Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 87060 invoked from network); 23 Mar 2006 22:26:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 23 Mar 2006 22:26:40 -0000 Received: (qmail 22515 invoked by uid 500); 23 Mar 2006 22:26:31 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 22481 invoked by uid 500); 23 Mar 2006 22:26:31 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 22466 invoked by uid 99); 23 Mar 2006 22:26:31 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Mar 2006 14:26:31 -0800 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=HTML_MESSAGE,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [208.38.20.230] (HELO frosty.kryos.com) (208.38.20.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Mar 2006 14:26:28 -0800 In-Reply-To: <210EE8FF-1E2D-41BB-B81C-851CD630A2DF@yahoo.com> To: user@geronimo.apache.org Subject: Re: JAAS configuration in geronimo MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.4 March 27, 2005 Message-ID: From: EricCho@kryos.com Date: Thu, 23 Mar 2006 15:26:06 -0700 X-MIMETrack: Serialize by Router on Frosty/Kryos(Release 6.0.2CF1|June 9, 2003) at 03/23/2006 03:26:27 PM, Serialize complete at 03/23/2006 03:26:27 PM Content-Type: multipart/alternative; boundary="=_alternative 007B3D2E8725713A_=" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N This is a multipart message in MIME format. --=_alternative 007B3D2E8725713A_= Content-Type: text/plain; charset="US-ASCII" Ok, I think I got it working. What I ended up doing was puting all the supporting JARs(ex spring.jar) into the /repository/login/jars/ directory. I renamed them so that they all have the version that geronimo looks for (ex. spring-1.0.jar). Then I went ahead and put the dependency of each jar in the geronimo-web.xml file. (I've listed it below). I've also JARed up all my class files and threw them into the same directory(thisSite-loginCode-1.0.jar). I'm not completely sure if I need those hidden file filters anymore...... So it looks like all the code that's being used by the application is from the dependencies aside from what's in the WebContent (jsf, jsp, css, images.....etc) Like I said, it works but I'm not sure its the best way of doing things. Alternatives are welcome (seems like a messy way of doing things). If not... this is my solution....minus some refactoring. Regards, Eric login thisSite-loginCode 1.0 login spring-mock 1.0 login spring 1.0 login jsf-impl 1.0 login jsf-api 1.0 login hibernate 3.0 login mail 1.0 login dom4j 1.6 login ehcache 1.1 login mysql-connector-java 3.1.11 login mysql-connector-java 3.1.11 login jstl 1.0 < dependency> login antlr 2.7.5H3

org.springframework.

antlr

javax.faces.el.

org.hibernate.

javax.mail.

net.sf.ehcache.

/thisSite

false

thisSite

geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo

geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService

thisSite

com.company.thisSite.jaas. thisSiteLoginModule

David Jencks 23/03/2006 02:54 PM Please respond to user@geronimo.apache.org To user@geronimo.apache.org cc Subject Re: JAAS configuration in geronimo On Mar 23, 2006, at 10:15 AM, EricCho@kryos.com wrote: I've now packaged all my classes in the JAR file which is supposed to contain only my login code. But now it's complaining that it can't find any of the spring classes. So, does this mean I should package the spring, hibernate and all the other jars within this thisSiteLoginCode-1.0.jar OR Does that mean I should rename the supporting jars (ex spring-1.0.jar) and put them in the /repository/login/jars/ directory? Then put each of them as a dependency above the Login code dependency? OR Is there something else I should be doing? Probably, but it's difficult to tell what without knowing more about what you are doing now. Can you post your geronimo plan? thanks david jencks Thanks again, Eric David Jencks 22/03/2006 12:16 PM Please respond to user@geronimo.apache.org To user@geronimo.apache.org cc Subject Re: JAAS configuration in geronimo On Mar 22, 2006, at 9:46 AM, EricCho@kryos.com wrote: Hi David, Thanks for the help..... but as with most things....."2 steps forward... 1 step back" As you suggested, I put the security gbean at the end of my web deploy plan (geronimo-web.xml) and I put the login dependency at the top of the web app plan since it is just a single web app. This surely beats having a separate deploy plan for the security realm. At any rate, now when I attempt to go to the login page I get a series of NoClassDefFoundErrors. I figure its because the class doesn't exist in the JAR file. So, I tried adding the class it's complaining about into the JAR, but after every addition, it complains about another. Shouldn't it be looking for the class in the WAR if it doesn't find it in the dependent JAR? It should, but due to the way the web classloaders in 1.0 and trunk work, it won't :-( This is fixed in the (currently taken apart into small pieces spread all over the floor, i.e. not working) 1.1 branch. Do you recommend I just JAR up all the classes? yes, at least until 1.1 is available. Note: I do have the context priority classloader set to false in the web deploy plan. That's probably going to help things work :-) thanks david jencks Thanks again, Eric David Jencks 21/03/2006 12:32 PM Please respond to user@geronimo.apache.org To user@geronimo.apache.org cc Subject Re: JAAS configuration in geronimo On Mar 21, 2006, at 10:40 AM, EricCho@kryos.com wrote: Thanks guys, I think I've made some headway.... although I'm still having problems. Here's the latest..... In the thisSiteLoginCode-1.0.jar I have the loginModule and custom userCallback classes (and a custom exception). In my custom loginModule, I create a callback array: Callback[] callbacks = new Callback[3]; callbacks[0] = new NameCallback("Enter user name"); callbacks[1] = new PasswordCallback("Enter password",true); callbacks[2] = new UserCallback(); then I ask the callbackHandler to handle it.... callBackHandler.handle(callbacks); Then it goes into the loginCallBackHandler and I iterate through the callback array for (int i=0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { ((NameCallback)callbacks[i]).setName(getEmail()); } else if (callbacks[i] instanceof PasswordCallback) { blah blah } else if (callbacks[i] instanceof UserCallback) { ((UserCallback) callbacks[i]).setUser(retrievedUser); } else { throw new UnsupportedCallbackException(callbacks[i]); } } It gets through i = 0 , then i=1 but when i =2 it seems as though "callbacks[2] instanceof UserCallback" doesn't work. I put some debug code in there (System.out.println(callbacks[2].toString());) and it does show the appropriate class name. So, I'm wondering if perhaps when the original UserCallback was instantiated and put into the callbacks array, it was the class from the separated jar file. And now when it does the instanceof, is it possible that it's referencing the UserCallback in the packaged WAR file? yes, that is definitely a possibility. If you have contextPriorityClassloading=true (I think that's the default) that is almost certainly happening. Has anyone else had a problem with this? yes, in various ways. At least some fixes for it will be in 1.1. Should I not be including the JARed classes in the WAR? I think that will help a lot. I'm not exactly sure how many plans/configurations/application parts you have here. If you have a single web app what I would do is combine everything into one plan: take the gbean configurations out of the console-generated plan and put them at the end of your web app plan, and put the dependency at the beginning of your web app plan, and take the login module jar out of the WEB-INF/lib. This should make very sure that you login module classes are only loaded in one classloader. If this is not practical, you need to make sure that the login configuration is loaded as a parent of your application. You can do this by including something like foo bar 42 where the login configuration has configId="foo/bar/42/car" You can probably see why I think having only one plan is simpler :-) I hope the syntax here is sufficiently accurate, I've been immersed in 1.1 where we have significantly changed the syntax.... hope this helps david jencks Thanks, Eric "Aaron Mulder" Sent by: ammulder@gmail.com 21/03/2006 08:25 AM Please respond to user@geronimo.apache.org To user@geronimo.apache.org cc Subject Re: JAAS configuration in geronimo The console does not yet let you specify a JAR where it should look for the login module code -- there's an outstanding JIRA issue for this. So what you need to do is configure things in the console (but don't have it try a login), and then instead of deploying the security realm right there, have it generate a plan for you, put the element David described into the plan (at the top, just inside the main element), and then save that to a file and deploy it on the command line like: java -jar bin/deployer.jar deploy my-security-plan.xml Thanks, Aaron On 3/21/06, David Jencks wrote: > > > On Mar 20, 2006, at 6:50 PM, EricCho@kryos.com wrote: > > OK..... > > Since I've got a custom login module I've went ahead and packaged the > module, callback, callbackHandler and principal into a jar and threw it into > the /repository/login/thisSiteLoginCode-1.0.jar. > > Assuming this is the geronimo repository, it should be in > repository/login/jars/thisSiteLoginCode-1.0.jar > > The plan that defines the GenericSecurityRealm and the LoginModule gbean > needs to include > > > login > thisSiteLoginCode > 1.0 > > > > > Then I created a securty realm using the console defining, the module class, > control flag to "requred", servier side to "servier side" and "no" support > advanced mapping. > > Restarted the server and when I try a login, I get the following exception: > > org.apache.geronimo.common.GeronimoSecurityException: > Unable to instantiate login module > at > org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration.getLoginModule(JassLoginModuleConfiguration.java:71) > ........ > further down: > > Caused by: java.lang.ClassNotFoundException: > com.company.site.jaas.siteLoginModule....... > > I checked the common libraries and the jar seems to be there...... so what > am I missing. > > > > > I'm not exactly sure what the console does, so I recommend checking the > plans it generates and posting them if the above doesn't work. > > thanks > david jencks > > --=_alternative 007B3D2E8725713A_= Content-Type: text/html; charset="US-ASCII"
Ok, I think I got it working.

What I ended up doing was puting all the supporting JARs(ex spring.jar) into the /repository/login/jars/ directory. I renamed them so that they all have the version that geronimo looks for (ex. spring-1.0.jar). Then I went ahead and put the dependency of each jar in the geronimo-web.xml file. (I've listed it below).

I've also JARed up all my class files and threw them into the same directory(thisSite-loginCode-1.0.jar).

I'm not completely sure if I need those hidden file filters anymore......

So it looks like all the code that's being used by the application is from the dependencies aside from what's in the WebContent (jsf, jsp, css, images.....etc)

Like I said, it works but I'm not sure its the best way of doing things. Alternatives are welcome (seems like a messy way of doing things). If not... this is my solution....minus some refactoring.

Regards,
Eric

<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0" configId="thisSite">

<dependency>
<groupId>login</groupId>
<artifactId>thisSite-loginCode</artifactId>
<version>1.0</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>spring-mock</artifactId>
<version>1.0</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>spring</artifactId>
<version>1.0</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>jsf-impl</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>login</groupId>
<artifactId>jsf-api</artifactId>
<version>1.0</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>hibernate</artifactId>
<version>3.0</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>mail</artifactId>
<version>1.0</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>dom4j</artifactId>
<version>1.6</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>ehcache</artifactId>
<version>1.1</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>3.1.11</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>3.1.11</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>jstl</artifactId>
<version>1.0</version>
</dependency>

<dependency>
<groupId>login</groupId>
<artifactId>antlr</artifactId>
<version>2.7.5H3</version>
</dependency>

<hidden-classes><filter>org.springframework.</filter></hidden-classes>
<hidden-classes><filter>antlr</filter></hidden-classes>
<hidden-classes>
<filter>javax.faces.el.</filter>
</hidden-classes>
<hidden-classes>
<filter>org.hibernate.</filter>
</hidden-classes>
<hidden-classes>
<filter>javax.mail.</filter>
</hidden-classes>
<hidden-classes>
<filter>net.sf.ehcache.</filter>
</hidden-classes>

<context-root>/thisSite</context-root>
<context-priority-classloader>false</context-priority-classloader>

<gbean name="thisSite" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">thisSite</attribute>
<reference name="ServerInfo">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginService">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
</reference>

<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
<log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
<log:login-domain-name>thisSite</log:login-domain-name>
<log:login-module-class>com.company.thisSite.jaas.thisSiteLoginModule</log:login-module-class>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>

</web-app>

David Jencks <david_jencks@yahoo.com>

23/03/2006 02:54 PM

Please respond to
user@geronimo.apache.org

To	user@geronimo.apache.org
cc
Subject	Re: JAAS configuration in geronimo

On Mar 23, 2006, at 10:15 AM, EricCho@kryos.com wrote:

I've now packaged all my classes in the JAR file which is supposed to contain only my login code.
But now it's complaining that it can't find any of the spring classes.

So, does this mean I should package the spring, hibernate and all the other jars within this thisSiteLoginCode-1.0.jar

OR

Does that mean I should rename the supporting jars (ex spring-1.0.jar) and put them in the /repository/login/jars/ directory? Then put each of them as a dependency above the Login code dependency?

OR

Is there something else I should be doing?

Probably, but it's difficult to tell what without knowing more about what you are doing now. Can you post your geronimo plan?

thanks
david jencks

Thanks again,
Eric

David Jencks <david_jencks@yahoo.com>

22/03/2006 12:16 PM

Please respond to
user@geronimo.apache.org

To	user@geronimo.apache.org
cc
Subject	Re: JAAS configuration in geronimo

On Mar 22, 2006, at 9:46 AM, EricCho@kryos.com wrote:

Hi David,

Thanks for the help..... but as with most things....."2 steps forward... 1 step back"

As you suggested, I put the security gbean at the end of my web deploy plan (geronimo-web.xml) and I put the login dependency at the top of the web app plan since it is just a single web app.
This surely beats having a separate deploy plan for the security realm.

At any rate, now when I attempt to go to the login page I get a series of NoClassDefFoundErrors. I figure its because the class doesn't exist in the JAR file. So, I tried adding the class it's complaining about into the JAR, but after every addition, it complains about another. Shouldn't it be looking for the class in the WAR if it doesn't find it in the dependent JAR?

It should, but due to the way the web classloaders in 1.0 and trunk work, it won't :-( This is fixed in the (currently taken apart into small pieces spread all over the floor, i.e. not working) 1.1 branch.

Do you recommend I just JAR up all the classes?

yes, at least until 1.1 is available.
Note: I do have the context priority classloader set to false in the web deploy plan.

That's probably going to help things work :-)

thanks
david jencks

Thanks again,
Eric

David Jencks <david_jencks@yahoo.com>

21/03/2006 12:32 PM

Please respond to
user@geronimo.apache.org

To	user@geronimo.apache.org
cc
Subject	Re: JAAS configuration in geronimo

On Mar 21, 2006, at 10:40 AM, EricCho@kryos.com wrote:

Thanks guys,

I think I've made some headway.... although I'm still having problems.
Here's the latest.....

In the thisSiteLoginCode-1.0.jar I have the loginModule and custom userCallback classes (and a custom exception).

In my custom loginModule, I create a callback array:
Callback[] callbacks = new Callback[3];
callbacks[0] = new NameCallback("Enter user name");
callbacks[1] = new PasswordCallback("Enter password",true);
callbacks[2] = new UserCallback();

then I ask the callbackHandler to handle it....

callBackHandler.handle(callbacks);

Then it goes into the loginCallBackHandler and I iterate through the callback array
for (int i=0; i < callbacks.length; i++)
{
if (callbacks[i] instanceof NameCallback)
{
((NameCallback)callbacks[i]).setName(getEmail());
}
else if (callbacks[i] instanceof PasswordCallback)
{
blah blah

}
else if (callbacks[i] instanceof UserCallback)
{
((UserCallback) callbacks[i]).setUser(retrievedUser);
}
else
{
throw new UnsupportedCallbackException(callbacks[i]);
}
}

It gets through i = 0 , then i=1 but when i =2 it seems as though "callbacks[2] instanceof UserCallback" doesn't work.

I put some debug code in there (System.out.println(callbacks[2].toString());) and it does show the appropriate class name.

So, I'm wondering if perhaps when the original UserCallback was instantiated and put into the callbacks array, it was the class from the separated jar file. And now when it does the instanceof, is it possible that it's referencing the UserCallback in the packaged WAR file?

yes, that is definitely a possibility. If you have contextPriorityClassloading=true (I think that's the default) that is almost certainly happening.
Has anyone else had a problem with this?

yes, in various ways. At least some fixes for it will be in 1.1.
Should I not be including the JARed classes in the WAR?

I think that will help a lot. I'm not exactly sure how many plans/configurations/application parts you have here. If you have a single web app what I would do is combine everything into one plan: take the gbean configurations out of the console-generated plan and put them at the end of your web app plan, and put the dependency at the beginning of your web app plan, and take the login module jar out of the WEB-INF/lib. This should make very sure that you login module classes are only loaded in one classloader.

If this is not practical, you need to make sure that the login configuration is loaded as a parent of your application. You can do this by including something like

<import>
<groupId>foo</groupId>
<artifactId>bar</artifactId>
<version>42</version>
</import>

where the login configuration has configId="foo/bar/42/car"

You can probably see why I think having only one plan is simpler :-)

I hope the syntax here is sufficiently accurate, I've been immersed in 1.1 where we have significantly changed the syntax....

hope this helps
david jencks

Thanks,
Eric

"Aaron Mulder" <ammulder@alumni.princeton.edu>
Sent by: ammulder@gmail.com

21/03/2006 08:25 AM

Please respond to
user@geronimo.apache.org

To	user@geronimo.apache.org
cc
Subject	Re: JAAS configuration in geronimo

The console does not yet let you specify a JAR where it should look for the login module code -- there's an outstanding JIRA issue for this. So what you need to do is configure things in the console (but don't have it try a login), and then instead of deploying the security realm right there, have it generate a plan for you, put the <dependency> element David described into the plan (at the top, just inside the main element), and then save that to a file and deploy it on the command line like: java -jar bin/deployer.jar deploy my-security-plan.xml Thanks, Aaron On 3/21/06, David Jencks <david_jencks@yahoo.com> wrote: > > > On Mar 20, 2006, at 6:50 PM,EricCho@kryos.comwrote: > > OK..... > > Since I've got a custom login module I've went ahead and packaged the > module, callback, callbackHandler and principal into a jar and threw it into > the /repository/login/thisSiteLoginCode-1.0.jar. > > Assuming this is the geronimo repository, it should be in > repository/login/jars/thisSiteLoginCode-1.0.jar > > The plan that defines the GenericSecurityRealm and the LoginModule gbean > needs to include > > <dependency> > <groupId>login</groupId> > <artifactId>thisSiteLoginCode</artifactId> > <version>1.0</version> > </dependency> > > > > Then I created a securty realm using the console defining, the module class, > control flag to "requred", servier side to "servier side" and "no" support > advanced mapping. > > Restarted the server and when I try a login, I get the following exception: > > org.apache.geronimo.common.GeronimoSecurityException: > Unable to instantiate login module > at > org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration.getLoginModule(JassLoginModuleConfiguration.java:71) > ........ > further down: > > Caused by: java.lang.ClassNotFoundException: > com.company.site.jaas.siteLoginModule....... > > I checked the common libraries and the jar seems to be there...... so what > am I missing. > > > > <snip> > I'm not exactly sure what the console does, so I recommend checking the > plans it generates and posting them if the above doesn't work. > > thanks > david jencks > >

--=_alternative 007B3D2E8725713A_=--