Re: What are the specifics steps for manual deployment ?
You should use deploy command or hot deploy(just copy your app to deloy folder like in tomcat) to deploy your application following http://cwiki.apache.org/GMOxDOC22/deploying-and-undeploying-applications.html And in geronimo, tomcat is in $your_geronimo_install_Dir\repository\org\apache\tomcat Your web app structure seems fine(geronimo web app structure same as tomcat, just an extra geronimo-web.xml. which is geronimo specific deployment plan), i recommend your can use Geronimo Eclipse plugin in eclipse to simplify your develop work, you can install GEP follwoing http://cwiki.apache.org/GMOxDOC21/how-to-install-geronimo-eclipse-plugin.html, and how to develop in it follwoing http://cwiki.apache.org/GMOxDOC21/how-to-use-geronimo-eclipse-plugin.html#HowtoUseGeronimoEclipsePlugin-DeployRunUndeployandRedeployanApplication. You can find out more help from Geronimo 2.1 doc link: http://cwiki.apache.org/GMOxDOC21/ in your development process. Your I think whether caof2005 wrote: > > Hello folks, > > With a newbe questions/request: > > Can anybody refer me to any document/link which indicate me which are the > steps to do a manual deployment without using the deployment tool (deploy > ) ? > > I'm using Geronimo 2.1.3 with Tomcat 6 > > I tried to follow the oldie/classic example of building a dynamic project > by hand (no IDE's, nor deploy tool at all) just using the java, javac and > jar command line tools. > > So I tried to manually define the basic directory deployment structure > shown in 4.X, 5.X versions of Tomcat: > > webapps > --MyApp_Directory > ---WEB-INF > web.xml > geronimo-web.xml > lib > classes > com > example > ---web > --classA.class > ---model > --classB.class > > But I couldn't find any "tomcat" directory in Geronimo installation > directory which I can define inside that structure. > > So the question is am I assuming correctly that I can manually define > the deployment structure as I can do it in older versions of Tomcat? > Or do I have to use the deployment tool (deploy) in order to manually > deploy any application ? > > Any guidance would be very appreciated. > Regards > Carlos > -- View this message in context: http://www.nabble.com/What-are-the-specifics-steps-for-manual-deployment---tp24120872s134p24121051.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
What are the specifics steps for manual deployment ?
Hello folks, With a newbe questions/request: Can anybody refer me to any document/link which indicate me which are the steps to do a manual deployment without using the deployment tool (deploy ) ? I'm using Geronimo 2.1.3 with Tomcat 6 I tried to follow the oldie/classic example of building a dynamic project by hand (no IDE's, nor deploy tool at all) just using the java, javac and jar command line tools. So I tried to manually define the basic directory deployment structure shown in 4.X, 5.X versions of Tomcat: webapps --MyApp_Directory ---WEB-INF web.xml geronimo-web.xml lib classes com example ---web --classA.class ---model --classB.class But I couldn't find any "tomcat" directory in Geronimo installation directory which I can define inside that structure. So the question is am I assuming correctly that I can manually define the deployment structure as I can do it in older versions of Tomcat? Or do I have to use the deployment tool (deploy) in order to manually deploy any application ? Any guidance would be very appreciated. Regards Carlos -- View this message in context: http://www.nabble.com/What-are-the-specifics-steps-for-manual-deployment---tp24120872s134p24120872.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: security propagation from JAAS context to EJB question
> AFAIK every server uses its own ThreadLocal scheme to associate
> Subjects and threads
That's true, and I never liked it, usually it's the only non-portable code
of an application.
> geronimo's is the ContextManager.
But Geronimo could be the server that does better in a standard-conforming
way.
With the ContextManager way I don't like that it doesn't use the
PrivilegedAction pattern.
Couldn't you implement a ContextManager.doAs(Subject, PrivilegedAction) ?
But this would still create a non portable code.
The problem you cited "on return there was no Subject associated
with the current thread." seems no longer to be there, in my test snippet
(see below) the Subject was OK on return.
I believe that on calling an EJB on the client side there is a piece of
Geronimo code active. Couldn't that code look with
Subject.getSubject(AccessController.getContext()) if there is an active
Subject and take that for the EJB call? Maybe one could set a system
property to select this behaviour.
The doPrivileged problem cited in
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rsec_jaasauthor.html
is still there, but if the programmer knows about it she can avoid using the
doPrivileged call.
Thanks,
Juergen
Subject subjectjsp =
Subject.getSubject(AccessController.getContext());
System.out.println("JSP subject:" + subjectjsp);
SimpleCallbackHandler handler = new
SimpleCallbackHandler("system",
"manager".toCharArray());
LoginContext loginCtx = new LoginContext("geronimo-admin",
handler);
loginCtx.login();
final Subject subject = loginCtx.getSubject();
SimpleCallbackHandler handler1 = new
SimpleCallbackHandler("tomcat",
"tomcat".toCharArray());
loginCtx = new LoginContext("geronimo-admin", handler1);
loginCtx.login();
Subject tomcatsubject = loginCtx.getSubject();
Set principals = subject.getPrincipals();
System.out.println("principals:" + principals);
final PrivilegedAction action = new PrivilegedAction()
{
public Object run()
{
Subject subject =
Subject.getSubject(AccessController
.getContext());
System.out.println("inner subject:" + subject);
Context context;
try
{
context = new InitialContext();
Secured3 secured3 = (Secured3) context
.lookup("java:comp/env/ejb/Secured3");
String secureMethod =
secured3.secureMethod("hello");
System.out.println("secureMethod: " +
secureMethod);
}
catch (NamingException e1)
{
e1.printStackTrace();
}
return null;
}
};
Subject.doAs(subject, new java.security.PrivilegedAction()
{
public Object run()
{
Subject subject0 =
Subject.getSubject(AccessController
.getContext());
System.out.println("** start
PrivilegedAction.run():"
+ subject0);
// Subject is associated with the current
thread context
java.security.AccessController
.doPrivileged(new
java.security.PrivilegedAction()
{
public Object run()
{
// Subject was
cut off from the current thread
// context.
Subject
subject1 = Subject
.getSubject(AccessController
.getContext());
System.out
Re: Trouble obtaining JaaS login context from within EJB
On Jun 19, 2009, at 6:44 AM, kistler wrote:
Hello,
I'm currently developing an Enterprise application which Comprises
of a
servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a
Security
Realm configured to authenticate against a SQLLoginModule. I'm
confident
that this is authenticating correctly as I have done negative and
positive
testing.
I'm testing my ejb my connecting to it from a servlet as follows:
CallbackHandler handler = new
UserIdPasswordCallbackHandler(user,
password);
LoginContext ctx = new LoginContext("SecurityRealm",handler);
ctx.login();
This succeeds when supplied the correct credentials and throws
exceptions
with invalid credentials.
I assume this is a standalone test not part of your application?
Doing this will not tell geronimo anything about the Subject you have
created and your ejb will not be secured from the servlet.
I obtain a reference to the remote interface as follows:
Properties prop=new Properties();
prop.put(Context.INITIAL_CONTEXT_FACTORY,
"org.apache.openejb.client.RemoteInitialContextFactory");
prop.put("java.naming.provider.url",
"ejbd://localhost:4201");
Context context = new InitialContext(prop);
Object o = context.lookup("SessionManagerBeanRemote");
SessionManagerRemote remote = (SessionManagerRemote)o;
This works correctly as I am able to call my remote ejb methods!
yes, and there is no security in place. If you are calling from the
servlet you did the test login from, the Subject info will not be
propagated to the ejb container.
Now - the piece I am missing is I need to be able to obtain the
current
Subject that was authenticated. ie - I need to know the identity of
the
user that has been authenticated to use this ejb and is invoking
it. So if
joe was authenticated to use the SessionManager - I need to be able to
obtain joe's login name.
You probably want first to set up container managed security. Easiest
is to use one of the built in authentication methods for the web app.
If you don't like this, you should call one of the geronimo
ContextManager.login methods for your login and then
Callers oldCallers = ContextManager.setCallers(subject, subject);
try {
//do secured stuff like calling the ejb
} finally {
ContextManager.popCallers(oldCallers);
}
Or if you are adventurous you can use (unreleased) geronimo 2.2 +
jetty7 with a jaspic authentication module.
At this point, Juergens suggestion of using
sessionContext.getCallerPrincipal() in the ejb will work.
thanks
david jencks
I believe if I was within a web container I'd be able to use the
equivalent
of: HttpServletRequest.getUserPrincipal() ... Can someone point me
to a
reference, decently documented example or something that will tell
me what
API I need to use? I'm happy to do some reading but I've looked
around
quite a bit and I think I might be missing something... There
doesn't seem
to be a clear reference to this is the standard geronimo
documentation -
only some lite discussion for web containers.
Thanks in advance!
-Keith
--
View this message in context:
http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24111796.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
Re: Trouble obtaining JaaS login context from within EJB
Ah - yes this looks like it probably would be what I need - any idea what the geronimo implementation for this would be? Juergen Weber wrote: > > Wouldn't that be SessionContext.getCallerPrincipal() ? > > Juergen > > > -- View this message in context: http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24112824.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Trouble obtaining JaaS login context from within EJB
Wouldn't that be SessionContext.getCallerPrincipal() ?
Juergen
kistler wrote:
>
> Hello,
>
> I'm currently developing an Enterprise application which Comprises of a
> servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a
> Security Realm configured to authenticate against a SQLLoginModule. I'm
> confident that this is authenticating correctly as I have done negative
> and positive testing.
>
> I'm testing my ejb my connecting to it from a servlet as follows:
>
> CallbackHandler handler = new
> UserIdPasswordCallbackHandler(user,
> password);
> LoginContext ctx = new LoginContext("SecurityRealm",handler);
> ctx.login();
>
> This succeeds when supplied the correct credentials and throws exceptions
> with invalid credentials.
>
> I obtain a reference to the remote interface as follows:
>
> Properties prop=new Properties();
> prop.put(Context.INITIAL_CONTEXT_FACTORY,
> "org.apache.openejb.client.RemoteInitialContextFactory");
> prop.put("java.naming.provider.url",
> "ejbd://localhost:4201");
> Context context = new InitialContext(prop);
>
> Object o = context.lookup("SessionManagerBeanRemote");
> SessionManagerRemote remote = (SessionManagerRemote)o;
>
> This works correctly as I am able to call my remote ejb methods!
>
> Now - the piece I am missing is I need to be able to obtain the current
> Subject that was authenticated. ie - I need to know the identity of the
> user that has been authenticated to use this ejb and is invoking it. So
> if joe was authenticated to use the SessionManager - I need to be able to
> obtain joe's login name.
>
> I believe if I was within a web container I'd be able to use the
> equivalent of: HttpServletRequest.getUserPrincipal() ... Can someone
> point me to a reference, decently documented example or something that
> will tell me what API I need to use? I'm happy to do some reading but
> I've looked around quite a bit and I think I might be missing something...
> There doesn't seem to be a clear reference to this is the standard
> geronimo documentation - only some lite discussion for web containers.
>
> Thanks in advance!
> -Keith
>
--
View this message in context:
http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24112532.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Trouble obtaining JaaS login context from within EJB
Hello,
I'm currently developing an Enterprise application which Comprises of a
servlet and ejb for Geronimo 2.1 and I have secured the Ejb with a Security
Realm configured to authenticate against a SQLLoginModule. I'm confident
that this is authenticating correctly as I have done negative and positive
testing.
I'm testing my ejb my connecting to it from a servlet as follows:
CallbackHandler handler = new
UserIdPasswordCallbackHandler(user,
password);
LoginContext ctx = new LoginContext("SecurityRealm",handler);
ctx.login();
This succeeds when supplied the correct credentials and throws exceptions
with invalid credentials.
I obtain a reference to the remote interface as follows:
Properties prop=new Properties();
prop.put(Context.INITIAL_CONTEXT_FACTORY,
"org.apache.openejb.client.RemoteInitialContextFactory");
prop.put("java.naming.provider.url",
"ejbd://localhost:4201");
Context context = new InitialContext(prop);
Object o = context.lookup("SessionManagerBeanRemote");
SessionManagerRemote remote = (SessionManagerRemote)o;
This works correctly as I am able to call my remote ejb methods!
Now - the piece I am missing is I need to be able to obtain the current
Subject that was authenticated. ie - I need to know the identity of the
user that has been authenticated to use this ejb and is invoking it. So if
joe was authenticated to use the SessionManager - I need to be able to
obtain joe's login name.
I believe if I was within a web container I'd be able to use the equivalent
of: HttpServletRequest.getUserPrincipal() ... Can someone point me to a
reference, decently documented example or something that will tell me what
API I need to use? I'm happy to do some reading but I've looked around
quite a bit and I think I might be missing something... There doesn't seem
to be a clear reference to this is the standard geronimo documentation -
only some lite discussion for web containers.
Thanks in advance!
-Keith
--
View this message in context:
http://www.nabble.com/Trouble-obtaining-JaaS-login-context-from-within-EJB-tp24111796s134p24111796.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Shows, Ryan is out of the office.
I will be out of the office starting 06/19/2009 and will not return until 06/20/2009. I will respond to your message when I return. If urgent contact Richard Gibert. CONFIDENTIALITY WARNING This communication, including any attachments, is for the exclusive use of addressee and may contain proprietary and/or confidential information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. AVERTISSEMENT RELATIF À LA CONFIDENTIALITÉ Ce message, ainsi que les pièces qui y sont jointes, est destiné à l’usage exclusif de la personne à laquelle il s’adresse et peut contenir de l’information personnelle ou confidentielle. Si le lecteur de ce message n’en est pas le destinataire, nous l’avisons par la présente que toute diffusion, distribution, reproduction ou utilisation de son contenu est strictement interdite. Veuillez avertir sur-le-champ l’expéditeur par retour de courrier électronique et supprimez ce message ainsi que toutes les pièces jointes.
JCA and MDB
Hi all, I create a inbound JCA that connects to some JMS Queues (their name is defined in a DB accessed by hibernate classes). The deploy of the jca and the start/stop is ok. Here there is the ra.xml: http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/connector_1_5.xsd";> UBQ_JSR212_JCA_Queue Ubiquity s.r.l. JMS 1.0 it.ubiquity.sams.jms.DequeuerResourceAdapter javax.jms.MessageListener it.ubiquity.sams.jms.DequeuerActivationSpec The queue prefix queuePrefix Permissions allowed to the EIS Connector and the geronimo-ra.xml: http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"; xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0"; xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"; xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2"; xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2"; xmlns:pers="http://java.sun.com/xml/ns/persistence"; xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"; xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"; xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"; > sams.jca UBQ_JSR212_JCA_Queue 1.0 car SAMSQueueManager DefaultWorkManager I created a mdb that connects to this jca and I included it in ear. Here there is the geronimo-application.xml: http://geronimo.apache.org/xml/ns/j2ee/application-2.0"; xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"; application-name="UBQ_JSR212_EAR_Frontend" > sams.ear UBQ_JSR212_EAR_Middleware 1.0 ear the ejb-jar.xml: http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd";> UBQ_JSR212_EJB_Frontend FrontendMDB it.ubiquity.sams.jms.FrontendBean javax.jms.MessageListener Container queuePrefix f FrontendMDB * NotSupported and the openejb-jar.xml: http://openejb.apache.org/xml/ns/openejb-jar-2.2"; xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"; xmlns:security="http://geronimo.apache.org/xml/ns/security-2.0"; xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"; version="1.0" > sams.ejb UBQ_JSR212_EJB_Frontend 1.0 jar sams.jca UBQ_JSR212_JCA_Queue 1.0 car console.jms sams 1.0 console.dbpool
