geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quintin Beukes <quin...@skywalk.co.za>
Subject Re: Replacing the server-security-config plugin
Date Fri, 11 Sep 2009 20:16:33 GMT
No. This isn't working right. I don't know what I'm doing wrong.

I take the exported plugin. Extract it to directory "x".

Then I change only the groupId everywhere in the plugin frmo
"org.apache.geronimo.framework" to "test" and version from
"2.2-SNAPSHOT" to "2.2". Then I jar it again.

Then I start geronimo and deploy this with deploy.sh install-plugin.
Successfully installed: test/server-security-config/2.2/car

I stop the server, and then edit artifact_aliases.properties and change:
org.apache.geronimo.framework/server-security-config//car=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car
test/server-security-config//car=test/server-security-config/2.2/car

TO
org.apache.geronimo.framework/server-security-config//car=test/server-security-config/2.2/car
org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car=test/server-security-config/2.2/car
test/server-security-config//car=test/server-security-config/2.2/car

And config.xml from:
    <module name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car"/>
    <module name="test/server-security-config/2.2/car"/>

TO:
    <module name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car"
load="false"/>
    <module name="test/server-security-config/2.2/car"/>

Then I try and start the server, and all I get is this, ie. it starts
and right after loading my plugin stops the server without an error.
2009-09-11 22:14:37,642 INFO  [Log4jService]
----------------------------------------------
2009-09-11 22:14:37,643 INFO  [Log4jService] Started Logging Service
2009-09-11 22:14:37,643 INFO  [Log4jService] Runtime Information:
2009-09-11 22:14:37,644 INFO  [Log4jService]   Install Directory =
/opt/testkms/server/geronimo-2.2-20090908
2009-09-11 22:14:37,645 INFO  [JvmVendor] Sun JVM 1.5.0_17
2009-09-11 22:14:37,645 INFO  [Log4jService]   JVM in use        = Sun
JVM 1.5.0_17
2009-09-11 22:14:37,645 INFO  [Log4jService] Java Information:
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[java.runtime.name]     = Java(TM) 2 Runtime Environment, Standard
Edition
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[java.runtime.version]  = 1.5.0_17-b04
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[os.name]               = Linux
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[os.version]            = 2.6.24-24-generic
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[sun.os.patch.level]    = unknown
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[os.arch]               = i386
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[java.class.version]    = 49.0
2009-09-11 22:14:37,645 INFO  [Log4jService]   System property
[locale]                = en_ZA
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[unicode.encoding]      = UnicodeLittle
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[file.encoding]         = UTF-8
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.vm.name]          = Java HotSpot(TM) Client VM
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.vm.vendor]        = Sun Microsystems Inc.
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.vm.version]       = 1.5.0_17-b04
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.vm.info]          = mixed mode
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.home]             = /opt/kms/java/sun-jdk1.5.0_17/jre
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.classpath]        = null
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.library.path]     =
/opt/kms/java/sun-jdk1.5.0_17/jre/lib/i386/client:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/i386:/opt/kms/java/sun-jdk1.5.0_17/jre/../lib/i386
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.endorsed.dirs]    =
/opt/testkms/server/geronimo-2.2-20090908/lib/endorsed:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/endorsed
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[java.ext.dirs]         =
/opt/testkms/server/geronimo-2.2-20090908/lib/ext:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/ext
2009-09-11 22:14:37,646 INFO  [Log4jService]   System property
[sun.boot.class.path]   =
/opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-spec-corba-1.0.jar:/opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-rmi-spec-1.0.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/rt.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/i18n.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/sunrsasign.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/jsse.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/jce.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/charsets.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/classes
2009-09-11 22:14:37,646 INFO  [Log4jService]
----------------------------------------------
2009-09-11 22:14:39,041 INFO  [KernelContextGBean] bound gbean
org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaCompContext
at name java:comp
2009-09-11 22:14:39,043 INFO  [KernelContextGBean] bound gbean
org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaContext
at name java:
2009-09-11 22:14:39,043 INFO  [KernelContextGBean] bound gbean
org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=GeronimoContext
at name ger:
2009-09-11 22:14:40,086 INFO  [SystemProperties] Setting
Property=javax.xml.soap.MetaFactory to
Value=org.apache.geronimo.webservices.saaj.GeronimoMetaFactory
2009-09-11 22:14:40,086 INFO  [SystemProperties] Setting
Property=javax.xml.soap.MessageFactory to
Value=org.apache.geronimo.webservices.saaj.GeronimoMessageFactory
2009-09-11 22:14:40,086 INFO  [SystemProperties] Setting
Property=java.net.preferIPv4Stack to Value=true
2009-09-11 22:14:40,086 INFO  [SystemProperties] Setting
Property=javax.xml.soap.SOAPConnectionFactory to
Value=org.apache.geronimo.webservices.saaj.GeronimoSOAPConnectionFactory
2009-09-11 22:14:40,087 INFO  [SystemProperties] Setting
Property=javax.xml.soap.SOAPFactory to
Value=org.apache.geronimo.webservices.saaj.GeronimoSOAPFactory
2009-09-11 22:14:40,087 INFO  [SystemProperties] Setting
Property=java.security.Provider to Value=SUN
2009-09-11 22:14:40,261 INFO  [KernelContextGBean] unbound gbean
org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaContext
at name java:
2009-09-11 22:14:40,264 INFO  [KernelContextGBean] unbound gbean
org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=GeronimoContext
at name ger:
2009-09-11 22:14:40,264 INFO  [KernelContextGBean] unbound gbean
org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaCompContext
at name java:comp
2009-09-11 22:14:40,265 INFO  [Log4jService] Stopping Logging Service
2009-09-11 22:14:40,265 INFO  [Log4jService]
----------------------------------------------

Q
On Fri, Sep 11, 2009 at 9:31 PM, Quintin Beukes <quintin@skywalk.co.za> wrote:
> do i need to delete config.ser?
>
> Q
>
> On Fri, Sep 11, 2009 at 9:16 PM, Joe Dente <jdente@21technologies.com> wrote:
>> That's how I got started. I have a project that includes a custom login module as
well as a customized geronimo-plugin.xml that originally was an exported version of the server-security-config
plugin. My plugin project creates a simple jar with the geronimo-plugin.xml in my jar's 'META-INF'
folder. I then deploy this jar into Geronimo with the geronimo-plugin.xml being my jar's deployment
plan. You can also try and build a car using the maven car plugin, although I haven't played
around with this yet. I found this wiki article to be helpful: http://cwiki.apache.org/confluence/display/GMOxDOC22/Administering+plugins
>>
>> Joe
>>
>> ---------------------
>> Sorry, I've never created a plugin. To create a new
>> server-security-config plugin, do you mean I should copy
>> server-security-config using the console's plugin export and modify
>> it?
>>
>> Q
>>
>> On Fri, Sep 11, 2009 at 8:47 PM, Joe Dente <jdente@21technologies.com> wrote:
>>> To reproduce it create your own server-security-config plugin that uses any login
module other than the properties-login gbean that is expected. You then need to deploy your
new server-security-config plugin and have it completely replace the default server-security-config
(see http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration).
I achieved this by telling the server-security-config car to not load in the config.xml, telling
my security plugin to load in the config.xml, and then adding artifact aliases for both the
2.1.4 and wildcard-versioned lines referring to the server-security-config plugin in the artifact_aliases.properties
file.
>>>
>>> In artifact_alases.properties:
>>>        org.apache.geronimo.framework/server-security-config//car=com.my.geronimo/my-security-config/1.0/car
>>>        org.apache.geronimo.framework/server-security-config/2.1.4/car=org
com.my.geronimo/my-security-config/1.0/car
>>>
>>> In config.xml:
>>>        <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"
load="false"/>
>>>        <module name="com.my.geronimo/my-security-config/1.0/car"/>
>>>
>>> Now try and startup Geronimo. You will see the error discussing the missing expected
gbean.
>>> Hope this helps,
>>> Joe
>>>
>>>
>>>
>>> -------------
>>> Errr. Ouch. *rubbing the brused area in his brain*.
>>>
>>> I'm not that on with everything you said. I think the best thing would
>>> be to reproduce it. What would I do to reproduce it?
>>>
>>> Q
>>>
>>> On Fri, Sep 11, 2009 at 6:42 PM, David Jencks <david_jencks@yahoo.com>
wrote:
>>>>
>>>> On Sep 11, 2009, at 5:49 AM, Quintin Beukes wrote:
>>>>
>>>>> I'll be willing to have a look at it.
>>>>>
>>>>> can you give me a general idea what I'm supposed to look at and how it
>>>>> would be done?
>>>>
>>>> IIRC the failure is caused by an unsatisfied single valued gbean reference
>>>> to the properties login module gbean from something in the admin console.
>>>>  You need to find the gbean reference and change it to a collection valued
>>>> reference so it's no longer a mandatory reference.  You can wrap a
>>>> collection valued reference with SingleElementCollection to make it act like
>>>> an optional single valued reference.
>>>>
>>>> hope this is clear enough to help..
>>>> david jencks
>>>>
>>>>>
>>>>> Q
>>>>>
>>>>> On Fri, Sep 11, 2009 at 12:07 AM, David Jencks <david_jencks@yahoo.com>
>>>>> wrote:
>>>>>>
>>>>>> Hi Joe!
>>>>>> On Sep 10, 2009, at 2:18 PM, Joe Dente wrote:
>>>>>>
>>>>>> Hi,
>>>>>> I've been working on replacing Geronimo 2.1.4's server-security-config
>>>>>> plugin's example security with our own security plugin. We need single
>>>>>> sign
>>>>>> on for our application which also means the same sign on process
has to
>>>>>> work
>>>>>> with the Geronimo admin console. We need to be able to use custom
realms
>>>>>> and
>>>>>> custom login modules in our server-security-config plugin replacement
>>>>>> that
>>>>>> may change depending on the environment we deploy to. I've run into
two
>>>>>> limitations so far that I've found documented online. One is that
unless
>>>>>> I
>>>>>> want to re-deploy other plugins that use the 'geronimo-admin' security
>>>>>> realm, than our custom security realm must be named 'geronimo-admin'
as
>>>>>> well. The other is that I ran
>>>>>> intohttp://issues.apache.org/jira/browse/GERONIMO-4603, forcing me
to
>>>>>> creating a dummy properties-login gbean in order for the tomcat
>>>>>> components
>>>>>> to start up.
>>>>>>
>>>>>> In my experience this is incredibly annoying.  I don't have time
but
>>>>>> wonder
>>>>>> if anyone else can see about fixing this for 2.2.
>>>>>>
>>>>>>  I've created alias' for my plugin over the server-security-config
plugin
>>>>>> in
>>>>>> 'artifact-aliases.properties' file and I've also disabled the
>>>>>> server-security-config plugin and added my plugin as a loaded module
in
>>>>>> the
>>>>>> 'config.xml'. Unfortunately, I still cannot log into the Geronimo
console
>>>>>> using my custom security realm and login module. Geronimo has no
problem
>>>>>> starting with the current configuration and I can even login using
my
>>>>>> custom
>>>>>> login module. Everything seems happy as far as the login process
is
>>>>>> concerned when I step through the code, but instead of seeing the
>>>>>> Geronimo
>>>>>> console I get a tomcat error page stating 'Access to the specified
>>>>>> resource
>>>>>> () has been forbidden'.  The logs are completely clean as well as
the
>>>>>> console output. My only idea is that my admin users also need to
be
>>>>>> members
>>>>>> of a specifically named Geronimo admin group (make my admin groups
name
>>>>>> exactly match the one setup in the default security plugin)? I have
not
>>>>>> tested this hypothesis out yet, because I have my own admin group
that is
>>>>>> used by our application that I would like to re-use as the Geronimo
>>>>>> console's admin group. Any other thoughts?
>>>>>>
>>>>>> In 2.1.x you are stuck with the principal-role mapping in the ee
>>>>>> application, although in 2.2 you can put it into a different plugin
if
>>>>>> you
>>>>>> want and I think then swap it via an artifact-alias with one in a
>>>>>> different
>>>>>> plugin.
>>>>>> So, that means that you need to supply the principals the principal-role
>>>>>> mapping expects:
>>>>>>    <security xmlns="http://geronimo.apache.org/xml/ns/security-1.2">
>>>>>>        <role-mappings>
>>>>>>            <role role-name="admin">
>>>>>>                <principal
>>>>>>
>>>>>> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>>>>>> name="admin" />
>>>>>>            </role>
>>>>>>        </role-mappings>
>>>>>>    </security>
>>>>>>
>>>>>> So, your login module needs to supply a principal of
>>>>>> class GeronimoGroupPrincipal and name "admin".
>>>>>> Let us know if this doesn't work.
>>>>>> thanks
>>>>>> david jencks
>>>>>>
>>>>>> Thanks,
>>>>>> Joe
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Quintin Beukes
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Quintin Beukes
>>>
>>
>>
>>
>> --
>> Quintin Beukes
>>
>
>
>
> --
> Quintin Beukes
>



-- 
Quintin Beukes

Mime
View raw message