[ 
https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680384#action_12680384
 ] 

Forrest Xia commented on GERONIMO-4553:
---------------------------------------

Some tries on this jira, here are my understandings and findings:
1. Actually geronimo default security realm(used by admin console and other 
modules) is named "geronimo-admin", not "geronimo-realm". It is created via 
system module "org.apache.geronimo.framework/server-security-config//car". 
2. Noticed David's proposed instruction to replace a default realm, I do not 
figure out a way to substitue it with a new generated duplicate-named 
"geronimo-admin". Because the default geronimo security realm "geronimo-admin" 
is created via "org.apache.geronimo.framework/server-security-config//car". The 
default "geronimo-admin" realm is not a standalone module and to be replacable 
via artifact alias method.
3. Joe's patch just fix the case when the security realm is a standalone 
module, it cannot stop creation of duplicate-named security realm when it's not 
a standalone module.
4. If this JIRA's goal is to make admin console shows some error 
message(whenever a security realm name is duplicated in standalone or not 
standalone) same as those in the server.log, I don't think current patch 
reaches that goal. 
However, if the goal is to allow user creating a self-defined security realm 
duplicate-named "geronimo-admin", then use it to replace the default geronimo 
one to login admin console(or for other module use). I think we might need to 
make "geronimo-admin" realm separated from "server-security-config" module 
first, then use artifact alias method to substitute it.

Any thoughts? thanks!

> Admin console does not show error when creating duplicate security realm
> ------------------------------------------------------------------------
>
>                 Key: GERONIMO-4553
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4553
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console, security
>    Affects Versions: 2.1.4, 2.2
>            Reporter: David Jencks
>            Assignee: Joe Bohn
>             Fix For: 2.1.4, 2.2
>
>
> If you create a security realm with a duplicate name (such as geronimo-admin) 
> using the admin console, everything appears to work in the ui however the 
> command line console shows the error:
> 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception
> java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin 
> already registered
>         at 
> org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112)
>         at 
> org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97)
>         at 
> org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538)
>         at 
> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377)
>         at 
> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:456)
>         at 
> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:190)
>         at 
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:546)
>         at 
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:527)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at 
> org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:815)
>         at 
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>         at 
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>         at 
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>         at 
> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$150f4df4.startConfiguration(<generated>)
>         at 
> org.apache.geronimo.deployment.plugin.local.StartCommand.run(StartCommand.java:67)
>         at java.lang.Thread.run(Thread.java:613)
> IMO we should allow users to create such duplicate realms but not try to 
> start them but rather show instructions on how to substitute their realm for 
> the existing one, namely:
> - edit var/config/config.xml to have load="false" for the plugin with the 
> existing security realm
> - edit var/config/artifact-aliases.properties to use the new plugin instead 
> of the old plugin
> - edit var/config/config.xml to start the new plugin (this is probably 
> unnecessary as the new one will probably be started due to dependencies)
> I tried this on trunk and a user found it on 2.1.2.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to