[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm

Sat, 23 May 2009 15:08:12 -0700 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12712465#action_12712465
 ] 

David Jencks commented on GERONIMO-4553:
----------------------------------------

I experimented a bit with scoping security realms to an apps parents.  This is 
pretty straightforward for jetty7, slightly less so for jetty6, I'm not sure 
about tomcat, and AFAICT impractical for openejb at this time.

The problem with openejb is that authentication happens independently of which 
app you are dealing with, for instance when trying to get the ejb remote 
initial context.

I'll probably commit my jetty7/jetty6 work and keep thinking about openejb and 
tomcat.

> Admin console does not show error when creating duplicate security realm
> ------------------------------------------------------------------------
>
>                 Key: GERONIMO-4553
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4553
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console, security
>    Affects Versions: 2.1.4, 2.2
>            Reporter: David Jencks
>            Assignee: Rex Wang
>             Fix For: 2.1.5, 2.2
>
>         Attachments: GERONIMO-4553-b21.patch
>
>
> If you create a security realm with a duplicate name (such as geronimo-admin) 
> using the admin console, everything appears to work in the ui however the 
> command line console shows the error:
> 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception
> java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin 
> already registered
>         at 
> org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112)
>         at 
> org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97)
>         at 
> org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>         at 
> org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538)
>         at 
> org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377)
>         at 
> org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:456)
>         at 
> org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:190)
>         at 
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:546)
>         at 
> org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:527)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>         at java.lang.reflect.Method.invoke(Method.java:585)
>         at 
> org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130)
>         at 
> org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:815)
>         at 
> org.apache.geronimo.gbean.runtime.RawInvoker.invoke(RawInvoker.java:57)
>         at 
> org.apache.geronimo.kernel.basic.RawOperationInvoker.invoke(RawOperationInvoker.java:35)
>         at 
> org.apache.geronimo.kernel.basic.ProxyMethodInterceptor.intercept(ProxyMethodInterceptor.java:96)
>         at 
> org.apache.geronimo.kernel.config.EditableConfigurationManager$$EnhancerByCGLIB$$150f4df4.startConfiguration(<generated>)
>         at 
> org.apache.geronimo.deployment.plugin.local.StartCommand.run(StartCommand.java:67)
>         at java.lang.Thread.run(Thread.java:613)
> IMO we should allow users to create such duplicate realms but not try to 
> start them but rather show instructions on how to substitute their realm for 
> the existing one, namely:
> - edit var/config/config.xml to have load="false" for the plugin with the 
> existing security realm
> - edit var/config/artifact-aliases.properties to use the new plugin instead 
> of the old plugin
> - edit var/config/config.xml to start the new plugin (this is probably 
> unnecessary as the new one will probably be started due to dependencies)
> I tried this on trunk and a user found it on 2.1.2.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to