[JBoss-dev] HTTP BASIC authentication is broken (Was: Re: [JBoss-user] JBoss+Tomcat vs. Tomcat: Authentication Differences)

2003-10-14 Thread Weiqi Gao 
Is HTTP BASIC authentication broken in JBoss-3.2.2RC4_Tomcat-4.1.27? 

Using UsersRolesLoginModule seems not to work reliably as a replacement
for Tomcat's MemoryRealm, at least in the scenario I outlined in my
original post four days ago.

--
Weiqi Gao
[EMAIL PROTECTED]

On Fri, 2003-10-10 at 20:28, Weiqi Gao wrote:
 Hi,
 
 I'm trying to setup Simon Brown's Weblog software Pebble 1.3
 (http://www.simongbrown.com/blog/readme.html) under JBoss+Tomcat bundle
 and encountered some difficulties that maybe are related to the way
 JBoss does authentication for webapps.
 
 Deployment-wise, Pebble is very simple.  I downloaded the pebble-1.3.war
 file and exploded it into the
 jboss-3.2.1_tomcat-4.1.24/server/default/deploy directory.
 
 The Pebble deployment instruction calls for adding two roles and a user
 to standalone Tomcat's tomcat-users.xml file.
 
 I mimicked that with two things in JBoss.  First, I set up a JBossSX
 realm named blog using the UsersRolesLoginModule with a user (in
 users.properties) and two roles (in roles.properties).  Second, I added
 a jboss-web.xml file to pebble-1.3.war/WEB-INF that contains
 jboss-websecurity-domainjava:jaas/blog/security-domain/jboss-web.
 
 This allowed the Pebble to run.  (Actually I've been using Pebble 1.1
 for the past three months with some success under JBoss 3.2.1 + Tomcat
 4.1.24, RH Linux 9.0 and Sun JDK 1.4.2_01.)
 
 However certain features of Pebble are missing in JBoss+Tomcat that are
 present in standalone Tomcat.  One example is the comments popup
 window.  Under standalone Tomcat, if I have already logged in, the
 comments popup window would contain a remove link besides each
 comment.  Under JBoss+Tomcat, even after logging in, the comments popup
 window would not contain the remove links.
 
 It also happens with the TrackBack popup window in the CVS version of
 Pebble.  In general all servlets and JSP pages that does not require
 user login, but offers more features if the user is logged in would show
 the extra features in standalone Tomcat but not in JBoss+Tomcat.
 
 I would appreciate it very much if anyone can shed some light on my
 problem.
 
 (I tried to post this earlier today on GMANE's news-mailing list gateway
 but I did not see it show up.  I apologize if yo have already seen
 this.)
-- 
Weiqi Gao
[EMAIL PROTECTED]
http://www.weiqigao.com



---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

[JBoss-dev] Re: [JBoss-user] HTTP BASIC authentication is broken

2003-10-14 Thread Weiqi Gao 
Scott M Stark wrote:
There is nothing wrong with basic auth in JBoss-3.2.2RC4_Tomcat-4.1.27. 
It sounds like the app is expecting there to be a valid user on 
non-secured pages and the caching that is required to achive this is 
disabled in the embedded
version because it breaks the ability to transmit the caller credentials
from servlets to ejbs. There is no spec mandate that the caller identity is
available within a session from unsecured pages.
Scott,

Here's a comment Simon Brown made.  I'm passing it to the jboss-user list:

True, the spec may not explicitly mandate this, but
section SRV.12.3 Programmatic Security (servlets 2.3)
says the following:
If no user has been authenticated, the getRemoteUser
method returns null, the isUserInRole method always
returns false, and the getUserPrincipal method returns
null.
Clearly this is in contrast because this statement
doesn't differentiate protected and unprotected
resources. The javadoc of the relevant methods in
HttpServletRequest also makes no differentiation
between protected and unprotected resources, instead
being specific about whether the current user has
been authenticated. With our problem, the current
user has been authenticated.
--
Weiqi Gao
[EMAIL PROTECTED]
http://www.weiqigao.com




---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
___
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

[JBoss-dev] jboss-all head build error

2002-12-14 Thread Weiqi Gao 
There seems to be a typo in jboss-head at
jboss-all/tools/etc/buildfragments/libraries.ent

Which category should this be reported on SourceForge's bug system?

In case someone else is hitting on the same problem, here's the error
message (a patch is attached):

[weiqi@gao-2001 build]$ ./build.sh
build.sh: *WARNING* Ignoring environment value for $ANT_HOME
build.sh: Executing: /home/weiqi/projects/jboss-all/tools/bin/ant
-logger org.apache.tools.ant.NoBannerLogger
Buildfile: build.xml

_buildmagic:init:
Trying to override old definition of task property

configure-modules:
Overriding previous definition of reference to jboss.naming.classpath

BUILD FAILED
file:/home/weiqi/projects/jboss-all/build/../tools/etc/buildfragments/tools.ent:29: 
taskdef class xdoclet.modules.jmx.JMXDocletTask cannot be found

Total time: 4 seconds

-- 
Weiqi Gao
[EMAIL PROTECTED]

Index: libraries.ent
===
RCS file: /cvsroot/jboss/tools/etc/buildfragments/libraries.ent,v
retrieving revision 1.22
diff -u -r1.22 libraries.ent
--- libraries.ent	14 Dec 2002 00:48:14 -	1.22
+++ libraries.ent	14 Dec 2002 14:50:39 -
@@ -305,7 +305,7 @@
   /path
 
   !-- XDoclet --
-  property name=xdoclet.xdoclet.root value=${project.thirdparty}/xdoclet-xdoclet/
+  property name=xdoclet.xdoclet.root value=${project.thirdparty}/xdoclet/xdoclet/
   property name=xdoclet.xdoclet.lib value=${xdoclet.xdoclet.root}/lib/
   path id=xdoclet.xdoclet.classpath
 pathelement path=${xdoclet.xdoclet.lib}/commons-logging.jar/

2002-12-14  Weiqi Gao  [EMAIL PROTECTED]

* Fixed the value of the xdoclet.xdoclet.root property.

Re: [JBoss-dev] jboss-all head build error

2002-12-14 Thread Weiqi Gao 
On Sat, 2002-12-14 at 09:44, David Jencks wrote:
 You can no longer check out jboss-all on the head revision and build it.
 
 The correct checkout is
 
 cvs ... co jboss-head
 
 for jboss 4
 
 cvs ... co -r Branch_3.2 jboss-3.2
 for 3.2
 
 and
 
 cvs ... co -r Branch_3.0 jboss-3.0
 
 for 3.0
 
 I think this is now documented on the how to build page, but it certainly
 took a while for the instructions to be updated :-)

Thank you for the info.  But where is the *official* and/or *guaranteed
to be the most up-to-date* how to build page?  I imagine I'm not the
only one who were given the run-around at jboss.org. :)

-- 
Weiqi Gao
[EMAIL PROTECTED]



---
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

[JBoss-dev] Red Hat start up script

2002-12-08 Thread Weiqi Gao 
Hi,

Currently the Quick Start Guide contains a section on how to install
JBoss as a Unix service.  It contains instructions on how to do it.

The jboss-3.0.4_tomcat-4.1.12 bundle also contains a
jboss_init_redhat.sh that apparently does not agree with what's in the
book.

The one in the Quick Start Guide seems to make more sense.  Can the
scripts mentioned in the book (instead of the jboss_init_redhat.sh) be
bundled with the binary distribution?

-- 
Weiqi Gao
[EMAIL PROTECTED]



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Log4j Dilemma (Was RE: [JBoss-dev] Tyrex...)

2002-12-05 Thread Weiqi Gao 
Anatoly Akkerman wrote:
 
 Must be the Tyrex jar expects a different version of log4j 
 than supplied by JBoss. You might need to adjust Tyrex
 sources and recompile it.

Is this recommended approach for using third party software with JBoss?
Adjust the sources and recompile?  What if the source is not available?

--
Weiqi Gao
[EMAIL PROTECTED]



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

RE: [JBoss-dev] Gosling has Web Services right...

2002-09-27 Thread Weiqi Gao 

Matt wrote:
 So, if CORBA is a Web Services framework, under the
 broad definition of Web Services, what makes it better?
 How should I compare?

Take a look at

http://groups.google.com/groups?hl=enlr=ie=UTF-8selm=2d3a5b34.0201081
700.548a508c%40posting.google.comrnum=21

Or, if the above is chopped up by your email client, try this

http://tinyurl.com/1ofq

--
Weiqi Gao
[EMAIL PROTECTED]



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

[JBoss-dev] The source, the whole source, and nothing but the source

2002-07-31 Thread Weiqi Gao 

Hi jboss-development,

I'm trying to compile JBoss HEAD from the source.  I'm following the
instructions on the JBoss.3.0QuickStart.Draft3.pdf, which says to get
the jboss-all module from the CVS and the cd to build,then run jboss.sh.

But that errored out with the following error.  Did I miss something:

Searching for build.xml ...
Buildfile: /home/weiqi/projects/jboss-all/build/build.xml
Trying to override old definition of task property

_buildmagic:init:

_buildmagic:init:local-properties:

_buildmagic:init:buildlog:

configure:
 [echo] groups:  default
 [echo] modules:
jmx,common,system,j2ee,naming,management,transaction,server,security,messaging,connector,cluster,jetty,varia,jboss.net,iiop

init:

_buildmagic:modules:most:
[execmodules] Missing build file; skipping module: jmx
[execmodules] 
[execmodules]
== 
[execmodules] ==  Executing 'most' in module 'common'...
[execmodules] ==

_buildmagic:init:

configure:

init:

compile-classes:
[javac] Compiling 170 source files to
/home/weiqi/projects/jboss-all/common/output/classes
[execmodules]
/home/weiqi/projects/jboss-all/common/src/main/org/jboss/util/jmx/JMXExceptionDecoder.java:12:
 package javax.management does not exist
[execmodules] import javax.management.MalformedObjectNameException;
[execmodules] ^



-- 
Weiqi Gao
[EMAIL PROTECTED]



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Re: [JBoss-dev] The source, the whole source, and nothing but the source

2002-07-31 Thread Weiqi Gao 

Weiqi Gao wrote:
 
  I figured out what I did wrong.  I cannot do a
  cvs co jboss-all once and then do a
  cd jboss-all; cvs update -dP daily afterwards
  as I can with other directory based CVS
  repositories. I have to do a cvs co jboss-all
  daily.

Then David Jencks wrote:
 
 cvs -q update -dP works fine for me in jboss-all.

Now that I looked at it closely, my initial cvs co
jboss-all must have been interrupted by a network
outage or a user interrupt or something, which caused
my jboss-all directory to not contain all the
necessary subdirectories.




=
Weiqi Gao
[EMAIL PROTECTED]



__
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
___
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development