Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 98659 invoked from network); 22 Mar 2006 17:47:18 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 22 Mar 2006 17:47:18 -0000 Received: (qmail 40239 invoked by uid 500); 22 Mar 2006 17:47:15 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 40211 invoked by uid 500); 22 Mar 2006 17:47:15 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 40194 invoked by uid 99); 22 Mar 2006 17:47:15 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Mar 2006 09:47:15 -0800 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=HTML_MESSAGE,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [208.38.20.230] (HELO frosty.kryos.com) (208.38.20.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Mar 2006 09:47:13 -0800 In-Reply-To: <5F194698-A953-40C0-BE53-41E79D8F33C5@yahoo.com> To: user@geronimo.apache.org Subject: Re: JAAS configuration in geronimo MIME-Version: 1.0 X-Mailer: Lotus Notes Release 6.5.4 March 27, 2005 Message-ID: From: EricCho@kryos.com Date: Wed, 22 Mar 2006 10:46:51 -0700 X-MIMETrack: Serialize by Router on Frosty/Kryos(Release 6.0.2CF1|June 9, 2003) at 03/22/2006 10:47:13 AM, Serialize complete at 03/22/2006 10:47:13 AM Content-Type: multipart/alternative; boundary="=_alternative 0061AC3087257139_=" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N This is a multipart message in MIME format. --=_alternative 0061AC3087257139_= Content-Type: text/plain; charset="US-ASCII" Hi David, Thanks for the help..... but as with most things....."2 steps forward... 1 step back" As you suggested, I put the security gbean at the end of my web deploy plan (geronimo-web.xml) and I put the login dependency at the top of the web app plan since it is just a single web app. This surely beats having a separate deploy plan for the security realm. At any rate, now when I attempt to go to the login page I get a series of NoClassDefFoundErrors. I figure its because the class doesn't exist in the JAR file. So, I tried adding the class it's complaining about into the JAR, but after every addition, it complains about another. Shouldn't it be looking for the class in the WAR if it doesn't find it in the dependent JAR? Do you recommend I just JAR up all the classes? Note: I do have the context priority classloader set to false in the web deploy plan. Thanks again, Eric David Jencks 21/03/2006 12:32 PM Please respond to user@geronimo.apache.org To user@geronimo.apache.org cc Subject Re: JAAS configuration in geronimo On Mar 21, 2006, at 10:40 AM, EricCho@kryos.com wrote: Thanks guys, I think I've made some headway.... although I'm still having problems. Here's the latest..... In the thisSiteLoginCode-1.0.jar I have the loginModule and custom userCallback classes (and a custom exception). In my custom loginModule, I create a callback array: Callback[] callbacks = new Callback[3]; callbacks[0] = new NameCallback("Enter user name"); callbacks[1] = new PasswordCallback("Enter password",true); callbacks[2] = new UserCallback(); then I ask the callbackHandler to handle it.... callBackHandler.handle(callbacks); Then it goes into the loginCallBackHandler and I iterate through the callback array for (int i=0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { ((NameCallback)callbacks[i]).setName(getEmail()); } else if (callbacks[i] instanceof PasswordCallback) { blah blah } else if (callbacks[i] instanceof UserCallback) { ((UserCallback) callbacks[i]).setUser(retrievedUser); } else { throw new UnsupportedCallbackException(callbacks[i]); } } It gets through i = 0 , then i=1 but when i =2 it seems as though "callbacks[2] instanceof UserCallback" doesn't work. I put some debug code in there (System.out.println(callbacks[2].toString());) and it does show the appropriate class name. So, I'm wondering if perhaps when the original UserCallback was instantiated and put into the callbacks array, it was the class from the separated jar file. And now when it does the instanceof, is it possible that it's referencing the UserCallback in the packaged WAR file? yes, that is definitely a possibility. If you have contextPriorityClassloading=true (I think that's the default) that is almost certainly happening. Has anyone else had a problem with this? yes, in various ways. At least some fixes for it will be in 1.1. Should I not be including the JARed classes in the WAR? I think that will help a lot. I'm not exactly sure how many plans/configurations/application parts you have here. If you have a single web app what I would do is combine everything into one plan: take the gbean configurations out of the console-generated plan and put them at the end of your web app plan, and put the dependency at the beginning of your web app plan, and take the login module jar out of the WEB-INF/lib. This should make very sure that you login module classes are only loaded in one classloader. If this is not practical, you need to make sure that the login configuration is loaded as a parent of your application. You can do this by including something like foo bar 42 where the login configuration has configId="foo/bar/42/car" You can probably see why I think having only one plan is simpler :-) I hope the syntax here is sufficiently accurate, I've been immersed in 1.1 where we have significantly changed the syntax.... hope this helps david jencks Thanks, Eric "Aaron Mulder" Sent by: ammulder@gmail.com 21/03/2006 08:25 AM Please respond to user@geronimo.apache.org To user@geronimo.apache.org cc Subject Re: JAAS configuration in geronimo The console does not yet let you specify a JAR where it should look for the login module code -- there's an outstanding JIRA issue for this. So what you need to do is configure things in the console (but don't have it try a login), and then instead of deploying the security realm right there, have it generate a plan for you, put the element David described into the plan (at the top, just inside the main element), and then save that to a file and deploy it on the command line like: java -jar bin/deployer.jar deploy my-security-plan.xml Thanks, Aaron On 3/21/06, David Jencks wrote: > > > On Mar 20, 2006, at 6:50 PM, EricCho@kryos.com wrote: > > OK..... > > Since I've got a custom login module I've went ahead and packaged the > module, callback, callbackHandler and principal into a jar and threw it into > the /repository/login/thisSiteLoginCode-1.0.jar. > > Assuming this is the geronimo repository, it should be in > repository/login/jars/thisSiteLoginCode-1.0.jar > > The plan that defines the GenericSecurityRealm and the LoginModule gbean > needs to include > > > login > thisSiteLoginCode > 1.0 > > > > > Then I created a securty realm using the console defining, the module class, > control flag to "requred", servier side to "servier side" and "no" support > advanced mapping. > > Restarted the server and when I try a login, I get the following exception: > > org.apache.geronimo.common.GeronimoSecurityException: > Unable to instantiate login module > at > org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration.getLoginModule(JassLoginModuleConfiguration.java:71) > ........ > further down: > > Caused by: java.lang.ClassNotFoundException: > com.company.site.jaas.siteLoginModule....... > > I checked the common libraries and the jar seems to be there...... so what > am I missing. > > > > > I'm not exactly sure what the console does, so I recommend checking the > plans it generates and posting them if the above doesn't work. > > thanks > david jencks > > --=_alternative 0061AC3087257139_= Content-Type: text/html; charset="US-ASCII"
Hi David,

Thanks for the help..... but as with most things....."2 steps forward... 1 step back"

As you suggested, I put the security gbean at the end of my web deploy plan (geronimo-web.xml) and I put the login dependency at the top of the web app plan since it is just a single web app.
This surely beats having a separate deploy plan for the security realm.

At any rate, now when I attempt to go to the login page I get a series of NoClassDefFoundErrors.  I figure its because the class doesn't exist in the JAR file.  So, I tried adding the class it's complaining about into the JAR, but after every addition, it complains about another.  Shouldn't it be looking for the class in the WAR if it doesn't find it in the dependent JAR?

Do you recommend I just JAR up all the classes?  

Note: I do have the context priority classloader set to false in the web deploy plan.

Thanks again,
Eric




David Jencks <david_jencks@yahoo.com>

21/03/2006 12:32 PM
Please respond to
user@geronimo.apache.org
To
user@geronimo.apache.org
cc
Subject
Re: JAAS configuration in geronimo






On Mar 21, 2006, at 10:40 AM, EricCho@kryos.com wrote:


Thanks guys,

I think I've made some headway.... although I'm still having problems.
Here's the latest.....

In the thisSiteLoginCode-1.0.jar I have the loginModule and custom userCallback classes (and a custom exception).

In my custom loginModule, I create a callback array:
        Callback[] callbacks = new Callback[3];
        callbacks[0] = new NameCallback("Enter user name");
        callbacks[1] = new PasswordCallback("Enter password",true);
        callbacks[2] = new UserCallback();

then I ask the callbackHandler to handle it....

callBackHandler.handle(callbacks);

Then it goes into the loginCallBackHandler and I iterate through the callback array
    for (int i=0; i < callbacks.length; i++)
    {
        if (callbacks[i] instanceof NameCallback)
        {
            ((NameCallback)callbacks[i]).setName(getEmail());
        }
        else if (callbacks[i] instanceof PasswordCallback)
        {
        blah blah

        }
       else if (callbacks[i] instanceof UserCallback)
        {
        ((UserCallback) callbacks[i]).setUser(retrievedUser);
     }
        else
        {
            throw new UnsupportedCallbackException(callbacks[i]);
        }
}


It gets through i = 0 , then i=1 but when i =2 it seems as though "callbacks[2] instanceof UserCallback" doesn't work.

I put some debug code in there (System.out.println(callbacks[2].toString());) and it does show the appropriate class name.  

So, I'm wondering if perhaps when the original UserCallback was instantiated and put into the callbacks array, it was the class from the separated jar file.  And now when it does the instanceof, is it possible that it's referencing the UserCallback in the packaged WAR file?

yes, that is definitely a possibility.  If you have contextPriorityClassloading=true (I think that's the default) that is almost certainly happening.
Has anyone else had a problem with this?

yes, in various ways.  At least some fixes for it will be in 1.1.
 Should I not be including the JARed classes in the WAR?

I think that will help a lot.  I'm not exactly sure how many plans/configurations/application parts you have here.  If you have a single web app  what I would do is combine everything into one plan: take the gbean configurations out of the console-generated plan and put them at the end of your web app plan, and put the dependency at the beginning of your web app plan, and take the login module jar out of the WEB-INF/lib.  This should make very sure that you login module classes are only loaded in one classloader.

If this is not practical, you need to make sure that the login configuration is loaded as a parent of your application.  You can do this by including something like

<import>
  <groupId>foo</groupId>
  <artifactId>bar</artifactId>
  <version>42</version>
</import>

where the login configuration has configId="foo/bar/42/car"

You can probably see why I think having only one plan is simpler :-)

I hope the syntax here is sufficiently accurate, I've been immersed in 1.1 where we have significantly changed the syntax....

hope this helps
david jencks


Thanks,
Eric



"Aaron Mulder" <ammulder@alumni.princeton.edu>
Sent by: ammulder@gmail.com

21/03/2006 08:25 AM
Please respond to
user@geronimo.apache.org
To
user@geronimo.apache.org
cc
Subject
Re: JAAS configuration in geronimo







The console does not yet let you specify a JAR where it should look
for the login module code -- there's an outstanding JIRA issue for
this.  So what you need to do is configure things in the console (but
don't have it try a login), and then instead of deploying the security
realm right there, have it generate a plan for you, put the
<dependency> element David described into the plan (at the top, just
inside the main element), and then save that to a file and deploy it
on the command line like:

java -jar bin/deployer.jar deploy my-security-plan.xml

Thanks,
   Aaron

On 3/21/06, David Jencks <david_jencks@yahoo.com> wrote:
>
>
> On Mar 20, 2006, at 6:50 PM, EricCho@kryos.com wrote:
>
> OK.....
>
> Since I've got a custom login module I've went ahead and packaged the
> module, callback, callbackHandler and principal into a jar and threw it into
> the /repository/login/thisSiteLoginCode-1.0.jar.
>
> Assuming this is the geronimo repository, it should be in
> repository/login/jars/thisSiteLoginCode-1.0.jar
>
> The plan that defines the GenericSecurityRealm and the LoginModule gbean
> needs to include
>
> <dependency>
>   <groupId>login</groupId>
>   <artifactId>thisSiteLoginCode</artifactId>
>   <version>1.0</version>
> </dependency>
>
>
>
> Then I created a securty realm using the console defining, the module class,
> control flag to "requred", servier side to "servier side" and "no" support
> advanced mapping.
>
> Restarted the server and when I try a login, I get the following exception:
>
> org.apache.geronimo.common.GeronimoSecurityException:
> Unable to instantiate login module
> at
> org.apache.geronimo.security.jaas.server.JaasLoginModuleConfiguration.getLoginModule(JassLoginModuleConfiguration.java:71)
> ........
> further down:
>
> Caused by: java.lang.ClassNotFoundException:
> com.company.site.jaas.siteLoginModule.......
>
> I checked the common libraries and the jar seems to be there...... so what
> am I missing.
>
>
>
> <snip>
> I'm not exactly sure what the console does, so I recommend checking the
> plans it generates and posting them if the above doesn't work.
>
> thanks
> david jencks
>
>

--=_alternative 0061AC3087257139_=--