darn, I thought I'd fixed that....
I moved the offending gbean to a parent plugin, but I'm having trouble
with my build so haven't actually tested it. If I made things worse
you can revert r. 723644
thanks
david jencks
On Dec 4, 2008, at 8:49 PM, Jarek Gawor wrote:
David,
I'm not sure if anybody else is seeing this but I'm unable to reliably
start a server after this change. Here's the error I get (from time to
time when I try to start the server):
2008-12-04 22:26:45,686 ERROR [GBeanInstanceState] Error while
starting; GBean is now in the FAILED state:
abstractName="org.apache.geronimo.plugins.monitoring/agent/2.2-
SNAPSHOT/car?EJBModule
=org.apache.geronimo.plugins.monitoring/agent/2.2-SNAPSHOT/
car,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager"
javax.security.auth.login.LoginException: No LoginModules configured
for monitoring-runas-realm
at
javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:499)
at
org
.apache.geronimo.security.ContextManager.login(ContextManager.java:83)
at
org
.apache
.geronimo
.security
.credentialstore
.SimpleCredentialStoreImpl.getSubject(SimpleCredentialStoreImpl.java:
100)
at
org
.apache
.geronimo
.security
.jacc
.ApplicationPolicyConfigurationManager
.<init>(ApplicationPolicyConfigurationManager.java:111)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun
.reflect
.NativeConstructorAccessorImpl
.newInstance(NativeConstructorAccessorImpl.java:39)
at
sun
.reflect
.DelegatingConstructorAccessorImpl
.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:
494)
at org.apache.xbean.recipe.ReflectionUtil
$ConstructorFactory.create(ReflectionUtil.java:882)
at
org
.apache.xbean.recipe.ObjectRecipe.internalCreate(ObjectRecipe.java:
272)
at
org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:96)
at
org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:61)
Jarek
On Thu, Dec 4, 2008 at 3:35 AM, <[EMAIL PROTECTED]> wrote:
Author: djencks
Date: Thu Dec 4 00:35:20 2008
New Revision: 723242
URL: http://svn.apache.org/viewvc?rev=723242&view=rev
Log:
GERONIMO-4415 Use new SimpleCredentialStore isolation features
Modified:
geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/
plan.xml
Modified: geronimo/server/trunk/plugins/monitoring/agent/src/main/
plan/plan.xml
URL:
http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/plan.xml?rev=723242&r1=723241&r2=723242&view=diff
=
=
=
=
=
=
=
=
=
=====================================================================
--- geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/
plan.xml (original)
+++ geronimo/server/trunk/plugins/monitoring/agent/src/main/plan/
plan.xml Thu Dec 4 00:35:20 2008
@@ -22,6 +22,7 @@
xmlns="http://www.openejb.org/xml/ns/openejb-jar-2.1";
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0";
xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2";
+ xmlns:nam="http://geronimo.apache.org/xml/ns/naming-1.2";
xmlns:cs="http://geronimo.apache.org/xml/ns/credentialstore-1.0
">
@@ -37,7 +38,7 @@
<sys:name>monitoring-credential-store</sys:name>
</sec:credential-store-ref>
<sec:default-subject>
- <sec:realm>geronimo-admin</sec:realm>
+ <sec:realm>monitoring-runas-realm</sec:realm>
<sec:id>monitoring-user</sec:id>
</sec:default-subject>
<sec:role-mappings>
@@ -58,20 +59,43 @@
<sys:gbean name="monitoring-credential-store"
class
=
"org
.apache.geronimo.security.credentialstore.SimpleCredentialStoreImpl">
<sys:xml-attribute name="credentialStore">
<cs:credential-store>
- <cs:realm name="geronimo-admin">
+ <cs:realm name="monitoring-runas-realm">
<cs:subject>
<cs:id>monitoring-user</cs:id>
<cs:credential>
<
cs:type
>org.apache.geronimo.security.credentialstore.NameCallbackHandler</
cs:type>
- <cs:value>system</cs:value>
- </cs:credential>
- <cs:credential>
-
<
cs:type
>
org
.apache.geronimo.security.credentialstore.PasswordCallbackHandler</
cs:type>
- <cs:value>manager</cs:value>
+ <cs:value>admin</cs:value>
</cs:credential>
</cs:subject>
</cs:realm>
</cs:credential-store>
</sys:xml-attribute>
+ <sys:reference name="Realms">
+ <sys:name>monitoring-runas-realm</sys:name>
+ </sys:reference>
+ <sys:dependency>
+ <nam:name>monitoring-runas-realm</nam:name>
+ </sys:dependency>
</sys:gbean>
+
+ <gbean name="monitoring-runas-realm"
+
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
+ <attribute name="realmName">monitoring-runas-realm</
attribute>
+ <attribute name="publish">false</attribute>
+ <xml-reference name="LoginModuleConfiguration">
+ <lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-1.2
">
+ <lc:login-module control-flag="REQUIRED">
+ <lc:login-domain-name>monitoring-runas-domain</
lc:login-domain-name>
+ <lc:login-module-
class
>org.apache.geronimo.security.credentialstore.RunAsLoginModule</
lc:login-module-class>
+ <lc:option
name
=
"principalClass
">
org
.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</
lc:option>
+ <lc:option name="principalNames">admin</
lc:option>
+ </lc:login-module>
+ </lc:login-config>
+ </xml-reference>
+ <!--<reference name="ServerInfo">-->
+ <!--<name>ServerInfo</name>-->
+ <!--</reference>-->
+ </gbean>
+
+
</openejb-jar>
