Re: What are the specifics steps for manual deployment ?
You should use deploy command or hot deploy(just copy your app to deloy folder like in tomcat) to deploy your application following http://cwiki.apache.org/GMOxDOC22/deploying-and-undeploying-applications.html And in geronimo, tomcat is in $your_geronimo_install_Dir\repository\org\apache\tomcat Your web app structure seems fine(geronimo web app structure same as tomcat, just an extra geronimo-web.xml. which is geronimo specific deployment plan), i recommend your can use Geronimo Eclipse plugin in eclipse to simplify your develop work, you can install GEP follwoing http://cwiki.apache.org/GMOxDOC21/how-to-install-geronimo-eclipse-plugin.html, and how to develop in it follwoing http://cwiki.apache.org/GMOxDOC21/how-to-use-geronimo-eclipse-plugin.html#HowtoUseGeronimoEclipsePlugin-DeployRunUndeployandRedeployanApplication. You can find out more help from Geronimo 2.1 doc link: http://cwiki.apache.org/GMOxDOC21/ in your development process. Your I think whether caof2005 wrote: > > Hello folks, > > With a newbe questions/request: > > Can anybody refer me to any document/link which indicate me which are the > steps to do a manual deployment without using the deployment tool (deploy > ) ? > > I'm using Geronimo 2.1.3 with Tomcat 6 > > I tried to follow the oldie/classic example of building a dynamic project > by hand (no IDE's, nor deploy tool at all) just using the java, javac and > jar command line tools. > > So I tried to manually define the basic directory deployment structure > shown in 4.X, 5.X versions of Tomcat: > > webapps > --MyApp_Directory > ---WEB-INF > web.xml > geronimo-web.xml > lib > classes > com > example > ---web > --classA.class > ---model > --classB.class > > But I couldn't find any "tomcat" directory in Geronimo installation > directory which I can define inside that structure. > > So the question is am I assuming correctly that I can manually define > the deployment structure as I can do it in older versions of Tomcat? > Or do I have to use the deployment tool (deploy) in order to manually > deploy any application ? > > Any guidance would be very appreciated. > Regards > Carlos > -- View this message in context: http://www.nabble.com/What-are-the-specifics-steps-for-manual-deployment---tp24120872s134p24121051.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
What are the specifics steps for manual deployment ?
Hello folks, With a newbe questions/request: Can anybody refer me to any document/link which indicate me which are the steps to do a manual deployment without using the deployment tool (deploy ) ? I'm using Geronimo 2.1.3 with Tomcat 6 I tried to follow the oldie/classic example of building a dynamic project by hand (no IDE's, nor deploy tool at all) just using the java, javac and jar command line tools. So I tried to manually define the basic directory deployment structure shown in 4.X, 5.X versions of Tomcat: webapps --MyApp_Directory ---WEB-INF web.xml geronimo-web.xml lib classes com example ---web --classA.class ---model --classB.class But I couldn't find any "tomcat" directory in Geronimo installation directory which I can define inside that structure. So the question is am I assuming correctly that I can manually define the deployment structure as I can do it in older versions of Tomcat? Or do I have to use the deployment tool (deploy) in order to manually deploy any application ? Any guidance would be very appreciated. Regards Carlos -- View this message in context: http://www.nabble.com/What-are-the-specifics-steps-for-manual-deployment---tp24120872s134p24120872.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: security propagation from JAAS context to EJB question
> AFAIK every server uses its own ThreadLocal scheme to associate > Subjects and threads That's true, and I never liked it, usually it's the only non-portable code of an application. > geronimo's is the ContextManager. But Geronimo could be the server that does better in a standard-conforming way. With the ContextManager way I don't like that it doesn't use the PrivilegedAction pattern. Couldn't you implement a ContextManager.doAs(Subject, PrivilegedAction) ? But this would still create a non portable code. The problem you cited "on return there was no Subject associated with the current thread." seems no longer to be there, in my test snippet (see below) the Subject was OK on return. I believe that on calling an EJB on the client side there is a piece of Geronimo code active. Couldn't that code look with Subject.getSubject(AccessController.getContext()) if there is an active Subject and take that for the EJB call? Maybe one could set a system property to select this behaviour. The doPrivileged problem cited in http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rsec_jaasauthor.html is still there, but if the programmer knows about it she can avoid using the doPrivileged call. Thanks, Juergen Subject subjectjsp = Subject.getSubject(AccessController.getContext()); System.out.println("JSP subject:" + subjectjsp); SimpleCallbackHandler handler = new SimpleCallbackHandler("system", "manager".toCharArray()); LoginContext loginCtx = new LoginContext("geronimo-admin", handler); loginCtx.login(); final Subject subject = loginCtx.getSubject(); SimpleCallbackHandler handler1 = new SimpleCallbackHandler("tomcat", "tomcat".toCharArray()); loginCtx = new LoginContext("geronimo-admin", handler1); loginCtx.login(); Subject tomcatsubject = loginCtx.getSubject(); Set principals = subject.getPrincipals(); System.out.println("principals:" + principals); final PrivilegedAction action = new PrivilegedAction() { public Object run() { Subject subject = Subject.getSubject(AccessController .getContext()); System.out.println("inner subject:" + subject); Context context; try { context = new InitialContext(); Secured3 secured3 = (Secured3) context .lookup("java:comp/env/ejb/Secured3"); String secureMethod = secured3.secureMethod("hello"); System.out.println("secureMethod: " + secureMethod); } catch (NamingException e1) { e1.printStackTrace(); } return null; } }; Subject.doAs(subject, new java.security.PrivilegedAction() { public Object run() { Subject subject0 = Subject.getSubject(AccessController .getContext()); System.out.println("** start PrivilegedAction.run():" + subject0); // Subject is associated with the current thread context java.security.AccessController .doPrivileged(new java.security.PrivilegedAction() { public Object run() { // Subject was cut off from the current thread // context. Subject subject1 = Subject .getSubject(AccessController .getContext()); System.out
Re: Trouble obtaining JaaS login context from within EJB
On Jun 19, 2009, at 6:44 AM, kistler wrote: Hello, I'm currently developing an Enterprise application which Comprises of a servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a Security Realm configured to authenticate against a SQLLoginModule. I'm confident that this is authenticating correctly as I have done negative and positive testing. I'm testing my ejb my connecting to it from a servlet as follows: CallbackHandler handler = new UserIdPasswordCallbackHandler(user, password); LoginContext ctx = new LoginContext("SecurityRealm",handler); ctx.login(); This succeeds when supplied the correct credentials and throws exceptions with invalid credentials. I assume this is a standalone test not part of your application? Doing this will not tell geronimo anything about the Subject you have created and your ejb will not be secured from the servlet. I obtain a reference to the remote interface as follows: Properties prop=new Properties(); prop.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.RemoteInitialContextFactory"); prop.put("java.naming.provider.url", "ejbd://localhost:4201"); Context context = new InitialContext(prop); Object o = context.lookup("SessionManagerBeanRemote"); SessionManagerRemote remote = (SessionManagerRemote)o; This works correctly as I am able to call my remote ejb methods! yes, and there is no security in place. If you are calling from the servlet you did the test login from, the Subject info will not be propagated to the ejb container. Now - the piece I am missing is I need to be able to obtain the current Subject that was authenticated. ie - I need to know the identity of the user that has been authenticated to use this ejb and is invoking it. So if joe was authenticated to use the SessionManager - I need to be able to obtain joe's login name. You probably want first to set up container managed security. Easiest is to use one of the built in authentication methods for the web app. If you don't like this, you should call one of the geronimo ContextManager.login methods for your login and then Callers oldCallers = ContextManager.setCallers(subject, subject); try { //do secured stuff like calling the ejb } finally { ContextManager.popCallers(oldCallers); } Or if you are adventurous you can use (unreleased) geronimo 2.2 + jetty7 with a jaspic authentication module. At this point, Juergens suggestion of using sessionContext.getCallerPrincipal() in the ejb will work. thanks david jencks I believe if I was within a web container I'd be able to use the equivalent of: HttpServletRequest.getUserPrincipal() ... Can someone point me to a reference, decently documented example or something that will tell me what API I need to use? I'm happy to do some reading but I've looked around quite a bit and I think I might be missing something... There doesn't seem to be a clear reference to this is the standard geronimo documentation - only some lite discussion for web containers. Thanks in advance! -Keith -- View this message in context: http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24111796.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Trouble obtaining JaaS login context from within EJB
Ah - yes this looks like it probably would be what I need - any idea what the geronimo implementation for this would be? Juergen Weber wrote: > > Wouldn't that be SessionContext.getCallerPrincipal() ? > > Juergen > > > -- View this message in context: http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24112824.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Trouble obtaining JaaS login context from within EJB
Wouldn't that be SessionContext.getCallerPrincipal() ? Juergen kistler wrote: > > Hello, > > I'm currently developing an Enterprise application which Comprises of a > servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a > Security Realm configured to authenticate against a SQLLoginModule. I'm > confident that this is authenticating correctly as I have done negative > and positive testing. > > I'm testing my ejb my connecting to it from a servlet as follows: > > CallbackHandler handler = new > UserIdPasswordCallbackHandler(user, > password); > LoginContext ctx = new LoginContext("SecurityRealm",handler); > ctx.login(); > > This succeeds when supplied the correct credentials and throws exceptions > with invalid credentials. > > I obtain a reference to the remote interface as follows: > > Properties prop=new Properties(); > prop.put(Context.INITIAL_CONTEXT_FACTORY, > "org.apache.openejb.client.RemoteInitialContextFactory"); > prop.put("java.naming.provider.url", > "ejbd://localhost:4201"); > Context context = new InitialContext(prop); > > Object o = context.lookup("SessionManagerBeanRemote"); > SessionManagerRemote remote = (SessionManagerRemote)o; > > This works correctly as I am able to call my remote ejb methods! > > Now - the piece I am missing is I need to be able to obtain the current > Subject that was authenticated. ie - I need to know the identity of the > user that has been authenticated to use this ejb and is invoking it. So > if joe was authenticated to use the SessionManager - I need to be able to > obtain joe's login name. > > I believe if I was within a web container I'd be able to use the > equivalent of: HttpServletRequest.getUserPrincipal() ... Can someone > point me to a reference, decently documented example or something that > will tell me what API I need to use? I'm happy to do some reading but > I've looked around quite a bit and I think I might be missing something... > There doesn't seem to be a clear reference to this is the standard > geronimo documentation - only some lite discussion for web containers. > > Thanks in advance! > -Keith > -- View this message in context: http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24112532.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Trouble obtaining JaaS login context from within EJB
Hello, I'm currently developing an Enterprise application which Comprises of a servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a Security Realm configured to authenticate against a SQLLoginModule. I'm confident that this is authenticating correctly as I have done negative and positive testing. I'm testing my ejb my connecting to it from a servlet as follows: CallbackHandler handler = new UserIdPasswordCallbackHandler(user, password); LoginContext ctx = new LoginContext("SecurityRealm",handler); ctx.login(); This succeeds when supplied the correct credentials and throws exceptions with invalid credentials. I obtain a reference to the remote interface as follows: Properties prop=new Properties(); prop.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.RemoteInitialContextFactory"); prop.put("java.naming.provider.url", "ejbd://localhost:4201"); Context context = new InitialContext(prop); Object o = context.lookup("SessionManagerBeanRemote"); SessionManagerRemote remote = (SessionManagerRemote)o; This works correctly as I am able to call my remote ejb methods! Now - the piece I am missing is I need to be able to obtain the current Subject that was authenticated. ie - I need to know the identity of the user that has been authenticated to use this ejb and is invoking it. So if joe was authenticated to use the SessionManager - I need to be able to obtain joe's login name. I believe if I was within a web container I'd be able to use the equivalent of: HttpServletRequest.getUserPrincipal() ... Can someone point me to a reference, decently documented example or something that will tell me what API I need to use? I'm happy to do some reading but I've looked around quite a bit and I think I might be missing something... There doesn't seem to be a clear reference to this is the standard geronimo documentation - only some lite discussion for web containers. Thanks in advance! -Keith -- View this message in context: http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24111796.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Shows, Ryan is out of the office.
I will be out of the office starting 06/19/2009 and will not return until 06/20/2009. I will respond to your message when I return. If urgent contact Richard Gibert. CONFIDENTIALITY WARNING This communication, including any attachments, is for the exclusive use of addressee and may contain proprietary and/or confidential information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. AVERTISSEMENT RELATIF À LA CONFIDENTIALITÉ Ce message, ainsi que les pièces qui y sont jointes, est destiné à l’usage exclusif de la personne à laquelle il s’adresse et peut contenir de l’information personnelle ou confidentielle. Si le lecteur de ce message n’en est pas le destinataire, nous l’avisons par la présente que toute diffusion, distribution, reproduction ou utilisation de son contenu est strictement interdite. Veuillez avertir sur-le-champ l’expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes.
JCA and MDB
Hi all, I create a inbound JCA that connects to some JMS Queues (their name is defined in a DB accessed by hibernate classes). The deploy of the jca and the start/stop is ok. Here there is the ra.xml: http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/connector_1_5.xsd";> UBQ_JSR212_JCA_Queue Ubiquity s.r.l. JMS 1.0 it.ubiquity.sams.jms.DequeuerResourceAdapter javax.jms.MessageListener it.ubiquity.sams.jms.DequeuerActivationSpec The queue prefix queuePrefix Permissions allowed to the EIS Connector and the geronimo-ra.xml: http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"; xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0"; xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"; xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2"; xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2"; xmlns:pers="http://java.sun.com/xml/ns/persistence"; xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"; xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"; xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"; > sams.jca UBQ_JSR212_JCA_Queue 1.0 car SAMSQueueManager DefaultWorkManager I created a mdb that connects to this jca and I included it in ear. Here there is the geronimo-application.xml: http://geronimo.apache.org/xml/ns/j2ee/application-2.0"; xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"; application-name="UBQ_JSR212_EAR_Frontend" > sams.ear UBQ_JSR212_EAR_Middleware 1.0 ear the ejb-jar.xml: http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd";> UBQ_JSR212_EJB_Frontend FrontendMDB it.ubiquity.sams.jms.FrontendBean javax.jms.MessageListener Container queuePrefix f FrontendMDB * NotSupported and the openejb-jar.xml: http://openejb.apache.org/xml/ns/openejb-jar-2.2"; xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"; xmlns:security="http://geronimo.apache.org/xml/ns/security-2.0"; xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"; version="1.0" > sams.ejb UBQ_JSR212_EJB_Frontend 1.0 jar sams.jca UBQ_JSR212_JCA_Queue 1.0 car console.jms sams 1.0 console.dbpool