geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Geronimo not found at login subject for Jackrabbit JCA.
Date Sat, 08 Nov 2008 17:26:19 GMT

On Nov 8, 2008, at 2:27 AM, Markku Saarela wrote:

> Here is configuration documentation:
> http://jackrabbit.apache.org/jackrabbit-configuration.html#JackrabbitConfiguration-Securityconfiguration
>
> After read this documentation i thought that i do not need to use  
> jaas, but now i realize that there is jaas available and in geronimo- 
> ra.xml i found element <container-managed-security /> so i'm  
> actually using container managed security.
>
> So how to configure that (geronimo documentation is little bit  
> confusing)?

I looked around the somewhat confusingly organized jackrabbit svn  
(j2ca stuff seems to be present only in branches???) and found http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca

  which seems like it might bear some resemblance to the code you are  
using.  This code does not support container managed security at all.   
Unless you want to add this capability to jackrabbit you need to stop  
configuring container managed security in your geronimo plan.

If you do want to add this capability to jackrabbit, the place to  
start is in http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca/src/main/java/org/apache/jackrabbit/jca/JCAManagedConnectionFactory.java?annotate=703899

162 : 	  	  	 public ManagedConnection createManagedConnection(Subject  
subject, ConnectionRequestInfo cri)
163 : 	  	  	throws ResourceException {
164 : 	dpfister 	510465 	
165 : 	  	  	if (cri == null) {
166 : 	  	  	return new AnonymousConnection();
167 : 	  	  	}
168 : 	dpfister 	230772 	return  
createManagedConnection((JCAConnectionRequestInfo) cri);
169 : 	  	  	}


and

182 : 	  	  	 public ManagedConnection matchManagedConnections(Set  
set, Subject subject, ConnectionRequestInfo cri)
183 : 	  	  	throws ResourceException {
184 : 	  	  	for (Iterator i = set.iterator(); i.hasNext();) {
185 : 	  	  	Object next = i.next();
186 : 	  	  	
187 : 	  	  	if (next instanceof JCAManagedConnection) {
188 : 	  	  	JCAManagedConnection mc = (JCAManagedConnection) next;
189 : 	  	  	if (equals(mc.getManagedConnectionFactory())) {
190 : 	  	  	JCAConnectionRequestInfo otherCri =  
mc.getConnectionRequestInfo();
191 : 	  	  	if (equals(cri, otherCri)) {
192 : 	  	  	return mc;
193 : 	  	  	}
194 : 	  	  	}
195 : 	  	  	}
196 : 	  	  	}
197 : 	  	  	
198 : 	  	  	return null;
199 : 	  	  	}


where the Subject supplied from container managed security is ignored.

Out of curiousity, does jackrabbit run in-vm or are connections to a  
remote server?  If in-vm it might be better to run with pooling turned  
off as it is likely that creating a new managed connection is lighter  
weight than the synchronization involved in pooling existing  
connections.

thanks
david jencks



>
>
> - markku
>
> David Jencks wrote:
>> Could you point to some documentation on the JCARepositoryHandle   
>> and the ra.xml for this connector?
>>
>> For container managed security you need to use something like the  
>> plugins/connector/geronimo-connector/src/main/java/org/apache/ 
>> geronimo/connector/outbound/security/ 
>> CallerIdentityPasswordCredentialLoginModule.java which you can  
>> deploy in a JAAS configuration using the  
>> PasswordCredentialLoginModuleWrapperGBean.java
>>
>> Since you are trying to supply the credentials in what appears to  
>> be a "get connection" call I wonder if you actually want container  
>> managed security?
>>
>> thanks
>> david jencks
>>
>>
>> On Nov 7, 2008, at 11:17 PM, Markku Saarela wrote:
>>
>>> Hi,
>>>
>>> Jackrabbit 1.4 (1.4.1 core)  JCA deployed to Geronimo 2.1.1. Web  
>>> application or ejb session bean  failed with repository login.  
>>> InitialContext lookup find Repository but calling  
>>> repository.login( new SimpleCredentials( "system",  
>>> "manager".toCharArray() ) ); method results exception:
>>>
>>> Caused by: javax.resource.ResourceException: No subject for  
>>> container managed security
>>>     at  
>>> org 
>>> .apache 
>>> .geronimo 
>>> .connector 
>>> .outbound.SubjectInterceptor.getConnection(SubjectIntercepto
>>> r.java:51)
>>>     at  
>>> org 
>>> .apache 
>>> .geronimo 
>>> .connector 
>>> .outbound.ConnectionHandleInterceptor.getConnection(Connecti
>>> onHandleInterceptor.java:43)
>>>     at  
>>> org 
>>> .apache 
>>> .geronimo 
>>> .connector 
>>> .outbound.TCCLInterceptor.getConnection(TCCLInterceptor.java
>>> :39)
>>>     at  
>>> org 
>>> .apache 
>>> .geronimo 
>>> .connector 
>>> .outbound.ConnectionTrackingInterceptor.getConnection(Connec
>>> tionTrackingInterceptor.java:66)
>>>     at  
>>> org 
>>> .apache 
>>> .geronimo 
>>> .connector 
>>> .outbound.AbstractConnectionManager.allocateConnection(Abstr
>>> actConnectionManager.java:87)
>>>     at  
>>> org 
>>> .apache 
>>> .jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java: 
>>> 98)
>>>
>>> So how to configure Geronimo to provide subject to connector?
>>>
>>> rgds,
>>>
>>> Markku
>>
>


Mime
View raw message