Scott M Stark wrote: > > So I see three options here. > 1. Take the 10k your saving and write 10k worth of docs. > 2. Send 10k to JBoss and we'll write 10k worth of docs. > 3. Read the ultimate docs(the source) and save 10k less the hours it takes you. > I'll second that. There's nothing worse than folk moaning unconstructively (in capitals too) on mailing lists like this because everything isn't quite the way they would like it to be. I've just been working through your JAAS security howto this week and was very impressed with the security integration stuff and also with how much effort had gone into producing all this documentation (and examples - yes there *are* examples) to help people understand how to get it working. And all in addition to developing and maintaining jboss itself (not to mention earning a living too). OK, so it's not all handed to you on a plate, but I think the manual is improving a lot and if people just would just invest a bit of time to look through it and the website, try some stuff out, check the mailing list archives (or newsgroups for EJB stuff in general) and then finally post specific problems or constructive comments then it would save a lot of people's time and unnecessary traffic in the list. General ranting or demands for instant gratification after spending 10 minutes working on a problem are not going to help the situation at all. Having got that off my chest, and in addition to saying thanks, Scott, for all your hard work, can I just make a few minor (constructive :-) comments and suggestions on docs and the use of security with the integrated tomcat/jboss distribution. 1. The JAAS howto contains a lot of useful information on integration with tomcat (and examples), so should probably be linked to from the tomcat howto. 2. The jboss-2.2.2_tomcat_3.2.2 distribution now uses the org.jboss.tomcat.security.JBossSecurityMgrRealm by default and this doesn't seem to be documented - also the source (which explains what it does) doesn't come with the server and not everyone knows about the contrib module or how to access it with cvs. Maybe the full embedded-tomcat source should be included in the combined distribution. 3. Using the integrated distribution out of the box, attempting to use an application with web security-constraints throws a NullPointerException in the above class: [EmbeddedTomcatSX] User: null is authenticated 2001-06-12 05:21:34 - Ctx( /qn ): Exception in: R( /qn + /admin/index.jsp + null) - java.lang.NullPointerException at org.jboss.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:113) at org.apache.tomcat.core.ContextManager.doAuthenticate(ContextManager.java:837) at org.apache.tomcat.core.RequestImpl.getRemoteUser(RequestImpl.java:341) at org.jboss.tomcat.security.JBossSecurityMgrRealm.authorize(JBossSecurityMgrRealm.java:148) at org.apache.tomcat.core.ContextManager.doAuthorize(ContextManager.java:855) This happens when you first try to access secured web content. It can be fixed by working through the JAAS tutorial and configuring your application properly with a security domain in the same way as the examples, but the initial error doesn't provide much of a pointer (no pun intended :-) to what you should do next. 4. The above error also happens if you have your jboss-web.xml file in the wrong place (i.e. not in WEB-INF) like I did for a while by accident. Jboss-web.xml only seems to be mentioned in a few obscure places and should probably be mentioned in the configuration chapter. Again you can work out all this from the examples but it could be overlooked. 5. The distribution contains an out of date set of docs for JBoss 2.0 - including one for tomcat which mentions various things (e.g. "unifying the security model") as future enhancements when in fact they are already done (I believe). This should probably be removed as it will just cause confusion. All the best, Luke. > ----- Original Message ----- > From: "Ivan Bolcina" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, June 11, 2001 11:03 PM > Subject: RE: [JBoss-user] manual > > > I TOTALLY AGREE. BAD DOCUMENTATION MIGHT BE DEATH OF JBOSS. PLEASE DO > > EXAMPLES. > > WHY PEOPLE PAY 10K FOR COMMERCIAL EJB SERVERS? BECAUSE OF DOCUMENTATION! > > IT'S EASY! > > -- Neu: sunrise hat jetzt noch günstigere Surfpreise! Sofort profitieren! http://go.sunrise.ch/de/promo1 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user