Re: NullPointerException MultiPoolConnectionInterceptor$SubjectCRIKey.equals
I think this is a compiler bug. javap gives next code: ... 26: getfield#2; //Field subject:Ljavax/security/auth/Subject; 29: ifnonnull 42 32: aload_2 33: getfield#2; //Field subject:Ljavax/security/auth/Subject; 36: ifnonnull 91 39: goto87 42: aload_0 43: getfield#2; //Field subject:Ljavax/security/auth/Subject; 46: aload_2 47: getfield#2; //Field subject:Ljavax/security/auth/Subject; 50: invokevirtual #8; //Method javax/security/auth/Subject.equals:(Ljava/lang/Object;)Z 53: ifeq73 - if(subject.equals(o.subject)) 56: aload_0 57: getfield#3; //Field cri:Ljavax/resource/spi/ConnectionRequestInfo; 60: ifnonnull 73 63: aload_2 64: getfield#3; //Field cri:Ljavax/resource/spi/ConnectionRequestInfo; 67: ifnonnull 91 70: goto87 73: aload_0-- 74: getfield#3; //Field cri:Ljavax/resource/spi/ConnectionRequestInfo; 77: aload_2 78: getfield#3; //Field cri:Ljavax/resource/spi/ConnectionRequestInfo; 81: invokevirtual #9; //Method java/lang/Object.equals:(Ljava/lang/Object;)Z 84: ifeq91 87: iconst_1 88: goto92 91: iconst_0 92: ireturn The result is the following construction if(subject.equals(o.subject)){ cri.equals(o.cri); } djencks wrote: I opened GERONIMO-4639 and fixed this in trunk and branches 2.1 I couldn't understand the nested iff statements too well so I just replaced it with what idea generates for equals :-) This is a component, not part of geronimo itself. We'll need to push a release of at least the 2.1 branch. thanks david jencks -- View this message in context: http://www.nabble.com/NullPointerException-MultiPoolConnectionInterceptor%24SubjectCRIKey.equals-tp23634940s134p23648828.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
NullPointerException MultiPoolConnectionInterceptor$SubjectCRIKey.equals
java.lang.NullPointerException at org.apache.geronimo.connector.outbound.MultiPoolConnectionInterceptor$SubjectCRIKey.equals(MultiPoolConnectionInterceptor.java:193) source: return hashcode == o.hashcode (subject == null ? o.subject == null : subject.equals(o.subject) cri == null ? o.cri == null : cri.equals(o.cri)); need brackets: return hashcode == o.hashcode (subject == null ? o.subject == null : subject.equals(o.subject) ( cri == null ? o.cri == null : cri.equals(o.cri)) ); -- View this message in context: http://www.nabble.com/NullPointerException-MultiPoolConnectionInterceptor%24SubjectCRIKey.equals-tp23634940s134p23634940.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Error at getting datasource from connector(container-managed-security)
Thanks for advice. djencks wrote: Probably this is a bug, although I'm surprised we haven't seen it before. Can you please outline your scenario a bit more? - is this work done from a secured part of your application, so there is a subject available? - do you want database access to be secured based on the default user/password supplied in the connector plan, or do you want the password credentials to be determined from the user in some way (such as using the user/pw of the actual user to access the database). Yes, I am using the user/pw of the actual user to access the database. djencks wrote: If you want the db credentials to be determined from the actual user, then this is only a configuration problem in your app. You need to include a login module in your login configuration that will construct the PasswordCredential for the connector framework to use. However, AFAIK this hasn't been tested much for a long time and may have broken. You include the CallerIdentityPasswordCredentialLoginModule and install it in the login config using the PasswordCredentialLoginModuleWrapperGBean instead of the regular LoginModuleGBean. You can also write a different LoginModule that can apply some mapping between the actual user and database user. thanks david jencks It works well. It's my new module. gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2; name=kdw_login_module class=org.apache.geronimo.connector.outbound.security.PasswordCredentialLoginModuleWrapper attribute name=loginModuleClass ru.mev.j2report.system.security.KDWLoginModule /attribute attribute name=serverSidetrue/attribute reference name=ManagedConnectionFactoryWrapper namejdbc/OracleDataSourceTest/name /reference attribute name=options dataSourceName=jdbc/OracleDataSourceTest groupSelect=select role_code from kdw.w_user_roles /attribute attribute name=loginDomainNamekdw_realm/attribute /gbean gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2; name=kdw_login class=org.apache.geronimo.security.jaas.JaasLoginModuleUse attribute name=controlFlagREQUIRED/attribute reference name=LoginModule namekdw_login_module/name /reference /gbean gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2; name=kdw_realm class=org.apache.geronimo.security.realm.GenericSecurityRealm attribute name=realmNamekdw_realm/attribute reference name=ServerInfo nameServerInfo/name /reference reference name=LoginService nameJaasLoginService/name /reference reference name=LoginModuleConfiguration namekdw_login/name /reference /gbean public class KDWLoginModule implements LoginModule { /** * Logger for this class */ private static final Log logger = LogFactory.getLog(KDWLoginModule.class); public final static String DATABASE_POOL_NAME = dataSourceName; public final static String GROUP_SELECT = groupSelect; private JCAManagedConnectionFactory factory; private Subject subject; private CallbackHandler handler; private String cbUsername; private String cbPassword; private String groupSelect; private SetPrincipal groups; private ManagedConnectionFactory managedConnectionFactory ; /* * (non-Javadoc) * * @see javax.security.auth.spi.LoginModule#abort() */ public boolean abort() throws LoginException { cbUsername = null; cbPassword = null; return true; } /* * (non-Javadoc) * * @see javax.security.auth.spi.LoginModule#commit() */ public boolean commit() throws LoginException { SetPrincipal principals = subject.getPrincipals(); principals.addAll(groups); // from CallerIdentityPasswordCredentialLoginModule PasswordCredential passwordCredential = new PasswordCredential(cbUsername, cbPassword.toCharArray()); passwordCredential.setManagedConnectionFactory(managedConnectionFactory); subject.getPrivateCredentials().add(passwordCredential); return true; } /* * (non-Javadoc) * * @see javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject, *
Openejb: This principle is not authorized
Standalone application login.config: dw_realm { org.apache.geronimo.security.jaas.client.JaasLoginCoordinator required host=localhost port=4242 realm=dw_realm; }; LoginContext context = new LoginContext(dw_realm,...); context.login(); Properties props = new Properties(); props.put(java.naming.factory.initial, org.apache.openejb.client.RemoteInitialContextFactory); props.put(java.naming.factory.host, 127.0.0.1); props.put(java.naming.factory.port, 4201); props.put(java.naming.security.principal, ...); props.put(java.naming.security.credentials, ...); Context remoteContext = remoteContext = new InitialContext(props); javax.naming.AuthenticationException: This principle is not authorized. at org.apache.openejb.client.JNDIContext.authenticate(JNDIContext.java:144) at org.apache.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:116) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.init(InitialContext.java:197) It's exception thrown from org.apache.geronimo.openejb.GeronimoSecurityService.login(String user, String pass) { LoginContext context = new LoginContext(OpenEJB, new UsernamePasswordCallbackHandler(user, pass));--javax.security.auth.login.LoginException: No LoginModules configured for OpenEJB Can be use realm for the current user? -- View this message in context: http://www.nabble.com/Openejb%3A-This-principle-is-not-authorized-tf3571824s134.html#a9979641 Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.