Hi Gareth,
my comments inline.
2012/7/13 Gareth Collins <[email protected]>:
Hello Achim,
A further question while I have it on my mind:
(1) If I wanted to verify the host http header is valid (i.e.to
protect against a user faking the host), before routing a request to
a
particular
web app, would that be something that could be done in Pax Web...or
could that only be done in Jetty?
I'm not sure if this could be done with jetty or is already a "valid"
method
there. So Pax web might be a good place. But beware this test might
stale the startup of Pax Web when it tries to look for a valid
address.
(2) Would it be a foolish idea to be able to choose connectors via a
Manifest Header (potentially called "Web-Connectors", again with a
default in the Pax Web Configuration)? Something like what is shown
in
"Alternative" here (I am assuming that the preferred multiple jetty
servers implementation would be a substantial amount of work):
Well what already can be done is the posibility to configure
multiple Jetty Connectors through the jetty.xml.
So I think adding a special Manifest Entry for the webapp might be a
nice addon.
I think that this might be even a nice idea to make this
configuration somehow available for servlets beeing registered either
through
the http service or through the whiteboard extender.
http://docs.codehaus.org/display/JETTY/How+to+serve+webbapp+A+from+portA+and+webapp+B+from+portB
Perhaps this is the better internal/external security option?
thanks,
Gareth
On Thu, Jul 12, 2012 at 3:08 PM, Gareth Collins
<[email protected]> wrote:
Hello Achim,
I believe I am already a member of ops4j team (garethcollins) on
github. I have forked pax-web to
start work on this. Once I am done, if you could verify/provide
feedback on my change it would be much appreciated.
Of course, this has proven to be a quite practial thing in the past :)
If you are happy that I have not done anything completely foolish
and
I have verified the change works then I will
pull and approve my pull.
+1 :)
A couple of questions I am a little unsure of yet:
(1) Would this be a reasonable prioritization for setting virtual
hosts?:
(a) If virtual hosts is set in jetty-web.xml, use that value.
(b) Else if set in Web-VirtualHosts header, use that value.
(c) Else default to the configured value. If that configured
value
is null, virtual hosts should not be set.
sounds fair enough since a jetty-web.xml might be a valid
configuration for a "standalon" war also.
(2) If Pax Web configuration is changed via configuration admin,
does
Pax Web restart...or does it try to
only change the delta somehow (handling deltas may potentially make
my
task harder)?
Since it's a managed Service the default behaviour of OSGi is taking
care of this.
So the service in question is stoped and restarted. In this case you
don't need
think about a delta behaviour :)
thanks again,
Gareth
Actually I have to thank you, cause this is the work the community
needs to be a successfull
community.
Regards, Achim
On Thu, Jul 12, 2012 at 4:29 AM, Achim Nierbeck
<[email protected]> wrote:
Hi Gareth,
thanks for sharing your thoughts, my comments inline :)
2012/7/11 Gareth Collins <[email protected]>:
Hello Achim,
I have a proposal (which solves my problem). Would this be
foolish?:
Proposals are never foolish, it's always a good starting point for
a
good discussion :)
(1) Add a new Manifest Header Web-VirtualHosts which lists the
virtual
hosts for the webapp.
Their are at least two advantages of setting the virtual hosts
this way:
(a) it is webapp container type independent.
(b) the header can be set as part of the war url (I have set
arbitrary header names this way in the past).
A new Manifest Header actually could be really useful.
So +1 for this Idea.
(2) Add a new configuration item for Pax Web, which, if not null
describes a default set
of Virtual Hosts (i.e. to allow restrict by default for webapps
such
as the activemq or karaf console).
+1 for the configuration item.
The default should be null so I'm quite fine with this idea :)
I had a look at the Pax Web code. It doesn't appear that it should
be
that hard to implement (I believe I can see how to pass the
information
via the WebApp through to the Jetty ContextHandler). If I
implemented
such a feature would you merge it in?
First of all thank you for willing to contribute,
second we at ops4j rather give you direct access then applying
patches :)
So If you give me your Github Account name I'll add you to the
committers list.
If you want me to review this before "merge" to trunk
you can either start a branch in the ops4j repo
or start your own branch in your own repository and I
will happily review it.
It turned out in the past that this was a quite good way of working
together
thanks in advance,
Gareth
I have to thank you for committing :)
Achim
On Tue, Jul 10, 2012 at 5:54 PM, Achim Nierbeck
<[email protected]> wrote:
Hi Gareth,
sorry it took me a bit longer :)
yes you need to make sure the jetty-web.xml file is contained
inside
the war/wab next to
the std. web.xml file.
Concerning the jetty.xml file you might be able to "alter"
certain behaviour for
allready deployed applications, though I have to admitt thinking
more
about this
this probably won't work due to the way the war/wabs are
deployed.
regards, Achim
2012/7/9 Gareth Collins <[email protected]>:
Hello Achim,
Thank you very much for the response. I did look at the Jetty
Eclipse
wiki and it wasn't obvious
to me how I could do what I think I need via jetty.xml. I will
keep researching.
Say I wanted to add this jetty-web.xml file to the war/wab on
install
(because I don't know until install
what the virtual hosts will be). Would this be something that
logically would be part of the war
url handler...or would this need to be something different
(especially
since it would be jetty specific - e.g.
a "jvh - Jetty Virtual Host" url handler?)?
Just trying to understand how this potentially could be done (I
am
assuming that if I wanted this I would
need to implement it).
thanks in advance,
Gareth
On Sat, Jul 7, 2012 at 3:32 PM, Achim Nierbeck
<[email protected]> wrote:
Hi Gareth,
comments inline
2012/7/6 Gareth Collins <[email protected]>:
Hello Achim,
Just letting you know I have migrated all my webapps over to
the pax
web trunk (i.e. which includes
the fix) successfully. It is working great now. Thankyou!
great to hear
always welcome :)
The next thing I wanted to try out was the new Virtual Hosts
feature.
I looked at the pax web examples
and the jetty documentation. For pax web, it appears like the
only way
to do this is via a file (jetty-web.xml) in the war.
Is this correct?
indeed as pax-web does only "configure" jetty it's the
jetty-web.xml
for configuring.
I ask because I was hoping to restrict access to third-party
wars
(such as the activemq web war or the karaf console)
to specific virtual hosts (i.e. I don't want these on an
external
facing port/IP). Is that something I can do without editing
these third-party wars and adding the jetty-web.xml file (if I
have
to, I have to - just seeing if I am missing something here)?
ok, to restrict to specific virtual hosts is a kind of tricky
please follow the instructions in [1].
But you will have a hard time configuring this to different
ports.
What I haven't tried yet but might be a possible solution to
not
alter certain wars is to try to configure this via the
jetty.xml.
regards, Achim
[1] -
http://wiki.eclipse.org/Jetty/Howto/Configure_Virtual_Hosts
thanks in advance,
Gareth
On Thu, Jun 21, 2012 at 8:50 AM, Gareth Collins
<[email protected]> wrote:
Thanks very much!
Gareth
On Tue, Jun 19, 2012 at 9:25 PM, Achim Nierbeck
<[email protected]> wrote:
Hi Gareth,
I just took care of it.
I'm going to release a new version of Pax web ASAP, latest
beginning of next
week :)
regards, Achim
Am 19.06.2012 19:18, schrieb Gareth Collins:
Hello Achim,
Added:
http://team.ops4j.org/browse/PAXWEB-384
I can have a go at fixing it next week (as it is somewhat a
showstopper
for me)
when I get back home.
thanks again,
Gareth
On Sun, Jun 17, 2012 at 6:36 PM, Achim Nierbeck
<[email protected]>
wrote:
Hi Gareth,
could you open an issue for this, I think limiting this to
just 2 *.xml
files is probably wrong.
This is probably more a thinking of the old times where
the web.xml was
supposed to be a single file.
Opening this to include a jetty-web.xml is probably the
cause for this.
Regards, Achim
Am 16.06.2012 05:08, schrieb Gareth Collins:
Hello,
As I see that some new software has been updated recently
(such as Pax
Web 2.0.0 - thankyou!) I decided to go back
and try to update my OSGi dependencies and streamline my
environment
(which is why I was interested in removing
the start ordering dependency in pax confman).
Anyway one of the first things I am trying to do in my
updated
environment is to get the updated 5.6.0 activemq web
console
to play nicely with the updated Pax Web. I am getting an
error from
Pax Web and I am not sure what it means (this is with
equinox 3.6.2
with the bndtools launcher). Is this suggesting there is
something
wrong with the activemq web console war or is this
suggesting
something else? There are seven XML files in the activemq
WEB-INF
directory:
20:50:23,521 | DEBUG | Gogo shell |
..swissbox.extender.BundleWatcher[216] | []:[] | Found
resources
[bundleentry://11.fwk2060982148/WEB-INF/web.xml,
bundleentry://11.fwk2060982148/WEB-INF/webconsole-default.xml,
bundleentry://11.fwk2060982148/WEB-INF/webconsole-embedded.xml,
bundleentry://11.fwk2060982148/WEB-INF/webconsole-invm.xml,
bundleentry://11.fwk2060982148/WEB-INF/webconsole-jndi.xml,
bundleentry://11.fwk2060982148/WEB-INF/webconsole-properties.xml,
bundleentry://11.fwk2060982148/WEB-INF/webconsole-query.xml]
20:50:23,527 | INFO | Executor: 1 |
..war.internal.WebXmlObserver[117] | []:[] | Using
[activemqweb] as
web application context name
20:50:23,527 | DEBUG | Framework Event Dispatcher |
..apache.activemq.activemq-web-console[?] | []:[] |
BundleEvent
STARTED
20:50:23,527 | ERROR | Executor: 1 |
..war.internal.WebXmlObserver[124] | []:[] | Number of
xml's was not
lesser than 3. Was: 7
org.ops4j.lang.PreConditionException: Number of xml's was
not lesser
than 3. Was: 7
at
org.ops4j.lang.PreConditionException.validateLesserThan(PreConditionException.java:155)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0]
at
org.ops4j.pax.web.extender.war.internal.WebXmlObserver.addingEntries(WebXmlObserver.java:121)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0]
at
org.ops4j.pax.swissbox.extender.BundleWatcher$3.run(BundleWatcher.java:224)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)[:1.6.0_31]
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)[:1.6.0_31]
at
java.util.concurrent.FutureTask.run(FutureTask.java:138)[:1.6.0_31]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)[:1.6.0_31]
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)[:1.6.0_31]
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)[:1.6.0_31]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)[:1.6.0_31]
at
java.lang.Thread.run(Thread.java:680)[:1.6.0_31]
20:50:23,528 | DEBUG | Executor: 1 |
..war.internal.WebEventDispatcher[130] | []:[] | Sending
web event
WebEvent [replay=false, type=5,
bundle=org.apache.activemq.activemq-web-console_5.6.0
[11],
extenderBundle=org.ops4j.pax.web.pax-web-extender-war_2.0.0 [33],
cause=org.ops4j.lang.PreConditionException: Number of
xml's was not
lesser than 3. Was: 7, timestamp=1339807823528,
contextPath=/activemqweb, collisionIds=null,
httpService=null,
httpContext=null] for bundle
org.apache.activemq.activemq-web-console
20:50:23,531 | DEBUG | WebListenerExecutor: 2 |
..pax.web.pax-web-extender-war[?] | []:[] |
org/osgi/service/web/FAILED
If anyone could indicate what this error may mean (is
there really a
max xml file limit in this directory?), it would be much
appreciated.
thanks in advance,
Gareth
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
--
- Apache Karaf <http://karaf.apache.org/> Committer & PMC
- OPS4J Pax Web
<http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer &
Project Lead
- OPS4J Pax for Vaadin
<http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
Committer & Project Lead
- Blog <http://notizblog.nierbeck.de/>
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
--
- Apache Karaf <http://karaf.apache.org/> Committer & PMC
- OPS4J Pax Web
<http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
- OPS4J Pax for Vaadin
<http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
Committer & Project Lead
- Blog <http://notizblog.nierbeck.de/>
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer & Project Lead
OPS4J Pax for Vaadin
<http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter &
Project
Lead
blog <http://notizblog.nierbeck.de/>
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer & Project Lead
OPS4J Pax for Vaadin
<http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter &
Project
Lead
blog <http://notizblog.nierbeck.de/>
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer & Project Lead
OPS4J Pax for Vaadin
<http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter &
Project
Lead
blog <http://notizblog.nierbeck.de/>
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
--
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
Committer & Project Lead
OPS4J Pax for Vaadin
<http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project
Lead
blog <http://notizblog.nierbeck.de/>
_______________________________________________
general mailing list
[email protected]
http://lists.ops4j.org/mailman/listinfo/general
