geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markku Saarela <markku.saar...@iki.fi>
Subject [RESOLVED]Re: Geronimo not found at login subject for Jackrabbit JCA.
Date Mon, 10 Nov 2008 17:28:24 GMT
After removing <container-managed-security />  from geronimo-ra.xml and 
res-auth element from jackrabbit resource-ref in web.xml it works.

jackrabbit in my case is running in-vm so i remove any pooling.

Thanks to all for help.

- markku

ps. still my ultimate goal is to go for container managed security, so i 
look for code to realize that.

David Jencks wrote:
>
> On Nov 8, 2008, at 2:27 AM, Markku Saarela wrote:
>
>> Here is configuration documentation:
>> http://jackrabbit.apache.org/jackrabbit-configuration.html#JackrabbitConfiguration-Securityconfiguration

>>
>>
>> After read this documentation i thought that i do not need to use 
>> jaas, but now i realize that there is jaas available and in 
>> geronimo-ra.xml i found element <container-managed-security /> so i'm 
>> actually using container managed security.
>>
>> So how to configure that (geronimo documentation is little bit 
>> confusing)?
>
> I looked around the somewhat confusingly organized jackrabbit svn 
> (j2ca stuff seems to be present only in branches???) and found 
> http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca which 
> seems like it might bear some resemblance to the code you are using.  
> This code does not support container managed security at all.  Unless 
> you want to add this capability to jackrabbit you need to stop 
> configuring container managed security in your geronimo plan.
>
> If you do want to add this capability to jackrabbit, the place to 
> start is in 
> http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca/src/main/java/org/apache/jackrabbit/jca/JCAManagedConnectionFactory.java?annotate=703899

>
>
> 162 :                  public ManagedConnection 
> createManagedConnection(Subject subject, ConnectionRequestInfo cri)
> 163 :                 throws ResourceException {
> 164 :     dpfister     510465    
> 165 :                 if (cri == null) {
> 166 :                 return new AnonymousConnection();
> 167 :                 }
> 168 :     dpfister     230772     return 
> createManagedConnection((JCAConnectionRequestInfo) cri);
> 169 :                 }
>
>
> and
>
> 182 :                  public ManagedConnection 
> matchManagedConnections(Set set, Subject subject, 
> ConnectionRequestInfo cri)
> 183 :                 throws ResourceException {
> 184 :                 for (Iterator i = set.iterator(); i.hasNext();) {
> 185 :                 Object next = i.next();
> 186 :                
> 187 :                 if (next instanceof JCAManagedConnection) {
> 188 :                 JCAManagedConnection mc = (JCAManagedConnection) 
> next;
> 189 :                 if (equals(mc.getManagedConnectionFactory())) {
> 190 :                 JCAConnectionRequestInfo otherCri = 
> mc.getConnectionRequestInfo();
> 191 :                 if (equals(cri, otherCri)) {
> 192 :                 return mc;
> 193 :                 }
> 194 :                 }
> 195 :                 }
> 196 :                 }
> 197 :                
> 198 :                 return null;
> 199 :                 }
>
>
> where the Subject supplied from container managed security is ignored.
>
> Out of curiousity, does jackrabbit run in-vm or are connections to a 
> remote server?  If in-vm it might be better to run with pooling turned 
> off as it is likely that creating a new managed connection is lighter 
> weight than the synchronization involved in pooling existing connections.
>
> thanks
> david jencks
>
>
>
>>
>>
>> - markku
>>
>> David Jencks wrote:
>>> Could you point to some documentation on the JCARepositoryHandle  
>>> and the ra.xml for this connector?
>>>
>>> For container managed security you need to use something like the 
>>> plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java

>>> which you can deploy in a JAAS configuration using the 
>>> PasswordCredentialLoginModuleWrapperGBean.java
>>>
>>> Since you are trying to supply the credentials in what appears to be 
>>> a "get connection" call I wonder if you actually want container 
>>> managed security?
>>>
>>> thanks
>>> david jencks
>>>
>>>
>>> On Nov 7, 2008, at 11:17 PM, Markku Saarela wrote:
>>>
>>>> Hi,
>>>>
>>>> Jackrabbit 1.4 (1.4.1 core)  JCA deployed to Geronimo 2.1.1. Web 
>>>> application or ejb session bean  failed with repository login. 
>>>> InitialContext lookup find Repository but calling repository.login( 
>>>> new SimpleCredentials( "system", "manager".toCharArray() ) ); 
>>>> method results exception:
>>>>
>>>> Caused by: javax.resource.ResourceException: No subject for 
>>>> container managed security
>>>>     at 
>>>> org.apache.geronimo.connector.outbound.SubjectInterceptor.getConnection(SubjectIntercepto

>>>>
>>>> r.java:51)
>>>>     at 
>>>> org.apache.geronimo.connector.outbound.ConnectionHandleInterceptor.getConnection(Connecti

>>>>
>>>> onHandleInterceptor.java:43)
>>>>     at 
>>>> org.apache.geronimo.connector.outbound.TCCLInterceptor.getConnection(TCCLInterceptor.java

>>>>
>>>> :39)
>>>>     at 
>>>> org.apache.geronimo.connector.outbound.ConnectionTrackingInterceptor.getConnection(Connec

>>>>
>>>> tionTrackingInterceptor.java:66)
>>>>     at 
>>>> org.apache.geronimo.connector.outbound.AbstractConnectionManager.allocateConnection(Abstr

>>>>
>>>> actConnectionManager.java:87)
>>>>     at 
>>>> org.apache.jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java:98)

>>>>
>>>>
>>>> So how to configure Geronimo to provide subject to connector?
>>>>
>>>> rgds,
>>>>
>>>> Markku
>>>
>>
>


Mime
View raw message