[jira] Closed: (GERONIMO-4601) Removing all statistics for one server resulted in exception and the configuration is not saved
[
https://issues.apache.org/jira/browse/GERONIMO-4601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jack Cai closed GERONIMO-4601.
--
Resolution: Invalid
There must be something crazy going on with my machine last time. As I look
into the code of the method
org.apache.geronimo.monitoring.MasterRemoteControl.getSnapshotDuration(), it
seems impossible that such an Exception was thrown, see -
{code}
public Long getSnapshotDuration() {
// return what is stored in the snapshot-config.xml or default value
try {
String returnedDuration =
SnapshotConfigXMLBuilder.getAttributeValue( DURATION ); // How can an Exception
escape this try??
return Long.parseLong( returnedDuration );
} catch(Exception e) {
return DEFAULT_DURATION; // the default
}
}
{code}
Would really appreciate if someone knows some insight about this...
Anyway, I can't reproduce this exception any more. Cancelling this issue.
> Removing all statistics for one server resulted in exception and the
> configuration is not saved
> ---
>
> Key: GERONIMO-4601
> URL: https://issues.apache.org/jira/browse/GERONIMO-4601
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: monitoring
>Affects Versions: 2.1.5
>Reporter: Jack Cai
>Assignee: Jack Cai
>Priority: Minor
>
> If all statistics are removed for one server, then there is the below
> exception in the server log, and the configuratiion is not saved - after
> refresh, you get the old statistics back.
> 2009-03-25 16:17:31,109 ERROR [SnapshotConfigXMLBuilder] 文件过早结束。
> org.xml.sax.SAXParseException: 文件过早结束。
> at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
> at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
> at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
> at
> org.apache.geronimo.monitoring.snapshot.SnapshotConfigXMLBuilder.openDocument(SnapshotConfigXMLBuilder.java:286)
> at
> org.apache.geronimo.monitoring.snapshot.SnapshotConfigXMLBuilder.getAttributeValue(SnapshotConfigXMLBuilder.java:197)
> at
> org.apache.geronimo.monitoring.MasterRemoteControl.getSnapshotDuration(MasterRemoteControl.java:320)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:618)
> at
> org.apache.openejb.core.interceptor.ReflectionInvocationContext$Invocation.invoke(ReflectionInvocationContext.java:158)
> at
> org.apache.openejb.core.interceptor.ReflectionInvocationContext.proceed(ReflectionInvocationContext.java:141)
> at
> org.apache.openejb.core.interceptor.InterceptorStack.invoke(InterceptorStack.java:67)
> at
> org.apache.openejb.core.stateless.StatelessContainer._invoke(StatelessContainer.java:210)
> at
> org.apache.openejb.core.stateless.StatelessContainer._invoke(StatelessContainer.java:188)
> at
> org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:165)
> at
> org.apache.openejb.server.ejbd.EjbRequestHandler.doEjbObject_BUSINESS_METHOD(EjbRequestHandler.java:238)
> at
> org.apache.openejb.server.ejbd.EjbRequestHandler.processRequest(EjbRequestHandler.java:129)
> at
> org.apache.openejb.server.ejbd.EjbDaemon.processEjbRequest(EjbDaemon.java:164)
> at org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:122)
> at org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:84)
> at org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:60)
> at org.apache.openejb.server.ServicePool$2.run(ServicePool.java:78)
> at org.apache.openejb.server.ServicePool$3.run(ServicePool.java:101)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
> at java.lang.Thread.run(Thread.java:810)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: GBean annotation docs
Thanks David. How to develop a GBean using annotations is now also documented (based on your doc) in http://cwiki.apache.org/GMOxDOC22/gbean-annotations.html I am using another sample GBean to make it in line with the GBean in http://cwiki.apache.org/GMOxDOC22/developing-and-deploying-a-geronimo-gbean.html Comments are appreciated. 2008/9/20 David Blevins > Didn't see them documented anywhere so I threw up a basic doc using > Gianny's commit info and a few code examples. Might be a doc in another > space I didn't notice. > > http://cwiki.apache.org/GMOxDEV/gbean-annotations.html > > Feel free to expand upon it. > > -David > >
[jira] Created: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
Useless META-INF dir in the JEE server assembly --- Key: GERONIMO-4607 URL: https://issues.apache.org/jira/browse/GERONIMO-4607 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: buildsystem Affects Versions: 2.1.4, 2.2 Reporter: Jack Cai Priority: Minor In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
[ https://issues.apache.org/jira/browse/GERONIMO-4607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai updated GERONIMO-4607: --- Attachment: Geronimo-4607.patch Providing a fix. > Useless META-INF dir in the JEE server assembly > --- > > Key: GERONIMO-4607 > URL: https://issues.apache.org/jira/browse/GERONIMO-4607 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: buildsystem >Affects Versions: 2.1.4, 2.2 >Reporter: Jack Cai >Priority: Minor > Attachments: Geronimo-4607.patch > > > In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GERONIMO-4608) java.io.EOFException when reading ejb response
java.io.EOFException when reading ejb response --- Key: GERONIMO-4608 URL: https://issues.apache.org/jira/browse/GERONIMO-4608 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: OpenEJB Affects Versions: 2.1.4 Environment: Windows Reporter: Jack Cai In the monitoring admin console page, define a server, enable query and then view its statistics. Keep refreshing the server view page, and soon there will be a "server is offline" message. Initial debugging reveals when the jsp access the server-side agent ejb, there is a java.io.EOFException thrown during the reading of ejb response. An old mail discussion also mentioned this problem, see [1]. This problem only occurs on Windows system. [1] http://www.nabble.com/error-on-running-tests-on-windows-tt16618112.html -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-4394) Run Geronimo as a Windows service out of box
[ https://issues.apache.org/jira/browse/GERONIMO-4394?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4394. -- > Run Geronimo as a Windows service out of box > > > Key: GERONIMO-4394 > URL: https://issues.apache.org/jira/browse/GERONIMO-4394 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: commands > Environment: Windows platforms >Reporter: Jack Cai >Assignee: Jarek Gawor > Fix For: 2.1.4, 2.2 > > Attachments: GERONIMO-4394_Jack_1219.patch, geronimosrv.exe, > geronimosrvw.exe, osservice.zip, README > > > Although there is already an option provided by the Java Service Wrapper, > some users are more interested in seeing something similar to what is > provided by Tomcat. Provided that we can easily take the technology from > Tomcat (http://commons.apache.org/daemon/procrun.html), I'm keen to implement > this same thing for Geronimo. The advantage of using Apache Commons procrun > is that - > 1. Out-of-box experience, no need to download and install a third party > component; > 2. Tray icon that further improves usability. > Eventually we would think to provide this "run as a service" capability for > Linux/Unix platforms, but Windows would be a good start. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-4463) Display complete usage information in the geronimo command
[ https://issues.apache.org/jira/browse/GERONIMO-4463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4463. -- Thanks Jarek. Closing this issue. > Display complete usage information in the geronimo command > -- > > Key: GERONIMO-4463 > URL: https://issues.apache.org/jira/browse/GERONIMO-4463 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: commands >Affects Versions: 2.1.3, 2.2 > Environment: All OS >Reporter: Jack Cai >Assignee: Jarek Gawor >Priority: Minor > Fix For: 2.1.4, 2.2 > > Attachments: GERONIMO-4463_Jack.patch > > > The usage information of the "geronimo" command does not show the "--host" > and "--secure" option. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-4462) Allow JAVA_HOME to point to a JRE in Windows OS
[ https://issues.apache.org/jira/browse/GERONIMO-4462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4462. -- Thanks Jarek. Closing this issue. > Allow JAVA_HOME to point to a JRE in Windows OS > --- > > Key: GERONIMO-4462 > URL: https://issues.apache.org/jira/browse/GERONIMO-4462 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: commands >Affects Versions: 2.1.3, 2.2 > Environment: Windows OS >Reporter: Jack Cai >Assignee: Jarek Gawor >Priority: Minor > Fix For: 2.1.4, 2.2 > > Attachments: GERONIMO-4462_Jack.patch > > > Currently the setjavaenv.bat script will set JRE_HOME=JAVA_HOME if JRE_HOME > is not set. This requires JAVA_HOME to point to a JDK installation. Otherwise > the geronimo.bat script will fail to launch because JAVA_HOME\jre is not a > valid dir. This is an unnecessary requirement. We should allow user to point > JAVA_HOME to a JRE installation, as what we do in Linux script. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: [DISCUSSION] to create a set of maven archetypes for applications running on geronimo ?
On Tue, Mar 31, 2009 at 7:13 AM, David Jencks wrote: > I had a lot more thoughts on this subject while working up my apachecon eu > talk on geronimo server assemblies. > Right now we have a _lot_ of deployer code that carefully examines exactly > what your app needs and depending on what it finds adds dependencies to the > classloader. For instance if it figures out you have a web app and it's the > jetty deployer it adds the jetty car as a parent. (Some of the smaller > deployer bits I think currently always add their dependencies since there > was a problem with changing the classpath but I hope this can be fixed with > the recent configuration/classloader work). > > I think the plugin archetype should do this too. You tell it what app you > are trying to deploy and some kind of profile like jetty/tomcat and > cxf/axis2 and it (should) use the same logic as the deployer to figure out > what is needed. For the archetype, it should be adding the dependencies and > deployer dependencies to the pom and listing the deployer dependencies the > car-maven-plugin needs to start. > Great idea ! This will increase the usability of geronimo plugin development remarkably from the user's perspective since this allow the user to get the specific plugin only by selecting some simple and understandable options. > > re stringtemplate vs. velocity I don't know enough about how the > archetype framework to judge whether anything except velocity is plausible. > As I know, currently Maven Archetype only supports velocity as the template. > > Are you actively working on this project? If not I might see if there's > some fairly easy way to access the decision making the current deployers > use. > I have not started doing this for some reasons. It would be great if you can help find the way to access the deployers decision making API. > > thanks! > david jencks > > On Mar 17, 2009, at 1:26 AM, Shawn Jiang wrote: > > It looks to me as if there are no plans in the javaee apps parts of the > samples apps, so the plans are all in the plugin modules. I really don't > think we want to duplicate the functionality of the existing archetypes that > do a fine job of creating projects for java ee apps. If you really do want > to help people make projects like the sample apps, the way to do that is to > improve the plugin archetype. > > Thanks for your comments. actually, what I said was to make the pom.xml > and plan.xml template but not the JEE app itself. For example: > > servlet-examples/ > pom.xml > servlet-examples-jetty/ > pom.xml > src/ > main/ > plan/ > plan.xml > servlet-examples-tomcat/ > servlet-examples-war/ > > > From this pespective, what I was talking about is to create plugins > archetype instead of JEE app archetype. > > > I like your ideas about what can be generated in the geronimo plan. I > think we can also generate a lot more of the pom than we do now. > > I agree. > > I would be very tempted to try stringtemplate instead of velocity. I think > its clear MVC separation and roots in code generation technology (it's the > output stage for antlr) may prove useful for the manipulation we need to > do. > > But how could we reuse the existing powerful maven archetype if using > stringtemplate ? I feel that StringTemplate is more useful in a MVC > framework but not in a project generating tool. Do you agree ? > > While enabling people to reproduce our sample apps is probably better than > what we do now, I'd prefer to help them with apps that actually do a > realistic amount of work. I think improving the plugin archetype would be a > really big help. > > I suggest to start with the current sample plugins. The final goal is to > reduce most of the effort to release all samples for each geronimo version > by providing stable archetype. > > thanks > david jencks > > > > > > On Tue, Mar 17, 2009 at 3:35 PM, David Jencks wrote: > >> >> On Mar 16, 2009, at 11:50 PM, Shawn Jiang wrote: >> >> From my point of view, every current geronimo sample could be converted to >> a archetype. So that the user just needs install maven and he could just >> type a command like this: >> mvn archetype:generate -DarcheTypeCatalog= >> http://geronimo.apache.org/archetypes/samples >> >> he will get a sample menu like this: >> Choose archetype: >> 1: internal -> hello (geronimo sample web application project) >> 2: internal -> calculator-stateless-pojo (geronimo sample ejb project) >> 3: internal -> mdb (geronimo Message-Driven Bean sample project) >> 4: internal -> GBean(simple geronimo GBean project) >> 5: internal -> >> 6: internal -> >> 7: internal -> >> >> Choose a number: (1/2/3/4/5/6/7) 1: : 1 >> >> select "1" to create a hello sample project will bring him to a wizard >> like this: >> >> >> Define value for geronimo_version: : 2.1.4 >> Define value for context_root: : hellocontext >> Define value for groupId: : my.first.geronimo.web >> Define value for artifactId: : helloApp >> Defin
[jira] Resolved: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
[ https://issues.apache.org/jira/browse/GERONIMO-4607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jarek Gawor resolved GERONIMO-4607. --- Resolution: Fixed Fix Version/s: 2.2 2.1.5 Assignee: Jarek Gawor This was already fixed in trunk (revision 758915) and branches/2.1 (revision 758914). > Useless META-INF dir in the JEE server assembly > --- > > Key: GERONIMO-4607 > URL: https://issues.apache.org/jira/browse/GERONIMO-4607 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: buildsystem >Affects Versions: 2.1.4, 2.2 >Reporter: Jack Cai >Assignee: Jarek Gawor >Priority: Minor > Fix For: 2.1.5, 2.2 > > Attachments: Geronimo-4607.patch > > > In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4243) EAR Deploy Error
[
https://issues.apache.org/jira/browse/GERONIMO-4243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12694143#action_12694143
]
Gus commented on GERONIMO-4243:
---
I've just attempted to deploy the same ear on 2.2-SNAPSHOT (wow, it takes a
long time to build), and get the same error.
> EAR Deploy Error
>
>
> Key: GERONIMO-4243
> URL: https://issues.apache.org/jira/browse/GERONIMO-4243
> Project: Geronimo
> Issue Type: Sub-task
> Security Level: public(Regular issues)
> Components: console, deployment, Jetty, Tomcat, webservices
>Affects Versions: 2.1.2, 2.1.3, 2.2
> Environment: Java
> java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
> java.awt.printerjob sun.print.PSPrinterJob
> java.class.path
> /usr/local/geronimo/bin/server.jar
> /usr/local/geronimo/bin/jpa.jar
> java.class.version49.0
> java.endorsed.dirs
> /usr/local/geronimo/lib/endorsed
> /usr/local/java/jre/lib/endorsed
> java.ext.dirs
> /usr/local/geronimo/lib/ext
> /usr/local/java/jre/lib/ext
> java.home /home/oxseed/jdk1.5.0_15/jre
> java.io.tmpdir/home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/temp
> java.library.path
> /home/oxseed/jdk1.5.0_15/jre/lib/i386/server
> /home/oxseed/jdk1.5.0_15/jre/lib/i386
> /home/oxseed/jdk1.5.0_15/jre/../lib/i386
> java.runtime.name Java(TM) 2 Runtime Environment, Standard Edition
> java.runtime.version 1.5.0_15-b04
> java.specification.name Java Platform API Specification
> java.specification.vendor Sun Microsystems Inc.
> java.specification.version1.5
> java.util.prefs.PreferencesFactory
> java.vendor- Sun Microsystems Inc.
> java.vendor.url http://java.sun.com/
> java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi
> java.version- 1.5.0_15
> Virtual Machine
> java.vm.info mixed mode
> java.vm.name Java HotSpot(TM) Server VM
> java.vm.specification.nameJava Virtual Machine Specification
> java.vm.specification.vendor Sun Microsystems Inc.
> java.vm.specification.version 1.0
> java.vm.vendorSun Microsystems Inc.
> java.vm.version 1.5.0_15-b04
> Operating System
> os.arch i386
> os.name Linux
> os.version2.6.16.33-xen
> Sun
> sun.arch.data.model 32
> sun.boot.class.path
> /usr/local/geronimo/lib/endorsed/yoko-spec-corba-1.0.jar
> /usr/local/geronimo/lib/endorsed/yoko-rmi-spec-1.0.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/rt.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/i18n.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/sunrsasign.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/jsse.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/jce.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/charsets.jar
> /home/oxseed/jdk1.5.0_15/jre/classes
> sun.boot.library.path
> /home/oxseed/jdk1.5.0_15/jre/lib/i386
> sun.cpu.endianlittle
> sun.cpu.isalist
> sun.io.unicode.encoding UnicodeLittle
> sun.java2d.fontpath
> sun.os.patch.levelunknown
> User
> user.country US
> user.dir /home/oxseed
> user.home /home/oxseed
> user.language en
> user.name oxseed
> user.timezone Europe/Berlin
> user.variant
> Etc
> admin.disabledtrue
> catalina.base /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
> catalina.home /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
> catalina.useNamingfalse
> com.sun.management.jmxremote
> com.sun.management.jmxremote.authenticate false
> com.sun.management.jmxremote.port 8004
> com.sun.management.jmxremote.ssl false
> common.loader ${catalina.home}/lib ${catalina.home}/lib/*.jar
> derby.storage.fileSyncTransactionLog true
> derby.system.home /home/oxseed
> duct tape
> file.encoding ANSI_X3.4-1968
> file.encoding.pkg sun.io
> file.separator/
> java.naming.factory.initial
> org.apache.xbean.naming.global.GlobalContextManager
> java.naming.factory.url.pkgs org.apache.xbean.naming
> java.naming.provider.url rmi://0.0.0.0:1099
> java.net.preferIPv4Stack true
> java.rmi.server.RMIClassLoaderSpi
> org.apache.geronimo.kernel.rmi.RMIClassLoaderSpiImpl
> java.rmi.server.randomIDs true
> java.security.ProviderSUN
> javax.rmi.CORBA.PortableRemoteObjectClass
> org.apache.yoko.rmi.impl.PortableRemoteObjectImpl
> javax.rmi.CORBA.StubClass org.apache.yoko.rmi.impl.StubImpl
> javax.rmi.CORBA.UtilClass org.apache.geronimo.corba.util.UtilDelegateImpl
> javax.security.jacc.PolicyConfigurationFactory.provider
> org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory
> javax.security.jacc.policy.provider
> org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy
> javax.xml.soap.MessageFactory
> org.apache.geronimo.webservices.saaj.GeronimoMessageFactory
> javax.xml.soap.MetaFactory
> org.apa
[jira] Closed: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
[ https://issues.apache.org/jira/browse/GERONIMO-4607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4607. -- Oops, didn't notice that. Closing this issue then. > Useless META-INF dir in the JEE server assembly > --- > > Key: GERONIMO-4607 > URL: https://issues.apache.org/jira/browse/GERONIMO-4607 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: buildsystem >Affects Versions: 2.1.4, 2.2 >Reporter: Jack Cai >Assignee: Jarek Gawor >Priority: Minor > Fix For: 2.1.5, 2.2 > > Attachments: Geronimo-4607.patch > > > In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4597) Validate Web Admin Console input - address admin console security vulnerabilities
[ https://issues.apache.org/jira/browse/GERONIMO-4597?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Bohn updated GERONIMO-4597: --- Description: This JIRA addresses the following security vulnerabilities in the web admin console: CVE-2008-5518: Apache Geronimo web administration console directory traversal vulnerabilities. A vulnerability was found in several portlets including Services/Repository, Embedded DB/DB Manager, and Security/Keystores when running the Apache Geronimo server on Windows. This issue may allow a remote attacker to upload any file in any directory. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server. Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes. CVE-2009-0038: Apache Geronimo web administration console XSS vulnerabilities Various linked and stored cross-site scripting (XSS) vulnerabilities were found in the Apache Geronimo administrative console and related utilities. Using this vulnerability an attacker can steal an administrator's cookie and then authenticate as administrator or perform certain administrative actions. For example, a user can inject XSS in some URLs or in several input fields in various portlets. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server. Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) and Marc Schoenefeld (Red Hat Security Response Team) for responsibly reporting this issue and assisting us with validating our fixes. CVE-2009-0039: Apache Geronimo web administration console XSRF vulnerabilities Various cross-site request forgery (XSRF or CSRF) vulnerabilities were identified in the Apache Geronimo web administration console. Exploiting these issues may allow a remote attacker to perform certain administrative actions, e.g. change web administration password, upload applications, etc... using predictable URL requests once the user has authenticated and obtained a valid session with the server. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server. Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes. It corrects the issues with the addition of directory checks and a servlet filter to check for XSS and XSRF vulnerabilities Summary: Validate Web Admin Console input - address admin console security vulnerabilities (was: Validate Web Admin Console input) > Validate Web Admin Console input - address admin console security > vulnerabilities > - > > Key: GERONIMO-4597 > URL: https://issues.apache.org/jira/browse/GERONIMO-4597 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: console >Affects Versions: 2.1, 2.1.1, 2.1.2, 2.1.3 >Reporter: Joe Bohn >Assignee: Joe Bohn > Fix For: 2.1.4, 2.1.5, 2.2 > > > This JIRA addresses the following security vulnerabilities in the web admin > console: > CVE-2008-5518: Apache Geronimo web administration console directory traversal > vulnerabilities. > A vulnerability was found in several portlets including Services/Repository, > Embedded DB/DB Manager, and Security/Keystores when running the Apache > Geronimo server on Windows. This issue may allow a remote attacker to upload > any file in any directory. This affects all full JavaEE Geronimo assemblies > or other distributions which include the administration web console up to and > including Apache Geronimo 2.1.3. An alternative workaround (if you choose to > not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the > administration web console application in the server. > Credit: The Apache Geronimo project would like to thank Digital Security > Research Group (dsecrg.com) for res
[ANNOUNCE] Availability of Geronimo 2.1.4
The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.1.4 server. This is primarily a maintenance release. Among the updates and fixes included in the release are several security fixes for vulnerabilities in the administration console. Details of the security vulnerabilities fixed in this release can be found in the Security Report: http://geronimo.apache.org/21x-security-report.html Other fixes and enhancements are listed in the Release Notes: http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT Visit the Downloads page for details on downloading Apache Geronimo v2.1.4 server assemblies: http://geronimo.apache.org/downloads.html A big THANK YOU to all that contributed to this release! Great work everyone! Joe
[SECURITY] Web Administration Console vulnerabilities
The Apache Geronimo project has learned of several security vulnerabilities in the Geronimo Administration Console. If you use a full javaee5 configuration of the Geronimo server or have installed the console into another Geronimo server configuration you may be affected by these vulnerabilities. The vulnerabilities affect all full JavaEE Geronimo assemblies or other distributions that include the administration web console up to and including Apache Geronimo 2.1.3. The vulnerabilities are in the areas of directory traversal from the administration console as well as XSS and XSRF exposures. All vulnerabilities have been addressed in the newly released Geronimo 2.1.4 server currently available for download at: http://geronimo.apache.org/downloads.html For specific information regarding the vulnerabilities please see the security report: http://geronimo.apache.org/21x-security-report.html The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) and Marc Schoenefeld (Red Hat Security Response Team) for responsibly reporting these issues and assisting us with validating our fixes.
Re: [ANNOUNCE] Availability of Geronimo 2.1.4
On Mar 31, 2009, at 12:21 PM, Joe Bohn wrote: The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.1.4 server. This is primarily a maintenance release. Among the updates and fixes included in the release are several security fixes for vulnerabilities in the administration console. Details of the security vulnerabilities fixed in this release can be found in the Security Report: http://geronimo.apache.org/21x-security-report.html Other fixes and enhancements are listed in the Release Notes: http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT Visit the Downloads page for details on downloading Apache Geronimo v2.1.4 server assemblies: http://geronimo.apache.org/downloads.html A big THANK YOU to all that contributed to this release! Great work everyone! Terrific! Joe and Donald deserve a special round-of-applause here -- they carried a lot of the burden in resolving these security vulnerabilities. Also thanks to Jarek and Joe for seeing this release out. As Joe noted in the SECURITY announcement, Digital Security Research Group (dsecrg.com) was extremely helpful in identifying, discussing, and testing these security issues. Thanks! --kevan
Re: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
Rahul,
A few comments. I would drop the 1) bullet since in the grand scheme
of things this is a little detail and instead I would focus more on
the 2) bullet.
I like the WS-SecurityPolicy idea but it might be a little too much to
do at once. So I would stage things in the following way:
1) First work on the basic WS-Security support. Add support for
Username Token Profile and X509 Certificate Token Profile.
2) Once 1) is working, add support for WS-SecurityPolicy
3) Once 2) is working, add support for WSSecurityFeature as described.
That will probably require adding similar extensions to CXF and Axis2
first.
Besides configuring WS-Security properties for web services we also
want to configure the same sort of properties for Web Service
references (@WebServiceRef). So that clients can also make WS-Security
secured calls.
Also, to make life easier, can you put this proposal onto some
personal Apache wiki page (http://wiki.apache.org/general) and I think
that way we could edit this together.
Thanks,
Jarek
On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa wrote:
> Hello Devs,
>
> I have written a very initial draft for gsoc "WS-Security support for
> JAX-WS Web Services" project [1]. Please suggest any modifications.
> Thanks to Jarek for his thoughts and immediate help.
>
> // Quote
>
> Title: WS-Security support for JAX-WS Web Services
>
> Abstract:
>
> To integrate and enable the WS-Security features of Apache Axis2 and
> Apache CXF in Apache Geronimo on web services.
>
> Description:
>
> Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
> of these libraries have some WS-Security features. But these features
> are not integrated/enabled in Geronimo. So the goal is to enable these
> features from within Geronimo. That involves basically two things:
>
> 1) that the modules (i.e. WSS4J) that provide the WS-Security features
> for Axis2 and CXF are installed with Geronimo, and
>
> 2) that the WS-Security features such as [XML Security ('XML
> Signature' - allows one to send along with the message a digital
> signature of it, which assures that no one modified the message
> content between the sender and receiver, 'XML Encryption' -allows one
> to encrypt the message body or only its part using the given
> cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
> scenario adds username and password values to the message header,
> 'Timestamps' - Timestamps specify how long the security data remains
> valid, 'SAML Tokens')] can be enabled and configured on web services
> via Geronimo deployment descriptors and/or annotations. For example,
> given some web service that is annotated with @WebService; so to
> ensure that the service only accepts WS-Security -secured messages, it
> should be something like “to add @WS-Security annotation”.
>
> Further in detail, we can consider WS-Security policies which can be
> applied to the SOAP messages that pass between web services and web
> service controls. A WS-Security is controlled in WS-Security policy
> files. The WS-Security policy file (WSSE file) defines the security
> policy applied to the SOAP messages that pass between web services and
> their clients.[1]
>
> So we can use something like following annotation
> @WS-Security file="MyWebServicePolicy.wsse"
> Example:
> @WebService
> @WS-Security file="MyWebServicePolicy.wsse"
> public class xyz
>
> The @WS-Security annotation determines the WS-Security policy file
> (WSSE) to be applied to (1) incoming SOAP invocations of the web
> service's methods and (2) the outgoing SOAP messages containing the
> value returned by the web service's methods.[1]. The attribute file in
> the above mentioned annotation specifies the path to the WS-Security
> policy file (WSSE file - MyWebServicePolicy.wsse) used by the web
> service.
>
> In addition, I think we can also define some security feature
> something like SecurityFeature similar to other WebService Feature(s)
> such as AddressingFeature, MTOMFeature
> and RespectBindingFeature
> . This new feature can also have the “enabled property” like other
> features that is used to store whether a particular feature should be
> enabled or disabled. This type should provide either a constructor
> argument
> and/or a method that will allow the web service developer to set the
> enabled property. The meaning of enabled or disabled is determined by
> each individual WebServiceFeature. It is important that web services
> developers be able to enable/disable specific features when writing
> their web applications. [2]
>
> [1] http://e-docs.bea.com/workshop/docs81/doc/en/core/index.html
>
> [2] http://jcp.org/aboutJava/communityprocess/mrel/jsr224/index2.html
>
>
> //Unquote
>
> Any suggestion will be appreciable.
>
> * Please put my email id in cc if you reply to mailing list only as I
> am not on the mailing list at this time. I have sent requests many
> times but could not get the confirmation reply for joining the mailing
> list so far.
>
> Many Thanks
Re: [ANNOUNCE] Availability of Geronimo 2.1.4
Joe Bohn wrote: The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.1.4 server. This is primarily a maintenance release. Among the updates and fixes included in the release are several security fixes for vulnerabilities in the administration console. Details of the security vulnerabilities fixed in this release can be found in the Security Report: http://geronimo.apache.org/21x-security-report.html Other fixes and enhancements are listed in the Release Notes: http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT Visit the Downloads page for details on downloading Apache Geronimo v2.1.4 server assemblies: http://geronimo.apache.org/downloads.html A big THANK YOU to all that contributed to this release! Great work everyone! Joe Congratulations!
Re: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
Jarek,
With CXF 2.2, adding support for WS-SecurityPolicy for WSDL first cases would
most likely be MUCH easier than doing "basic WS-Security support. Add support
for Username Token Profile and X509 Certificate Token Profile."Basically,
if the WSDL contains the policies, set a few properties and it just works.
(things like the password callback and keystore information). See:
http://cwiki.apache.org/CXF20DOC/ws-securitypolicy.html
and also the ws-security samples in the 2.2 distribution.
I believe the same may be true for Axis2/Rampart.
#3 will definitely require some work in both CXF and Axis2, but that's not
necessarily a bad thing.
Dan
On Tue March 31 2009 4:08:53 pm Jarek Gawor wrote:
> Rahul,
>
> A few comments. I would drop the 1) bullet since in the grand scheme
> of things this is a little detail and instead I would focus more on
> the 2) bullet.
>
> I like the WS-SecurityPolicy idea but it might be a little too much to
> do at once. So I would stage things in the following way:
>
> 1) First work on the basic WS-Security support. Add support for
> Username Token Profile and X509 Certificate Token Profile.
>
> 2) Once 1) is working, add support for WS-SecurityPolicy
>
> 3) Once 2) is working, add support for WSSecurityFeature as described.
> That will probably require adding similar extensions to CXF and Axis2
> first.
>
> Besides configuring WS-Security properties for web services we also
> want to configure the same sort of properties for Web Service
> references (@WebServiceRef). So that clients can also make WS-Security
> secured calls.
>
> Also, to make life easier, can you put this proposal onto some
> personal Apache wiki page (http://wiki.apache.org/general) and I think
> that way we could edit this together.
>
> Thanks,
> Jarek
>
> On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa wrote:
> > Hello Devs,
> >
> > I have written a very initial draft for gsoc "WS-Security support for
> > JAX-WS Web Services" project [1]. Please suggest any modifications.
> > Thanks to Jarek for his thoughts and immediate help.
> >
> > // Quote
> >
> > Title: WS-Security support for JAX-WS Web Services
> >
> > Abstract:
> >
> > To integrate and enable the WS-Security features of Apache Axis2 and
> > Apache CXF in Apache Geronimo on web services.
> >
> > Description:
> >
> > Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
> > of these libraries have some WS-Security features. But these features
> > are not integrated/enabled in Geronimo. So the goal is to enable these
> > features from within Geronimo. That involves basically two things:
> >
> > 1) that the modules (i.e. WSS4J) that provide the WS-Security features
> > for Axis2 and CXF are installed with Geronimo, and
> >
> > 2) that the WS-Security features such as [XML Security ('XML
> > Signature' - allows one to send along with the message a digital
> > signature of it, which assures that no one modified the message
> > content between the sender and receiver, 'XML Encryption' -allows one
> > to encrypt the message body or only its part using the given
> > cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
> > scenario adds username and password values to the message header,
> > 'Timestamps' - Timestamps specify how long the security data remains
> > valid, 'SAML Tokens')] can be enabled and configured on web services
> > via Geronimo deployment descriptors and/or annotations. For example,
> > given some web service that is annotated with @WebService; so to
> > ensure that the service only accepts WS-Security -secured messages, it
> > should be something like “to add @WS-Security annotation”.
> >
> > Further in detail, we can consider WS-Security policies which can be
> > applied to the SOAP messages that pass between web services and web
> > service controls. A WS-Security is controlled in WS-Security policy
> > files. The WS-Security policy file (WSSE file) defines the security
> > policy applied to the SOAP messages that pass between web services and
> > their clients.[1]
> >
> > So we can use something like following annotation
> > @WS-Security file="MyWebServicePolicy.wsse"
> > Example:
> > @WebService
> > @WS-Security file="MyWebServicePolicy.wsse"
> > public class xyz
> >
> > The @WS-Security annotation determines the WS-Security policy file
> > (WSSE) to be applied to (1) incoming SOAP invocations of the web
> > service's methods and (2) the outgoing SOAP messages containing the
> > value returned by the web service's methods.[1]. The attribute file in
> > the above mentioned annotation specifies the path to the WS-Security
> > policy file (WSSE file - MyWebServicePolicy.wsse) used by the web
> > service.
> >
> > In addition, I think we can also define some security feature
> > something like SecurityFeature similar to other WebService Feature(s)
> > such as AddressingFeature, MTOMFeature
> > and RespectBindingFeature
> > . This new feature can also have the “enabled property” like other
> >
Re: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
Thanks Dan. I was actually looking at this CXF (and Rampart)
documentation and debating which would be easier or simpler to start
with. And I figured that starting with WS-SecurityPolicy will require
getting more parts right and more things to understand so that's why I
proposed to start small(er) and work from there. Having
WS-SecurityPolicy support in Geronimo would be great but I'm not
concerned about that from this project point of view. I'll be happy as
long as we get Username Token Profile and X509 Certificate Token
Profile support in Geronimo using or not using WS-SecurityPolicy.
Thanks,
Jarek
On Tue, Mar 31, 2009 at 4:24 PM, Daniel Kulp wrote:
>
> Jarek,
>
> With CXF 2.2, adding support for WS-SecurityPolicy for WSDL first cases would
> most likely be MUCH easier than doing "basic WS-Security support. Add support
> for Username Token Profile and X509 Certificate Token Profile." Basically,
> if the WSDL contains the policies, set a few properties and it just works.
> (things like the password callback and keystore information). See:
>
> http://cwiki.apache.org/CXF20DOC/ws-securitypolicy.html
>
> and also the ws-security samples in the 2.2 distribution.
>
> I believe the same may be true for Axis2/Rampart.
>
> #3 will definitely require some work in both CXF and Axis2, but that's not
> necessarily a bad thing.
>
>
> Dan
>
>
>
> On Tue March 31 2009 4:08:53 pm Jarek Gawor wrote:
>> Rahul,
>>
>> A few comments. I would drop the 1) bullet since in the grand scheme
>> of things this is a little detail and instead I would focus more on
>> the 2) bullet.
>>
>> I like the WS-SecurityPolicy idea but it might be a little too much to
>> do at once. So I would stage things in the following way:
>>
>> 1) First work on the basic WS-Security support. Add support for
>> Username Token Profile and X509 Certificate Token Profile.
>>
>> 2) Once 1) is working, add support for WS-SecurityPolicy
>>
>> 3) Once 2) is working, add support for WSSecurityFeature as described.
>> That will probably require adding similar extensions to CXF and Axis2
>> first.
>>
>> Besides configuring WS-Security properties for web services we also
>> want to configure the same sort of properties for Web Service
>> references (@WebServiceRef). So that clients can also make WS-Security
>> secured calls.
>>
>> Also, to make life easier, can you put this proposal onto some
>> personal Apache wiki page (http://wiki.apache.org/general) and I think
>> that way we could edit this together.
>>
>> Thanks,
>> Jarek
>>
>> On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa wrote:
>> > Hello Devs,
>> >
>> > I have written a very initial draft for gsoc "WS-Security support for
>> > JAX-WS Web Services" project [1]. Please suggest any modifications.
>> > Thanks to Jarek for his thoughts and immediate help.
>> >
>> > // Quote
>> >
>> > Title: WS-Security support for JAX-WS Web Services
>> >
>> > Abstract:
>> >
>> > To integrate and enable the WS-Security features of Apache Axis2 and
>> > Apache CXF in Apache Geronimo on web services.
>> >
>> > Description:
>> >
>> > Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
>> > of these libraries have some WS-Security features. But these features
>> > are not integrated/enabled in Geronimo. So the goal is to enable these
>> > features from within Geronimo. That involves basically two things:
>> >
>> > 1) that the modules (i.e. WSS4J) that provide the WS-Security features
>> > for Axis2 and CXF are installed with Geronimo, and
>> >
>> > 2) that the WS-Security features such as [XML Security ('XML
>> > Signature' - allows one to send along with the message a digital
>> > signature of it, which assures that no one modified the message
>> > content between the sender and receiver, 'XML Encryption' -allows one
>> > to encrypt the message body or only its part using the given
>> > cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
>> > scenario adds username and password values to the message header,
>> > 'Timestamps' - Timestamps specify how long the security data remains
>> > valid, 'SAML Tokens')] can be enabled and configured on web services
>> > via Geronimo deployment descriptors and/or annotations. For example,
>> > given some web service that is annotated with @WebService; so to
>> > ensure that the service only accepts WS-Security -secured messages, it
>> > should be something like “to add @WS-Security annotation”.
>> >
>> > Further in detail, we can consider WS-Security policies which can be
>> > applied to the SOAP messages that pass between web services and web
>> > service controls. A WS-Security is controlled in WS-Security policy
>> > files. The WS-Security policy file (WSSE file) defines the security
>> > policy applied to the SOAP messages that pass between web services and
>> > their clients.[1]
>> >
>> > So we can use something like following annotation
>> > @WS-Security file="MyWebServicePolicy.wsse"
>> > Example:
>> > @WebService
>> > @WS-Security file="MyWebService
Fwd: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
// Apologize, forgot to click on "Reply All".
Best Regards,
Rahul
-- Forwarded message --
From: rahul.soa
Date: Tue, Mar 31, 2009 at 11:44 PM
Subject: Re: Initial Draft for gsoc [WS-Security support for JAX-WS
Web Services] project
To: Jarek Gawor
Hello Jarek/Daniel/Devs,
Thanks for your comments.
I added the proposal quickly as I sent in my previous email on the
following link:
http://wiki.apache.org/general/rahulsoa
I will keep it updating with the discussion we are having.
Thanks.
Best Regards,
Rahul
On Tue, Mar 31, 2009 at 10:08 PM, Jarek Gawor wrote:
> Rahul,
>
> A few comments. I would drop the 1) bullet since in the grand scheme
> of things this is a little detail and instead I would focus more on
> the 2) bullet.
>
> I like the WS-SecurityPolicy idea but it might be a little too much to
> do at once. So I would stage things in the following way:
>
> 1) First work on the basic WS-Security support. Add support for
> Username Token Profile and X509 Certificate Token Profile.
>
> 2) Once 1) is working, add support for WS-SecurityPolicy
>
> 3) Once 2) is working, add support for WSSecurityFeature as described.
> That will probably require adding similar extensions to CXF and Axis2
> first.
>
> Besides configuring WS-Security properties for web services we also
> want to configure the same sort of properties for Web Service
> references (@WebServiceRef). So that clients can also make WS-Security
> secured calls.
>
> Also, to make life easier, can you put this proposal onto some
> personal Apache wiki page (http://wiki.apache.org/general) and I think
> that way we could edit this together.
>
> Thanks,
> Jarek
>
> On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa wrote:
>> Hello Devs,
>>
>> I have written a very initial draft for gsoc "WS-Security support for
>> JAX-WS Web Services" project [1]. Please suggest any modifications.
>> Thanks to Jarek for his thoughts and immediate help.
>>
>> // Quote
>>
>> Title: WS-Security support for JAX-WS Web Services
>>
>> Abstract:
>>
>> To integrate and enable the WS-Security features of Apache Axis2 and
>> Apache CXF in Apache Geronimo on web services.
>>
>> Description:
>>
>> Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
>> of these libraries have some WS-Security features. But these features
>> are not integrated/enabled in Geronimo. So the goal is to enable these
>> features from within Geronimo. That involves basically two things:
>>
>> 1) that the modules (i.e. WSS4J) that provide the WS-Security features
>> for Axis2 and CXF are installed with Geronimo, and
>>
>> 2) that the WS-Security features such as [XML Security ('XML
>> Signature' - allows one to send along with the message a digital
>> signature of it, which assures that no one modified the message
>> content between the sender and receiver, 'XML Encryption' -allows one
>> to encrypt the message body or only its part using the given
>> cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
>> scenario adds username and password values to the message header,
>> 'Timestamps' - Timestamps specify how long the security data remains
>> valid, 'SAML Tokens')] can be enabled and configured on web services
>> via Geronimo deployment descriptors and/or annotations. For example,
>> given some web service that is annotated with @WebService; so to
>> ensure that the service only accepts WS-Security -secured messages, it
>> should be something like “to add @WS-Security annotation”.
>>
>> Further in detail, we can consider WS-Security policies which can be
>> applied to the SOAP messages that pass between web services and web
>> service controls. A WS-Security is controlled in WS-Security policy
>> files. The WS-Security policy file (WSSE file) defines the security
>> policy applied to the SOAP messages that pass between web services and
>> their clients.[1]
>>
>> So we can use something like following annotation
>> @WS-Security file="MyWebServicePolicy.wsse"
>> Example:
>> @WebService
>> @WS-Security file="MyWebServicePolicy.wsse"
>> public class xyz
>>
>> The @WS-Security annotation determines the WS-Security policy file
>> (WSSE) to be applied to (1) incoming SOAP invocations of the web
>> service's methods and (2) the outgoing SOAP messages containing the
>> value returned by the web service's methods.[1]. The attribute file in
>> the above mentioned annotation specifies the path to the WS-Security
>> policy file (WSSE file - MyWebServicePolicy.wsse) used by the web
>> service.
>>
>> In addition, I think we can also define some security feature
>> something like SecurityFeature similar to other WebService Feature(s)
>> such as AddressingFeature, MTOMFeature
>> and RespectBindingFeature
>> . This new feature can also have the “enabled property” like other
>> features that is used to store whether a particular feature should be
>> enabled or disabled. This type should provide either a constructor
>> argument
>> and/or a method that will allow the web s
[BUILD] trunk: Failed for Revision: 760743
Geronimo Revision: 760743 built with tests included
See the full build-2100.log file at
http://people.apache.org/builds/geronimo/server/binaries/trunk/20090331/build-2100.log
Download the binaries from
http://people.apache.org/builds/geronimo/server/binaries/trunk/20090331
[INFO] BUILD SUCCESSFUL
[INFO]
[INFO] Total time: 35 minutes 37 seconds
[INFO] Finished at: Tue Mar 31 21:39:47 EDT 2009
[INFO] Final Memory: 678M/973M
[INFO]
TESTSUITE RESULTS (Failures only)
=
See detailed results at
http://people.apache.org/builds/geronimo/server/testsuite/ResultsSummary.html
Assembly: tomcat
=
See the full test.log file at
http://people.apache.org/builds/geronimo/server/binaries/trunk/20090331/logs-2100-tomcat/test.log
[INFO] snapshot
org.apache.geronimo.assemblies:geronimo-tomcat6-javaee5:2.2-SNAPSHOT: checking
for updates from codehaus-snapshots
[INFO] Using assembly artifact:
org.apache.geronimo.assemblies:geronimo-tomcat6-javaee5:zip:bin:2.2-SNAPSHOT:provided
[INFO] Using geronimoHome:
/home/geronimo/geronimo/trunk/testsuite/target/geronimo-tomcat6-javaee5-2.2-SNAPSHOT
[INFO] Installing assembly...
[INFO] Expanding:
/home/geronimo/.m2/repository/org/apache/geronimo/assemblies/geronimo-tomcat6-javaee5/2.2-SNAPSHOT/geronimo-tomcat6-javaee5-2.2-SNAPSHOT-bin.zip
into /home/geronimo/geronimo/trunk/testsuite/target
[INFO] Starting Geronimo server...
[INFO] Selected option set: default
[INFO] Redirecting output to:
/home/geronimo/geronimo/trunk/testsuite/target/geronimo-logs/org.apache.geronimo.mavenplugins.geronimo.server.StartServerMojo.log
[INFO] Waiting for Geronimo server...
[INFO] Geronimo server started in 0:00:41.842
[INFO] [shitty:install {execution: default}]
[INFO] Installing /home/geronimo/geronimo/trunk/testsuite/pom.xml to
/home/geronimo/.m2/repository/org/apache/geronimo/testsuite/testsuite/2.2-SNAPSHOT/testsuite-2.2-SNAPSHOT.pom
[INFO] [shitty:test {execution: default}]
[INFO] Starting 36 test builds
[INFO]
[INFO]
---
[INFO]
[INFO] commands-testsuite/deploy RUNNING
[INFO] commands-testsuite/deploy SUCCESS (0:00:59.058)
[INFO] commands-testsuite/gshell RUNNING
[INFO] commands-testsuite/gshell SUCCESS (0:00:28.026)
[INFO] commands-testsuite/jaxws RUNNING
[INFO] commands-testsuite/jaxws SUCCESS (0:00:33.593)
[INFO] commands-testsuite/shutdownRUNNING
[INFO] commands-testsuite/shutdownSUCCESS (0:00:15.652)
[INFO] concurrent-testsuite/concurrent-basic RUNNING
[INFO] concurrent-testsuite/concurrent-basic SUCCESS (0:06:22.860)
[INFO] console-testsuite/advanced RUNNING
[INFO] console-testsuite/advanced SUCCESS (0:01:28.419)
[INFO] console-testsuite/basicRUNNING
[INFO] console-testsuite/basicSUCCESS (0:01:54.133)
[INFO] corba-testsuite/corba-helloworld RUNNING
[INFO] corba-testsuite/corba-helloworld SUCCESS (0:00:48.609)
[INFO] corba-testsuite/corba-marshal RUNNING
[INFO] corba-testsuite/corba-marshal SUCCESS (0:00:48.655)
[INFO] corba-testsuite/corba-mytime RUNNING
[INFO] corba-testsuite/corba-mytime SUCCESS (0:00:41.193)
[INFO] deployment-testsuite/deployment-tests RUNNING
[INFO] deployment-testsuite/deployment-tests SUCCESS (0:00:30.028)
[INFO] deployment-testsuite/jca-cms-tests RUNNING
[INFO] deployment-testsuite/jca-cms-tests SUCCESS (0:00:31.259)
[INFO] deployment-testsuite/manifestcp-tests RUNNING
[INFO] deployment-testsuite/manifestcp-tests SUCCESS (0:00:33.401)
[INFO] enterprise-testsuite/ejb-tests RUNNING
[INFO] enterprise-testsuite/ejb-tests SUCCESS (0:00:50.200)
[INFO] enterprise-testsuite/jms-tests RUNNING
[INFO] enterprise-testsuite/jms-tests SUCCESS (0:00:57.348)
[INFO] enterprise-testsuite/jpa-tests RUNNING
[INFO] enterprise-testsuite/jpa-tests SUCCESS (0:00:51.562)
[INFO] enterprise-testsuite/sec-clientRUNNING
[INFO] enterprise-testsuite/sec-clientSUCCESS (0:00:28.419)
[INFO] enterprise-testsuite/sec-tests RUNNING
[INFO] enterprise-testsuite/sec-tests SUCCESS (0:00:48.777)
[INFO] security-testsuite/test-security RUNNING
[INFO] security-testsuite/test-security FAILURE (0:00:38.733) Java
returned: 1
[INFO] web-testsuite/test-2.1-jspsRUNNING
[INFO] web-testsuite/test-2.1-jspsSUCCESS (0:00:29.498)
[INFO] web-testsuite/test-2.5-servletsRUNNING
[INFO] web-testsuite/test-2.5
[jira] Commented: (GERONIMO-4243) EAR Deploy Error
[
https://issues.apache.org/jira/browse/GERONIMO-4243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12694360#action_12694360
]
Ivan commented on GERONIMO-4243:
IMO, it may not the problem of ASM. In the case of db2jcc.jar, although some
files in it are with .class suffix, they are not common compiled class files.
For you could see the first four bytes are not "CA FE BA BE".
Hi, Gus, maybe there are some files in your shipped jars are with the same
reason. Have you tried the
export JAVA_OPTS="-Dorg.apache.geronimo.jaxws.builder.useSimpleFinder=true",
while this option is on, Geronimo will not scan all the classes in the
classpath.
> EAR Deploy Error
>
>
> Key: GERONIMO-4243
> URL: https://issues.apache.org/jira/browse/GERONIMO-4243
> Project: Geronimo
> Issue Type: Sub-task
> Security Level: public(Regular issues)
> Components: console, deployment, Jetty, Tomcat, webservices
>Affects Versions: 2.1.2, 2.1.3, 2.2
> Environment: Java
> java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
> java.awt.printerjob sun.print.PSPrinterJob
> java.class.path
> /usr/local/geronimo/bin/server.jar
> /usr/local/geronimo/bin/jpa.jar
> java.class.version49.0
> java.endorsed.dirs
> /usr/local/geronimo/lib/endorsed
> /usr/local/java/jre/lib/endorsed
> java.ext.dirs
> /usr/local/geronimo/lib/ext
> /usr/local/java/jre/lib/ext
> java.home /home/oxseed/jdk1.5.0_15/jre
> java.io.tmpdir/home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/temp
> java.library.path
> /home/oxseed/jdk1.5.0_15/jre/lib/i386/server
> /home/oxseed/jdk1.5.0_15/jre/lib/i386
> /home/oxseed/jdk1.5.0_15/jre/../lib/i386
> java.runtime.name Java(TM) 2 Runtime Environment, Standard Edition
> java.runtime.version 1.5.0_15-b04
> java.specification.name Java Platform API Specification
> java.specification.vendor Sun Microsystems Inc.
> java.specification.version1.5
> java.util.prefs.PreferencesFactory
> java.vendor- Sun Microsystems Inc.
> java.vendor.url http://java.sun.com/
> java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi
> java.version- 1.5.0_15
> Virtual Machine
> java.vm.info mixed mode
> java.vm.name Java HotSpot(TM) Server VM
> java.vm.specification.nameJava Virtual Machine Specification
> java.vm.specification.vendor Sun Microsystems Inc.
> java.vm.specification.version 1.0
> java.vm.vendorSun Microsystems Inc.
> java.vm.version 1.5.0_15-b04
> Operating System
> os.arch i386
> os.name Linux
> os.version2.6.16.33-xen
> Sun
> sun.arch.data.model 32
> sun.boot.class.path
> /usr/local/geronimo/lib/endorsed/yoko-spec-corba-1.0.jar
> /usr/local/geronimo/lib/endorsed/yoko-rmi-spec-1.0.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/rt.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/i18n.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/sunrsasign.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/jsse.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/jce.jar
> /home/oxseed/jdk1.5.0_15/jre/lib/charsets.jar
> /home/oxseed/jdk1.5.0_15/jre/classes
> sun.boot.library.path
> /home/oxseed/jdk1.5.0_15/jre/lib/i386
> sun.cpu.endianlittle
> sun.cpu.isalist
> sun.io.unicode.encoding UnicodeLittle
> sun.java2d.fontpath
> sun.os.patch.levelunknown
> User
> user.country US
> user.dir /home/oxseed
> user.home /home/oxseed
> user.language en
> user.name oxseed
> user.timezone Europe/Berlin
> user.variant
> Etc
> admin.disabledtrue
> catalina.base /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
> catalina.home /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
> catalina.useNamingfalse
> com.sun.management.jmxremote
> com.sun.management.jmxremote.authenticate false
> com.sun.management.jmxremote.port 8004
> com.sun.management.jmxremote.ssl false
> common.loader ${catalina.home}/lib ${catalina.home}/lib/*.jar
> derby.storage.fileSyncTransactionLog true
> derby.system.home /home/oxseed
> duct tape
> file.encoding ANSI_X3.4-1968
> file.encoding.pkg sun.io
> file.separator/
> java.naming.factory.initial
> org.apache.xbean.naming.global.GlobalContextManager
> java.naming.factory.url.pkgs org.apache.xbean.naming
> java.naming.provider.url rmi://0.0.0.0:1099
> java.net.preferIPv4Stack true
> java.rmi.server.RMIClassLoaderSpi
> org.apache.geronimo.kernel.rmi.RMIClassLoaderSpiImpl
> java.rmi.server.randomIDs true
> java.security.ProviderSUN
> javax.rmi.CORBA.PortableRemoteObjectClass
> org.apache.yoko.rmi.impl.PortableRemoteObjectImpl
> javax.rmi.CORBA.StubClass org.apache.yoko.rmi.impl.StubImpl
> javax.rmi.CORBA.UtilClass org.apache.geronimo.corba.util.UtilDelegateImpl
> javax.security.jacc.PolicyConfigurationFa
