geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Ruebsam <mario.rueb...@googlemail.com>
Subject Re: Deploying EAR which has been already deployed in JBoss 4.0.4
Date Wed, 26 Jul 2006 16:19:22 GMT
The geronimo-web-*.xml content was changing during your posts, so I saw only the
<security-realm-name> element.

The error message "Qualifier patterns in the URLPatternSpec cannot match the 
first URLPattern" is from the javax.security.jacc.URLPatternSpec class.

So this Problem depends on your security settings for the web app.
I don't know what changed from 1.0 to 1.1. I only know the 1.0 documentation
here:
http://cwiki.apache.org/GMOxDOC10/deploying-secure-applications.html#Deployingsecureapplications-ExampleoftheWebapplicationdeploymentwithwebcontainerneutralschema

I tried your settings below and deployed without a problem.
Maybe you have some problems with the namespace or you have
conflicting settings between the geronimo-application.xml and
the geronimo-web-*.xml files. Can you try to set the security
namespace explicit?

   <security-realm-name>geronimo-properties-realm</security-realm-name>
   <security:security
       xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1">

       <security:default-principal>
          <security:principal name="anonymous"
 
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
       </security:default-principal>

       <security:role-mappings>
          <security:role role-name="admin">
            <security:principal name="administrators" designated-run-as="true"
 
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>

            <security:principal name="root"
 
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
          </security:role>
       </security:role-mappings>
  </security:security>

Thanks, Mario


mika wrote:
>> Can you comment out the 
>> <security-realm-name>geronimo-properties-realm</security-realm-name>
>> element as suggested before, in your geronimo-web.*.xml not the standard
>> web.xml ?
>>
>>
>> Thanks,
>> Mario
> 
> I did so...
> If only the security-realm-name sections were commited out, following stack trace occurs:
> 
> Using GERONIMO_BASE:   C:\ApplicationServers\geronimo-1.1
> Using GERONIMO_HOME:   C:\ApplicationServers\geronimo-1.1
> Using GERONIMO_TMPDIR: C:\ApplicationServers\geronimo-1.1\var\temp
> Using JRE_HOME:        C:\Programme\Java\jre1.5.0_06
>     Error: Unable to distribute connector.ear: xml problem for web
>     app ccserver.war
> 
>     	Invalid deployment descriptor: [error: cvc-complex-type.2.4a:
>     Expected elements
>     'web-container@http://geronimo.apache.org/xml/ns/naming-1.1
>     host@http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.1
>     virtual-host@http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.1
>     session-manager@http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.1
>     gbean-ref@http://geronimo.apache.org/xml/ns/naming-1.1
>     ejb-ref@http://geronimo.apache.org/xml/ns/naming-1.1
>     ejb-local-ref@http://geronimo.apache.org/xml/ns/naming-1.1
>     service-ref@http://geronimo.apache.org/xml/ns/naming-1.1
>     resource-ref@http://geronimo.apache.org/xml/ns/naming-1.1
>     resource-env-ref@http://geronimo.apache.org/xml/ns/naming-1.1
>     message-destination@http://geronimo.apache.org/xml/ns/naming-1.1
>     security-realm-name@http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.1
>     gbean@http://geronimo.apache.org/xml/ns/deployment-1.1' instead of
>     'security@http://geronimo.apache.org/xml/ns/security-1.1' here]
> 
>     Descriptor: <xml-fragment
>     xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1"
>     xmlns:jet="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.1"
>     xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1"
>     xmlns:nam="http://geronimo.apache.org/xml/ns/naming-1.1">
> 
>       <dep:environment>
> 
>         <dep:moduleId>
> 
>           <dep:groupId>com.myapps</dep:groupId>
> 
>           <dep:artifactId>ccserver</dep:artifactId>
> 
>           <dep:version>1.0</dep:version>
> 
>           <dep:type>war</dep:type>
> 
>         </dep:moduleId>
> 
>       </dep:environment>
> 
>       <jet:context-root>/connector</jet:context-root>
> 
>      
>     <!--<security-realm-name>geronimo-properties-realm</security-realm-name>-->
> 
>       <sec:security>
> 
>         <sec:default-principal>
> 
>           <sec:principal name="anonymous"
>     class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
> 
>         </sec:default-principal>
> 
>         <sec:role-mappings>
> 
>           <sec:role role-name="AdminRole">
> 
>             <sec:principal name="administrators"
>     designated-run-as="true"
>     class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
> 
>             <sec:principal name="root"
>     class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
> 
>           </sec:role>
> 
>         </sec:role-mappings>
> 
>       </sec:security>
> 
>       <nam:ejb-ref>
> 
>         <nam:ref-name>ejb/clientInterface</nam:ref-name>
> 
>         <nam:pattern>
> 
>           <nam:artifactId>ejb</nam:artifactId>
> 
>           <nam:name>ClientInterfaceJAR/EJBClientInterfaceEJB</nam:name>
> 
>         </nam:pattern>
> 
>       </nam:ejb-ref>
> 
>     </xml-fragment>
> 
> #########################################################################
> 
> Next I commited the security section out, too. Then these errors occured.
> 
> Using GERONIMO_BASE:   C:\ApplicationServers\geronimo-1.1
> Using GERONIMO_HOME:   C:\ApplicationServers\geronimo-1.1
> Using GERONIMO_TMPDIR: C:\ApplicationServers\geronimo-1.1\var\temp
> Using JRE_HOME:        C:\Programme\Java\jre1.5.0_06
>     Error: Unable to distribute connector.ear: web.xml for web app
>     ccserver.war includes security elements but Geronimo deployment plan
>     is not provided or does not contain <security-realm-name> element
>     necessary to configure security accordingly.
> 
> 
> This means in my opinion, that the security-elements in web.xml should also been commited
out... Am I right?
> 
> Thanks a lot for good deals of trouble,
> mika


Mime
View raw message