Re: [VOTE] Release Apache ActiveMQ 4.0.2 (RC 2)
+1 looks good On 8/1/06, Hiram Chirino [EMAIL PROTECTED] wrote: Some LICENSE file issues were found in the first release candidate of the 4.0.2 build. I have cut and RC 2 of the 4.0.2 build with the fixes and it's available here: http://people.apache.org/~chirino/incubator-activemq-4.0.2-RC2/maven1/incubator-activemq/distributions/ Maven 1 and Maven 2 repos for this release can be found at: http://people.apache.org/~chirino/incubator-activemq-4.0.2-RC2 Here's the wiki page for the release notes (they should soon get mirrored to the activemq static website) : http://goopen.org/confluence/display/ACTIVEMQ/ActiveMQ+4.0.2+Release Please vote to approve this release binary [ ] +1 Release the binary as Apache ActiveMQ 4.0.2 [ ] -1 Veto the release (provide specific comments) If this vote passes, then we will then ask the Incubator PMC for their blessing to ship this release officially. Here's my +1 -- Regards, Hiram Blog: http://hiramchirino.com -- James --- http://radio.weblogs.com/0112098/
Re: auto-generating documentation for C++ client?
On 8/1/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey guys, I've submitted the patch. James - as it stands, Tim has some docs that are ready to go - should we just post them on a server (people.apache.org?) and link to them from the web page? Awesome! Lets do it. The website is here... http://svn.apache.org/repos/asf/incubator/activemq/site/ so I checked in the NMS docs here... http://svn.apache.org/repos/asf/incubator/activemq/site/nms/ so how about we put the CMS docs here? http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ If you just check in the docs, I've a cron job that refreshes the people.apache.org box from SVN and they should show up there. BTW there seems to be some delay (of up to an hour or so) before updates to SVN actually show up at apache on the web page as there's some kinda proxy/caching stuff going on. -- James --- http://radio.weblogs.com/0112098/
Re: Regarding Multiple client in ActiveMQ for openwire-cpp API's
Use producer.setDeliveryMode(DeliverMode.PERSISTENT) On 8/2/06, Arshad Ahamad [EMAIL PROTECTED] wrote: Hi James, Bish, You need to create a Producer and Consumer in both the sender and receiver that are subscribed to the same queue. Then you should be golden. So in pseudo code you'd have this in both Queue x(mytopic) MessageProducer y( x ) MessageConsumer z( x ) It would look like this for sender to receiver Sender-senderproduer-receiverconsumer-receiver for receiver back to send Receiver-receiverproducer-senderconsumer-sender Makes Sense? Yes, I have create sender and receiver like the above and they are communecating each other bi-directionally but whenever I stop the receiver then sender is not getting responce from receiver, this is shows the sending message only. This is because we are using the single Queue for sending and receiving the data and we are setting the MessageListener on that queue thats why I am unable to maitain the persistence. Pls tell me the best way in which I can maintain the persistence as well as the single queue so that I can delever my project ASAP. Thanks in advance. Thanks Regards Arashad Ahamad -- James --- http://radio.weblogs.com/0112098/
Re: Regarding Multiple client in ActiveMQ for openwire-cpp API's
virtual void setPersistent(bool persistent) = 0 ; Hi James and Bish, There is no such type of API producer.setDeliveryMode(DeliverMode.PERSISTENT) in openwire-cpp there is an API producer.setPersistent( true ); I have used, nevertheless this is not maintaining the persistence. Pls help me. Thanks in advance Thanks Regards Arashad Ahamad
Re: Creating a secure connection system and using JMSXUserID support
Hi, I started another thread, unaware of this one, with the same aim. http://www.nabble.com/forum/ViewPost.jtp?post=5583011framed=y So please allow me to share my views on this. If we are going to use SSL and SSL's built in client authentication, then I would use JAAS to authenticate the user via certificate. I would use LDAP to store and verify certificates and I guess It would be fairly easy to implement. There is already LDAPLoginModule and I implemented LDAPAuthorizationMap - cerificates should not be much harder. The outcome of successful SSL client authentication should be authenticated Subject with all Princiapls set. This I woud put into ConnectionInfo - no need for DN or username. When AMQ has authenticated Subject, it can perform authorization in any of the existing ways. That is, we can safely separate authentication from authorization modules as long as AMQ gets Subject from the authentication process. What I miss here is the point of Subject creation. If we totally rely on SSL for authentication we actually need an implementation of truststore (keystore with trust manager) that would verify client certificate and create login Subject. However, as this process is totally hidden from AMQ (I think that truststore and ConnectionInfo instance are unaware of each other), we would need another store (directory) to temporarrily save Subject and make it avaliable to AMQ once the connection is created. Or, if there is a way for truststore to interact with ConectionInfo instance, this problem is solved. This approach requires implementation of CertificateLoginModule (JAAS) and custom truststore that would use this login module plus some temporary map. What do you thik about this? Regards, NGC Hiram Chirino wrote: On 8/1/06, Sepand M [EMAIL PROTECTED] wrote: Hi all, So far I've mainly been reading ActiveMQ and making design docs. Here's what I've got: For authorization, my current plan is to just have the client's DN replace the user name field in the ConnectionInfo class (how this is done is explained below). I want to do this because I don't know much about JAAS and I'm trying to avoid writing classes to authorize based on DNs. If you guys know this stuff (and you probably do), we could change this easily enough. Here's the rest of my design: I want to modify SslTransportFactory to use a specific SslContext object and allow client's access to its init method so that they can set their own key and trust managers. I also want to create new SslTransport and SslTransportServer classes. SslTransport will be derived from TcpTransport. Its main task will be to replace the user name field of ConnectionInfo commands with its socket's DN (this could be changed easily to attach the entire certificate to ConnectionInfo as a new generic field). SslTransport will also make sure that it uses SslSocketFactory's. SslTransportServer will only be there to make sure SslSocketFactory's are used. For my current design that about does it. The proper Brokers and plugins (JaasAuthenticationBroker and AuthorizationPlugin) would have to be used and the configuration files would need to use the DN as the username. I'm not sure about this, but I think if we were to attach the complete certificate and try to do things properly we'd need a new CertificateAuthenticationBroker and a way for JAAS to authenticate that certificate (I'm new to JAAS so I don't know how easy/hard this would be). Sounds spot on! The JAAS part would totally depend on how the JAAS module that authenticates against a certificate expects to receive the certificate. Right now our current JAAS login only uses userid/password, that would need to change for a cert. Anybody know where we can get a JAAS module that authenticates certificates? Regards, Hiram Any thoughts? - Sepand On 8/1/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, ngcutura [EMAIL PROTECTED] wrote: My JIRA username is 'ngcutura' and I'll be glad to assign LDAP Authorization issue to myself. Great! You're all set now with JIRA karma I also take this opportunity to remind you of my code waiting for your review. :-) Thanks for the reminder - will try get there soon :) I wouldn't mind creating and assigning certificate login but as Sepand was the first to raise it I'd wait for him (a while). Coolio -- James --- http://radio.weblogs.com/0112098/ -- Regards, Hiram Blog: http://hiramchirino.com -- View this message in context: http://www.nabble.com/Creating-a-secure-connection-system-and-using-JMSXUserID-support-tf1956575.html#a5612820 Sent from the ActiveMQ - Dev forum at Nabble.com.
Re: Creating a secure connection system and using JMSXUserID support
On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hi, I started another thread, unaware of this one, with the same aim. http://www.nabble.com/forum/ViewPost.jtp?post=5583011framed=y So please allow me to share my views on this. If we are going to use SSL and SSL's built in client authentication, then I would use JAAS to authenticate the user via certificate. I would use LDAP to store and verify certificates and I guess It would be fairly easy to implement. There is already LDAPLoginModule and I implemented LDAPAuthorizationMap - cerificates should not be much harder. Sounds good! The outcome of successful SSL client authentication should be authenticated Subject with all Princiapls set. This I woud put into ConnectionInfo - no need for DN or username. When AMQ has authenticated Subject, it can perform authorization in any of the existing ways. That is, we can safely separate authentication from authorization modules as long as AMQ gets Subject from the authentication process. agreed. What I miss here is the point of Subject creation. If we totally rely on SSL for authentication we actually need an implementation of truststore (keystore with trust manager) that would verify client certificate and create login Subject. However, as this process is totally hidden from AMQ (I think that truststore and ConnectionInfo instance are unaware of each other), we would need another store (directory) to temporarrily save Subject and make it avaliable to AMQ once the connection is created. Or, if there is a way for truststore to interact with ConectionInfo instance, this problem is solved. I'm not familiar with the SSL details to get this done, so I may be talking alot of BS here But it sounds like your saying that we need associate our keystore with the SSL layer. But we want to store our certs in LDAP. And right now those two layers would communicate via a ConnectionInfo object. So I would say that in this case the user is authenticating/logging in earlier than in normal cases. since he is authentcating at connection setup time, I think you would need to do the JAAS log in when the connection is estbalished. And attach the JAAS subject to the ConnectionInfo. This approach requires implementation of CertificateLoginModule (JAAS) and custom truststore that would use this login module plus some temporary map. What do you thik about this? Regards, NGC Hiram Chirino wrote: On 8/1/06, Sepand M [EMAIL PROTECTED] wrote: Hi all, So far I've mainly been reading ActiveMQ and making design docs. Here's what I've got: For authorization, my current plan is to just have the client's DN replace the user name field in the ConnectionInfo class (how this is done is explained below). I want to do this because I don't know much about JAAS and I'm trying to avoid writing classes to authorize based on DNs. If you guys know this stuff (and you probably do), we could change this easily enough. Here's the rest of my design: I want to modify SslTransportFactory to use a specific SslContext object and allow client's access to its init method so that they can set their own key and trust managers. I also want to create new SslTransport and SslTransportServer classes. SslTransport will be derived from TcpTransport. Its main task will be to replace the user name field of ConnectionInfo commands with its socket's DN (this could be changed easily to attach the entire certificate to ConnectionInfo as a new generic field). SslTransport will also make sure that it uses SslSocketFactory's. SslTransportServer will only be there to make sure SslSocketFactory's are used. For my current design that about does it. The proper Brokers and plugins (JaasAuthenticationBroker and AuthorizationPlugin) would have to be used and the configuration files would need to use the DN as the username. I'm not sure about this, but I think if we were to attach the complete certificate and try to do things properly we'd need a new CertificateAuthenticationBroker and a way for JAAS to authenticate that certificate (I'm new to JAAS so I don't know how easy/hard this would be). Sounds spot on! The JAAS part would totally depend on how the JAAS module that authenticates against a certificate expects to receive the certificate. Right now our current JAAS login only uses userid/password, that would need to change for a cert. Anybody know where we can get a JAAS module that authenticates certificates? Regards, Hiram Any thoughts? - Sepand On 8/1/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, ngcutura [EMAIL PROTECTED] wrote: My JIRA username is 'ngcutura' and I'll be glad to assign LDAP Authorization issue to myself. Great! You're all set now with JIRA karma I also take this opportunity to remind you of my code waiting for your review. :-) Thanks for the reminder - will try get there soon :) I wouldn't mind creating and assigning certificate login but as Sepand
Re: Creating a secure connection system and using JMSXUserID support
Hiram Chirino wrote: On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hi, I started another thread, unaware of this one, with the same aim. http://www.nabble.com/forum/ViewPost.jtp?post=5583011framed=y So please allow me to share my views on this. If we are going to use SSL and SSL's built in client authentication, then I would use JAAS to authenticate the user via certificate. I would use LDAP to store and verify certificates and I guess It would be fairly easy to implement. There is already LDAPLoginModule and I implemented LDAPAuthorizationMap - cerificates should not be much harder. Sounds good! The outcome of successful SSL client authentication should be authenticated Subject with all Princiapls set. This I woud put into ConnectionInfo - no need for DN or username. When AMQ has authenticated Subject, it can perform authorization in any of the existing ways. That is, we can safely separate authentication from authorization modules as long as AMQ gets Subject from the authentication process. agreed. What I miss here is the point of Subject creation. If we totally rely on SSL for authentication we actually need an implementation of truststore (keystore with trust manager) that would verify client certificate and create login Subject. However, as this process is totally hidden from AMQ (I think that truststore and ConnectionInfo instance are unaware of each other), we would need another store (directory) to temporarrily save Subject and make it avaliable to AMQ once the connection is created. Or, if there is a way for truststore to interact with ConectionInfo instance, this problem is solved. I'm not familiar with the SSL details to get this done, so I may be talking alot of BS here But it sounds like your saying that we need associate our keystore with the SSL layer. But we want to store our certs in LDAP. And right now those two layers would communicate via a ConnectionInfo object. So I would say that in this case the user is authenticating/logging in earlier than in normal cases. since he is authentcating at connection setup time, I think you would need to do the JAAS log in when the connection is estbalished. And attach the JAAS subject to the ConnectionInfo. ---REPLY BEGINS--- (I don't know how to produce '' when quoting using the Web interface on Nabble.) Your understanding is compatible with mine. :-) What I undestood from JSSE is that it is actually a component that you may configure independantly of the rest of the application. You specify a factory and a truststore and connection is returned. SSL server and client authentication based on certificates is configurable but totally hidden from the application. What we can do to interfere is implement SSLSocketFactory and implement truststore. Now, if we bypass client authentication during SSL handshake and leave it until the connection is established, the question is how we obtain client ceritifcate. If the client is not required to authenticate during SSL handshake, it will not send its certificate to the server and we lose possibility to perform client certificate authentication. Thus we need to set 'need client auth' or 'want client auth' property to the server SSL socket factory. (I saw a discussion thread where this was resolved in AMQ.) In both cases, I believe (although I am not sure) client ceritificate authentication wil be attempted. In case of 'need' unsuccessful authentication will disconnect client while in the case of 'want' connection will be created. Maybe this can be used in our case but I am not sure how 'want' case is handled exactly. If there are any restrictions imposed on such a connection, we lose the case. Back to the normal SSL handshake: if we implement our own truststore (we need to) and our own SSL socket factory (we may) and create ConnectionInfo instance before the actual connection (I am now talking unaware of the actual code in AMQ - I have not studied it yet) maybe there would be a way to pass ConnectionInfo instance to the custom SSL socket factory which would then pass it to the custom truststore and we are in business. Some gymnastics, admitedly. :-) What we need to resolve is this: 1. In case of 'wantClientAuth' what are the consequences of unsuccessful client authentication? Is the connection as good as authenticated or are there any restrictions? 2. Is there a way to pass ConnectionInfo instance via factory to the truststore as suggested? Answers to the above questions would give us a way to go. Still, if there would be a positive answer to the question 2. I would go that way regardless of the 1. Therefore, I volounteer to resolve 2. :-) Any ideas? Regards, NGC ---REPLY ENDS--- This approach requires implementation of CertificateLoginModule (JAAS) and custom truststore that would use this login module plus some temporary map. What do you thik about this? Regards,
Re: Nested MapMessage
Thanks for adding this feature. I am sure it is going to be heavily used. BTW - can you point me to where I can I download ActiveMQ 4.1? -- View this message in context: http://www.nabble.com/Nested-MapMessage-tf1788442.html#a5617829 Sent from the ActiveMQ - Dev forum at Nabble.com.
Re: Creating a secure connection system and using JMSXUserID support
I guess I don't understand what you mean by #2 but that could be due to my ignorance of the SSL socket stuff. So perhaps you can help me understand what happens there... Lets assume we setup the ssl stuff to use 'need client auth'. Could we setup a truststore implementation that accepts any client certificate or would this be a problem? Can you later get use the SSLScoket.getSession().getPeerCertificates() when the ConnectionInfo command comes in and attach those certificates to the command? Could that Certificate[] later be used against an LDAP JAAS module? Regards, Hiram On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hiram Chirino wrote: On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hi, I started another thread, unaware of this one, with the same aim. http://www.nabble.com/forum/ViewPost.jtp?post=5583011framed=y So please allow me to share my views on this. If we are going to use SSL and SSL's built in client authentication, then I would use JAAS to authenticate the user via certificate. I would use LDAP to store and verify certificates and I guess It would be fairly easy to implement. There is already LDAPLoginModule and I implemented LDAPAuthorizationMap - cerificates should not be much harder. Sounds good! The outcome of successful SSL client authentication should be authenticated Subject with all Princiapls set. This I woud put into ConnectionInfo - no need for DN or username. When AMQ has authenticated Subject, it can perform authorization in any of the existing ways. That is, we can safely separate authentication from authorization modules as long as AMQ gets Subject from the authentication process. agreed. What I miss here is the point of Subject creation. If we totally rely on SSL for authentication we actually need an implementation of truststore (keystore with trust manager) that would verify client certificate and create login Subject. However, as this process is totally hidden from AMQ (I think that truststore and ConnectionInfo instance are unaware of each other), we would need another store (directory) to temporarrily save Subject and make it avaliable to AMQ once the connection is created. Or, if there is a way for truststore to interact with ConectionInfo instance, this problem is solved. I'm not familiar with the SSL details to get this done, so I may be talking alot of BS here But it sounds like your saying that we need associate our keystore with the SSL layer. But we want to store our certs in LDAP. And right now those two layers would communicate via a ConnectionInfo object. So I would say that in this case the user is authenticating/logging in earlier than in normal cases. since he is authentcating at connection setup time, I think you would need to do the JAAS log in when the connection is estbalished. And attach the JAAS subject to the ConnectionInfo. ---REPLY BEGINS--- (I don't know how to produce '' when quoting using the Web interface on Nabble.) Your understanding is compatible with mine. :-) What I undestood from JSSE is that it is actually a component that you may configure independantly of the rest of the application. You specify a factory and a truststore and connection is returned. SSL server and client authentication based on certificates is configurable but totally hidden from the application. What we can do to interfere is implement SSLSocketFactory and implement truststore. Now, if we bypass client authentication during SSL handshake and leave it until the connection is established, the question is how we obtain client ceritifcate. If the client is not required to authenticate during SSL handshake, it will not send its certificate to the server and we lose possibility to perform client certificate authentication. Thus we need to set 'need client auth' or 'want client auth' property to the server SSL socket factory. (I saw a discussion thread where this was resolved in AMQ.) In both cases, I believe (although I am not sure) client ceritificate authentication wil be attempted. In case of 'need' unsuccessful authentication will disconnect client while in the case of 'want' connection will be created. Maybe this can be used in our case but I am not sure how 'want' case is handled exactly. If there are any restrictions imposed on such a connection, we lose the case. Back to the normal SSL handshake: if we implement our own truststore (we need to) and our own SSL socket factory (we may) and create ConnectionInfo instance before the actual connection (I am now talking unaware of the actual code in AMQ - I have not studied it yet) maybe there would be a way to pass ConnectionInfo instance to the custom SSL socket factory which would then pass it to the custom truststore and we are in business. Some gymnastics, admitedly. :-) What we need to resolve is this: 1. In case of 'wantClientAuth' what are the consequences of unsuccessful client authentication? Is the
Re: Nested MapMessage
You can get them from: http://people.apache.org/maven-snapshot-repository/org/apache/activemq/apache-activemq/4.1-incubator-SNAPSHOT/ On 8/2/06, jhakim [EMAIL PROTECTED] wrote: Thanks for adding this feature. I am sure it is going to be heavily used. BTW - can you point me to where I can I download ActiveMQ 4.1? -- View this message in context: http://www.nabble.com/Nested-MapMessage-tf1788442.html#a5617829 Sent from the ActiveMQ - Dev forum at Nabble.com. -- Regards, Hiram Blog: http://hiramchirino.com
Re: Creating a secure connection system and using JMSXUserID support
Hmmm... It didn't cross my mind but yes, indeed, it is possible. We may supply a fake truststore that would return 'true' for any certificate submitted for authentication and then perform real authentication after connection setup. We would then be able to obtain client certificate exactly as you stated. If we accept this approach, I see three components to implement: 1. Fake truststore 2. CertificateLoginModule (against LDAP) 3. Tweak connection setup to ask for peer certificates. In 3. we actually need some kind of policy reagarding authenitcation. Although SSL connection is established, a client may still supply username/password meaning that it should be used for login. I guess that obtaining client certificate from SSL session should be the last option. In 'Certificate login' thread I described another approach: We may use SSL without client authentication but find a way to export certificate to a String (on client side) and then supply that string as 'username' in createConnection(). On server side, the String would be converted back to certificate and authenticated. With this approach, we need to agree on the string format and conversion discipline and then only another JAAS login module is required (that would actually perform coversion from String to Certificate and authenticate). Thus no change is required in existing code. We may even add another non-portable createConnection(Certificate, brokerURL) that would convert Certificate to String and invoke createConnection(username, password, brokerURL). So, the necessary modules to implement would be: 1. Utility to convert Certificate to a string and back. 1a. (optional) createConnection(Certificate, brokerURL) method and ActiveMQConnection(Certifcate, brokerURL) constructor that perform conversion from Certificate to String using utility in #1 and invoke appropriate existing meothods/constructors. 2. JAAS login module that accepts username (and blank password; or whatever convenient) converts it back to Certificate using utility in #1 and authenticates it. I didn't like this approach at first but now it seems the quickiest (and the dirtiest) solution. Actually, it is developing a new protocol on exisitng facilities. Any thoughts? Regards, NGC Hiram Chirino wrote: I guess I don't understand what you mean by #2 but that could be due to my ignorance of the SSL socket stuff. So perhaps you can help me understand what happens there... Lets assume we setup the ssl stuff to use 'need client auth'. Could we setup a truststore implementation that accepts any client certificate or would this be a problem? Can you later get use the SSLScoket.getSession().getPeerCertificates() when the ConnectionInfo command comes in and attach those certificates to the command? Could that Certificate[] later be used against an LDAP JAAS module? Regards, Hiram On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hiram Chirino wrote: On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hi, I started another thread, unaware of this one, with the same aim. http://www.nabble.com/forum/ViewPost.jtp?post=5583011framed=y So please allow me to share my views on this. If we are going to use SSL and SSL's built in client authentication, then I would use JAAS to authenticate the user via certificate. I would use LDAP to store and verify certificates and I guess It would be fairly easy to implement. There is already LDAPLoginModule and I implemented LDAPAuthorizationMap - cerificates should not be much harder. Sounds good! The outcome of successful SSL client authentication should be authenticated Subject with all Princiapls set. This I woud put into ConnectionInfo - no need for DN or username. When AMQ has authenticated Subject, it can perform authorization in any of the existing ways. That is, we can safely separate authentication from authorization modules as long as AMQ gets Subject from the authentication process. agreed. What I miss here is the point of Subject creation. If we totally rely on SSL for authentication we actually need an implementation of truststore (keystore with trust manager) that would verify client certificate and create login Subject. However, as this process is totally hidden from AMQ (I think that truststore and ConnectionInfo instance are unaware of each other), we would need another store (directory) to temporarrily save Subject and make it avaliable to AMQ once the connection is created. Or, if there is a way for truststore to interact with ConectionInfo instance, this problem is solved. I'm not familiar with the SSL details to get this done, so I may be talking alot of BS here But it sounds like your saying that we need associate our keystore with the SSL layer. But we want to store our certs in LDAP. And right now those two layers would communicate via a ConnectionInfo object. So I would say that in
Re: auto-generating documentation for C++ client?
Yea - the interesting thing is that I never even get prompted for my password ... the error pops up before I get a chance ... strange On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: Strange - there shouldn't be - anything within the activemq folder should have the same karma. On 8/2/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey James, Just tried to commit and got the following error: svn: MKACTIVITY of '/repos/asf/!svn/act/010cd0f707b0': 403 Forbidden ( http://svn.apache.org) Is there some special permission that I need for submitting to that folder? On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey guys, I've submitted the patch. James - as it stands, Tim has some docs that are ready to go - should we just post them on a server (people.apache.org?) and link to them from the web page? Awesome! Lets do it. The website is here... http://svn.apache.org/repos/asf/incubator/activemq/site/ so I checked in the NMS docs here... http://svn.apache.org/repos/asf/incubator/activemq/site/nms/ so how about we put the CMS docs here? http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ If you just check in the docs, I've a cron job that refreshes the people.apache.org box from SVN and they should show up there. BTW there seems to be some delay (of up to an hour or so) before updates to SVN actually show up at apache on the web page as there's some kinda proxy/caching stuff going on. -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/
Re: ActiveMQ OpenWire .NET Example
If you are trying to see examples of APIs being used, try search the code with your IDE as there's quite alot of example code in the test cases. e.g. https://svn.apache.org/repos/asf/incubator/activemq/trunk/activemq-core/src/test/java/org/apache/activemq/streams/JMSInputStreamTest.java On 8/2/06, cbourne [EMAIL PROTECTED] wrote: James, Thanks for this – we're still struggling to get this work and thus prove the concept of producing and consuming large message/files. Could you be so kind as to provide a more complete working example of producing/consuming messages via JMS Streams. I really would to get some buy in on using this technology within our project. If I could just get a simple example up and running thats all I need to do for now. Best Regards, Carl -- View this message in context: http://www.nabble.com/ActiveMQ-OpenWire-.NET-Example-tf2014936.html#a5616963 Sent from the ActiveMQ - Dev forum at Nabble.com. -- James --- http://radio.weblogs.com/0112098/
Re: auto-generating documentation for C++ client?
If you want to email me a tarball I could try insert it for you - then see if you could update it? On 8/3/06, Nathan Mittler [EMAIL PROTECTED] wrote: Yea - the interesting thing is that I never even get prompted for my password ... the error pops up before I get a chance ... strange On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: Strange - there shouldn't be - anything within the activemq folder should have the same karma. On 8/2/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey James, Just tried to commit and got the following error: svn: MKACTIVITY of '/repos/asf/!svn/act/010cd0f707b0': 403 Forbidden ( http://svn.apache.org) Is there some special permission that I need for submitting to that folder? On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey guys, I've submitted the patch. James - as it stands, Tim has some docs that are ready to go - should we just post them on a server (people.apache.org?) and link to them from the web page? Awesome! Lets do it. The website is here... http://svn.apache.org/repos/asf/incubator/activemq/site/ so I checked in the NMS docs here... http://svn.apache.org/repos/asf/incubator/activemq/site/nms/ so how about we put the CMS docs here? http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ If you just check in the docs, I've a cron job that refreshes the people.apache.org box from SVN and they should show up there. BTW there seems to be some delay (of up to an hour or so) before updates to SVN actually show up at apache on the web page as there's some kinda proxy/caching stuff going on. -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/
[jira] Created: (AMQ-858) create a super pom for tooling projects in activemq so we can create a nightly build of the various maven plugins
create a super pom for tooling projects in activemq so we can create a nightly build of the various maven plugins - Key: AMQ-858 URL: https://issues.apache.org/activemq/browse/AMQ-858 Project: ActiveMQ Issue Type: Bug Reporter: james strachan Assigned To: Adrian Co Priority: Critical Fix For: 4.1 We need to move all the m2 plugins under tooling/ (they nearly all are) then create a pom.xml there for building all the tooling plugings. Folks from there can then do 'mvn clean install' to build and install all the m2 plugins. We can then create a nightly build of the m2 plugins easily. (Right now plugins are not always auto-downloaded when folks try to use stuff in say activemq-perftest module) e.g. macstrac:/workspace/eclipse/activemq jstrachan$ cd activemq-perftest/ macstrac:/workspace/eclipse/activemq/activemq-perftest jstrachan$ mvn activemq-perf:broker [INFO] Scanning for projects... [INFO] Searching repository for plugin with prefix: 'activemq-perf'. [INFO] org.apache.maven.plugins: checking for updates from apache-snapshots [INFO] org.codehaus.mojo: checking for updates from apache-snapshots [INFO] artifact org.apache.maven.plugins:maven-compiler-plugin: checking for updates from apache-snapshots [INFO] snapshot org.apache.maven.plugins:maven-compiler-plugin:2.1-SNAPSHOT: checking for updates from apache-snapshots [INFO] artifact org.apache.maven.plugins:maven-eclipse-plugin: checking for updates from apache-snapshots [INFO] snapshot org.apache.maven.plugins:maven-eclipse-plugin:2.3-SNAPSHOT: checking for updates from apache-snapshots [INFO] snapshot org.apache.maven.plugins:maven-plugins:2-SNAPSHOT: checking for updates from apache-snapshots [INFO] artifact org.apache.activemq:maven-activemq-memtest-plugin: checking for updates from apache-snapshots [INFO] artifact org.apache.activemq:maven-activemq-memtest-plugin: checking for updates from central [INFO] [ERROR] BUILD ERROR [INFO] [INFO] The plugin 'org.apache.activemq:maven-activemq-memtest-plugin' does not exist or no valid version could be found [INFO] [INFO] For more information, run Maven with the -e switch [INFO] [INFO] Total time: 13 seconds [INFO] Finished at: Thu Aug 03 02:55:57 BST 2006 [INFO] Final Memory: 3M/5M [INFO] -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: auto-generating documentation for C++ client?
I've uploaded the docs to http://people.apache.org/~nmittler/ On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: If you want to email me a tarball I could try insert it for you - then see if you could update it? On 8/3/06, Nathan Mittler [EMAIL PROTECTED] wrote: Yea - the interesting thing is that I never even get prompted for my password ... the error pops up before I get a chance ... strange On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: Strange - there shouldn't be - anything within the activemq folder should have the same karma. On 8/2/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey James, Just tried to commit and got the following error: svn: MKACTIVITY of '/repos/asf/!svn/act/010cd0f707b0': 403 Forbidden ( http://svn.apache.org) Is there some special permission that I need for submitting to that folder? On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey guys, I've submitted the patch. James - as it stands, Tim has some docs that are ready to go - should we just post them on a server (people.apache.org?) and link to them from the web page? Awesome! Lets do it. The website is here... http://svn.apache.org/repos/asf/incubator/activemq/site/ so I checked in the NMS docs here... http://svn.apache.org/repos/asf/incubator/activemq/site/nms/ so how about we put the CMS docs here? http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ If you just check in the docs, I've a cron job that refreshes the people.apache.org box from SVN and they should show up there. BTW there seems to be some delay (of up to an hour or so) before updates to SVN actually show up at apache on the web page as there's some kinda proxy/caching stuff going on. -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/
Re: auto-generating documentation for C++ client?
There you go... http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ hopefully in an hour or so it should show up here http://incubator.apache.org/activemq/cms/html/ Unfortunately right now Confluence is down so we can't yet edit these pages to add a link... http://incubator.apache.org/activemq/javadocs.html http://incubator.apache.org/activemq/cms.html On 8/3/06, Nathan Mittler [EMAIL PROTECTED] wrote: I've uploaded the docs to http://people.apache.org/~nmittler/ On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: If you want to email me a tarball I could try insert it for you - then see if you could update it? On 8/3/06, Nathan Mittler [EMAIL PROTECTED] wrote: Yea - the interesting thing is that I never even get prompted for my password ... the error pops up before I get a chance ... strange On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: Strange - there shouldn't be - anything within the activemq folder should have the same karma. On 8/2/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey James, Just tried to commit and got the following error: svn: MKACTIVITY of '/repos/asf/!svn/act/010cd0f707b0': 403 Forbidden ( http://svn.apache.org) Is there some special permission that I need for submitting to that folder? On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey guys, I've submitted the patch. James - as it stands, Tim has some docs that are ready to go - should we just post them on a server (people.apache.org?) and link to them from the web page? Awesome! Lets do it. The website is here... http://svn.apache.org/repos/asf/incubator/activemq/site/ so I checked in the NMS docs here... http://svn.apache.org/repos/asf/incubator/activemq/site/nms/ so how about we put the CMS docs here? http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ If you just check in the docs, I've a cron job that refreshes the people.apache.org box from SVN and they should show up there. BTW there seems to be some delay (of up to an hour or so) before updates to SVN actually show up at apache on the web page as there's some kinda proxy/caching stuff going on. -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/
[jira] Resolved: (AMQ-843) temporary queues seem to not work properly in C# when trying to implement request response
[ https://issues.apache.org/activemq/browse/AMQ-843?page=all ] james strachan resolved AMQ-843. Fix Version/s: 4.1 Resolution: Fixed I've added the TemporaryQueueTest.cs NUnit to reproduce this and fixed the bug temporary queues seem to not work properly in C# when trying to implement request response -- Key: AMQ-843 URL: https://issues.apache.org/activemq/browse/AMQ-843 Project: ActiveMQ Issue Type: Bug Components: NMS (C# client) Reporter: james strachan Fix For: 4.1 The following code seems to fail... //Send msg to common q with reply to temp q. ITemporaryQueue tempQ = session.CreateTemporaryQueue(); rqstMsg.NMSReplyTo = tempQ; rqstMsg.NMSPersistent = false; producer.Send(rqstMsg); //Get msg from common q. ActiveMQTextMessage request = consumer.Receive(new TimeSpan(0, 0, 5)) as ActiveMQTextMessage; ITextMessage response = session.CreateTextMessage(this is a response!!); response.NMSCorrelationID = request.NMSCorrelationID; IMessageProducer producerTempQ = session.CreateProducer( request.NMSReplyTo); //Write msg to temp q. producerTempQ.Send(response); //EXCEPTION: QUEUE DOESNT EXIST -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: auto-generating documentation for C++ client?
On 8/3/06, James Strachan [EMAIL PROTECTED] wrote: There you go... http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ hopefully in an hour or so it should show up here http://incubator.apache.org/activemq/cms/html/ Unfortunately right now Confluence is down so we can't yet edit these pages to add a link... http://incubator.apache.org/activemq/javadocs.html http://incubator.apache.org/activemq/cms.html Done e.g. http://activemq.org/site/javadocs.html -- James --- http://radio.weblogs.com/0112098/
Creating a JBI Component
Guillaume, I noticed that you had started on a servicemix-xslt as a walk through - I was wondering if you would give me a few days on that as I'd like to walk through the construction of a new SE using the archetype and then document it - its been a while since I did new components and I can help out on the documentation. What do you think? P
Re: Creating a JBI Component
Sure, go for it ! I will remove it from my todo list ;) Btw, i choose xslt because I thought a basic xslt engine would be a simpleSE to write, but you can choose anything you want for the tutorial. Feel free to ask questions (servicemix-common is not very well documented). On 8/2/06, Philip Dodds [EMAIL PROTECTED] wrote: Guillaume, I noticed that you had started on a servicemix-xslt as a walk through - I was wondering if you would give me a few days on that as I'd like to walk through the construction of a new SE using the archetype and then document it - its been a while since I did new components and I can help out on the documentation. What do you think? P -- Cheers, Guillaume Nodet
MTOM support in servicemix-jsr181
Just a heads up. I have added support for MTOM / attachments in jsr181. See http://servicemix.goopen.org/site/servicemix-jsr181.html#servicemix-jsr181-MTOMsupport Note that I had to fix a bug in XFire to support byte[], so currently, only DataHandler and DataSource are supported -- Cheers, Guillaume Nodet
[jira] Updated: (GERONIMO-2118) Deploying and starting web application in console shows successful even on start exceptions.
[ http://issues.apache.org/jira/browse/GERONIMO-2118?page=all ] Krishnakumar B updated GERONIMO-2118: - Attachment: ConsoleDeploymentCheck-2118.patch Using console when i deploy an application and it throws Exception when starting the GBeans the console still shows The application was successfully deployed. The application was successfully started This patch catches the Exception and prints the following message along with the Exception in Show Details button Deployment Failed : Application failed to start Show Full Details When user hits Show Full Details the Exception Stack Trace is shown. Deploying and starting web application in console shows successful even on start exceptions. Key: GERONIMO-2118 URL: http://issues.apache.org/jira/browse/GERONIMO-2118 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 1.1 Environment: 1.1-rc1 Reporter: Mario Ruebsam Priority: Minor Attachments: ConsoleDeploymentCheck-2118.patch When deploying and starting a web application through the Geronimo console Install New Applications feature, the web app is deployed and the console states The application was successfully started even when the application was not started because of an Exception (e.g. org.apache.geronimo.gbean.InvalidConfigurationException). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-2118) Deploying and starting web application in console shows successful even on start exceptions.
[ http://issues.apache.org/jira/browse/GERONIMO-2118?page=all ] Krishnakumar B updated GERONIMO-2118: - Patch Info: [Patch Available] Affects Version/s: 1.1.1 1.2 (was: 1.1) Updated to patch available and release version Deploying and starting web application in console shows successful even on start exceptions. Key: GERONIMO-2118 URL: http://issues.apache.org/jira/browse/GERONIMO-2118 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 1.2, 1.1.1 Environment: 1.1-rc1 Reporter: Mario Ruebsam Priority: Minor Attachments: ConsoleDeploymentCheck-2118.patch When deploying and starting a web application through the Geronimo console Install New Applications feature, the web app is deployed and the console states The application was successfully started even when the application was not started because of an Exception (e.g. org.apache.geronimo.gbean.InvalidConfigurationException). -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (SM-508) Marshaller spelled wrong in API
[ https://issues.apache.org/activemq/browse/SM-508?page=comments#action_36675 ] Guillaume Nodet commented on SM-508: English is not my native language, but may this word be spell differently in english and american ? I see http://dictionary.reference.com/search?r=2q=marshaler http://iberagents.ib-ia.com/javadoc/com/iberagents/bean/serial/Marshaler.html and http://java.sun.com/webservices/docs/1.6/api/javax/xml/bind/Marshaller.html Acoording to http://www.websters-dictionary-online.org/definition/english/MA/MARSHALER.html, it seems both spelling may be correct. At least, we need to have only one spelling throughout ServiceMix, but not sure what the best one would be. I am tempted to keep the existing one in the API. Marshaller spelled wrong in API --- Key: SM-508 URL: https://issues.apache.org/activemq/browse/SM-508 Project: ServiceMix Issue Type: Bug Components: servicemix-components, servicemix-common Reporter: Edwin Park Priority: Minor Marshaller is spelled incorrectly throughout the API with only one l as 'Marshaler'. The correct spelling has two l's, i.e. Marshaller. This seems to stem from the spelling of the base classes in org.apache.servicemix.components.util also being wrong. There are a few instances in the API where the correct spelling with two l's is used in the documentation as well as in the API, but the incorrect spelling looks like it is more prevalent. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Created: (GERONIMO-2263) Redeploy application from console
Redeploy application from console - Key: GERONIMO-2263 URL: http://issues.apache.org/jira/browse/GERONIMO-2263 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: console Affects Versions: 1.2 Environment: JDK 1.4.2.X Reporter: Krishnakumar B Priority: Minor I deployed an application successfully from console. I did some changes and am trying to redeploy the same application by checking box Redeploy Application. This fails and i get message Deployment failed: Module aa/bb/cc/dd already exists in the server. Try to undeploy it first or use the redeploy command. I need to uninstall the application to get it deployed. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: 1.1.1-SNAPSHOT Memory Problems
Nice work Kevan. I got Liferay enterprise to run fine now ;-) Jeff Kevan Miller wrote: On Jul 31, 2006, at 10:45 PM, Matt Hogstrom wrote: Concur...blocked. Aaron Mulder wrote: Jeff just noted that Liferay seems to take an abnormal amount of memory to run. I just redeployed the console twice and got an OutOfMemoryError. When working on the console for 1.1, I could redeploy dozens of times. I think we've introduced a pretty serious memory problem between 1.1 and now. I know we're close to the deadline, but I think we ought to investigate this before shipping 1.1.1. OK. I've found the cause -- it's RC 425160 (http://svn.apache.org/viewvc?view=revrevision=425160). Looks like we were running out of PermGen space. This change roughly double the number of classes created by G on startup. I could only deploy/undeploy DayTrader once. After reverting the change, I've run well over 100 deploy/undeploy cycles. We're leaking two instances of 'EDU.oswego.cs.dl.util.concurrent.LinkedNode' per deploy/undeploy, but that's only 32 bytes... I haven't confirmed, but I saw evidence that it was at least part of the DWR leaks that Jeff G reported. Here's the Jira associated with the above change -- http://issues.apache.org/jira/browse/GERONIMO-2204 Since the change is optional, I'm reverting the commit. I think we can safely leave out of 1.1.1. Can discuss how we want to fix, later... --kevan
[jira] Commented: (GERONIMO-2263) Redeploy application from console
[ http://issues.apache.org/jira/browse/GERONIMO-2263?page=comments#action_12425217 ] Sachin Patel commented on GERONIMO-2263: I was not able to reproduce this, could you provide a test case or additional information? Did you modify the plan and change the contents of the application prior to redeploy? Redeploy application from console - Key: GERONIMO-2263 URL: http://issues.apache.org/jira/browse/GERONIMO-2263 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 1.2 Environment: JDK 1.4.2.X Reporter: Krishnakumar B Priority: Minor I deployed an application successfully from console. I did some changes and am trying to redeploy the same application by checking box Redeploy Application. This fails and i get message Deployment failed: Module aa/bb/cc/dd already exists in the server. Try to undeploy it first or use the redeploy command. I need to uninstall the application to get it deployed. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Refactor samples to use the maven jbi plugin
Guillaume Nodet wrote: I've just seen a problem though. I though the maven-jbi-plugin would embed jar dependencies in the service unit, but it does not seem to be the case. Let's say I have a multiproject build containing a jar, a SU and a SA. If the code inside the SU depends on the jar, I would want the jbi plugin to automatically bundle it in the SU. We do not need to generate the classpath tag in the xbean.xml, but the jar would be bundled along with the classes in the SU. Why would the classpath entry not need to be generated in the xbean.xml ? (is there a smoke and mirrors approach to getting the su to load jars it contains ?) Any thoughts on how to do that ? When we started our build project back in May, the SU jar bundling was a tricky one and brief looks at the tooling, we decided to use the assembly plugin from Maven. So a quick hack and we create a ZIP mojo Essentially, the goal for installing an SU fires the assembly which dumps all the necessary jars into the the defined target/somedir/lib along with the other src/main/resources then zips it all. This zip is then the artifact. The SA is just a repeat lather rinse of above, expecting the SU is a ZIP as the artifact. We later worked out this is all probably doable using the assembly plugin. The only problem we have is that the xbean/servicemix files in the SUs need to be hand carved to define their individual classpaths, causing very sometimes stressful class loading issues. Does something in tooling now bundle everything that is required as above .. ie create a somepackage-version-su.zip '--xbean.xml # from a template (adding the lib/jar.jar entries) '--lib/jar.jar '--lib/jar2.jar and then bundle this into an SA ? It looks like tooling/jbi-maven-plugin gets there, but doesn't add the classpath entries. (which would be SM specific, so perhaps needing a servicemix-su packaging type ??) r.
Re: Refactor samples to use the maven jbi plugin
The manve tooling now does all the packaging for SA and SU's : see http://www.servicemix.org/site/working-with-service-units.html http://www.servicemix.org/site/working-with-service-assemblies.html The problem with the xbean classpath has been discussed a little, and I think we are trying to work out whether it would be best placed in ServiceMix or in XBean. P On 8/2/06, Ramon Buckland [EMAIL PROTECTED] wrote: Guillaume Nodet wrote: I've just seen a problem though. I though the maven-jbi-plugin would embed jar dependencies in the service unit, but it does not seem to be the case. Let's say I have a multiproject build containing a jar, a SU and a SA. If the code inside the SU depends on the jar, I would want the jbi plugin to automatically bundle it in the SU. We do not need to generate the classpath tag in the xbean.xml, but the jar would be bundled along with the classes in the SU. Why would the classpath entry not need to be generated in the xbean.xml ? (is there a smoke and mirrors approach to getting the su to load jars it contains ?) Any thoughts on how to do that ? When we started our build project back in May, the SU jar bundling was a tricky one and brief looks at the tooling, we decided to use the assembly plugin from Maven. So a quick hack and we create a ZIP mojo Essentially, the goal for installing an SU fires the assembly which dumps all the necessary jars into the the defined target/somedir/lib along with the other src/main/resources then zips it all. This zip is then the artifact. The SA is just a repeat lather rinse of above, expecting the SU is a ZIP as the artifact. We later worked out this is all probably doable using the assembly plugin. The only problem we have is that the xbean/servicemix files in the SUs need to be hand carved to define their individual classpaths, causing very sometimes stressful class loading issues. Does something in tooling now bundle everything that is required as above .. ie create a somepackage-version-su.zip '--xbean.xml # from a template (adding the lib/jar.jar entries) '--lib/jar.jar '--lib/jar2.jar and then bundle this into an SA ? It looks like tooling/jbi-maven-plugin gets there, but doesn't add the classpath entries. (which would be SM specific, so perhaps needing a servicemix-su packaging type ??) r.
Re: svn commit: r427826 - /geronimo/branches/1.1/modules/kernel/src/java/org/apache/geronimo/kernel/basic/BasicProxyManager.java
Does this exist on trunk too? --jason On Aug 1, 2006, at 5:46 PM, [EMAIL PROTECTED] wrote: Author: kevan Date: Tue Aug 1 17:46:09 2006 New Revision: 427826 URL: http://svn.apache.org/viewvc?rev=427826view=rev Log: GERONIMO-2204 I'm reverting the original change associated with this Jira. It's causing OutOfMemoryErrors on deploy/undeploy of apps. Modified: geronimo/branches/1.1/modules/kernel/src/java/org/apache/ geronimo/kernel/basic/BasicProxyManager.java Modified: geronimo/branches/1.1/modules/kernel/src/java/org/apache/ geronimo/kernel/basic/BasicProxyManager.java URL: http://svn.apache.org/viewvc/geronimo/branches/1.1/modules/ kernel/src/java/org/apache/geronimo/kernel/basic/ BasicProxyManager.java?rev=427826r1=427825r2=427826view=diff == --- geronimo/branches/1.1/modules/kernel/src/java/org/apache/ geronimo/kernel/basic/BasicProxyManager.java (original) +++ geronimo/branches/1.1/modules/kernel/src/java/org/apache/ geronimo/kernel/basic/BasicProxyManager.java Tue Aug 1 17:46:09 2006 @@ -17,7 +17,6 @@ package org.apache.geronimo.kernel.basic; import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -27,8 +26,6 @@ import net.sf.cglib.proxy.Callback; import net.sf.cglib.proxy.Enhancer; import net.sf.cglib.proxy.MethodInterceptor; -import net.sf.cglib.proxy.NoOp; -import net.sf.cglib.proxy.CallbackFilter; import net.sf.cglib.reflect.FastClass; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -200,8 +197,7 @@ } } enhancer.setClassLoader(classLoader); -enhancer.setCallbackFilter(new FinalizeCallbackFilter()); -enhancer.setCallbackTypes(new Class[] {NoOp.class, MethodInterceptor.class}); +enhancer.setCallbackType(MethodInterceptor.class); enhancer.setUseFactory(false); proxyType = enhancer.createClass(); fastClass = FastClass.create(proxyType); @@ -212,7 +208,7 @@ Callback callback = getMethodInterceptor(proxyType, kernel, target); -Enhancer.registerCallbacks(proxyType, new Callback[] {NoOp.INSTANCE, callback}); +Enhancer.registerCallbacks(proxyType, new Callback[] {callback}); try { Object proxy = fastClass.newInstance(); interceptors.put(proxy, callback); @@ -229,16 +225,6 @@ throw new ProxyCreationException(e); } } -} -} - -private static class FinalizeCallbackFilter implements CallbackFilter { - -public int accept(Method method) { -if (method.getName().equals(finalize) method.getParameterTypes().length == 0) { -return 0; -} -return 1; } }
Re: Can't use car-maven-plugin today!
Did you ever get this resolved? --jason On Jul 31, 2006, at 9:04 AM, Aaron Mulder wrote: So I tried on a different machine today. If I specify no version number for car-maven-plugin in the POM, I get: [ERROR] BUILD ERROR [INFO] -- -- [INFO] The plugin 'org.apache.geronimo.plugins:car-maven-plugin' does not exist or no valid version could be found If I specify the version 1.2-SNAPSHOT, I get: [WARNING] Unable to get resource from repository apache-snapshots (http://people.apache.org/repo/m2-snapshot-repository) Downloading: http://www.ibiblio.org/maven/ org.apache.geronimo.plugins/poms/car-maven-plugin-1.2-SNAPSHOT.pom [WARNING] Unable to get resource from repository ibiblio-maven-1 (http://www.ibiblio.org/maven) [INFO] -- -- [ERROR] BUILD ERROR [INFO] -- -- [INFO] Failed to resolve artifact. GroupId: org.apache.geronimo.plugins ArtifactId: car-maven-plugin Version: 1.2-SNAPSHOT Reason: Unable to download the artifact from any repository Indeed, if I look, there is no org/apache/geronimo/plugins/car-maven-plugin/1.2-SNAPSHOT/car-maven- plugin-1.2-SNAPSHOT.pom in the Apache snapshot repository (http://people.apache.org/repo/m2-snapshot-repository) There is only org/apache/geronimo/plugins/car-maven-plugin/1.2- SNAPSHOT/http://people.apache.org/repo/m2-snapshot-repository/org/ apache/geronimo/plugins/car-maven-plugin/1.2-SNAPSHOT/car-maven- plugin-1.2-20060716.224116-1.pom What's up? How am I supposed to use the car-maven-plugin when the version numbers don't match up? (I'm using Maven 2.0.4 on OS X) Thanks, Aaron
Re: Can't use car-maven-plugin today!
On 8/2/06, Jason Dillon [EMAIL PROTECTED] wrote: Did you ever get this resolved? No, I just stopped trying. Should the car-maven-plugin be fully working and able to insert the META-INF/geronimo-plugin.xml files now? If so, I'll give it another shot. If we haven't fixed the problem that it doesn't include the plugin metadata yet, it won't help much anyway. Thanks, Aaron On Jul 31, 2006, at 9:04 AM, Aaron Mulder wrote: So I tried on a different machine today. If I specify no version number for car-maven-plugin in the POM, I get: [ERROR] BUILD ERROR [INFO] -- -- [INFO] The plugin 'org.apache.geronimo.plugins:car-maven-plugin' does not exist or no valid version could be found If I specify the version 1.2-SNAPSHOT, I get: [WARNING] Unable to get resource from repository apache-snapshots (http://people.apache.org/repo/m2-snapshot-repository) Downloading: http://www.ibiblio.org/maven/ org.apache.geronimo.plugins/poms/car-maven-plugin-1.2-SNAPSHOT.pom [WARNING] Unable to get resource from repository ibiblio-maven-1 (http://www.ibiblio.org/maven) [INFO] -- -- [ERROR] BUILD ERROR [INFO] -- -- [INFO] Failed to resolve artifact. GroupId: org.apache.geronimo.plugins ArtifactId: car-maven-plugin Version: 1.2-SNAPSHOT Reason: Unable to download the artifact from any repository Indeed, if I look, there is no org/apache/geronimo/plugins/car-maven-plugin/1.2-SNAPSHOT/car-maven- plugin-1.2-SNAPSHOT.pom in the Apache snapshot repository (http://people.apache.org/repo/m2-snapshot-repository) There is only org/apache/geronimo/plugins/car-maven-plugin/1.2- SNAPSHOT/http://people.apache.org/repo/m2-snapshot-repository/org/ apache/geronimo/plugins/car-maven-plugin/1.2-SNAPSHOT/car-maven- plugin-1.2-20060716.224116-1.pom What's up? How am I supposed to use the car-maven-plugin when the version numbers don't match up? (I'm using Maven 2.0.4 on OS X) Thanks, Aaron
Re: 1.1.1 Branch notice 1500 ET (that's 3:00 PM ET for the non geeky)
Most of the remaining issues marked for 1.1.1 seem to have been fixed for 1.1.1 but are still open pending different solutions for 1.2. There is one big exception -- an ERROR during shutdown on Java 5. It would be great if someone could look at that before the branch. I've been trying hard to claim that Geronimo works fine under Java 5, and this is a little unfortunate. http://issues.apache.org/jira/browse/GERONIMO-2134 Thanks, Aaron On 8/2/06, Matt Hogstrom [EMAIL PROTECTED] wrote: The memory leak is fixed. Thanks to Kevan for the quick work. I am going to branch this afternoon at 1500. If you have something in progress ping me and we'll work it out. The branch will be branches/1.1.1 and will only be taking bug fixes and performance regressions (tracked by JIRA.). All existing JIRA's that were not resolved in 1.1.1 will be moved to 1.x. If there is interested in a 1.1.2 speak up. Thanks all.
[jira] Created: (GERONIMODEVTOOLS-94) cannot run jar or ear from within eclipse
cannot run jar or ear from within eclipse - Key: GERONIMODEVTOOLS-94 URL: http://issues.apache.org/jira/browse/GERONIMODEVTOOLS-94 Project: Geronimo-Devtools Issue Type: Bug Components: eclipse-plugin Affects Versions: 1.1.0 Environment: Windows XP + AG 1.1 + Devtools 1.1 Reporter: Lin Sun This looks like a defect. I seem to have forgot to implement support for importing non-qualified plans for 1.1. (i.e Running SchemaConversionUtil on 1.1 plans). On Aug 1, 2006, at 3:00 PM, Lin Sun wrote: Hi there, Has anyone been able to running jar or ear from within eclipse using the devtools 1.1? I have a MDB sample (from confluence) and I managed to get it running using devtools 1.0 within eclipse. However, when I import my jar file in, the openejb-jar.xml cannot be read by the Geronimo application deployment plan editor. In the past experience, this is a pre-requisite before I can deploy anything to Geronimo server in Eclipse. I also tried to create a dummy EJB project and the default openejb-jar.xml cannot be opened by the Geronimo application deployment plan editor either. Similar prob with the EAR project. I am wondering if this is a known limitation of the 1.1 version of devtools project? Seems I can only get war project running... Thanks, Lin -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (GERONIMO-2251) Add Proxy variables to geronimo.bat geronimo.sh
[ http://issues.apache.org/jira/browse/GERONIMO-2251?page=all ] Matt Hogstrom reassigned GERONIMO-2251: --- Assignee: John Sisson Add Proxy variables to geronimo.bat geronimo.sh - Key: GERONIMO-2251 URL: http://issues.apache.org/jira/browse/GERONIMO-2251 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: startup/shutdown, console, Plugins Affects Versions: 1.1 Reporter: Aaron Mulder Assigned To: John Sisson Fix For: 1.1.x Reported by a user whose machine is behind a web proxy: I have tested the setting of the proxy through the JVM and found that the following works when included in the JAVA_OPTS environment variable: -DproxySet=true -DproxyHost=proxy.local -DproxyPort=8080 It would be great to have PROXY_HOST and PROXY_PORT variables in the big list of variables at the front of these scripts, and if the PROXY_HOST is set, turn that into the string of arguments above and append them to JAVA_OPTS. (The proxy would be used for downloading JDBC drivers, browsing and installing plugins, etc.) -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMODEVTOOLS-94) cannot run jar or ear from within eclipse
[ http://issues.apache.org/jira/browse/GERONIMODEVTOOLS-94?page=comments#action_12425247 ] Sachin Patel commented on GERONIMODEVTOOLS-94: -- If you need something immediatley, as a workaround this can be implemented on your end inside your plugin, as this is just an extension point. cannot run jar or ear from within eclipse - Key: GERONIMODEVTOOLS-94 URL: http://issues.apache.org/jira/browse/GERONIMODEVTOOLS-94 Project: Geronimo-Devtools Issue Type: Bug Components: eclipse-plugin Affects Versions: 1.1.0 Environment: Windows XP + AG 1.1 + Devtools 1.1 Reporter: Lin Sun This looks like a defect. I seem to have forgot to implement support for importing non-qualified plans for 1.1. (i.e Running SchemaConversionUtil on 1.1 plans). On Aug 1, 2006, at 3:00 PM, Lin Sun wrote: Hi there, Has anyone been able to running jar or ear from within eclipse using the devtools 1.1? I have a MDB sample (from confluence) and I managed to get it running using devtools 1.0 within eclipse. However, when I import my jar file in, the openejb-jar.xml cannot be read by the Geronimo application deployment plan editor. In the past experience, this is a pre-requisite before I can deploy anything to Geronimo server in Eclipse. I also tried to create a dummy EJB project and the default openejb-jar.xml cannot be opened by the Geronimo application deployment plan editor either. Similar prob with the EAR project. I am wondering if this is a known limitation of the 1.1 version of devtools project? Seems I can only get war project running... Thanks, Lin -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMODEVTOOLS-94) cannot run jar or ear from within eclipse
[ http://issues.apache.org/jira/browse/GERONIMODEVTOOLS-94?page=comments#action_12425252 ] Lin Sun commented on GERONIMODEVTOOLS-94: - Thanks for the quick comments. Could you explain a bit more on Running SchemaConversionUtil on 1.1 plans? I searched SchemaConversionUtil of all the 1.1 plugins in my workspace, but no return. I also searched all of the 1.0 plugins, no return either. I assume this is something you implemented in 1.0 but forgot to port it in 1.1. Is that a good assumption? cannot run jar or ear from within eclipse - Key: GERONIMODEVTOOLS-94 URL: http://issues.apache.org/jira/browse/GERONIMODEVTOOLS-94 Project: Geronimo-Devtools Issue Type: Bug Components: eclipse-plugin Affects Versions: 1.1.0 Environment: Windows XP + AG 1.1 + Devtools 1.1 Reporter: Lin Sun This looks like a defect. I seem to have forgot to implement support for importing non-qualified plans for 1.1. (i.e Running SchemaConversionUtil on 1.1 plans). On Aug 1, 2006, at 3:00 PM, Lin Sun wrote: Hi there, Has anyone been able to running jar or ear from within eclipse using the devtools 1.1? I have a MDB sample (from confluence) and I managed to get it running using devtools 1.0 within eclipse. However, when I import my jar file in, the openejb-jar.xml cannot be read by the Geronimo application deployment plan editor. In the past experience, this is a pre-requisite before I can deploy anything to Geronimo server in Eclipse. I also tried to create a dummy EJB project and the default openejb-jar.xml cannot be opened by the Geronimo application deployment plan editor either. Similar prob with the EAR project. I am wondering if this is a known limitation of the 1.1 version of devtools project? Seems I can only get war project running... Thanks, Lin -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Created: (AMQ-856) log Endpoint connection to JMS broker failed: ... on error level
log Endpoint connection to JMS broker failed: ... on error level -- Key: AMQ-856 URL: https://issues.apache.org/activemq/browse/AMQ-856 Project: ActiveMQ Issue Type: Wish Components: Connector Affects Versions: 4.0.1 Reporter: Andreas Bergmann Priority: Minor After the ActiveMQEndpointWorker fails several times to reconnect to a broker and reaches the MAX_RECONNECT_DELAY this error is logged on INFO level. log.info(Endpoint connection to JMS broker failed: + error.getMessage(); (line 244 in org.apache.activemq.ra.ActiveMQEndpointWorker.java) This should be logged on the ERROR level, because this may denote a critical configuration or connectivity error in a distributed system that should be easily detectable by a production monitoring system. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: ActiveMQ OpenWire .NET Example
James, Thanks for this – we’re still struggling to get this work and thus prove the concept of producing and consuming large message/files. Could you be so kind as to provide a more complete working example of producing/consuming messages via JMS Streams. I really would to get some buy in on using this technology within our project. If I could just get a simple example up and running thats all I need to do for now. Best Regards, Carl -- View this message in context: http://www.nabble.com/ActiveMQ-OpenWire-.NET-Example-tf2014936.html#a5616963 Sent from the ActiveMQ - Dev forum at Nabble.com.
[jira] Commented: (GERONIMO-2134) Shutdown error in ConfigurationClassLoader on Java 5
[ http://issues.apache.org/jira/browse/GERONIMO-2134?page=comments#action_12425273 ] Joe Bohn commented on GERONIMO-2134: Are there any special activities required while geronimo is active to prodiuce this error? I brought the server up under Sun Java 1.5.0_06, ran serveral of the console porlets, deployed a war, accessed the deployed app. I didn't see this error when I terminated the server. Shutdown error in ConfigurationClassLoader on Java 5 Key: GERONIMO-2134 URL: http://issues.apache.org/jira/browse/GERONIMO-2134 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: kernel Affects Versions: 1.1 Reporter: Aaron Mulder Fix For: 1.1.1 When I shut down (Ctrl-C), I got this: Server shutdown begun 12:50:27,288 ERROR [ConfigurationClassLoader] Unable to clear SoftCache field subclassAudits in class class java.io.ObjectInputStream Server shutdown completed -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: 1.1.1 Branch notice 1500 ET (that's 3:00 PM ET for the non geeky)
On Aug 2, 2006, at 10:39 AM, Aaron Mulder wrote: Most of the remaining issues marked for 1.1.1 seem to have been fixed for 1.1.1 but are still open pending different solutions for 1.2. There is one big exception -- an ERROR during shutdown on Java 5. It would be great if someone could look at that before the branch. I've been trying hard to claim that Geronimo works fine under Java 5, and this is a little unfortunate. http://issues.apache.org/jira/browse/GERONIMO-2134 Agreed that an ERROR isn't very desirable. I don't know anything about the origins of this code, but it seems to be a workaround for a JRE memory leak of Class objects. ConfigurationClassLoader and MultiparentClassLoader are using introspection to clear out SoftCache's in ObjectInputStream and ObjectOutputStream. It would seem that in Aaron's Java 5 JRE, ObjectInputStream doesn't contain a field named subclassAudits. While Joe's 1.5 implementation does contain the field. Hopefully, this mean's the memory leak has been fixed in Aaron's version... Best fix I can think of at the moment is to reduce the log severity to info or debug. Comments? --kevan On 8/2/06, Matt Hogstrom [EMAIL PROTECTED] wrote: The memory leak is fixed. Thanks to Kevan for the quick work. I am going to branch this afternoon at 1500. If you have something in progress ping me and we'll work it out. The branch will be branches/1.1.1 and will only be taking bug fixes and performance regressions (tracked by JIRA.). All existing JIRA's that were not resolved in 1.1.1 will be moved to 1.x. If there is interested in a 1.1.2 speak up. Thanks all.
Re: 1.1.1 Branch notice 1500 ET (that's 3:00 PM ET for the non geeky)
I just tried on a fresh install of Geronimo-Jetty-J2EE-1.1 on Linux (SuSE 10.1) with JDK 1.5.0_07 (the one SuSE distributes) and I get the ERROR. I don't know how to tell if my JVM has a class leak error or not, but I'll try to check if you know. In any case, eliminating the message is fine for now. Thanks, Aaron On 8/2/06, Kevan Miller [EMAIL PROTECTED] wrote: On Aug 2, 2006, at 10:39 AM, Aaron Mulder wrote: Most of the remaining issues marked for 1.1.1 seem to have been fixed for 1.1.1 but are still open pending different solutions for 1.2. There is one big exception -- an ERROR during shutdown on Java 5. It would be great if someone could look at that before the branch. I've been trying hard to claim that Geronimo works fine under Java 5, and this is a little unfortunate. http://issues.apache.org/jira/browse/GERONIMO-2134 Agreed that an ERROR isn't very desirable. I don't know anything about the origins of this code, but it seems to be a workaround for a JRE memory leak of Class objects. ConfigurationClassLoader and MultiparentClassLoader are using introspection to clear out SoftCache's in ObjectInputStream and ObjectOutputStream. It would seem that in Aaron's Java 5 JRE, ObjectInputStream doesn't contain a field named subclassAudits. While Joe's 1.5 implementation does contain the field. Hopefully, this mean's the memory leak has been fixed in Aaron's version... Best fix I can think of at the moment is to reduce the log severity to info or debug. Comments? --kevan On 8/2/06, Matt Hogstrom [EMAIL PROTECTED] wrote: The memory leak is fixed. Thanks to Kevan for the quick work. I am going to branch this afternoon at 1500. If you have something in progress ping me and we'll work it out. The branch will be branches/1.1.1 and will only be taking bug fixes and performance regressions (tracked by JIRA.). All existing JIRA's that were not resolved in 1.1.1 will be moved to 1.x. If there is interested in a 1.1.2 speak up. Thanks all.
[jira] Commented: (GERONIMO-2134) Shutdown error in ConfigurationClassLoader on Java 5
[ http://issues.apache.org/jira/browse/GERONIMO-2134?page=comments#action_12425301 ] Aaron Mulder commented on GERONIMO-2134: I see the problem on JDK 1.5.0_07 on Linux (SuSE 10.1 with the default 1.5 JDK). I do not see the problem on JDK 1.5.0_06 on Mac OS X, or JDK 1.5.0_06 on Linux. So... I suspect it was introduced in JDK 1.5.0_07 Shutdown error in ConfigurationClassLoader on Java 5 Key: GERONIMO-2134 URL: http://issues.apache.org/jira/browse/GERONIMO-2134 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: kernel Affects Versions: 1.1 Reporter: Aaron Mulder Fix For: 1.1.1 When I shut down (Ctrl-C), I got this: Server shutdown begun 12:50:27,288 ERROR [ConfigurationClassLoader] Unable to clear SoftCache field subclassAudits in class class java.io.ObjectInputStream Server shutdown completed -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Terminology and status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe 2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cO CaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR 96KAuOpSqTI= =W2iC -END PGP SIGNATURE-
[jira] Commented: (GERONIMO-2063) Stopping a TSSbean also stops the orb it's attached to
[ http://issues.apache.org/jira/browse/GERONIMO-2063?page=comments#action_12425311 ] Ted Kirby commented on GERONIMO-2063: - If j2ee-corba is not started before magicgball, the start, stop, start of magicball gives: 13:52:45,531 ERROR [IORSecurityInterceptor] Generating IOR org.omg.CORBA.OBJECT_NOT_EXIST: ORB has been destroyed vmcid: IBM minor code: C24 completed: No at com.ibm.rmi.corba.ORB.checkState(ORB.java:4640) at com.ibm.rmi.corba.ORB.checkState(ORB.java:4621) at com.ibm.rmi.corba.ORB.create_any(ORB.java:4081) at org.openejb.corba.security.config.tss.TSSCompoundSecMechListConfig.encodeIOR(TSSCompoundSecMechListConfig.java:105) at org.openejb.corba.security.config.tss.TSSConfig.generateIOR(TSSConfig.java:103) at org.openejb.corba.security.IORSecurityInterceptor.establish_components(IORSecurityInterceptor.java:73) at com.ibm.rmi.pi.InterceptorManager.iterateEstablishComponents(InterceptorManager.java:841) at com.ibm.rmi.IOR.runInterceptors(IOR.java:310) at com.ibm.rmi.IOR.putProfile(IOR.java:492) at com.ibm.rmi.IOR.init(IOR.java:247) at com.ibm.rmi.poa.POAImpl.initializeTemplateProfile(POAImpl.java:234) at com.ibm.rmi.poa.POAImpl.create_POA(POAImpl.java:272) at com.ibm.rmi.poa.POAImpl.create_POA(POAImpl.java:593) at org.openejb.corba.TSSBean.doStart(TSSBean.java:154) However, if j2ee-corba is started before magicgball, the start, stop start of magicgball gives: 11:20:55,734 ERROR [GBeanInstanceState] Error while starting; GBean is now in the FAILED state: abstractName=geronimo/magicGBall-corba-ssl/1.1/car?EJBModule=magicGball-ejb-1.1.jar,J2EEApplication=geronimo/magicGBall-corba-ssl/1.1/car,j2eeType=CORBATSS,name=SSLClientPassword org.omg.PortableServer.POAPackage.AdapterAlreadyExists: IDL:omg.org/PortableServer/POA/AdapterAlreadyExists:1.0 at com.sun.corba.se.internal.POA.POAImpl.adapterAlreadyExists(POAImpl.java:1263) at com.sun.corba.se.internal.POA.POAImpl.create_POA(POAImpl.java:211) at com.sun.corba.se.internal.POA.POAImpl.create_POA(POAImpl.java:522) at org.openejb.corba.TSSBean.doStart(TSSBean.java:154) I have a fix that fixes this latter problem, but not the former. :( === --- TSSBean.java(revision 3552) +++ TSSBean.java(working copy) @@ -152,6 +152,10 @@ rootPOA.create_implicit_activation_policy(ImplicitActivationPolicyValue.NO_IMPLICIT_ACTIVATION), }; localPOA = rootPOA.create_POA(POAName, rootPOA.the_POAManager(), policies); + +if (log.isDebugEnabled()) { +log.debug(create POA + POAName + + localPOA); +} localPOA.the_POAManager().activate(); @@ -166,11 +170,14 @@ public void doStop() throws Exception { if (localPOA != null) { +/* JIRA 2063 fix? try { localPOA.the_POAManager().deactivate(true, false); } catch (AdapterInactive adapterInactive) { // do nothing - this may have already been deactivated. -} +} */ +if (log.isDebugEnabled()) log.debug(destroying localPOA + POAName); +localPOA.destroy(true, true); // fix for JIRA-2063? localPOA = null; } if (log.isDebugEnabled()) log.debug(Stopped CORBA Target Security Service in POA + POAName); @@ -201,6 +208,7 @@ } public void registerContainer(EJBContainer container) throws CORBAException { +if (log.isDebugEnabled()) log.debug(POAName + - Linking container + container.getContainerID()); AdapterWrapper adapterWrapper = new AdapterWrapper(container); adapterWrapper.start(server.getORB(), localPOA, initialContext, securityPolicy); Stopping a TSSbean also stops the orb it's attached to -- Key: GERONIMO-2063 URL: http://issues.apache.org/jira/browse/GERONIMO-2063 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: CORBA Affects Versions: 1.1 Reporter: David Jencks Priority: Critical Fix For: 1.1.x While working with the MagicGBall I noticed that you can't stop and start the application: when you try to start it again you get an exception saying the orb is shut down. I deployed the app using the console, the magicGBall ear, and either one of the plans in magicgball/target/plan. I stopped and tried to start the app after deployment using the console. I won't argue much if this gets taken out of 1.1. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators:
Re: Terminology and status
How will non-committers get their patches added to the status file? -dain On Aug 2, 2006, at 10:53 AM, Rodent of Unusual Size wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe 2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cO CaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR 96KAuOpSqTI= =W2iC -END PGP SIGNATURE-
[jira] Resolved: (GERONIMO-2134) Shutdown error in ConfigurationClassLoader on Java 5
[ http://issues.apache.org/jira/browse/GERONIMO-2134?page=all ] Kevan Miller resolved GERONIMO-2134. Fix Version/s: 1.2 Resolution: Fixed I tracked down the src for 1.5.0_07. There was a change in the ObjectInputStream implementation for 1.5.0_07. sun.misc.SoftCache is no longer being used. They're using I reduced the log level to debug. I'm not sure that clearing the SoftCache is required, any longer, given our current ClassLoader structure. However, it's possible that we'll have a Class instance memory leak on 1.5.0_07. Aaron, if you could run 100 deploy/undeploy's of the admin console or daytrader, I think we'll have a good degree of confidence that things will be ok. Shutdown error in ConfigurationClassLoader on Java 5 Key: GERONIMO-2134 URL: http://issues.apache.org/jira/browse/GERONIMO-2134 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: kernel Affects Versions: 1.1 Reporter: Aaron Mulder Fix For: 1.1.1, 1.2 When I shut down (Ctrl-C), I got this: Server shutdown begun 12:50:27,288 ERROR [ConfigurationClassLoader] Unable to clear SoftCache field subclassAudits in class class java.io.ObjectInputStream Server shutdown completed -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Terminology and status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dain Sundstrom wrote: How will non-committers get their patches added to the status file? By a committer. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRND2a5rNPMCpn3XdAQII9QP8CQhe9CqTKKQOfJ5qcmzbXb5ibDYzSAk1 5VZoDLO/SYJnRu4il6gMR+YDqBx9j4UDZgg7fz0gHteOpFGA6AQ0QVXF1qecV/EC OmXaD0fFauRXG9gcvR4Bsm4qY30EgnlBtIFKrB79YBxdAZx6ptHFrklA1cuAAox4 MgFyMuZ3vAI= =0R+k -END PGP SIGNATURE-
Re: Terminology and status
Fine...I prefer a field in JIRA so I can execute a single query. I'll assume the patches are in JIRA anyway and its a great place for comments too :) Rodent of Unusual Size wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe 2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cO CaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR 96KAuOpSqTI= =W2iC -END PGP SIGNATURE-
Re: Terminology and status
On Aug 2, 2006, at 3:06 PM, Matt Hogstrom wrote:Fine...I prefer a field in JIRA so I can execute a single query. I'll assume the patches are in JIRA anyway and its a great place for comments too :)+1Rodent of Unusual Size wrote: -BEGIN PGP SIGNED MESSAGE-Hash: SHA1People have been referring to things requiring votes as'RTCs'.Everyone *please* stop using RTC in this manner. RTC is adevelopment model; what it and CTR are concerned with arepatches. Please call them patches. Changes are patches;RTC and CTR are how they get applied. If you said somethingabout 'an RTC' outside Geronimo, no-one would have the leastidea what you were talking about. This is *not* a placewhere it's necessary for us to invent new nomenclature.There has been some discussion about keeping status inthe wiki. The wiki is a 'pull' mechanism; if you don'tactively go looking for it, you won't get it. I haveupdated the STATUS file in trunk from its incubationcontent to something more current, and have set it up tobe mailed to the list every Wednesday night. I suggestfilling things in there so all the various issues arelisted in a single places, along with who has voted onpatches, critical issues, etc. Right now information isscattered all over the place.Take a look at http://tinyurl.com/hzwes (or athttp://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUSif you prefer the full URL) to see how another projectuses the STATUS file as a central repository of suchinfo.If the consensus is to not use the STATUS file, that'scool. But I decided that *doing* it was more productivethat just proposing to possibly set it up.- --#ken P-)}Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/Author, developer, opinionist http://Apache-Server.Com/"Millennium hand and shrimp!"-BEGIN PGP SIGNATURE-Version: GnuPG v1.2.4 (MingW32)Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.orgiQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cOCaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR96KAuOpSqTI==W2iC-END PGP SIGNATURE- -sachin
Re: Terminology and status
On Aug 2, 2006, at 12:06 PM, Matt Hogstrom wrote: Fine...I prefer a field in JIRA so I can execute a single query. I'll assume the patches are in JIRA anyway and its a great place for comments too :) I was just looking into that. I already send a report every monday of unassigned JIRAs that contain patches. If i could get a list of the votes too, I should be able to cook up something. -David Rodent of Unusual Size wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe 2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cO CaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR 96KAuOpSqTI= =W2iC -END PGP SIGNATURE-
[jira] Created: (GERONIMO-2264) Created branches/1.1.1 to start release process
Created branches/1.1.1 to start release process --- Key: GERONIMO-2264 URL: http://issues.apache.org/jira/browse/GERONIMO-2264 Project: Geronimo Issue Type: Task Security Level: public (Regular issues) Affects Versions: 1.1.1 Reporter: Matt Hogstrom Assigned To: Matt Hogstrom Fix For: 1.1.1 svn cp https://svn.apache.org/repos/asf/geronimo/branches/1.1 https://svn.apache.org/repos/asf/geronimo/branches/1.1.1 Committed revision 428093. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Creating a secure connection system and using JMSXUserID support
Hi, On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hmmm... It didn't cross my mind but yes, indeed, it is possible. We may supply a fake truststore that would return 'true' for any certificate submitted for authentication and then perform real authentication after connection setup. We would then be able to obtain client certificate exactly as you stated. If we accept this approach, I see three components to implement: 1. Fake truststore 2. CertificateLoginModule (against LDAP) 3. Tweak connection setup to ask for peer certificates. In 3. we actually need some kind of policy reagarding authenitcation. Although SSL connection is established, a client may still supply username/password meaning that it should be used for login. I guess that obtaining client certificate from SSL session should be the last option. In 'Certificate login' thread I described another approach: We may use SSL without client authentication but find a way to export certificate to a String (on client side) and then supply that string as 'username' in createConnection(). On server side, the String would be converted back to certificate and authenticated. With this approach, we need to agree on the string format and conversion discipline and then only another JAAS login module is required (that would actually perform coversion from String to Certificate and authenticate). Thus no change is required in existing code. We may even add another non-portable createConnection(Certificate, brokerURL) that would convert Certificate to String and invoke createConnection(username, password, brokerURL). So, the necessary modules to implement would be: 1. Utility to convert Certificate to a string and back. 1a. (optional) createConnection(Certificate, brokerURL) method and ActiveMQConnection(Certifcate, brokerURL) constructor that perform conversion from Certificate to String using utility in #1 and invoke appropriate existing meothods/constructors. This sounds fine to me too. I would use the DN as the userId and encode the certificate as a string for the password and add a ActiveMQConnectionFactory.setCertificate( Certificate ) and have that set userid/password. 2. JAAS login module that accepts username (and blank password; or whatever convenient) converts it back to Certificate using utility in #1 and authenticates it. Yep, sounds good to me. BTW, how easy is it to get Certificate instance? Is this susceptible to spoofing? I didn't like this approach at first but now it seems the quickiest (and the dirtiest) solution. Actually, it is developing a new protocol on exisitng facilities. Any thoughts? Regards, NGC Hiram Chirino wrote: I guess I don't understand what you mean by #2 but that could be due to my ignorance of the SSL socket stuff. So perhaps you can help me understand what happens there... Lets assume we setup the ssl stuff to use 'need client auth'. Could we setup a truststore implementation that accepts any client certificate or would this be a problem? Can you later get use the SSLScoket.getSession().getPeerCertificates() when the ConnectionInfo command comes in and attach those certificates to the command? Could that Certificate[] later be used against an LDAP JAAS module? Regards, Hiram On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hiram Chirino wrote: On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hi, I started another thread, unaware of this one, with the same aim. http://www.nabble.com/forum/ViewPost.jtp?post=5583011framed=y So please allow me to share my views on this. If we are going to use SSL and SSL's built in client authentication, then I would use JAAS to authenticate the user via certificate. I would use LDAP to store and verify certificates and I guess It would be fairly easy to implement. There is already LDAPLoginModule and I implemented LDAPAuthorizationMap - cerificates should not be much harder. Sounds good! The outcome of successful SSL client authentication should be authenticated Subject with all Princiapls set. This I woud put into ConnectionInfo - no need for DN or username. When AMQ has authenticated Subject, it can perform authorization in any of the existing ways. That is, we can safely separate authentication from authorization modules as long as AMQ gets Subject from the authentication process. agreed. What I miss here is the point of Subject creation. If we totally rely on SSL for authentication we actually need an implementation of truststore (keystore with trust manager) that would verify client certificate and create login Subject. However, as this process is totally hidden from AMQ (I think that truststore and ConnectionInfo instance are unaware of each other), we would need another store (directory) to temporarrily save Subject and make it avaliable to AMQ once the connection is created. Or, if there is a way for truststore to interact with ConectionInfo
[jira] Assigned: (GERONIMO-2134) Shutdown error in ConfigurationClassLoader on Java 5
[ http://issues.apache.org/jira/browse/GERONIMO-2134?page=all ] Kevan Miller reassigned GERONIMO-2134: -- Assignee: Kevan Miller Shutdown error in ConfigurationClassLoader on Java 5 Key: GERONIMO-2134 URL: http://issues.apache.org/jira/browse/GERONIMO-2134 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: kernel Affects Versions: 1.1 Reporter: Aaron Mulder Assigned To: Kevan Miller Fix For: 1.1.1, 1.2 When I shut down (Ctrl-C), I got this: Server shutdown begun 12:50:27,288 ERROR [ConfigurationClassLoader] Unable to clear SoftCache field subclassAudits in class class java.io.ObjectInputStream Server shutdown completed -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-2063) Stopping a TSSbean also stops the orb it's attached to
[ http://issues.apache.org/jira/browse/GERONIMO-2063?page=all ] Ted Kirby updated GERONIMO-2063: Attachment: G2063-openejb211.patch i manually start j2ee-corba before magicgball. The problem here is that on second start, the POA already exists. this is because it was not stopped/destroyed/brought down as it should have been (in my view/speculation) when the TSSBean was stopped. So, my fix fixes this by destroying the POA on TSSBean stop. Extra log.debug stuff also thrown in... Stopping a TSSbean also stops the orb it's attached to -- Key: GERONIMO-2063 URL: http://issues.apache.org/jira/browse/GERONIMO-2063 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: CORBA Affects Versions: 1.1 Reporter: David Jencks Priority: Critical Fix For: 1.1.x Attachments: G2063-openejb211.patch While working with the MagicGBall I noticed that you can't stop and start the application: when you try to start it again you get an exception saying the orb is shut down. I deployed the app using the console, the magicGBall ear, and either one of the plans in magicgball/target/plan. I stopped and tried to start the app after deployment using the console. I won't argue much if this gets taken out of 1.1. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Created: (SM-509) Support mtom and attachments
Support mtom and attachments Key: SM-509 URL: https://issues.apache.org/activemq/browse/SM-509 Project: ServiceMix Issue Type: New Feature Components: servicemix-jsr181 Reporter: Guillaume Nodet Assigned To: Guillaume Nodet Fix For: 3.0-M3 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Created: (GERONIMO-2265) Upgrade to use the new commons-modeler-2.0 release
Upgrade to use the new commons-modeler-2.0 release -- Key: GERONIMO-2265 URL: http://issues.apache.org/jira/browse/GERONIMO-2265 Project: Geronimo Issue Type: New Feature Security Level: public (Regular issues) Components: buildsystem Affects Versions: 1.1.x, 1.2 Reporter: Kevan Miller Assigned To: Kevan Miller Priority: Minor Fix For: 1.1.x, 1.2 Thanks to Dims, a new version (2.0) of commons-modeler has been released. We should move to this new version of commons-modeler. There's something wrong with the associated jar file on ibiblio (http://www.ibiblio.org/maven/commons-modeler/jars/commons-modeler-2.0.jar). Once that's sorted, I'll update Geronimo to use the new jar. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2264) Created branches/1.1.1 to start release process
[ http://issues.apache.org/jira/browse/GERONIMO-2264?page=comments#action_12425364 ] Matt Hogstrom commented on GERONIMO-2264: - svn commit -m GERONIMO-2264 Updated versions to 1.1.2-SNAPSHOT in branches/1.1 Sending1.1/etc/explicit_versions.properties Sending1.1/etc/project.properties Sending1.1/plugins/geronimo-assembly-plugin/project.properties Sending1.1/plugins/geronimo-assembly-plugin/project.xml Sending1.1/plugins/geronimo-dependency-plugin/project.properties Sending1.1/plugins/geronimo-dependency-plugin/project.xml Sending1.1/plugins/geronimo-deployment-plugin/project.properties Sending1.1/plugins/geronimo-deployment-plugin/project.xml Sending1.1/plugins/geronimo-izpack-plugin/project.properties Sending1.1/plugins/geronimo-izpack-plugin/project.xml Sending1.1/plugins/geronimo-packaging-plugin/plugin.properties Sending1.1/plugins/geronimo-packaging-plugin/project.properties Sending1.1/plugins/geronimo-packaging-plugin/project.xml Sending1.1/plugins/geronimo-packaging-plugin/src/test-resources/plan.xml Sending 1.1/plugins/geronimo-packaging-plugin/src/test-resources/result.xml Created branches/1.1.1 to start release process --- Key: GERONIMO-2264 URL: http://issues.apache.org/jira/browse/GERONIMO-2264 Project: Geronimo Issue Type: Task Security Level: public(Regular issues) Affects Versions: 1.1.1 Reporter: Matt Hogstrom Assigned To: Matt Hogstrom Fix For: 1.1.1 svn cp https://svn.apache.org/repos/asf/geronimo/branches/1.1 https://svn.apache.org/repos/asf/geronimo/branches/1.1.1 Committed revision 428093. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2264) Created branches/1.1.1 to start release process
[ http://issues.apache.org/jira/browse/GERONIMO-2264?page=comments#action_12425366 ] Matt Hogstrom commented on GERONIMO-2264: - Transmitting file data ... Committed revision 428127. Created branches/1.1.1 to start release process --- Key: GERONIMO-2264 URL: http://issues.apache.org/jira/browse/GERONIMO-2264 Project: Geronimo Issue Type: Task Security Level: public(Regular issues) Affects Versions: 1.1.1 Reporter: Matt Hogstrom Assigned To: Matt Hogstrom Fix For: 1.1.1 svn cp https://svn.apache.org/repos/asf/geronimo/branches/1.1 https://svn.apache.org/repos/asf/geronimo/branches/1.1.1 Committed revision 428093. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Resolved: (SM-509) Support mtom and attachments
[ https://issues.apache.org/activemq/browse/SM-509?page=all ] Guillaume Nodet resolved SM-509. Resolution: Fixed Author: gnodet Date: Wed Aug 2 13:06:38 2006 New Revision: 428124 URL: http://svn.apache.org/viewvc?rev=428124view=rev Log: SM-509: add mtom / attachments support Added: incubator/servicemix/trunk/servicemix-jsr181/src/test/java/org/apache/servicemix/jsr181/Jsr181MTOMTest.java Modified: incubator/servicemix/trunk/servicemix-jsr181/pom.xml incubator/servicemix/trunk/servicemix-jsr181/src/main/java/org/apache/servicemix/jsr181/Jsr181Endpoint.java incubator/servicemix/trunk/servicemix-jsr181/src/main/java/org/apache/servicemix/jsr181/Jsr181ExchangeProcessor.java Support mtom and attachments Key: SM-509 URL: https://issues.apache.org/activemq/browse/SM-509 Project: ServiceMix Issue Type: New Feature Components: servicemix-jsr181 Reporter: Guillaume Nodet Assigned To: Guillaume Nodet Fix For: 3.0-M3 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Terminology and status
I would rather see the community use JIRA to manage information of this nature. I don't think that using the STATUS file is a good idea... at least not for Geronimo and its projects. The RTC issue type was added to help with some of this, but from recent experience I've seen that no one is actually using the workflow features that Alan added to manage the state of the review. I think we should drop this issue type and instead add a Review field to all issues which could either be: 1) A simple checkbox, checked when reviewed... 2) A combobox: requires review, reviewed or not required. With #1, you can then query JIRA for issues with patch info checked and review unchecked to see what is pending. #2 is similar but also allows for stuff w/o patches (like m2migration merges) that need review too. --jason On Aug 2, 2006, at 10:53 AM, Rodent of Unusual Size wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe 2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cO CaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR 96KAuOpSqTI= =W2iC -END PGP SIGNATURE-
Re: Terminology and status
I agree. I'd prefer something that is directly integrated with JIRA rather than adding an additional file that must be maintained (and therefore is more likely to contain errors). Joe Matt Hogstrom wrote: Fine...I prefer a field in JIRA so I can execute a single query. I'll assume the patches are in JIRA anyway and its a great place for comments too :) Rodent of Unusual Size wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe 2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cO CaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR 96KAuOpSqTI= =W2iC -END PGP SIGNATURE-
Re: Terminology and status
On Aug 2, 2006, at 12:11 PM, David Blevins wrote: I was just looking into that. I already send a report every monday of unassigned JIRAs that contain patches. If i could get a list of the votes too, I should be able to cook up something. Unfortunately you can not tell which are PMC votes... or which are +1, -1, etc... If we wanted to use JIRA to track votes more effectively then we would need to implement a small plugin to handle Apache-style voting. The current mechanism is lacking and not appropriate to use IMO. --jason
Re: Terminology and status
On Aug 2, 2006, at 1:53 PM, Rodent of Unusual Size wrote: People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. Personally, I've been using RTC to refer to the *request* that is sent to the dev list, not the patch itself (e.g. I sent an RTC to the dev list). Since the RTC process and CTR process are quite different, it seems quite natural to start distinguishing between the two when referring to associated mechanisms (Jira's, patches, etc). So, I would expect to see descriptive terms like RTC Jira or RTC request used. Is it so surprising that some of these would be shortened to RTC? There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. As others have suggested, I think Jira's are the most appropriate means for tracking RTC related Jira's. That doesn't mean a STATUS file isn't a good idea. Seems like a good way of distributing information regarding project goals, schedules, and upcoming events... --kevan
Re: Terminology and status
On Aug 2, 2006, at 2:01 PM, Jason Dillon wrote: On Aug 2, 2006, at 12:11 PM, David Blevins wrote: I was just looking into that. I already send a report every monday of unassigned JIRAs that contain patches. If i could get a list of the votes too, I should be able to cook up something. Unfortunately you can not tell which are PMC votes... or which are +1, -1, etc... If we wanted to use JIRA to track votes more effectively then we would need to implement a small plugin to handle Apache-style voting. The current mechanism is lacking and not appropriate to use IMO. Go for it. -David --jason
[jira] Reopened: (AMQ-854) Update to activemq-cpp source to enable documentation generation
[ https://issues.apache.org/activemq/browse/AMQ-854?page=all ] Nathan Mittler reopened AMQ-854: going to submit a snapshot of the documentation to http://svn.apache.org/repos/asf/incubator/activemq/site/cms Update to activemq-cpp source to enable documentation generation Key: AMQ-854 URL: https://issues.apache.org/activemq/browse/AMQ-854 Project: ActiveMQ Issue Type: Improvement Components: CMS (C++ client) Reporter: Timothy Bish Assigned To: Nathan Mittler Priority: Minor Attachments: activemq-cpp-0-0-2-DOCUpdates.zip This patch contains updated source files for the activemq-cpp project which expand the code documentation and clean up documentation that caused warnings when running the doxygen tool to document the code. A set of generated documentation files is included in the new docs folder. This patch adds no new functionality. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Terminology and status
I was not volunteering... :-P But maybe if I have some time and feel like hacking something together I will... --jason On Aug 2, 2006, at 2:37 PM, David Blevins wrote: On Aug 2, 2006, at 2:01 PM, Jason Dillon wrote: On Aug 2, 2006, at 12:11 PM, David Blevins wrote: I was just looking into that. I already send a report every monday of unassigned JIRAs that contain patches. If i could get a list of the votes too, I should be able to cook up something. Unfortunately you can not tell which are PMC votes... or which are +1, -1, etc... If we wanted to use JIRA to track votes more effectively then we would need to implement a small plugin to handle Apache-style voting. The current mechanism is lacking and not appropriate to use IMO. Go for it. -David --jason
Re: Geronimo site POC using Confluence Autoexport
FYI... I've updated to include most of the pages from the main site... but have not fully converted them. But now you can get a better feel for how the site might look: http://cwiki.apache.org/GMOxSITE/ --jason
[jira] Commented: (GERONIMO-2219) [RTC] Merge m2migration (functional m2 build) to trunk
[ http://issues.apache.org/jira/browse/GERONIMO-2219?page=comments#action_12425390 ] Jason Dillon commented on GERONIMO-2219: FYI, I will do this when I get back to Cali on friday... sorry have not had time to apply after the super speedy vote [RTC] Merge m2migration (functional m2 build) to trunk -- Key: GERONIMO-2219 URL: http://issues.apache.org/jira/browse/GERONIMO-2219 Project: Geronimo Issue Type: RTC Security Level: public(Regular issues) Components: buildsystem Affects Versions: 1.2 Reporter: Jason Dillon Assigned To: Jason Dillon Priority: Critical Fix For: 1.2 h3. Overview For the past few weeks we have been busy at work getting Geronimo 1.2-SNAPSHOT to build with Maven 2. As I have noted before in email, the process is almost complete. At this point the work done so far results in a functional server for the following assemblies: * geronimo-jetty-j2ee * geronimo-jetty-minimal * geronimo-tomcat-j2ee * geronimo-tomcat-minimal The work to implement has been applied to a branch in the sandbox, and includes many submitted patches from those contributors and commiters that had been helping with the effort. My recommendation is that we _merge_ this change to trunk and not generate a diff and then patch. There are a few changes which patch does not handle well and will cause failed chunks when applied, and there are a few files moved and copied, which when patched will cause loss of that history. As I mentioned this work is _almost complete_, there are still a few pending issues, please see the section below for more details. h3. Recommend Action Post RTC Once we have the required RTC +1's to allow this work to be merged, this is what I recommend: # Merge m2migration to trunk as described below # Deprecate the Maven1 build; meaning leave the m1 files, but strongly urge developers to use the m2 build # Enable the TCK _automated_ testing in GBuild using the m2 build # Remove the m1 build (and related files) These steps will probably take a few weeks post-merge to complete. h3. About the Branch The main branch which should be used for review is: * https://svn.apache.org/repos/asf/geronimo/sandbox/svkmerge/m2migration I have been using SVK ( http://svk.elixus.org/ ) to keep this m2migration branch up to date with the latest changes that have been made to trunk (with a few exceptions). I have been staging the merge as follows: * merge from {{trunk}} to {{sandbox/svkmerge/trunk}} * merge from {{sandbox/svkmerge/trunk}} {{sandbox/svkmerge/m2migration}} This has worked out very well and I have found that using SVK dramatically reduces to complexity of performing full tree (or partial tree merges). I have been verifying that the SVK {{smerge}} is indeed doing the right thing and I have a good deal of confidence in it at this point. The idea is to merge m2migration back to trunk using SVK as follows: * merge from {{sandbox/svkmerge/m2migration}} to {{sandbox/svkmerge/trunk}} * merge from {{sandbox/svkmerge/trunk}} to {{trunk}} This is the opposite of what I am performing now on a regular basis to sync this development branch. Normally the additional branch (svkmerge/trunk) would not be needed, but it exists to help ensure that the merge is indeed _doing the right thing_. h3. Recommended Review Steps {noformat} svn co https://svn.apache.org/repos/asf/geronimo/sandbox/svkmerge/m2migration cd m2migration ./bootstrap gunzip -c m2-assemblies/geronimo-jetty-j2ee/target/geronimo-jetty-j2ee-1.2-SNAPSHOT-bin.tar.gz | tar xf - ./geronimo-jetty-j2ee/bin/startup.sh tail -f geronimo-jetty-j2ee/var/log/geronimo.out ./geronimo-jetty-j2ee/bin/shutdown.sh --user system --password manager {noformat} *NOTE:* Windows users need to run {{bootstrap}} from a Cygwin environment and should probably run these steps from the root of a drive (c:, d:, etc) to better ensure that the long filename problem is not an issue when testing. *WARNING:* The {{bootstrap}} script will remove your local Maven2 repository cache and will take maybe 30 minutes or so to run... more or less depending on how fast your network connection is. You should define a mirror for the {{central}} m2 repository before running... otherwise you will almost certainly get repository failures downloading from ibiblio. This is what I am using (in ~/.m2/settings.xml): {code:xml} ?xml version=1.0? settings mirrors mirror idrepo.mergere.com/id urlhttp://repo.mergere.com/maven2/url mirrorOfcentral/mirrorOf /mirror /mirrors /settings {code} Also, due to the coupling of Geronimo and OpenEJB2, OpenEJB2 must be checked out and built in the middle of
Re: Graduate to a TLP?
+1 david jencks On Aug 1, 2006, at 9:14 AM, Brian McCallister wrote: I'd like to start the ball rolling to have ActiveMQ graduate to a top level project at Apache. The original intent was to become a sub-project of Geronimo, but I think that this would be a disservice to ActiveMQ, which is quite capable of standing on it's own, and therefore, should be a project in itsef rather than expanding the G umbrella. Looking over the incubator checklist, everything seems to have been completed, we have been making releases (a good sign that a project has it together) and I do believe it is time :-) Thoughts? -Brian
Re: Creating a secure connection system and using JMSXUserID support
I'm confused by the descriptions of this approach, and don't understand what is being proposed. I would separate the steps of 1. validating the client certificate based on the presented certificate chain, which in my experience can be done by the standard truststore implementation that comes with java, and serves to identify the client: this is done during the ssl connection setup and 2. deciding if the identified client is someone you want to let into the system, which can be done with a JAAS login module that accepts either a certificate chain callback handler (probably way overkill), the client certificate (possibly overkill, we've already verified the validity of the chain), or just the DN. Keeping the DN in LDAP should be no problem, perhaps mapped to the principals you want the user to have: I think this could be done after the ssl connection is set up and 3. deciding what permissions the logged in user should get. You might want to consider using a JACC like approach: I set up something like this for portal permissions in jetspeed2 and suspect something similar ought to work for amq. many thanks david jencks On Aug 2, 2006, at 12:20 PM, Hiram Chirino wrote: Hi, On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hmmm... It didn't cross my mind but yes, indeed, it is possible. We may supply a fake truststore that would return 'true' for any certificate submitted for authentication and then perform real authentication after connection setup. We would then be able to obtain client certificate exactly as you stated. If we accept this approach, I see three components to implement: 1. Fake truststore 2. CertificateLoginModule (against LDAP) 3. Tweak connection setup to ask for peer certificates. In 3. we actually need some kind of policy reagarding authenitcation. Although SSL connection is established, a client may still supply username/password meaning that it should be used for login. I guess that obtaining client certificate from SSL session should be the last option. In 'Certificate login' thread I described another approach: We may use SSL without client authentication but find a way to export certificate to a String (on client side) and then supply that string as 'username' in createConnection(). On server side, the String would be converted back to certificate and authenticated. With this approach, we need to agree on the string format and conversion discipline and then only another JAAS login module is required (that would actually perform coversion from String to Certificate and authenticate). Thus no change is required in existing code. We may even add another non-portable createConnection(Certificate, brokerURL) that would convert Certificate to String and invoke createConnection(username, password, brokerURL). So, the necessary modules to implement would be: 1. Utility to convert Certificate to a string and back. 1a. (optional) createConnection(Certificate, brokerURL) method and ActiveMQConnection(Certifcate, brokerURL) constructor that perform conversion from Certificate to String using utility in #1 and invoke appropriate existing meothods/constructors. This sounds fine to me too. I would use the DN as the userId and encode the certificate as a string for the password and add a ActiveMQConnectionFactory.setCertificate( Certificate ) and have that set userid/password. 2. JAAS login module that accepts username (and blank password; or whatever convenient) converts it back to Certificate using utility in #1 and authenticates it. Yep, sounds good to me. BTW, how easy is it to get Certificate instance? Is this susceptible to spoofing? I didn't like this approach at first but now it seems the quickiest (and the dirtiest) solution. Actually, it is developing a new protocol on exisitng facilities. Any thoughts? Regards, NGC Hiram Chirino wrote: I guess I don't understand what you mean by #2 but that could be due to my ignorance of the SSL socket stuff. So perhaps you can help me understand what happens there... Lets assume we setup the ssl stuff to use 'need client auth'. Could we setup a truststore implementation that accepts any client certificate or would this be a problem? Can you later get use the SSLScoket.getSession ().getPeerCertificates() when the ConnectionInfo command comes in and attach those certificates to the command? Could that Certificate[] later be used against an LDAP JAAS module? Regards, Hiram On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hiram Chirino wrote: On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hi, I started another thread, unaware of this one, with the same aim. http://www.nabble.com/forum/ViewPost.jtp?post=5583011framed=y So please allow me to share my views on this. If we are going to use SSL and SSL's built in client authentication, then I would use JAAS to authenticate the user via certificate.
Re: auto-generating documentation for C++ client?
Hey James, Just tried to commit and got the following error: svn: MKACTIVITY of '/repos/asf/!svn/act/010cd0f707b0': 403 Forbidden ( http://svn.apache.org) Is there some special permission that I need for submitting to that folder? On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey guys, I've submitted the patch. James - as it stands, Tim has some docs that are ready to go - should we just post them on a server (people.apache.org?) and link to them from the web page? Awesome! Lets do it. The website is here... http://svn.apache.org/repos/asf/incubator/activemq/site/ so I checked in the NMS docs here... http://svn.apache.org/repos/asf/incubator/activemq/site/nms/ so how about we put the CMS docs here? http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ If you just check in the docs, I've a cron job that refreshes the people.apache.org box from SVN and they should show up there. BTW there seems to be some delay (of up to an hour or so) before updates to SVN actually show up at apache on the web page as there's some kinda proxy/caching stuff going on. -- James --- http://radio.weblogs.com/0112098/
[jira] Commented: (GERONIMO-2255) Error on creation of standalone web services
[ http://issues.apache.org/jira/browse/GERONIMO-2255?page=comments#action_12425397 ] David Jencks commented on GERONIMO-2255: I agree that adding these dependencies in this way is a bad idea. I think the correct approach is to allow the web service builder to add dependencies to the application being deployed. This will require more calls into the WSD in earlier deployment lifecycle phases. In general I think the pending namespace driven builder work should be extended to allow any such builder to add dependencies: I haven't investigate whether turning WSD into a namespace driven builder is at all practicable. For now I think the correct although unpleasant approach is to add these dependencies by hand into the plans for each app with webservices. Error on creation of standalone web services Key: GERONIMO-2255 URL: http://issues.apache.org/jira/browse/GERONIMO-2255 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: webservices Affects Versions: 1.1.x Environment: Windows XP ,Sun JDK Reporter: Manu T George Attachments: openejb-deployer.diff, tomcat-deployer.diff When i deploy a standalone ejb web service in Geronimo 1.1 it gives an error 00:11:04,238 ERROR [Servlet] Exception caught: javax.portlet.PortletException: Exception at org.apache.geronimo.console.configmanager.ConfigManagerPortlet.proces sAction(ConfigManagerPortlet.java:107) at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229 ) at org.apache.pluto.core.PortletServlet.doGet(PortletServlet.java:158) at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) at javax.servlet.http.HttpServlet.service(HttpServlet.java:688) at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:173) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDisp atcher.java:672) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationD ispatcher.java:574) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDis patcher.java:499) at org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvoke rImpl.java:120) at org.apache.pluto.invoker.impl.PortletInvokerImpl.action (PortletInvoke rImpl.java:68) at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletCon tainerImpl.java:164) at org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processP ortletAction(PortletContainerWrapperImpl.java:82) at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227) at javax.servlet.http.HttpServlet.service(HttpServlet.java:595) at javax.servlet.http.HttpServlet.service (HttpServlet.java:688) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java :178) at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSu bjectValve.java:52) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica torBase.java:524) at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve. invoke(GeronimoStandardContext.java:342) at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(Gero nimoBeforeAfterValve.java :31) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:105) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineVal ve.java:107) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 541) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.p rocessConnection(Http11BaseProtocol.java:667) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo int.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
[jira] Assigned: (GERONIMO-2030) Allow WebServiceBuilder determine if there are WebServices to be deployed
[ http://issues.apache.org/jira/browse/GERONIMO-2030?page=all ] David Jencks reassigned GERONIMO-2030: -- Assignee: David Jencks Allow WebServiceBuilder determine if there are WebServices to be deployed - Key: GERONIMO-2030 URL: http://issues.apache.org/jira/browse/GERONIMO-2030 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: webservices Affects Versions: 1.1 Environment: all Reporter: Conrad O'Dea Assigned To: David Jencks Fix For: 1.1.1, 1.2 Attachments: find-web-services.patch, geronimo_ws_builder_change.patch Each J2EE module deployer (EJB, Tomcat, Jetty) must decide if the module being deployed has a WebService endpoint. Currently, this requires the deployer to check for the presence of a webservices.xml file. This makes it awkward to add support for JAXWS style web services to Geronimo. A better solution is to push the WS endpoint check into the webservice deployer. This simplifies the logic of webservice deployment and also allows for more flexible options (such as introducing a module that use JSE 5 features without polluting the existing deployers). A patch for this attached. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Creating a secure connection system and using JMSXUserID support
Ok. So from what I've read, we're trying to separate the authorization part from the SSL socket and let the broker handle it. This sounds great. It would take more work (not so great since I have a deadline), but it would be a proper solution. From what I know of JAAS, the subject/principals fully represent identity. So attaching them to Connection info would be a good idea. That way, the Transport's job would be to authenticate and the Broker could handle authorization completely. This would also mean that any communication system could be used without having to change the Broker (as long as the Transport can authenticate and create proper subjet/principals). The one thing I will note is that we are changing the ActiveMQ architecture in that currently, the Brokers are doing both authentication and authorization (e.g. The Brokers are currently doing the user name and password validation). I think, however, that this is necessary because without our change, there would need to be a new broker for every new, authenticated, communication system. Please tell me if you agree (in which case I'll start looking at implementation details). On 8/2/06, David Jencks [EMAIL PROTECTED] wrote: I'm confused by the descriptions of this approach, and don't understand what is being proposed. I would separate the steps of 1. validating the client certificate based on the presented certificate chain, which in my experience can be done by the standard truststore implementation that comes with java, and serves to identify the client: this is done during the ssl connection setup and 2. deciding if the identified client is someone you want to let into the system, which can be done with a JAAS login module that accepts either a certificate chain callback handler (probably way overkill), the client certificate (possibly overkill, we've already verified the validity of the chain), or just the DN. Keeping the DN in LDAP should be no problem, perhaps mapped to the principals you want the user to have: I think this could be done after the ssl connection is set up and 3. deciding what permissions the logged in user should get. You might want to consider using a JACC like approach: I set up something like this for portal permissions in jetspeed2 and suspect something similar ought to work for amq. many thanks david jencks On Aug 2, 2006, at 12:20 PM, Hiram Chirino wrote: Hi, On 8/2/06, ngcutura [EMAIL PROTECTED] wrote: Hmmm... It didn't cross my mind but yes, indeed, it is possible. We may supply a fake truststore that would return 'true' for any certificate submitted for authentication and then perform real authentication after connection setup. We would then be able to obtain client certificate exactly as you stated. If we accept this approach, I see three components to implement: 1. Fake truststore 2. CertificateLoginModule (against LDAP) 3. Tweak connection setup to ask for peer certificates. In 3. we actually need some kind of policy reagarding authenitcation. Although SSL connection is established, a client may still supply username/password meaning that it should be used for login. I guess that obtaining client certificate from SSL session should be the last option. In 'Certificate login' thread I described another approach: We may use SSL without client authentication but find a way to export certificate to a String (on client side) and then supply that string as 'username' in createConnection(). On server side, the String would be converted back to certificate and authenticated. With this approach, we need to agree on the string format and conversion discipline and then only another JAAS login module is required (that would actually perform coversion from String to Certificate and authenticate). Thus no change is required in existing code. We may even add another non-portable createConnection(Certificate, brokerURL) that would convert Certificate to String and invoke createConnection(username, password, brokerURL). So, the necessary modules to implement would be: 1. Utility to convert Certificate to a string and back. 1a. (optional) createConnection(Certificate, brokerURL) method and ActiveMQConnection(Certifcate, brokerURL) constructor that perform conversion from Certificate to String using utility in #1 and invoke appropriate existing meothods/constructors. This sounds fine to me too. I would use the DN as the userId and encode the certificate as a string for the password and add a ActiveMQConnectionFactory.setCertificate( Certificate ) and have that set userid/password. 2. JAAS login module that accepts username (and blank password; or whatever convenient) converts it back to Certificate using utility in #1 and authenticates it. Yep, sounds good to me. BTW, how easy is it to get Certificate instance? Is this susceptible to spoofing? I didn't like this approach at first but now it seems the quickiest (and the dirtiest) solution.
[jira] Created: (AMQ-857) Make kaha DB file size configurable
Make kaha DB file size configurable --- Key: AMQ-857 URL: https://issues.apache.org/activemq/browse/AMQ-857 Project: ActiveMQ Issue Type: New Feature Components: Broker Affects Versions: 4.0.2, 4.0.1 Environment: any Reporter: Vadim Pesochinskiy Fix For: 4.1 As I understand file size is set fixed to 32MB (http://www.nabble.com/forum/ViewPost.jtp?post=5285163framed=y). and I did not find a JIRA for it. I am creating it, just to make sure it is not forgotten. If possible it would be great if wiki (http://www.activemq.org/site/kaha-persistence.html) was updated to explain when those queue-data files are rolled-over and removed, because people will be asking ;). Thanks. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Geronimo site POC using Confluence Autoexport
I totally missed this email when it came out. This stuff rocks! -David On Jul 25, 2006, at 3:34 AM, Jason Dillon wrote: I had been wanting to use Confluence as the primary Geronimo website for a while now... and finally just went and created proof of concept that it might actually work... check out: http://cwiki.apache.org/GMOxSITE/ Looks familiar? It should, cause its the same layout that we have on http://geronimo.apache.org (with a new minor changes). I have not done much content wise... but I did get all of the side navigation pages setup and rendering from SideNav * pages (each has its own page)... though most of those links point to non- existent pages (hence the +). Looks like there is a still a bit more work that needs to be done to refine the autoexpert plugin... like the news links in the Geronimo News section which are Confluence news pages link you to the Confluence page, not the exported page (http://cwiki.apache.org/ GMOxSITE/2006/07/25/test-news-post.html). Also some more dynamic stuff, like adding new news does not automatically export the pages. I think this is okay, we can auto export on a periodic schedule to get around this limitation... or just fix the plugin to be a tad more intelligent. I've attached the vsl if anyone is interested to see the magic needed to get autoexport to do this... * * * Anyways, something to think about... I think its got a lot of potential (or I would not still be up at 3am hacking on it) :-) --jason GMOxSITE.vsl
[jira] Assigned: (GERONIMO-1277) Change group-id to org.apache.geronimo
[ http://issues.apache.org/jira/browse/GERONIMO-1277?page=all ] David Jencks reassigned GERONIMO-1277: -- Assignee: Jason Dillon (was: David Jencks) I think jason is implementing this insofar as it is possible within windows restrictions as part of the m2 migration... unassign it if not. Change group-id to org.apache.geronimo -- Key: GERONIMO-1277 URL: http://issues.apache.org/jira/browse/GERONIMO-1277 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: buildsystem Affects Versions: 1.0-M5 Reporter: Dain Sundstrom Assigned To: Jason Dillon Priority: Blocker Fix For: 1.2 We need to change our group-id to org.apache.geronimo before 1.0 comes out, or else everyone's server will break when we do switch. We must make this switch when we convert to maven 2, so it is best to do it now. I will do this tomorrow. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (AMQ-850) add the ability to timeout a prefetch buffer to prevent a single consumer grabbing messages
[ https://issues.apache.org/activemq/browse/AMQ-850?page=comments#action_36679 ] Vadim Pesochinskiy commented on AMQ-850: Please remember that in addition to removing messages from the buffer (unacking) you need to make sure that you do not keep allocating new messages. Consumer has to be put to sleep until rcv or rcvNoWait is called on it. My 2 cents, thanks. add the ability to timeout a prefetch buffer to prevent a single consumer grabbing messages --- Key: AMQ-850 URL: https://issues.apache.org/activemq/browse/AMQ-850 Project: ActiveMQ Issue Type: New Feature Components: Broker Reporter: james strachan Fix For: 4.2 If a MessageConsumer is created but not used, it still tends to get its prefetch-buffer worth of messages. If it does not process them within a specific time the consumer should either be closed, or the messages unacked and flushed from the buffer so that the consumer does not hog the messages. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: auto-generating documentation for C++ client?
Strange - there shouldn't be - anything within the activemq folder should have the same karma. On 8/2/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey James, Just tried to commit and got the following error: svn: MKACTIVITY of '/repos/asf/!svn/act/010cd0f707b0': 403 Forbidden ( http://svn.apache.org) Is there some special permission that I need for submitting to that folder? On 8/2/06, James Strachan [EMAIL PROTECTED] wrote: On 8/1/06, Nathan Mittler [EMAIL PROTECTED] wrote: Hey guys, I've submitted the patch. James - as it stands, Tim has some docs that are ready to go - should we just post them on a server (people.apache.org?) and link to them from the web page? Awesome! Lets do it. The website is here... http://svn.apache.org/repos/asf/incubator/activemq/site/ so I checked in the NMS docs here... http://svn.apache.org/repos/asf/incubator/activemq/site/nms/ so how about we put the CMS docs here? http://svn.apache.org/repos/asf/incubator/activemq/site/cms/ If you just check in the docs, I've a cron job that refreshes the people.apache.org box from SVN and they should show up there. BTW there seems to be some delay (of up to an hour or so) before updates to SVN actually show up at apache on the web page as there's some kinda proxy/caching stuff going on. -- James --- http://radio.weblogs.com/0112098/ -- James --- http://radio.weblogs.com/0112098/
LinuxWorld Geronimo BOF Scheduled
Geronimo community members, There is a Geronimo BOF being held at LinuxWorld in San Francisco, later this month. Here are the details that I have: BOF 15: Apache Geronimo 1.1 - Open Source Application Server Wednesday, August 16, from 6-7 PM Moscone Center Room 305 I'll be there. Anyone else who will be attending? --kevan
[jira] Created: (XBEAN-34) The id attribute defaults to the xbean tag name
The id attribute defaults to the xbean tag name --- Key: XBEAN-34 URL: http://issues.apache.org/jira/browse/XBEAN-34 Project: XBean Issue Type: Improvement Affects Versions: 2.6 Reporter: David Blevins Fix For: 2.6 The id attribute of the xbean tag should be optional and when not explicitly specified should default to the name of the xbean tag itself. Such as j:transactionManager id=transactionManager/ can just be: j:transactionManager/ The schema can also express the default value of the id attribute of the j:transactionManager complex type. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[STATUS] (geronimo) Wed Aug 2 23:48:09 2006
APACHE GERONIMO STATUS: -*-text-*- Last modified at [$Date: 2006-08-02 13:03:05 -0400 (Wed, 02 Aug 2006) $] The current version of this file can be found at: * http://svn.apache.org/repos/asf/geronimo/trunk/STATUS Current version in trunk: RELEASE SHOWSTOPPERS: Outstanding patches awaiting votes: Release history: If you're a contributor looking for something to do: * Review the documentation and suggest improvements * Review the bug list and suggest fixes or report reproducibility * Report bugs yourself
Re: LinuxWorld Geronimo BOF Scheduled
Kevan Miller wrote: Geronimo community members, There is a Geronimo BOF being held at LinuxWorld in San Francisco, later this month. Here are the details that I have: BOF 15: Apache Geronimo 1.1 - Open Source Application Server Wednesday, August 16, from 6-7 PM Moscone Center Room 305 I'll be there. Anyone else who will be attending? I can pop over. Do I need to be in the conference to get in? Who all will be in SF? Regards, Alan
Re: Geronimo site POC using Confluence Autoexport
Jason Dillon wrote: FYI... I've updated to include most of the pages from the main site... but have not fully converted them. But now you can get a better feel for how the site might look: http://cwiki.apache.org/GMOxSITE/ --jason Looks really great! Regards, Alan
[jira] Created: (GERONIMO-2266) FileAuditLoginModule: Does not log failed attempts
FileAuditLoginModule: Does not log failed attempts -- Key: GERONIMO-2266 URL: http://issues.apache.org/jira/browse/GERONIMO-2266 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: security Affects Versions: 1.1, 1.1.1 Environment: WinXP, G 1.1.1-SNAPSHOT Reporter: Vamsavardhana Reddy Fix For: 1.1.x I have created an audit enabled security realm. I notice that only successful login attempts are logged to the file. Failed attempts are never logged!!! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-2266) FileAuditLoginModule: Does not log failed attempts
[ http://issues.apache.org/jira/browse/GERONIMO-2266?page=all ] Vamsavardhana Reddy updated GERONIMO-2266: -- Fix Version/s: 1.2 Affects Version/s: 1.1.x 1.2 FileAuditLoginModule: Does not log failed attempts -- Key: GERONIMO-2266 URL: http://issues.apache.org/jira/browse/GERONIMO-2266 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: security Affects Versions: 1.1, 1.1.1, 1.1.x, 1.2 Environment: WinXP, G 1.1.1-SNAPSHOT Reporter: Vamsavardhana Reddy Fix For: 1.1.x, 1.2 I have created an audit enabled security realm. I notice that only successful login attempts are logged to the file. Failed attempts are never logged!!! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (GERONIMO-2266) FileAuditLoginModule: Does not log failed attempts
[ http://issues.apache.org/jira/browse/GERONIMO-2266?page=all ] Alan Cabrera reassigned GERONIMO-2266: -- Assignee: Alan Cabrera FileAuditLoginModule: Does not log failed attempts -- Key: GERONIMO-2266 URL: http://issues.apache.org/jira/browse/GERONIMO-2266 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: security Affects Versions: 1.1, 1.1.1, 1.1.x, 1.2 Environment: WinXP, G 1.1.1-SNAPSHOT Reporter: Vamsavardhana Reddy Assigned To: Alan Cabrera Fix For: 1.1.x, 1.2 I have created an audit enabled security realm. I notice that only successful login attempts are logged to the file. Failed attempts are never logged!!! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Re: Terminology and status
What about the changes to the Jira that we made a few weeks ago? Regards, Alan Rodent of Unusual Size wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 People have been referring to things requiring votes as 'RTCs'. Everyone *please* stop using RTC in this manner. RTC is a development model; what it and CTR are concerned with are patches. Please call them patches. Changes are patches; RTC and CTR are how they get applied. If you said something about 'an RTC' outside Geronimo, no-one would have the least idea what you were talking about. This is *not* a place where it's necessary for us to invent new nomenclature. There has been some discussion about keeping status in the wiki. The wiki is a 'pull' mechanism; if you don't actively go looking for it, you won't get it. I have updated the STATUS file in trunk from its incubation content to something more current, and have set it up to be mailed to the list every Wednesday night. I suggest filling things in there so all the various issues are listed in a single places, along with who has voted on patches, critical issues, etc. Right now information is scattered all over the place. Take a look at http://tinyurl.com/hzwes (or at http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS if you prefer the full URL) to see how another project uses the STATUS file as a central repository of such info. If the consensus is to not use the STATUS file, that's cool. But I decided that *doing* it was more productive that just proposing to possibly set it up. - -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Ken.Coar.Org/ Author, developer, opinionist http://Apache-Server.Com/ Millennium hand and shrimp! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRNDmpZrNPMCpn3XdAQKWpgP+L6fVMia9/QIb/QRX6Q9PvW3GI7+TFTMe 2feNTUraxSxuKY2CT3Bk8m8s2H/iObbgt+ILidYnKXMU8FKEFW2nCzZBPpCEi1cO CaawPX7PhMltfhbaJquR4qZM1VRUxd2YfyDzvJEYIbP1c166TgV5Q4FZjnt8lFJR 96KAuOpSqTI= =W2iC -END PGP SIGNATURE-
Re: 1.1.1 Branch notice 1500 ET (that's 3:00 PM ET for the non geeky)
Matt Hogstrom wrote: The memory leak is fixed. Thanks to Kevan for the quick work. I am going to branch this afternoon at 1500. If you have something in progress ping me and we'll work it out. The branch will be branches/1.1.1 and will only be taking bug fixes and performance regressions (tracked by JIRA.). All existing JIRA's that were not resolved in 1.1.1 will be moved to 1.x. If there is interested in a 1.1.2 speak up. Thanks all. Given that 1.2 is not going out until winter, I'm going to fix some stuff for 1.1.2. I've already created a version in Jira. Regards, Alan
[jira] Updated: (GERONIMO-2266) FileAuditLoginModule: Does not log failed attempts
[ http://issues.apache.org/jira/browse/GERONIMO-2266?page=all ] Alan Cabrera updated GERONIMO-2266: --- Fix Version/s: v1.1.2 (was: 1.1.x) FileAuditLoginModule: Does not log failed attempts -- Key: GERONIMO-2266 URL: http://issues.apache.org/jira/browse/GERONIMO-2266 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: security Affects Versions: 1.1, 1.1.1, 1.1.x, 1.2 Environment: WinXP, G 1.1.1-SNAPSHOT Reporter: Vamsavardhana Reddy Assigned To: Alan Cabrera Fix For: 1.2, 1.1.2 I have created an audit enabled security realm. I notice that only successful login attempts are logged to the file. Failed attempts are never logged!!! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
Current caller subject?
I'm working on the Jencks project again and have discovered that the container managed security and pool partition by-subject doesn't work oustide of Geronimo since both depend on obtaining the current caller's subject from ContextManager.getCurrentCaller(), which is a Geronimo specific class. Is there a spec defined way we could be getting the current caller's subject that would reasonably work in most app servers? I'm hoping there is something in the JACC spec. If not, I think we should introduce a hook under these static calls, so we can redirect them to platform specific APIs when running outside of a Geronimo server. -dain