Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 10792 invoked from network); 10 Nov 2008 17:29:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 10 Nov 2008 17:29:44 -0000 Received: (qmail 9615 invoked by uid 500); 10 Nov 2008 17:29:45 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 9594 invoked by uid 500); 10 Nov 2008 17:29:45 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 9583 invoked by uid 99); 10 Nov 2008 17:29:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Nov 2008 09:29:45 -0800 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [62.142.5.111] (HELO emh05.mail.saunalahti.fi) (62.142.5.111) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 10 Nov 2008 17:28:25 +0000 Received: from saunalahti-vams (vs3-12.mail.saunalahti.fi [62.142.5.96]) by emh05-2.mail.saunalahti.fi (Postfix) with SMTP id 38E318C0B5 for ; Mon, 10 Nov 2008 19:28:25 +0200 (EET) Received: from emh01.mail.saunalahti.fi ([62.142.5.107]) by vs3-12.mail.saunalahti.fi ([62.142.5.96]) with SMTP (gateway) id A00539166E6; Mon, 10 Nov 2008 19:28:25 +0200 Received: from [192.168.1.102] (a91-156-135-125.elisa-laajakaista.fi [91.156.135.125]) by emh01.mail.saunalahti.fi (Postfix) with ESMTP id 073684BB49 for ; Mon, 10 Nov 2008 19:28:24 +0200 (EET) Message-ID: <49186F38.2080900@iki.fi> Date: Mon, 10 Nov 2008 19:28:24 +0200 From: Markku Saarela User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: user@geronimo.apache.org Subject: [RESOLVED]Re: Geronimo not found at login subject for Jackrabbit JCA. References: <49153D13.7010300@iki.fi> <19EB6075-208F-4523-893D-7C79592707A7@yahoo.com> <4915698C.2000301@iki.fi> <45C82956-FAD6-40DC-A9BE-E7B6C41A2C28@yahoo.com> In-Reply-To: <45C82956-FAD6-40DC-A9BE-E7B6C41A2C28@yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: VAMS X-Virus-Checked: Checked by ClamAV on apache.org After removing from geronimo-ra.xml and res-auth element from jackrabbit resource-ref in web.xml it works. jackrabbit in my case is running in-vm so i remove any pooling. Thanks to all for help. - markku ps. still my ultimate goal is to go for container managed security, so i look for code to realize that. David Jencks wrote: > > On Nov 8, 2008, at 2:27 AM, Markku Saarela wrote: > >> Here is configuration documentation: >> http://jackrabbit.apache.org/jackrabbit-configuration.html#JackrabbitConfiguration-Securityconfiguration >> >> >> After read this documentation i thought that i do not need to use >> jaas, but now i realize that there is jaas available and in >> geronimo-ra.xml i found element so i'm >> actually using container managed security. >> >> So how to configure that (geronimo documentation is little bit >> confusing)? > > I looked around the somewhat confusingly organized jackrabbit svn > (j2ca stuff seems to be present only in branches???) and found > http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca which > seems like it might bear some resemblance to the code you are using. > This code does not support container managed security at all. Unless > you want to add this capability to jackrabbit you need to stop > configuring container managed security in your geronimo plan. > > If you do want to add this capability to jackrabbit, the place to > start is in > http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca/src/main/java/org/apache/jackrabbit/jca/JCAManagedConnectionFactory.java?annotate=703899 > > > 162 : public ManagedConnection > createManagedConnection(Subject subject, ConnectionRequestInfo cri) > 163 : throws ResourceException { > 164 : dpfister 510465 > 165 : if (cri == null) { > 166 : return new AnonymousConnection(); > 167 : } > 168 : dpfister 230772 return > createManagedConnection((JCAConnectionRequestInfo) cri); > 169 : } > > > and > > 182 : public ManagedConnection > matchManagedConnections(Set set, Subject subject, > ConnectionRequestInfo cri) > 183 : throws ResourceException { > 184 : for (Iterator i = set.iterator(); i.hasNext();) { > 185 : Object next = i.next(); > 186 : > 187 : if (next instanceof JCAManagedConnection) { > 188 : JCAManagedConnection mc = (JCAManagedConnection) > next; > 189 : if (equals(mc.getManagedConnectionFactory())) { > 190 : JCAConnectionRequestInfo otherCri = > mc.getConnectionRequestInfo(); > 191 : if (equals(cri, otherCri)) { > 192 : return mc; > 193 : } > 194 : } > 195 : } > 196 : } > 197 : > 198 : return null; > 199 : } > > > where the Subject supplied from container managed security is ignored. > > Out of curiousity, does jackrabbit run in-vm or are connections to a > remote server? If in-vm it might be better to run with pooling turned > off as it is likely that creating a new managed connection is lighter > weight than the synchronization involved in pooling existing connections. > > thanks > david jencks > > > >> >> >> - markku >> >> David Jencks wrote: >>> Could you point to some documentation on the JCARepositoryHandle >>> and the ra.xml for this connector? >>> >>> For container managed security you need to use something like the >>> plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java >>> which you can deploy in a JAAS configuration using the >>> PasswordCredentialLoginModuleWrapperGBean.java >>> >>> Since you are trying to supply the credentials in what appears to be >>> a "get connection" call I wonder if you actually want container >>> managed security? >>> >>> thanks >>> david jencks >>> >>> >>> On Nov 7, 2008, at 11:17 PM, Markku Saarela wrote: >>> >>>> Hi, >>>> >>>> Jackrabbit 1.4 (1.4.1 core) JCA deployed to Geronimo 2.1.1. Web >>>> application or ejb session bean failed with repository login. >>>> InitialContext lookup find Repository but calling repository.login( >>>> new SimpleCredentials( "system", "manager".toCharArray() ) ); >>>> method results exception: >>>> >>>> Caused by: javax.resource.ResourceException: No subject for >>>> container managed security >>>> at >>>> org.apache.geronimo.connector.outbound.SubjectInterceptor.getConnection(SubjectIntercepto >>>> >>>> r.java:51) >>>> at >>>> org.apache.geronimo.connector.outbound.ConnectionHandleInterceptor.getConnection(Connecti >>>> >>>> onHandleInterceptor.java:43) >>>> at >>>> org.apache.geronimo.connector.outbound.TCCLInterceptor.getConnection(TCCLInterceptor.java >>>> >>>> :39) >>>> at >>>> org.apache.geronimo.connector.outbound.ConnectionTrackingInterceptor.getConnection(Connec >>>> >>>> tionTrackingInterceptor.java:66) >>>> at >>>> org.apache.geronimo.connector.outbound.AbstractConnectionManager.allocateConnection(Abstr >>>> >>>> actConnectionManager.java:87) >>>> at >>>> org.apache.jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java:98) >>>> >>>> >>>> So how to configure Geronimo to provide subject to connector? >>>> >>>> rgds, >>>> >>>> Markku >>> >> >