Re: NullPointerException MultiPoolConnectionInterceptor$SubjectCRIKey.equals
I think this is a compiler bug.
javap gives next code:
...
26: getfield#2; //Field subject:Ljavax/security/auth/Subject;
29: ifnonnull 42
32: aload_2
33: getfield#2; //Field subject:Ljavax/security/auth/Subject;
36: ifnonnull 91
39: goto87
42: aload_0
43: getfield#2; //Field subject:Ljavax/security/auth/Subject;
46: aload_2
47: getfield#2; //Field subject:Ljavax/security/auth/Subject;
50: invokevirtual #8; //Method
javax/security/auth/Subject.equals:(Ljava/lang/Object;)Z
53: ifeq73 -
if(subject.equals(o.subject))
56: aload_0
57: getfield#3; //Field
cri:Ljavax/resource/spi/ConnectionRequestInfo;
60: ifnonnull 73
63: aload_2
64: getfield#3; //Field
cri:Ljavax/resource/spi/ConnectionRequestInfo;
67: ifnonnull 91
70: goto87
73: aload_0--
74: getfield#3; //Field
cri:Ljavax/resource/spi/ConnectionRequestInfo;
77: aload_2
78: getfield#3; //Field
cri:Ljavax/resource/spi/ConnectionRequestInfo;
81: invokevirtual #9; //Method
java/lang/Object.equals:(Ljava/lang/Object;)Z
84: ifeq91
87: iconst_1
88: goto92
91: iconst_0
92: ireturn
The result is the following construction
if(subject.equals(o.subject)){
cri.equals(o.cri);
}
djencks wrote:
I opened GERONIMO-4639 and fixed this in trunk and branches 2.1
I couldn't understand the nested iff statements too well so I just
replaced it with what idea generates for equals :-)
This is a component, not part of geronimo itself. We'll need to push
a release of at least the 2.1 branch.
thanks
david jencks
--
View this message in context:
http://www.nabble.com/NullPointerException-MultiPoolConnectionInterceptor%24SubjectCRIKey.equals-tp23634940s134p23648828.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
NullPointerException MultiPoolConnectionInterceptor$SubjectCRIKey.equals
java.lang.NullPointerException at org.apache.geronimo.connector.outbound.MultiPoolConnectionInterceptor$SubjectCRIKey.equals(MultiPoolConnectionInterceptor.java:193) source: return hashcode == o.hashcode (subject == null ? o.subject == null : subject.equals(o.subject) cri == null ? o.cri == null : cri.equals(o.cri)); need brackets: return hashcode == o.hashcode (subject == null ? o.subject == null : subject.equals(o.subject) ( cri == null ? o.cri == null : cri.equals(o.cri)) ); -- View this message in context: http://www.nabble.com/NullPointerException-MultiPoolConnectionInterceptor%24SubjectCRIKey.equals-tp23634940s134p23634940.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Error at getting datasource from connector(container-managed-security)
Thanks for advice.
djencks wrote:
Probably this is a bug, although I'm surprised we haven't seen it
before.
Can you please outline your scenario a bit more?
- is this work done from a secured part of your application, so there
is a subject available?
- do you want database access to be secured based on the default
user/password supplied in the connector plan, or do you want the
password credentials to be determined from the user in some way (such
as using the user/pw of the actual user to access the database).
Yes, I am using the user/pw of the actual user to access the database.
djencks wrote:
If you want the db credentials to be determined from the actual user,
then this is only a configuration problem in your app. You need to
include a login module in your login configuration that will
construct the PasswordCredential for the connector framework to use.
However, AFAIK this hasn't been tested much for a long time and may
have broken. You include the
CallerIdentityPasswordCredentialLoginModule and install it in the
login config using the PasswordCredentialLoginModuleWrapperGBean
instead of the regular LoginModuleGBean. You can also write a
different LoginModule that can apply some mapping between the actual
user and database user.
thanks
david jencks
It works well. It's my new module.
gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2;
name=kdw_login_module
class=org.apache.geronimo.connector.outbound.security.PasswordCredentialLoginModuleWrapper
attribute name=loginModuleClass
ru.mev.j2report.system.security.KDWLoginModule
/attribute
attribute name=serverSidetrue/attribute
reference name=ManagedConnectionFactoryWrapper
namejdbc/OracleDataSourceTest/name
/reference
attribute name=options
dataSourceName=jdbc/OracleDataSourceTest
groupSelect=select role_code from kdw.w_user_roles
/attribute
attribute name=loginDomainNamekdw_realm/attribute
/gbean
gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2;
name=kdw_login
class=org.apache.geronimo.security.jaas.JaasLoginModuleUse
attribute name=controlFlagREQUIRED/attribute
reference name=LoginModule
namekdw_login_module/name
/reference
/gbean
gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2;
name=kdw_realm
class=org.apache.geronimo.security.realm.GenericSecurityRealm
attribute name=realmNamekdw_realm/attribute
reference name=ServerInfo
nameServerInfo/name
/reference
reference name=LoginService
nameJaasLoginService/name
/reference
reference name=LoginModuleConfiguration
namekdw_login/name
/reference
/gbean
public class KDWLoginModule implements LoginModule {
/**
* Logger for this class
*/
private static final Log logger =
LogFactory.getLog(KDWLoginModule.class);
public final static String DATABASE_POOL_NAME = dataSourceName;
public final static String GROUP_SELECT = groupSelect;
private JCAManagedConnectionFactory factory;
private Subject subject;
private CallbackHandler handler;
private String cbUsername;
private String cbPassword;
private String groupSelect;
private SetPrincipal groups;
private ManagedConnectionFactory managedConnectionFactory ;
/*
* (non-Javadoc)
*
* @see javax.security.auth.spi.LoginModule#abort()
*/
public boolean abort() throws LoginException {
cbUsername = null;
cbPassword = null;
return true;
}
/*
* (non-Javadoc)
*
* @see javax.security.auth.spi.LoginModule#commit()
*/
public boolean commit() throws LoginException {
SetPrincipal principals = subject.getPrincipals();
principals.addAll(groups);
// from CallerIdentityPasswordCredentialLoginModule
PasswordCredential passwordCredential = new
PasswordCredential(cbUsername,
cbPassword.toCharArray());
passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
subject.getPrivateCredentials().add(passwordCredential);
return true;
}
/*
* (non-Javadoc)
*
* @see
javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject,
*
Openejb: This principle is not authorized
Standalone application
login.config:
dw_realm {
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator required
host=localhost
port=4242
realm=dw_realm;
};
LoginContext context = new LoginContext(dw_realm,...);
context.login();
Properties props = new Properties();
props.put(java.naming.factory.initial,
org.apache.openejb.client.RemoteInitialContextFactory);
props.put(java.naming.factory.host, 127.0.0.1);
props.put(java.naming.factory.port, 4201);
props.put(java.naming.security.principal, ...);
props.put(java.naming.security.credentials, ...);
Context remoteContext = remoteContext = new InitialContext(props);
javax.naming.AuthenticationException: This principle is not authorized.
at
org.apache.openejb.client.JNDIContext.authenticate(JNDIContext.java:144)
at
org.apache.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:116)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.init(InitialContext.java:197)
It's exception thrown from
org.apache.geronimo.openejb.GeronimoSecurityService.login(String user,
String pass) {
LoginContext context = new LoginContext(OpenEJB, new
UsernamePasswordCallbackHandler(user,
pass));--javax.security.auth.login.LoginException: No LoginModules
configured for OpenEJB
Can be use realm for the current user?
--
View this message in context:
http://www.nabble.com/Openejb%3A-This-principle-is-not-authorized-tf3571824s134.html#a9979641
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
