Dain,
If you can handle this in code, I am all for it...as I have said I have
been unsuccessful with this with Tomcat. Lets give it a shot and see if
it works...if so...this is great.
As for security...I coded in some GBean attributes that allow you to
declare the following via GBean attributes:
javax.security.jacc.PolicyConfigurationFactory.provider
javax.security.jacc.policy.provider
javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword
However, if they are declared on the command line, then those rule and
it will ignore the GBean attributes. We could easily add additional
attributes for the security service. But again...we need to be careful
when the JVM needs these or it may be too late.
Jeff
Dain Sundstrom wrote:
If at all possible I'd like to handle these in Java code, since shell
scripts aren't very portable or IDE friendly. I believe that the
endorsed dir is settable in java code. I don't think we need the ext
dirs as we handle class loaders directly, and as for the security
stuff, I just don't know what we are using.... Alan? Jeff?
-dain
On Jul 4, 2005, at 1:31 PM, Kresten Krab Thorup wrote:
It seems that there is a handful of things that are very difficult to
set programatically because their values are processed very early in
JVM initialization, and so we have simply added these to startup
scripts in our appserver. From the top of my head, these include
-Djava.ext.dirs=
-Djava.endorsed.dirs=
-Djava.security.policy= [unless you implement your
own PolicyProvider]
-Djava.security.auth.policy= [JAAS thing, only needed for 1.3
JVMs]
It's always such a hassle that these have to be added manually...
Kresten
On Jul 4, 2005, at 9:42 PM, Dain Sundstrom wrote:
I think the trick is you must set the value before the vm attempt to
load any classes from the endorsed packages (xml, corba and a few
others).
-dain
On Jul 4, 2005, at 11:40 AM, Jeff Genender wrote:
Well if thats working for TCK...I'll be the first to admit I am wrong.
Early on in the Tomcat integration development, we attempted to set
the endorsed.dir in the TomcatContainer GBean through an attribute,
but it never stuck. We could never get the Tomcat container to
launch without the dreaded XML/Doc error. Perhaps it needs to be
done in the main class as opposed to the TomcatContainer (could
this have to do with when the classes are loaded?). I am willing
to try this out. Could you point me in the direction to where this
gets set in the main class? I would be happy to verify this indeed
works (or doesn't work) with Tomcat.
Jeff
Dain Sundstrom wrote:
That is weird. The endorsed dir in the main class seems to work
for the TCK tests.
-dain
On Jul 4, 2005, at 9:57 AM, Jeff Genender wrote:
Dain,
This won't work...the JVM seems to need this at startup. We
tried having the classes set this property themselves, but there
is something in pre-startup of the JVM that requires this
setting in order for the endorsed dirs to take effect. Setting
it once the JVM has started results in the endorsed.dir property
being ignored.
Jeff
Dain Sundstrom wrote:
That should be added automatically by the main class.
-dain
On Jul 3, 2005, at 9:36 PM, Jeff Genender (JIRA) wrote:
[ http://issues.apache.org/jira/browse/GERONIMO-693?
page=comments#action_12314982 ]
Jeff Genender commented on GERONIMO-693:
----------------------------------------
Do not forget the -Djava.endorsed.dirs=lib/endorsed to the
java command line in these scripts or Tomcat will not run.
Need startup scripts in bin directory
-------------------------------------
Key: GERONIMO-693
URL: http://issues.apache.org/jira/browse/GERONIMO-693
Project: Geronimo
Type: New Feature
Environment: Windows, Linux, Mac OS X
Reporter: Erin Mulder
Assignee: John Sisson
Priority: Minor
It would be nice to have obvious startup.sh and startup.bat
scripts in the bin directory so that the user doesn't need to
look at the README file to figure out how to start the
server. (java - jar bin/server.jar isn't hard -- it's just
not quite as brainless as a script called "startup").
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the
administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
