On Apr 21, 2009, at 1:52 PM, Jonathan Gallimore wrote:
I think some defaults here would be nice - I agree, it looks like
the first
two TODOs would come about if there was some sort of config error with
openejb-jar.xml - I think we ought to handle it by assuming no
security and
carry on deploying, but log these so the user can fix the problem.
Logging seems good.
The third item strikes me like we're ok to assume that there is no
security
for the specified web service as it looks like everything is
configured
correctly but there is no security defined in openejb-jar.xml.
Is it safe to assume that null and "NONE" for transportGuarantee and
authMethod is essentially the same?
Thanks for sorting the NPE, and sorry again if it caused any hassle.
No mistake was made. The openejb build worked, patch checked in,
snapshots published. When the snaps flow out to the other projects
that use them (geronimo, servicemix, tuscany, etc.) sometimes we get
bug reports coming back in. We fix 'em, and the process starts over
again.
Tempted to tell a joke about the word "circle" starting with CI for a
reason, but it's just too cheesy even for me :)
-David
On Tue, Apr 21, 2009 at 8:09 PM, David Blevins
<[email protected]>wrote:
Had to change up part of this code to fix OPENEJB-1021: "NPE in
AppInfoBuilder.configureWebserviceSecurity()" which shows up in the
Geronimo
build.
I rearranged the configureWebserviceSecurity method just slightly.
It's
functionally equivalent, the only behavior change is the null check
on
sessionBean.getWebServiceSecurity().
Added some TODOs as it seems like there's some room to be more
vocal about
potential user mistakes and issues. Not too familiar with the
config setup,
no not sure what to recommend. Here's the code in question:
List<PortInfo> infoList = ejbJarInfo.portInfos;
for (PortInfo portInfo : infoList) {
org.apache.openejb.jee.oejb2.EnterpriseBean bean =
beans.get(portInfo.serviceLink);
if (bean == null) continue; /* TODO: throw something? */
if (!(bean instanceof SessionBeanType)) continue; /* TODO:
throw
something? */
SessionBeanType sessionBean = (SessionBeanType) bean;
WebServiceSecurityType webServiceSecurityType =
sessionBean.getWebServiceSecurity();
if (webServiceSecurityType == null) {
//TODO: this ok?
continue;
}
portInfo.realmName = webServiceSecurityType.getRealmName();
portInfo.securityRealmName =
webServiceSecurityType.getSecurityRealmName();
if (webServiceSecurityType.getTransportGuarantee() != null) {
portInfo.transportGuarantee =
webServiceSecurityType.getTransportGuarantee().value();
} else {
portInfo.transportGuarantee = "NONE";
}
if (webServiceSecurityType.getAuthMethod() != null) {
portInfo.authMethod =
webServiceSecurityType.getAuthMethod().value();
} else {
portInfo.authMethod = "NONE";
}
}
Any thoughts on what we should do with the todos?
Seems like the first one indicates they don't have any metadata in
the
openejb-jar.xml for the bean. Are there defaults that we want to
fill in in
that situation?
The second seems to indicate there is metadata for the bean, but it
is not
what we expect. Seems there's definitely some action to be taken
there.
The third (the one I just added), not sure what the right approach
is.
Seems like a variation on the first one. Might be fine to ignore it,
wonder if we need some defaults in there. Seems we supply "NONE" for
transportGuarantee and authMethod as the defaults when there is some
metadata give, wonder if we need to do that for when there is no
metadata
given.
-David
