime
View raw message