Return-Path: 
 <user-return-13926-apmail-geronimo-user-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-user-archive@www.apache.org
Received: (qmail 47403 invoked from network); 11 Sep 2009 22:17:26 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 11 Sep 2009 22:17:26 -0000
Received: (qmail 95630 invoked by uid 500); 11 Sep 2009 22:17:25 -0000
Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org
Received: (qmail 95578 invoked by uid 500); 11 Sep 2009 22:17:25 -0000
Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:user-help@geronimo.apache.org>
list-unsubscribe: <mailto:user-unsubscribe@geronimo.apache.org>
List-Post: <mailto:user@geronimo.apache.org>
Reply-To: user@geronimo.apache.org
List-Id: <user.geronimo.apache.org>
Delivered-To: mailing list user@geronimo.apache.org
Received: (qmail 95570 invoked by uid 99); 11 Sep 2009 22:17:25 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Sep 2009 22:17:25 +0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [209.85.210.179] (HELO mail-yx0-f179.google.com)
 (209.85.210.179)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 11 Sep 2009 22:17:15 +0000
Received: by yxe9 with SMTP id 9so2005927yxe.26
        for <user@geronimo.apache.org>; Fri, 11 Sep 2009 15:16:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.101.5.22 with SMTP id h22mr3808090ani.186.1252707413055; Fri,
	11 Sep 2009 15:16:53 -0700 (PDT)
In-Reply-To: 
 <54D41E91F26CF6488C7088C89D9160F8015ED823@21ctexg01.21technologies.com>
References: 
 <54D41E91F26CF6488C7088C89D9160F8015ED64A@21ctexg01.21technologies.com>
	 <DDADA4AC-F366-4823-A5B3-89D03BBC6FD9@yahoo.com>
	 <1f3854d50909111045l19ebc385j1af4747b149c7cbe@mail.gmail.com>
	 <54D41E91F26CF6488C7088C89D9160F8015ED7AE@21ctexg01.21technologies.com>
	 <1f3854d50909111204m4fdcb053gfcd43c7097b3057b@mail.gmail.com>
	 <54D41E91F26CF6488C7088C89D9160F8015ED7CF@21ctexg01.21technologies.com>
	 <1f3854d50909111231y385b9cd9med01d2f9dada87ce@mail.gmail.com>
	 <1f3854d50909111316q332fd21bg4fea956b6948982c@mail.gmail.com>
	 <1f3854d50909111339y3f3736cel376adb220e5fc85b@mail.gmail.com>
	 <54D41E91F26CF6488C7088C89D9160F8015ED823@21ctexg01.21technologies.com>
Date: Sat, 12 Sep 2009 00:16:52 +0200
Message-ID: <1f3854d50909111516y1e0edb9ey74f54f3cb3cf4f8c@mail.gmail.com>
Subject: Re: Replacing the server-security-config plugin
From: Quintin Beukes <quintin@skywalk.co.za>
To: user@geronimo.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

OK. So I found the reference. It's like so:
      <gbean name=3D"PropertiesLoginManager"
class=3D"org.apache.geronimo.console.core.security.PropertiesLoginModuleMan=
ager">
        <reference name=3D"ServerInfo">
          <name>ServerInfo</name>
        </reference>
        <reference name=3D"LoginModule">
          <name>properties-login</name>
        </reference>
      </gbean>

And it's in console-tomcat's plan.

1. How would I make it multivalued and wrap it in SingleElementCollection?

2. How would I redeploy it?

Q

On Fri, Sep 11, 2009 at 11:15 PM, Joe Dente <jdente@21technologies.com> wro=
te:
> I'm going to be busy for the rest of the day, but here's the deployment p=
lan I use in my replacement server-security-config plugin:
>
> <?xml version=3D"1.0" encoding=3D"UTF-8"?>
> <module xmlns=3D"http://geronimo.apache.org/xml/ns/deployment-1.2">
> =A0<environment>
> =A0 =A0<moduleId>
> =A0 =A0 =A0<groupId>com.mycode.geronimo</groupId>
> =A0 =A0 =A0<artifactId>delegating-login-module</artifactId>
> =A0 =A0 =A0<version>1.0</version>
> =A0 =A0 =A0<type>car</type>
> =A0 =A0</moduleId>
> =A0 =A0<dependencies>
> =A0 =A0 =A0<dependency>
> =A0 =A0 =A0 =A0<groupId>org.apache.geronimo.framework</groupId>
> =A0 =A0 =A0 =A0<artifactId>j2ee-security</artifactId>
> =A0 =A0 =A0 =A0<version>2.1.4</version>
> =A0 =A0 =A0 =A0<type>car</type>
> =A0 =A0 =A0</dependency>
> =A0 =A0</dependencies>
> =A0 =A0<hidden-classes/>
> =A0 =A0<non-overridable-classes/>
> =A0</environment>
>
> =A0<gbean name=3D"CredentialStore" class=3D"org.apache.geronimo.security.=
credentialstore.SimpleCredentialStoreImpl"/>
>
> =A0<!-- Default Security Realm Using Delegate Login Module -->
> =A0<gbean name=3D"admin-login" class=3D"org.apache.geronimo.security.jaas=
.LoginModuleGBean">
> =A0 =A0<attribute name=3D"loginModuleClass">com.mycode.geronimo.authoriza=
tion.login.DelegatingLoginModule</attribute>
> =A0 =A0<attribute name=3D"options">delegateRealm=3Ddelegate-realm
> =A0 =A0 =A0 =A0groupName=3Ddelegate-admin</attribute>
> =A0 =A0<attribute name=3D"loginDomainName">geronimo-admin</attribute>
> =A0</gbean>
> =A0<gbean name=3D"geronimo-admin" class=3D"org.apache.geronimo.security.r=
ealm.GenericSecurityRealm">
> =A0 =A0<attribute name=3D"realmName">geronimo-admin</attribute>
> =A0 =A0<reference name=3D"LoginModuleConfiguration">
> =A0 =A0 =A0<name>admin-login</name>
> =A0 =A0</reference>
> =A0 =A0<reference name=3D"ServerInfo">
> =A0 =A0 =A0<name>ServerInfo</name>
> =A0 =A0</reference>
> =A0</gbean>
> =A0<gbean name=3D"admin-login" class=3D"org.apache.geronimo.security.jaas=
.JaasLoginModuleUse">
> =A0 =A0<attribute name=3D"controlFlag">REQUIRED</attribute>
> =A0 =A0<reference name=3D"LoginModule">
> =A0 =A0 =A0<name>admin-login</name>
> =A0 =A0</reference>
> =A0</gbean>
>
> =A0<!--
> =A0<gbean name=3D"properties-login" class=3D"org.apache.geronimo.security=
.jaas.LoginModuleGBean">
> =A0 =A0<attribute name=3D"loginModuleClass">org.apache.geronimo.security.=
realm.providers.PropertiesFileLoginModule</attribute>
> =A0 =A0<attribute name=3D"options">usersURI=3Dvar/security/users.properti=
es
> =A0 =A0 =A0 =A0 =A0 =A0groupsURI=3Dvar/security/groups.properties</attrib=
ute>
> =A0 =A0<attribute name=3D"loginDomainName">geronimo-admin</attribute>
> =A0</gbean>
> =A0-->
>
> =A0<gbean name=3D"geronimo-default" class=3D"org.apache.geronimo.security=
.keystore.FileKeystoreInstance">
> =A0 =A0<attribute name=3D"keystoreName">geronimo-default</attribute>
> =A0 =A0<attribute name=3D"keystorePath">var/security/keystores/geronimo-d=
efault</attribute>
> =A0 =A0<attribute name=3D"keystorePassword">secret</attribute>
> =A0 =A0<attribute name=3D"keystoreType">JKS</attribute>
> =A0 =A0<attribute name=3D"keyPasswords">geronimo=3Dsecret</attribute>
> =A0 =A0<reference name=3D"ServerInfo">
> =A0 =A0 =A0<name>ServerInfo</name>
> =A0 =A0</reference>
> =A0</gbean>
> </module>
>
> You can see the configuration for my custom login module. The important p=
iece for this problem is the "properties-login" gbean that I have commented=
 out. Without this GBean, Geronimo is unable to startup due to the bug orig=
inally discussed in this thread (GERONIMO-4603). If you enable this GBean, =
then Geronimo can startup correctly (granted everything else is configured =
appropriately). Because of the hardwired issue discussed in issue 4603, I h=
ave to put the dummy "properties-login" gbean in place even though I'm not =
using a "properties-login" gbean in my configuration.
>
> Joe
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> I also tried creating a realm through the console, then exporting it
> as a plugin, undeploying the original, deploying as a plugin and
> restarting the server after doing the config.xml changes.
>
> Doesn't work either. Complains about:
> org.omg.CORBA.COMM_FAILURE: socket() failed: Unable to create server
> SSL socket factory: Keystore 'geronimo-default' is locked; please use
> the keystore page in the admin console to unlock it: =A0vmcid: Apache
> minor code: 0x5 =A0completed: No
>
> Q
>
> On Fri, Sep 11, 2009 at 10:16 PM, Quintin Beukes <quintin@skywalk.co.za> =
wrote:
>> No. This isn't working right. I don't know what I'm doing wrong.
>>
>> I take the exported plugin. Extract it to directory "x".
>>
>> Then I change only the groupId everywhere in the plugin frmo
>> "org.apache.geronimo.framework" to "test" and version from
>> "2.2-SNAPSHOT" to "2.2". Then I jar it again.
>>
>> Then I start geronimo and deploy this with deploy.sh install-plugin.
>> Successfully installed: test/server-security-config/2.2/car
>>
>> I stop the server, and then edit artifact_aliases.properties and change:
>> org.apache.geronimo.framework/server-security-config//car=3Dorg.apache.g=
eronimo.framework/server-security-config/2.2-SNAPSHOT/car
>> test/server-security-config//car=3Dtest/server-security-config/2.2/car
>>
>> TO
>> org.apache.geronimo.framework/server-security-config//car=3Dtest/server-=
security-config/2.2/car
>> org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car=3D=
test/server-security-config/2.2/car
>> test/server-security-config//car=3Dtest/server-security-config/2.2/car
>>
>> And config.xml from:
>> =A0 =A0<module name=3D"org.apache.geronimo.framework/server-security-con=
fig/2.2-SNAPSHOT/car"/>
>> =A0 =A0<module name=3D"test/server-security-config/2.2/car"/>
>>
>> TO:
>> =A0 =A0<module name=3D"org.apache.geronimo.framework/server-security-con=
fig/2.2-SNAPSHOT/car"
>> load=3D"false"/>
>> =A0 =A0<module name=3D"test/server-security-config/2.2/car"/>
>>
>> Then I try and start the server, and all I get is this, ie. it starts
>> and right after loading my plugin stops the server without an error.
>> 2009-09-11 22:14:37,642 INFO =A0[Log4jService]
>> ----------------------------------------------
>> 2009-09-11 22:14:37,643 INFO =A0[Log4jService] Started Logging Service
>> 2009-09-11 22:14:37,643 INFO =A0[Log4jService] Runtime Information:
>> 2009-09-11 22:14:37,644 INFO =A0[Log4jService] =A0 Install Directory =3D
>> /opt/testkms/server/geronimo-2.2-20090908
>> 2009-09-11 22:14:37,645 INFO =A0[JvmVendor] Sun JVM 1.5.0_17
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 JVM in use =A0 =A0 =
=A0 =A0=3D Sun
>> JVM 1.5.0_17
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] Java Information:
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [java.runtime.name] =A0 =A0 =3D Java(TM) 2 Runtime Environment, Standard
>> Edition
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [java.runtime.version] =A0=3D 1.5.0_17-b04
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [os.name] =A0 =A0 =A0 =A0 =A0 =A0 =A0 =3D Linux
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [os.version] =A0 =A0 =A0 =A0 =A0 =A0=3D 2.6.24-24-generic
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [sun.os.patch.level] =A0 =A0=3D unknown
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [os.arch] =A0 =A0 =A0 =A0 =A0 =A0 =A0 =3D i386
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [java.class.version] =A0 =A0=3D 49.0
>> 2009-09-11 22:14:37,645 INFO =A0[Log4jService] =A0 System property
>> [locale] =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=3D en_ZA
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [unicode.encoding] =A0 =A0 =A0=3D UnicodeLittle
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [file.encoding] =A0 =A0 =A0 =A0 =3D UTF-8
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.vm.name] =A0 =A0 =A0 =A0 =A0=3D Java HotSpot(TM) Client VM
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.vm.vendor] =A0 =A0 =A0 =A0=3D Sun Microsystems Inc.
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.vm.version] =A0 =A0 =A0 =3D 1.5.0_17-b04
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.vm.info] =A0 =A0 =A0 =A0 =A0=3D mixed mode
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.home] =A0 =A0 =A0 =A0 =A0 =A0 =3D /opt/kms/java/sun-jdk1.5.0_17/jr=
e
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.classpath] =A0 =A0 =A0 =A0=3D null
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.library.path] =A0 =A0 =3D
>> /opt/kms/java/sun-jdk1.5.0_17/jre/lib/i386/client:/opt/kms/java/sun-jdk1=
.5.0_17/jre/lib/i386:/opt/kms/java/sun-jdk1.5.0_17/jre/../lib/i386
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.endorsed.dirs] =A0 =A0=3D
>> /opt/testkms/server/geronimo-2.2-20090908/lib/endorsed:/opt/kms/java/sun=
-jdk1.5.0_17/jre/lib/endorsed
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [java.ext.dirs] =A0 =A0 =A0 =A0 =3D
>> /opt/testkms/server/geronimo-2.2-20090908/lib/ext:/opt/kms/java/sun-jdk1=
.5.0_17/jre/lib/ext
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService] =A0 System property
>> [sun.boot.class.path] =A0 =3D
>> /opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-spec-corba-1=
.0.jar:/opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-rmi-spec=
-1.0.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/rt.jar:/opt/kms/java/sun-jdk=
1.5.0_17/jre/lib/i18n.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/sunrsasign.=
jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/jsse.jar:/opt/kms/java/sun-jdk1.5=
.0_17/jre/lib/jce.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/charsets.jar:/o=
pt/kms/java/sun-jdk1.5.0_17/jre/classes
>> 2009-09-11 22:14:37,646 INFO =A0[Log4jService]
>> ----------------------------------------------
>> 2009-09-11 22:14:39,041 INFO =A0[KernelContextGBean] bound gbean
>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=
=3Dorg.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=3DCon=
text,name=3DJavaCompContext
>> at name java:comp
>> 2009-09-11 22:14:39,043 INFO =A0[KernelContextGBean] bound gbean
>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=
=3Dorg.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=3DCon=
text,name=3DJavaContext
>> at name java:
>> 2009-09-11 22:14:39,043 INFO =A0[KernelContextGBean] bound gbean
>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=
=3Dorg.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=3DCon=
text,name=3DGeronimoContext
>> at name ger:
>> 2009-09-11 22:14:40,086 INFO =A0[SystemProperties] Setting
>> Property=3Djavax.xml.soap.MetaFactory to
>> Value=3Dorg.apache.geronimo.webservices.saaj.GeronimoMetaFactory
>> 2009-09-11 22:14:40,086 INFO =A0[SystemProperties] Setting
>> Property=3Djavax.xml.soap.MessageFactory to
>> Value=3Dorg.apache.geronimo.webservices.saaj.GeronimoMessageFactory
>> 2009-09-11 22:14:40,086 INFO =A0[SystemProperties] Setting
>> Property=3Djava.net.preferIPv4Stack to Value=3Dtrue
>> 2009-09-11 22:14:40,086 INFO =A0[SystemProperties] Setting
>> Property=3Djavax.xml.soap.SOAPConnectionFactory to
>> Value=3Dorg.apache.geronimo.webservices.saaj.GeronimoSOAPConnectionFacto=
ry
>> 2009-09-11 22:14:40,087 INFO =A0[SystemProperties] Setting
>> Property=3Djavax.xml.soap.SOAPFactory to
>> Value=3Dorg.apache.geronimo.webservices.saaj.GeronimoSOAPFactory
>> 2009-09-11 22:14:40,087 INFO =A0[SystemProperties] Setting
>> Property=3Djava.security.Provider to Value=3DSUN
>> 2009-09-11 22:14:40,261 INFO =A0[KernelContextGBean] unbound gbean
>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=
=3Dorg.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=3DCon=
text,name=3DJavaContext
>> at name java:
>> 2009-09-11 22:14:40,264 INFO =A0[KernelContextGBean] unbound gbean
>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=
=3Dorg.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=3DCon=
text,name=3DGeronimoContext
>> at name ger:
>> 2009-09-11 22:14:40,264 INFO =A0[KernelContextGBean] unbound gbean
>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=
=3Dorg.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=3DCon=
text,name=3DJavaCompContext
>> at name java:comp
>> 2009-09-11 22:14:40,265 INFO =A0[Log4jService] Stopping Logging Service
>> 2009-09-11 22:14:40,265 INFO =A0[Log4jService]
>> ----------------------------------------------
>>
>> Q
>> On Fri, Sep 11, 2009 at 9:31 PM, Quintin Beukes <quintin@skywalk.co.za> =
wrote:
>>> do i need to delete config.ser?
>>>
>>> Q
>>>
>>> On Fri, Sep 11, 2009 at 9:16 PM, Joe Dente <jdente@21technologies.com> =
wrote:
>>>> That's how I got started. I have a project that includes a custom logi=
n module as well as a customized geronimo-plugin.xml that originally was an=
 exported version of the server-security-config plugin. My plugin project c=
reates a simple jar with the geronimo-plugin.xml in my jar's 'META-INF' fol=
der. I then deploy this jar into Geronimo with the geronimo-plugin.xml bein=
g my jar's deployment plan. You can also try and build a car using the mave=
n car plugin, although I haven't played around with this yet. I found this =
wiki article to be helpful: http://cwiki.apache.org/confluence/display/GMOx=
DOC22/Administering+plugins
>>>>
>>>> Joe
>>>>
>>>> ---------------------
>>>> Sorry, I've never created a plugin. To create a new
>>>> server-security-config plugin, do you mean I should copy
>>>> server-security-config using the console's plugin export and modify
>>>> it?
>>>>
>>>> Q
>>>>
>>>> On Fri, Sep 11, 2009 at 8:47 PM, Joe Dente <jdente@21technologies.com>=
 wrote:
>>>>> To reproduce it create your own server-security-config plugin that us=
es any login module other than the properties-login gbean that is expected.=
 You then need to deploy your new server-security-config plugin and have it=
 completely replace the default server-security-config (see http://cwiki.ap=
ache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration=
). I achieved this by telling the server-security-config car to not load in=
 the config.xml, telling my security plugin to load in the config.xml, and =
then adding artifact aliases for both the 2.1.4 and wildcard-versioned line=
s referring to the server-security-config plugin in the artifact_aliases.pr=
operties file.
>>>>>
>>>>> In artifact_alases.properties:
>>>>> =A0 =A0 =A0 =A0org.apache.geronimo.framework/server-security-config//=
car=3Dcom.my.geronimo/my-security-config/1.0/car
>>>>> =A0 =A0 =A0 =A0org.apache.geronimo.framework/server-security-config/2=
.1.4/car=3Dorg com.my.geronimo/my-security-config/1.0/car
>>>>>
>>>>> In config.xml:
>>>>> =A0 =A0 =A0 =A0<module name=3D"org.apache.geronimo.framework/server-s=
ecurity-config/2.1.4/car" load=3D"false"/>
>>>>> =A0 =A0 =A0 =A0<module name=3D"com.my.geronimo/my-security-config/1.0=
/car"/>
>>>>>
>>>>> Now try and startup Geronimo. You will see the error discussing the m=
issing expected gbean.
>>>>> Hope this helps,
>>>>> Joe
>>>>>
>>>>>
>>>>>
>>>>> -------------
>>>>> Errr. Ouch. *rubbing the brused area in his brain*.
>>>>>
>>>>> I'm not that on with everything you said. I think the best thing woul=
d
>>>>> be to reproduce it. What would I do to reproduce it?
>>>>>
>>>>> Q
>>>>>
>>>>> On Fri, Sep 11, 2009 at 6:42 PM, David Jencks <david_jencks@yahoo.com=
> wrote:
>>>>>>
>>>>>> On Sep 11, 2009, at 5:49 AM, Quintin Beukes wrote:
>>>>>>
>>>>>>> I'll be willing to have a look at it.
>>>>>>>
>>>>>>> can you give me a general idea what I'm supposed to look at and how=
 it
>>>>>>> would be done?
>>>>>>
>>>>>> IIRC the failure is caused by an unsatisfied single valued gbean ref=
erence
>>>>>> to the properties login module gbean from something in the admin con=
sole.
>>>>>> =A0You need to find the gbean reference and change it to a collectio=
n valued
>>>>>> reference so it's no longer a mandatory reference. =A0You can wrap a
>>>>>> collection valued reference with SingleElementCollection to make it =
act like
>>>>>> an optional single valued reference.
>>>>>>
>>>>>> hope this is clear enough to help..
>>>>>> david jencks
>>>>>>
>>>>>>>
>>>>>>> Q
>>>>>>>
>>>>>>> On Fri, Sep 11, 2009 at 12:07 AM, David Jencks <david_jencks@yahoo.=
com>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi Joe!
>>>>>>>> On Sep 10, 2009, at 2:18 PM, Joe Dente wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>> I've been working on replacing Geronimo 2.1.4's server-security-co=
nfig
>>>>>>>> plugin's example security with our own security plugin. We need si=
ngle
>>>>>>>> sign
>>>>>>>> on for our application which also means the same sign on process h=
as to
>>>>>>>> work
>>>>>>>> with the Geronimo admin console. We need to be able to use custom =
realms
>>>>>>>> and
>>>>>>>> custom login modules in our server-security-config plugin replacem=
ent
>>>>>>>> that
>>>>>>>> may change depending on the environment we deploy to. I've run int=
o two
>>>>>>>> limitations so far that I've found documented online. One is that =
unless
>>>>>>>> I
>>>>>>>> want to re-deploy other plugins that use the 'geronimo-admin' secu=
rity
>>>>>>>> realm, than our custom security realm must be named 'geronimo-admi=
n' as
>>>>>>>> well. The other is that I ran
>>>>>>>> intohttp://issues.apache.org/jira/browse/GERONIMO-4603, forcing me=
 to
>>>>>>>> creating a dummy properties-login gbean in order for the tomcat
>>>>>>>> components
>>>>>>>> to start up.
>>>>>>>>
>>>>>>>> In my experience this is incredibly annoying. =A0I don't have time=
 but
>>>>>>>> wonder
>>>>>>>> if anyone else can see about fixing this for 2.2.
>>>>>>>>
>>>>>>>> =A0I've created alias' for my plugin over the server-security-conf=
ig plugin
>>>>>>>> in
>>>>>>>> 'artifact-aliases.properties' file and I've also disabled the
>>>>>>>> server-security-config plugin and added my plugin as a loaded modu=
le in
>>>>>>>> the
>>>>>>>> 'config.xml'. Unfortunately, I still cannot log into the Geronimo =
console
>>>>>>>> using my custom security realm and login module. Geronimo has no p=
roblem
>>>>>>>> starting with the current configuration and I can even login using=
 my
>>>>>>>> custom
>>>>>>>> login module. Everything seems happy as far as the login process i=
s
>>>>>>>> concerned when I step through the code, but instead of seeing the
>>>>>>>> Geronimo
>>>>>>>> console I get a tomcat error page stating 'Access to the specified
>>>>>>>> resource
>>>>>>>> () has been forbidden'. =A0The logs are completely clean as well a=
s the
>>>>>>>> console output. My only idea is that my admin users also need to b=
e
>>>>>>>> members
>>>>>>>> of a specifically named Geronimo admin group (make my admin groups=
 name
>>>>>>>> exactly match the one setup in the default security plugin)? I hav=
e not
>>>>>>>> tested this hypothesis out yet, because I have my own admin group =
that is
>>>>>>>> used by our application that I would like to re-use as the Geronim=
o
>>>>>>>> console's admin group. Any other thoughts?
>>>>>>>>
>>>>>>>> In 2.1.x you are stuck with the principal-role mapping in the ee
>>>>>>>> application, although in 2.2 you can put it into a different plugi=
n if
>>>>>>>> you
>>>>>>>> want and I think then swap it via an artifact-alias with one in a
>>>>>>>> different
>>>>>>>> plugin.
>>>>>>>> So, that means that you need to supply the principals the principa=
l-role
>>>>>>>> mapping expects:
>>>>>>>> =A0 =A0<security xmlns=3D"http://geronimo.apache.org/xml/ns/securi=
ty-1.2">
>>>>>>>> =A0 =A0 =A0 =A0<role-mappings>
>>>>>>>> =A0 =A0 =A0 =A0 =A0 =A0<role role-name=3D"admin">
>>>>>>>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<principal
>>>>>>>>
>>>>>>>> class=3D"org.apache.geronimo.security.realm.providers.GeronimoGrou=
pPrincipal"
>>>>>>>> name=3D"admin" />
>>>>>>>> =A0 =A0 =A0 =A0 =A0 =A0</role>
>>>>>>>> =A0 =A0 =A0 =A0</role-mappings>
>>>>>>>> =A0 =A0</security>
>>>>>>>>
>>>>>>>> So, your login module needs to supply a principal of
>>>>>>>> class GeronimoGroupPrincipal and name "admin".
>>>>>>>> Let us know if this doesn't work.
>>>>>>>> thanks
>>>>>>>> david jencks
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Joe
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Quintin Beukes
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Quintin Beukes
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Quintin Beukes
>>>>
>>>
>>>
>>>
>>> --
>>> Quintin Beukes
>>>
>>
>>
>>
>> --
>> Quintin Beukes
>>
>
>
>
> --
> Quintin Beukes
>



--=20
Quintin Beukes