Re: Deployment error in Geronimo v2.1 with security elements in web-xml

Mon, 12 Jan 2009 01:34:49 -0800 

Hi Gary,
After some thought we decided that if someone went to the trouble to include security constraints in their web.xml we should assume that they really want their app secured and to refuse to deploy it if the non standard parts of the security configuration are missing from the geronimo plan. In this way it is harder to accidentally deploy your app without security. 


The additional information you need in the geronimo plan is the name  
of a security realm to use for logins and the mapping information  
between principals added to the Subject security identity by the login  
modules and the application level roles used in the security  
constraints.



I don't see any good documentation on how to set this up but there is  
a little bit of info at the end of this page:


http://cwiki.apache.org/GMOxDOC22/configuring-run-as-and-default-subjects-and-principal-role-mapping.html


What might be more useful is an example to look at such as this one  
from our integration testsuite:


https://svn.apache.org/repos/asf/geronimo/server/trunk/testsuite/security-testsuite/test-security/src/main/webapp/WEB-INF/geronimo-web.xml

thanks
david jencks




On Jan 11, 2009, at 2:24 PM, Gary Marshall wrote:


Hello all:

I am trying to deploy application app01a from Budi Kurniawan's book  
Struts 2 Design and Programming - A Tutorial.  You can download the   
app01a application here: http://jtute.com.  Click on "Book Code  
Download"  then Struts 2 Design and Programming: A Tutorial.


Here is the Deployment Descriptor (web.xml) file provided in this app:
 <?xml version="1.0" encoding="ISO-8859-1"?>

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";  
xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd 
" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd 
" version="2.5">

<servlet>
<servlet-name>Controller</servlet-name>
<servlet-class>app01a.ControllerServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Controller</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>JSPs</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>

As you can see there exists a <security-constraint> element.  When I  
try to deploy this app in my Geronimo v2.1, I get this error:



web.xml for web app default/app01a/1.0/car includes security  
elements but Geronimo deployment plan is not provided or does not  
contain <security-realm-name> element necessary to configure  
security accordingly.
org.apache.geronimo.common.DeploymentException: web.xml for web app  
default/app01a/1.0/car includes security elements but Geronimo  
deployment plan is not provided or does not contain <security-realm- 
name> element necessary to configure security accordingly.
 at  
org 
.apache 
.geronimo 
.web25 
.deployment 
.AbstractWebModuleBuilder 
.basicInitContext(AbstractWebModuleBuilder.java:349)
 at  
org 
.apache 
.geronimo 
.tomcat 
.deployment.TomcatModuleBuilder.initContext(TomcatModuleBuilder.java: 
330)
 at  
org 
.apache 
.geronimo 
.j2ee 
.deployment 
.SwitchingModuleBuilder.initContext(SwitchingModuleBuilder.java:159)
 at  
org 
.apache 
.geronimo 
.j2ee 
.deployment 
.EARConfigBuilder.buildConfiguration(EARConfigBuilder.java:595)

 at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:254)
 at org.apache.geronimo.deployment.Deployer.deploy(Deployer.java:133)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

 at  
sun 
.reflect 
.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at  
sun 
.reflect 
.DelegatingMethodAccessorImpl 
.invoke(DelegatingMethodAccessorImpl.java:25)

 at java.lang.reflect.Method.invoke(Method.java:597)

 at  
org 
.apache 
.geronimo 
.gbean 
.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java: 
34)
 at  
org 
.apache 
.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:124)
 at  
org 
.apache 
.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:867)
 at  
org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java: 
239)
 at  
org 
.apache 
.geronimo 
.deployment 
.plugin 
.local.AbstractDeployCommand.doDeploy(AbstractDeployCommand.java:116)
 at  
org 
.apache 
.geronimo 
.deployment 
.plugin.local.DistributeCommand.run(DistributeCommand.java:61)

 at java.lang.Thread.run(Thread.java:619)

I have tried Google searches to try and find out how to get around  
this error.  I found one posting that showed what looked like this  
was fixed in an earlier version of G.  I would like to keep the  
<security-constraint> element if at all possible.



Can somebody please assist?  Is this fixed in the version of G that  
I have?  Is there a workaround or should I just take out the  
<security-constraint> element?  Do I need some kind of deployment  
plan that I have to add to my G installation?


Thanks to all for your time.

Gary

























					Reply via email to