Great work!! This patch represents a tremendous amount of effort and I am excited about seeing this new functionality in Geronimo. I am not a security expert so I'm not able to comment on some of the more technical aspects of this new feature. But from a high level I understand what is being provided and am in favor of it being made available to Geronimo users.
Here are a few questions and comments: - nice job on the UI - the copyright headers should be updated per GERONIMO-2537 (I think this applies to JSPs as well but I am not sure) - the helper application does not define any security constraints in its web.xml. I think a constraint is needed since the application affects the server's security - the helper application is not started by default. is that intentional? I'm not totally clear on why this feature was implemented partly as a web application and partly as an admin portlet. Since CA activities are not core to the management of the application server per se it seems like an ideal candidate to implement entirely as a pair of web applications that can be installed as plugins. If its possible to refactor the CA portion into a webapp without sacrificing too much time/effort then I'm highly favor of that approach. But I may be overlooking some important aspect of the design or just need to broaden my view of what the admin console is used for. So if the current implementation remains as is then here are some additional comments about the CA portlet: - the portlet title in the console's navigation area wraps "Certifcation Authority". Can a non-breaking space ( ) be used in the title? if not then can it be shortened? - the CA portlet issues warnings, which I think are benign but can probably be avoided. they look like: [BasicProxyManager] Could not load interface org.apache.geron imo.security.ca.GeronimoCertificationAuthority in provided ClassLoader for org.a pache.geronimo.configs/j2ee-security/1.2-SNAPSHOT/car?ServiceModule=org.apache.g eronimo.configs/j2ee-security/1.2-SNAPSHOT/car,j2eeType=CertificationAuthority,n ame=geronimo-ca (see GERONIMO-2007) Again, great work on this new feature and I look forward to seeing it being made available to Geronimo users! Best wishes, Paul On 11/9/06, Vamsavardhana Reddy <[EMAIL PROTECTED]> wrote:
Hi Paul, Yes, I intend to make this available in 1.2. Please review whenever it is possible for you.. Thanks, Vamsi On 11/9/06, Paul McMahan <[EMAIL PROTECTED]> wrote: > I definitely plan to take a look at this but I have a couple of items > to finish up on first. Do you intend to make this available in 1.2? > > Best wishes, > Paul > > On 11/8/06, Vamsavardhana Reddy < [EMAIL PROTECTED]> wrote: > > I have posted a patch to "GERONIMO-2413 Add a Certification Authority (CA) > > portlet to Geronimo console". The patch contains CA portlet and CA Helper > > application. JIRA comment provides a few instructions on a minimal > > (end-to-end setup of CA and the helper application) task that can be > > performed using the portlet. Please take time to review the patch, try the > > CA portlet and the helper application. > > > > Thanks, > > vamsi > > PS: JIRA also has patch for branches\1.1 . This patch is only intended for > > those who want to try the portlet in 1.1.x. > > >
