On 2011-03-01 12:58, Pawel Sztromwasser wrote:
> Hi Nicklas,
> I changed the Application.getAuthenticator() to use a separate
> classloader for external login plugin (attached a diff to the ticket
> #1575) and I was able to verify user's credentials using an STS service.

Thanks for the patch. It seems simple enough. I think the exception 
handling might need to be improved since it was assumed that the 
external system always knew if it was a bad login or a bad password.

> I got a bit unexpected behavior of BASE that tried to create a new
> account for the user after it failed finding it by an externalId. Of
> course, I had not set the externalId in advance. The logins of the
> external STS service and BASE account happened to be the same, so the
> whole process failed violating the unique-key constraint on login
> column. This is sth I will need to consider when integrating two sets of
> users from different applications.

The external authentication assumes that no "local" accounts except the 
root user account exists on the BASE server. The root account is handled 
as a special case so that it is possible to access BASE even if the 
external authentication system is down.

> But there is another problem I was struggling with. And apparently not
> only me [1]. Tomcat/axis/java has a problem when two
> axis2-kernel-x.x.jar jars are in the classpath. Even if the versions are
> the same. I tried multiple combinations with axis2 1.4 and 1.5.1. I
> downgraded the plugin to use axis2-1.3 and rampart1.3. I stripped-down
> the set of jars that my plugin uses, trying to use as many libraries
> shipped with BASE as possible. In principle it should work as long as
> all the dependencies were satisfied (by parent classloader of webapp),
> but when axis2-kernel was not loaded by the same classloader as Apache
> Rampart jars, I couldn't get rampart to engage.
> It seems like it is impossible to have axis2 in more than one location
> in the classpath. The only way it works is when only one
> axis2-kernel.jar is loaded by tomcat. So I either need to include all
> dependencies of my plugin into the /WEB-INF/lib directory of BASE, and
> use axis2 shipped with BASE; or I remove the axis2-kernel-1.3.jar from
> WEB-INF/lib of BASE and load it together with my plugin and rest of its
> dependencies. The latter one will of course break BASE's Web Services. I
> haven't had problems with other jars, despite I use different version of
> (for example) axiom libraries. No conflicts with other axis2 libraries,
> only axis2-kernel.
> I am happy because it works now, although with BASE's axis2 1.3. But I
> can imagine that in some time I might need to use newer axis2, and then
> I will have to try to upgrade it in BASE as well. If it is backwards
> compatible, it should go smooth, and the BASE Web Services will work.
> But it would be still good to test. Is there a test suite available for
> BASE Web Services that I could try? Or maybe you were considering
> upgrade yourself?

Class loading can be problematic sometimes. I don't know of any specific 
problems with Axis, but it seems like you have investigated this more 
than me.

We have tried to upgrade to Axis 1.5 but unfortunately there is a bug 
when handling date values. http://base.thep.lu.se/ticket/1353#comment:8
It seems like it has been fixed but for some reason the fix hasn't been 
released yet.


Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
basedb-devel mailing list

Reply via email to