Re: Error at getting datasource from connector(container-managed-security)
Thanks for advice. djencks wrote: Probably this is a bug, although I'm surprised we haven't seen it before. Can you please outline your scenario a bit more? - is this work done from a secured part of your application, so there is a subject available? - do you want database access to be secured based on the default user/password supplied in the connector plan, or do you want the password credentials to be determined from the user in some way (such as using the user/pw of the actual user to access the database). Yes, I am using the user/pw of the actual user to access the database. djencks wrote: If you want the db credentials to be determined from the actual user, then this is only a configuration problem in your app. You need to include a login module in your login configuration that will construct the PasswordCredential for the connector framework to use. However, AFAIK this hasn't been tested much for a long time and may have broken. You include the CallerIdentityPasswordCredentialLoginModule and install it in the login config using the PasswordCredentialLoginModuleWrapperGBean instead of the regular LoginModuleGBean. You can also write a different LoginModule that can apply some mapping between the actual user and database user. thanks david jencks It works well. It's my new module. gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2; name=kdw_login_module class=org.apache.geronimo.connector.outbound.security.PasswordCredentialLoginModuleWrapper attribute name=loginModuleClass ru.mev.j2report.system.security.KDWLoginModule /attribute attribute name=serverSidetrue/attribute reference name=ManagedConnectionFactoryWrapper namejdbc/OracleDataSourceTest/name /reference attribute name=options dataSourceName=jdbc/OracleDataSourceTest groupSelect=select role_code from kdw.w_user_roles /attribute attribute name=loginDomainNamekdw_realm/attribute /gbean gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2; name=kdw_login class=org.apache.geronimo.security.jaas.JaasLoginModuleUse attribute name=controlFlagREQUIRED/attribute reference name=LoginModule namekdw_login_module/name /reference /gbean gbean xmlns=http://geronimo.apache.org/xml/ns/deployment-1.2; name=kdw_realm class=org.apache.geronimo.security.realm.GenericSecurityRealm attribute name=realmNamekdw_realm/attribute reference name=ServerInfo nameServerInfo/name /reference reference name=LoginService nameJaasLoginService/name /reference reference name=LoginModuleConfiguration namekdw_login/name /reference /gbean public class KDWLoginModule implements LoginModule { /** * Logger for this class */ private static final Log logger = LogFactory.getLog(KDWLoginModule.class); public final static String DATABASE_POOL_NAME = dataSourceName; public final static String GROUP_SELECT = groupSelect; private JCAManagedConnectionFactory factory; private Subject subject; private CallbackHandler handler; private String cbUsername; private String cbPassword; private String groupSelect; private SetPrincipal groups; private ManagedConnectionFactory managedConnectionFactory ; /* * (non-Javadoc) * * @see javax.security.auth.spi.LoginModule#abort() */ public boolean abort() throws LoginException { cbUsername = null; cbPassword = null; return true; } /* * (non-Javadoc) * * @see javax.security.auth.spi.LoginModule#commit() */ public boolean commit() throws LoginException { SetPrincipal principals = subject.getPrincipals(); principals.addAll(groups); // from CallerIdentityPasswordCredentialLoginModule PasswordCredential passwordCredential = new PasswordCredential(cbUsername, cbPassword.toCharArray()); passwordCredential.setManagedConnectionFactory(managedConnectionFactory); subject.getPrivateCredentials().add(passwordCredential); return true; } /* * (non-Javadoc) * * @see javax.security.auth.spi.LoginModule#initialize(javax.security.auth.Subject, *
Re: JSF 1.2 and Geronimo 2.0 M5
Thanks Paul, building from trunk fixed the problem. On 5/1/07, Paul McMahan [EMAIL PROTECTED] wrote: Geronimo's JSF 1.2 support was accidentally regressed on 4/24, which was unfortunately just a couple of days before the M5 branch was cut. See this thread for details. http://tinyurl.com/yo5kwq While the regression left some JSF functionality intact it disabled the primary use case for JSF -- rendering faces components in a JSP. The problem was fixed on 4/27 and you should not see that error if you build from trunk or download one of the recent nightly builds. Sorry for this trouble. Best wishes, Paul On May 1, 2007, at 7:52 PM, David Carew wrote: What do I need to get a JSF web app working in 2.0 M5 ? What dependencies if any are needed in geronimo-web.xml ? I tried putting JSTL1.2 and MyFaces1.2 jars in WEB-INF/lib and I got the following exception. Leaving them out and putting dependencies in geromino-web.xml results in the same error. The self contained version (with all the abovementioned jars in WEB-INF/lib) works fine in standalone Tomcat 6.0. 18:20:51,250 ERROR [[jsp]] Servlet.service() for servlet jsp threw exception javax.servlet.ServletException: javax/servlet/jsp/jstl/core/Config at javax.faces.webapp.FacesServlet.service (FacesServlet.java:152) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java :290) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke (ApplicationDispatcher.java:687) at org.apache.catalina.core.ApplicationDispatcher.processRequest (ApplicationDispatcher.java:469) at org.apache.catalina.core.ApplicationDispatcher.doForward (ApplicationDispatcher.java:403) at org.apache.catalina.core.ApplicationDispatcher.forward (ApplicationDispatcher.java :301) at org.apache.jasper.runtime.PageContextImpl.doForward (PageContextImpl.java:699) at org.apache.jasper.runtime.PageContextImpl.forward (PageContextImpl.java :670) at org.apache.jsp.index_jsp._jspService (index_jsp.java:97) at org.apache.jasper.runtime.HttpJspBase.service (HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service (HttpServlet.java:806) at org.apache.jasper.servlet.JspServletWrapper.service (JspServletWrapper.java:379) at org.apache.jasper.servlet.JspServlet.serviceJspFile (JspServlet.java:320) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java: 266) at javax.servlet.http.HttpServlet.service (HttpServlet.java:806) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter (ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java :206) at org.apache.catalina.core.StandardWrapperValve.invoke (StandardWrapperValve.java:231) at org.apache.catalina.core.StandardContextValve.invoke (StandardContextValve.java:175) at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke (DefaultSubjectValve.java:56) at org.apache.geronimo.tomcat.GeronimoStandardContext $SystemMethodValve.invoke(GeronimoStandardContext.java:333) at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke (GeronimoBeforeAfterValve.java:47) at org.apache.catalina.core.StandardHostValve.invoke (StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke ( ErrorReportValve.java:104) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:109) at org.apache.catalina.valves.AccessLogValve.invoke (AccessLogValve.java :543) at org.apache.catalina.connector.CoyoteAdapter.service (CoyoteAdapter.java:238) at org.apache.coyote.http11.Http11Processor.process (Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol $Http11ConnectionHandler.process(Http11Protocol.java:634) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run (JIoEndpoint.java:445) at java.lang.Thread.run(Thread.java:595)