Ooops... sorry if I've caused any problems. I think some defaults here would be nice - I agree, it looks like the first two TODOs would come about if there was some sort of config error with openejb-jar.xml - I think we ought to handle it by assuming no security and carry on deploying, but log these so the user can fix the problem.
The third item strikes me like we're ok to assume that there is no security for the specified web service as it looks like everything is configured correctly but there is no security defined in openejb-jar.xml. Thanks for sorting the NPE, and sorry again if it caused any hassle. Jon On Tue, Apr 21, 2009 at 8:09 PM, David Blevins <[email protected]>wrote: > Had to change up part of this code to fix OPENEJB-1021: "NPE in > AppInfoBuilder.configureWebserviceSecurity()" which shows up in the Geronimo > build. > > I rearranged the configureWebserviceSecurity method just slightly. It's > functionally equivalent, the only behavior change is the null check on > sessionBean.getWebServiceSecurity(). > > Added some TODOs as it seems like there's some room to be more vocal about > potential user mistakes and issues. Not too familiar with the config setup, > no not sure what to recommend. Here's the code in question: > > List<PortInfo> infoList = ejbJarInfo.portInfos; > for (PortInfo portInfo : infoList) { > > org.apache.openejb.jee.oejb2.EnterpriseBean bean = > beans.get(portInfo.serviceLink); > > if (bean == null) continue; /* TODO: throw something? */ > if (!(bean instanceof SessionBeanType)) continue; /* TODO: throw > something? */ > > SessionBeanType sessionBean = (SessionBeanType) bean; > WebServiceSecurityType webServiceSecurityType = > sessionBean.getWebServiceSecurity(); > > if (webServiceSecurityType == null) { > //TODO: this ok? > continue; > } > > portInfo.realmName = webServiceSecurityType.getRealmName(); > portInfo.securityRealmName = > webServiceSecurityType.getSecurityRealmName(); > if (webServiceSecurityType.getTransportGuarantee() != null) { > portInfo.transportGuarantee = > webServiceSecurityType.getTransportGuarantee().value(); > } else { > portInfo.transportGuarantee = "NONE"; > } > > if (webServiceSecurityType.getAuthMethod() != null) { > portInfo.authMethod = > webServiceSecurityType.getAuthMethod().value(); > } else { > portInfo.authMethod = "NONE"; > } > } > > > Any thoughts on what we should do with the todos? > > Seems like the first one indicates they don't have any metadata in the > openejb-jar.xml for the bean. Are there defaults that we want to fill in in > that situation? > > The second seems to indicate there is metadata for the bean, but it is not > what we expect. Seems there's definitely some action to be taken there. > > The third (the one I just added), not sure what the right approach is. > Seems like a variation on the first one. Might be fine to ignore it, > wonder if we need some defaults in there. Seems we supply "NONE" for > transportGuarantee and authMethod as the defaults when there is some > metadata give, wonder if we need to do that for when there is no metadata > given. > > -David > >
