[
https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680384#action_12680384
]
Forrest Xia commented on GERONIMO-4553:
---------------------------------------
Some tries on this jira, here are my understandings and findings:
1. Actually geronimo default security realm(used by admin console and other
modules) is named "geronimo-admin", not "geronimo-realm". It is created via
system module "org.apache.geronimo.framework/server-security-config//car".
2. Noticed David's proposed instruction to replace a default realm, I do not
figure out a way to substitue it with a new generated duplicate-named
"geronimo-admin". Because the default geronimo security realm "geronimo-admin"
is created via "org.apache.geronimo.framework/server-security-config//car". The
default "geronimo-admin" realm is not a standalone module and to be replacable
via artifact alias method.
3. Joe's patch just fix the case when the security realm is a standalone
module, it cannot stop creation of duplicate-named security realm when it's not
a standalone module.
4. If this JIRA's goal is to make admin console shows some error
message(whenever a security realm name is duplicated in standalone or not
standalone) same as those in the server.log, I don't think current patch
reaches that goal.
However, if the goal is to allow user creating a self-defined security realm
duplicate-named "geronimo-admin", then use it to replace the default geronimo
one to login admin console(or for other module use). I think we might need to
make "geronimo-admin" realm separated from "server-security-config" module
first, then use artifact alias method to substitute it.
Any thoughts? thanks!
> Admin console does not show error when creating duplicate security realm
> ------------------------------------------------------------------------
>
> Key: GERONIMO-4553
> URL: https://issues.apache.org/jira/browse/GERONIMO-4553
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: console, security
> Affects Versions: 2.1.4, 2.2
> Reporter: David Jencks
> Assignee: Joe Bohn
> Fix For: 2.1.4, 2.2
>
>
> If you create a security realm with a duplicate name (such as geronimo-admin)
> using the admin console, everything appears to work in the ui however the
> command line console shows the error:
> 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception
> java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin
> already registered
> at
> org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112)
> at
> org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97)
> at
> org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102)
> at
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96)
> at
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180)
> at
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
> at
> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
> at
> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
> at
> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
> at
> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
> at
> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
> at
> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
> at
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538)
> at
> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377)
> at
> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:456)
> at
> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:190)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:546)
> at
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:527)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34)
> at
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130)
> at
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:815)
> at
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
> at
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
> at
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
> at
> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$150f4df4.startConfiguration(<generated>)
> at
> org.apache.geronimo.deployment.plugin.local.StartCommand.run(StartCommand.java:67)
> at java.lang.Thread.run(Thread.java:613)
> IMO we should allow users to create such duplicate realms but not try to
> start them but rather show instructions on how to substitute their realm for
> the existing one, namely:
> - edit var/config/config.xml to have load="false" for the plugin with the
> existing security realm
> - edit var/config/artifact-aliases.properties to use the new plugin instead
> of the old plugin
> - edit var/config/config.xml to start the new plugin (this is probably
> unnecessary as the new one will probably be started due to dependencies)
> I tried this on trunk and a user found it on 2.1.2.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
