David,
I'm not sure if anybody else is seeing this but I'm unable to reliably
start a server after this change. Here's the error I get (from time to
time when I try to start the server):
2008-12-04 22:26:45,686 ERROR [GBeanInstanceState] Error while
starting; GBean is now in the FAILED state:
abstractName="org.apache.geronimo.plugins.monitoring/agent/2.2-SNAPSHOT/car?EJBModule
=org.apache.geronimo.plugins.monitoring/agent/2.2-SNAPSHOT/car,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager"
javax.security.auth.login.LoginException: No LoginModules configured
for monitoring-runas-realm
at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:499)
at
org.apache.geronimo.security.ContextManager.login(ContextManager.java:83)
at
org.apache.geronimo.security.credentialstore.SimpleCredentialStoreImpl.getSubject(SimpleCredentialStoreImpl.java:100)
at
org.apache.geronimo.security.jacc.ApplicationPolicyConfigurationManager.<init>(ApplicationPolicyConfigurationManager.java:111)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at
org.apache.xbean.recipe.ReflectionUtil$ConstructorFactory.create(ReflectionUtil.java:882)
at
org.apache.xbean.recipe.ObjectRecipe.internalCreate(ObjectRecipe.java:272)
at org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:96)
at org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:61)
Jarek
On Thu, Dec 4, 2008 at 3:35 AM, <[EMAIL PROTECTED]> wrote:
> Author: djencks
> Date: Thu Dec 4 00:35:20 2008
> New Revision: 723242
>
> URL: http://svn.apache.org/viewvc?rev=723242&view=rev
> Log:
> GERONIMO-4415 Use new SimpleCredentialStore isolation features
>
> Modified:
> geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/plan.xml
>
> Modified:
> geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/plan.xml
> URL:
> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/plan.xml?rev=723242&r1=723241&r2=723242&view=diff
> ==============================================================================
> --- geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/plan.xml
> (original)
> +++ geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/plan.xml Thu
> Dec 4 00:35:20 2008
> @@ -22,6 +22,7 @@
> xmlns="http://www.openejb.org/xml/ns/openejb-jar-2.1";
> xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0";
> xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2";
> + xmlns:nam="http://geronimo.apache.org/xml/ns/naming-1.2";
> xmlns:cs="http://geronimo.apache.org/xml/ns/credentialstore-1.0";>
>
>
> @@ -37,7 +38,7 @@
> <sys:name>monitoring-credential-store</sys:name>
> </sec:credential-store-ref>
> <sec:default-subject>
> - <sec:realm>geronimo-admin</sec:realm>
> + <sec:realm>monitoring-runas-realm</sec:realm>
> <sec:id>monitoring-user</sec:id>
> </sec:default-subject>
> <sec:role-mappings>
> @@ -58,20 +59,43 @@
> <sys:gbean name="monitoring-credential-store"
> class="org.apache.geronimo.security.credentialstore.SimpleCredentialStoreImpl">
> <sys:xml-attribute name="credentialStore">
> <cs:credential-store>
> - <cs:realm name="geronimo-admin">
> + <cs:realm name="monitoring-runas-realm">
> <cs:subject>
> <cs:id>monitoring-user</cs:id>
> <cs:credential>
>
> <cs:type>org.apache.geronimo.security.credentialstore.NameCallbackHandler</cs:type>
> - <cs:value>system</cs:value>
> - </cs:credential>
> - <cs:credential>
> -
> <cs:type>org.apache.geronimo.security.credentialstore.PasswordCallbackHandler</cs:type>
> - <cs:value>manager</cs:value>
> + <cs:value>admin</cs:value>
> </cs:credential>
> </cs:subject>
> </cs:realm>
> </cs:credential-store>
> </sys:xml-attribute>
> + <sys:reference name="Realms">
> + <sys:name>monitoring-runas-realm</sys:name>
> + </sys:reference>
> + <sys:dependency>
> + <nam:name>monitoring-runas-realm</nam:name>
> + </sys:dependency>
> </sys:gbean>
> +
> + <gbean name="monitoring-runas-realm"
> + class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> + <attribute name="realmName">monitoring-runas-realm</attribute>
> + <attribute name="publish">false</attribute>
> + <xml-reference name="LoginModuleConfiguration">
> + <lc:login-config
> xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-1.2";>
> + <lc:login-module control-flag="REQUIRED">
> +
> <lc:login-domain-name>monitoring-runas-domain</lc:login-domain-name>
> +
> <lc:login-module-class>org.apache.geronimo.security.credentialstore.RunAsLoginModule</lc:login-module-class>
> + <lc:option
> name="principalClass">org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</lc:option>
> + <lc:option name="principalNames">admin</lc:option>
> + </lc:login-module>
> + </lc:login-config>
> + </xml-reference>
> + <!--<reference name="ServerInfo">-->
> + <!--<name>ServerInfo</name>-->
> + <!--</reference>-->
> + </gbean>
> +
> +
> </openejb-jar>
>
>
>
