Re: Error at getting datasource from connector(container-managed-security)
Thanks for advice.
djencks wrote:
Probably this is a bug, although I'm surprised we haven't seen it
before.
Can you please outline your scenario a bit more?
- is this work done from a secured part of your application, so there
is a subject available?
- do you want database access to be secured based on the default
user/password supplied in the connector plan, or do you want the
password credentials to be determined from the user in some way (such
as using the user/pw of the actual user to access the database).
Yes, I am using the user/pw of the actual user to access the database.
djencks wrote:
If you want the db credentials to be determined from the actual user,
then this is only a configuration problem in your app. You need to
include a login module in your login configuration that will
construct the PasswordCredential for the connector framework to use.
However, AFAIK this hasn't been tested much for a long time and may
have broken. You include the
CallerIdentityPasswordCredentialLoginModule and install it in the
login config using the PasswordCredentialLoginModuleWrapperGBean
instead of the regular LoginModuleGBean. You can also write a
different LoginModule that can apply some mapping between the actual
user and database user.
thanks
david jencks
It works well. It's my new module.
gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2;
name=kdw_login_module
class=org.apache.geronimo.connector.outbound.security.PasswordCredentialLoginModuleWrapper
attribute name=loginModuleClass
ru.mev.j2report.system.security.KDWLoginModule
/attribute
attribute name=serverSidetrue/attribute
reference name=ManagedConnectionFactoryWrapper
namejdbc/OracleDataSourceTest/name
/reference
attribute name=options
dataSourceName=jdbc/OracleDataSourceTest
groupSelect=select role_code from kdw.w_user_roles
/attribute
attribute name=loginDomainNamekdw_realm/attribute
/gbean
gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2;
name=kdw_login
class=org.apache.geronimo.security.jaas.JaasLoginModuleUse
attribute name=controlFlagREQUIRED/attribute
reference name=LoginModule
namekdw_login_module/name
/reference
/gbean
gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2;
name=kdw_realm
class=org.apache.geronimo.security.realm.GenericSecurityRealm
attribute name=realmNamekdw_realm/attribute
reference name=ServerInfo
nameServerInfo/name
/reference
reference name=LoginService
nameJaasLoginService/name
/reference
reference name=LoginModuleConfiguration
namekdw_login/name
/reference
/gbean
public class KDWLoginModule implements LoginModule {
/**
* Logger for this class
*/
private static final Log logger =
LogFactory.getLog(KDWLoginModule.class);
public final static String DATABASE_POOL_NAME = dataSourceName;
public final static String GROUP_SELECT = groupSelect;
private JCAManagedConnectionFactory factory;
private Subject subject;
private CallbackHandler handler;
private String cbUsername;
private String cbPassword;
private String groupSelect;
private SetPrincipal groups;
private ManagedConnectionFactory managedConnectionFactory ;
/*
* (non-Javadoc)
*
* @see javax.security.auth.spi.LoginModule#abort()
*/
public boolean abort() throws LoginException {
cbUsername = null;
cbPassword = null;
return true;
}
/*
* (non-Javadoc)
*
* @see javax.security.auth.spi.LoginModule#commit()
*/
public boolean commit() throws LoginException {
SetPrincipal principals = subject.getPrincipals();
principals.addAll(groups);
// from CallerIdentityPasswordCredentialLoginModule
PasswordCredential passwordCredential = new
PasswordCredential(cbUsername,
cbPassword.toCharArray());
passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
subject.getPrivateCredentials().add(passwordCredential);
return true;
}
/*
* (non-Javadoc)
*
* @see
javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject,
*
Re: JSF 1.2 and Geronimo 2.0 M5
Thanks Paul, building from trunk fixed the problem. On 5/1/07, Paul McMahan [EMAIL PROTECTED] wrote: Geronimo's JSF 1.2 support was accidentally regressed on 4/24, which was unfortunately just a couple of days before the M5 branch was cut. See this thread for details. http://tinyurl.com/yo5kwq While the regression left some JSF functionality intact it disabled the primary use case for JSF -- rendering faces components in a JSP. The problem was fixed on 4/27 and you should not see that error if you build from trunk or download one of the recent nightly builds. Sorry for this trouble. Best wishes, Paul On May 1, 2007, at 7:52 PM, David Carew wrote: What do I need to get a JSF web app working in 2.0 M5 ? What dependencies if any are needed in geronimo-web.xml ? I tried putting JSTL1.2 and MyFaces1.2 jars in WEB-INF/lib and I got the following exception. Leaving them out and putting dependencies in geromino-web.xml results in the same error. The self contained version (with all the abovementioned jars in WEB-INF/lib) works fine in standalone Tomcat 6.0. 18:20:51,250 ERROR [[jsp]] Servlet.service() for servlet jsp threw exception javax.servlet.ServletException: javax/servlet/jsp/jstl/core/Config at javax.faces.webapp.FacesServlet.service (FacesServlet.java:152) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java :290) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke (ApplicationDispatcher.java:687) at org.apache.catalina.core.ApplicationDispatcher.processRequest (ApplicationDispatcher.java:469) at org.apache.catalina.core.ApplicationDispatcher.doForward (ApplicationDispatcher.java:403) at org.apache.catalina.core.ApplicationDispatcher.forward (ApplicationDispatcher.java :301) at org.apache.jasper.runtime.PageContextImpl.doForward (PageContextImpl.java:699) at org.apache.jasper.runtime.PageContextImpl.forward (PageContextImpl.java :670) at org.apache.jsp.index_jsp._jspService (index_jsp.java:97) at org.apache.jasper.runtime.HttpJspBase.service (HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service (HttpServlet.java:806) at org.apache.jasper.servlet.JspServletWrapper.service (JspServletWrapper.java:379) at org.apache.jasper.servlet.JspServlet.serviceJspFile (JspServlet.java:320) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java: 266) at javax.servlet.http.HttpServlet.service (HttpServlet.java:806) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java :206) at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:231) at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:175) at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke (DefaultSubjectValve.java:56) at org.apache.geronimo.tomcat.GeronimoStandardContext $SystemMethodValve.invoke(GeronimoStandardContext.java:333) at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke (GeronimoBeforeAfterValve.java:47) at org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke ( ErrorReportValve.java:104) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:109) at org.apache.catalina.valves.AccessLogValve.invoke (AccessLogValve.java :543) at org.apache.catalina.connector.CoyoteAdapter.service (CoyoteAdapter.java:238) at org.apache.coyote.http11.Http11Processor.process (Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol $Http11ConnectionHandler.process(Http11Protocol.java:634) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run (JIoEndpoint.java:445) at java.lang.Thread.run(Thread.java:595)
