[jira] Closed: (GERONIMO-4601) Removing all statistics for one server resulted in exception and the configuration is not saved
[
https://issues.apache.org/jira/browse/GERONIMO-4601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jack Cai closed GERONIMO-4601.
--
Resolution: Invalid
There must be something crazy going on with my machine last time. As I look
into the code of the method
org.apache.geronimo.monitoring.MasterRemoteControl.getSnapshotDuration(), it
seems impossible that such an Exception was thrown, see -
{code}
public Long getSnapshotDuration() {
// return what is stored in the snapshot-config.xml or default value
try {
String returnedDuration =
SnapshotConfigXMLBuilder.getAttributeValue( DURATION ); // How can an Exception
escape this try??
return Long.parseLong( returnedDuration );
} catch(Exception e) {
return DEFAULT_DURATION; // the default
}
}
{code}
Would really appreciate if someone knows some insight about this...
Anyway, I can't reproduce this exception any more. Cancelling this issue.
Removing all statistics for one server resulted in exception and the
configuration is not saved
---
Key: GERONIMO-4601
URL: https://issues.apache.org/jira/browse/GERONIMO-4601
Project: Geronimo
Issue Type: Bug
Security Level: public(Regular issues)
Components: monitoring
Affects Versions: 2.1.5
Reporter: Jack Cai
Assignee: Jack Cai
Priority: Minor
If all statistics are removed for one server, then there is the below
exception in the server log, and the configuratiion is not saved - after
refresh, you get the old statistics back.
2009-03-25 16:17:31,109 ERROR [SnapshotConfigXMLBuilder] 文件过早结束。
org.xml.sax.SAXParseException: 文件过早结束。
at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown Source)
at javax.xml.parsers.DocumentBuilder.parse(Unknown Source)
at
org.apache.geronimo.monitoring.snapshot.SnapshotConfigXMLBuilder.openDocument(SnapshotConfigXMLBuilder.java:286)
at
org.apache.geronimo.monitoring.snapshot.SnapshotConfigXMLBuilder.getAttributeValue(SnapshotConfigXMLBuilder.java:197)
at
org.apache.geronimo.monitoring.MasterRemoteControl.getSnapshotDuration(MasterRemoteControl.java:320)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at
org.apache.openejb.core.interceptor.ReflectionInvocationContext$Invocation.invoke(ReflectionInvocationContext.java:158)
at
org.apache.openejb.core.interceptor.ReflectionInvocationContext.proceed(ReflectionInvocationContext.java:141)
at
org.apache.openejb.core.interceptor.InterceptorStack.invoke(InterceptorStack.java:67)
at
org.apache.openejb.core.stateless.StatelessContainer._invoke(StatelessContainer.java:210)
at
org.apache.openejb.core.stateless.StatelessContainer._invoke(StatelessContainer.java:188)
at
org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:165)
at
org.apache.openejb.server.ejbd.EjbRequestHandler.doEjbObject_BUSINESS_METHOD(EjbRequestHandler.java:238)
at
org.apache.openejb.server.ejbd.EjbRequestHandler.processRequest(EjbRequestHandler.java:129)
at
org.apache.openejb.server.ejbd.EjbDaemon.processEjbRequest(EjbDaemon.java:164)
at org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:122)
at org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:84)
at org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:60)
at org.apache.openejb.server.ServicePool$2.run(ServicePool.java:78)
at org.apache.openejb.server.ServicePool$3.run(ServicePool.java:101)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:810)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: GBean annotation docs
Thanks David. How to develop a GBean using annotations is now also documented (based on your doc) in http://cwiki.apache.org/GMOxDOC22/gbean-annotations.html I am using another sample GBean to make it in line with the GBean in http://cwiki.apache.org/GMOxDOC22/developing-and-deploying-a-geronimo-gbean.html Comments are appreciated. 2008/9/20 David Blevins david.blev...@visi.com Didn't see them documented anywhere so I threw up a basic doc using Gianny's commit info and a few code examples. Might be a doc in another space I didn't notice. http://cwiki.apache.org/GMOxDEV/gbean-annotations.html Feel free to expand upon it. -David
[jira] Created: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
Useless META-INF dir in the JEE server assembly --- Key: GERONIMO-4607 URL: https://issues.apache.org/jira/browse/GERONIMO-4607 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: buildsystem Affects Versions: 2.1.4, 2.2 Reporter: Jack Cai Priority: Minor In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
[ https://issues.apache.org/jira/browse/GERONIMO-4607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai updated GERONIMO-4607: --- Attachment: Geronimo-4607.patch Providing a fix. Useless META-INF dir in the JEE server assembly --- Key: GERONIMO-4607 URL: https://issues.apache.org/jira/browse/GERONIMO-4607 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: buildsystem Affects Versions: 2.1.4, 2.2 Reporter: Jack Cai Priority: Minor Attachments: Geronimo-4607.patch In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GERONIMO-4608) java.io.EOFException when reading ejb response
java.io.EOFException when reading ejb response --- Key: GERONIMO-4608 URL: https://issues.apache.org/jira/browse/GERONIMO-4608 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: OpenEJB Affects Versions: 2.1.4 Environment: Windows Reporter: Jack Cai In the monitoring admin console page, define a server, enable query and then view its statistics. Keep refreshing the server view page, and soon there will be a server is offline message. Initial debugging reveals when the jsp access the server-side agent ejb, there is a java.io.EOFException thrown during the reading of ejb response. An old mail discussion also mentioned this problem, see [1]. This problem only occurs on Windows system. [1] http://www.nabble.com/error-on-running-tests-on-windows-tt16618112.html -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-4394) Run Geronimo as a Windows service out of box
[ https://issues.apache.org/jira/browse/GERONIMO-4394?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4394. -- Run Geronimo as a Windows service out of box Key: GERONIMO-4394 URL: https://issues.apache.org/jira/browse/GERONIMO-4394 Project: Geronimo Issue Type: New Feature Security Level: public(Regular issues) Components: commands Environment: Windows platforms Reporter: Jack Cai Assignee: Jarek Gawor Fix For: 2.1.4, 2.2 Attachments: GERONIMO-4394_Jack_1219.patch, geronimosrv.exe, geronimosrvw.exe, osservice.zip, README Although there is already an option provided by the Java Service Wrapper, some users are more interested in seeing something similar to what is provided by Tomcat. Provided that we can easily take the technology from Tomcat (http://commons.apache.org/daemon/procrun.html), I'm keen to implement this same thing for Geronimo. The advantage of using Apache Commons procrun is that - 1. Out-of-box experience, no need to download and install a third party component; 2. Tray icon that further improves usability. Eventually we would think to provide this run as a service capability for Linux/Unix platforms, but Windows would be a good start. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-4463) Display complete usage information in the geronimo command
[ https://issues.apache.org/jira/browse/GERONIMO-4463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4463. -- Thanks Jarek. Closing this issue. Display complete usage information in the geronimo command -- Key: GERONIMO-4463 URL: https://issues.apache.org/jira/browse/GERONIMO-4463 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: commands Affects Versions: 2.1.3, 2.2 Environment: All OS Reporter: Jack Cai Assignee: Jarek Gawor Priority: Minor Fix For: 2.1.4, 2.2 Attachments: GERONIMO-4463_Jack.patch The usage information of the geronimo command does not show the --host and --secure option. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-4462) Allow JAVA_HOME to point to a JRE in Windows OS
[ https://issues.apache.org/jira/browse/GERONIMO-4462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4462. -- Thanks Jarek. Closing this issue. Allow JAVA_HOME to point to a JRE in Windows OS --- Key: GERONIMO-4462 URL: https://issues.apache.org/jira/browse/GERONIMO-4462 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: commands Affects Versions: 2.1.3, 2.2 Environment: Windows OS Reporter: Jack Cai Assignee: Jarek Gawor Priority: Minor Fix For: 2.1.4, 2.2 Attachments: GERONIMO-4462_Jack.patch Currently the setjavaenv.bat script will set JRE_HOME=JAVA_HOME if JRE_HOME is not set. This requires JAVA_HOME to point to a JDK installation. Otherwise the geronimo.bat script will fail to launch because JAVA_HOME\jre is not a valid dir. This is an unnecessary requirement. We should allow user to point JAVA_HOME to a JRE installation, as what we do in Linux script. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: [DISCUSSION] to create a set of maven archetypes for applications running on geronimo ?
On Tue, Mar 31, 2009 at 7:13 AM, David Jencks david_jen...@yahoo.comwrote: I had a lot more thoughts on this subject while working up my apachecon eu talk on geronimo server assemblies. Right now we have a _lot_ of deployer code that carefully examines exactly what your app needs and depending on what it finds adds dependencies to the classloader. For instance if it figures out you have a web app and it's the jetty deployer it adds the jetty car as a parent. (Some of the smaller deployer bits I think currently always add their dependencies since there was a problem with changing the classpath but I hope this can be fixed with the recent configuration/classloader work). I think the plugin archetype should do this too. You tell it what app you are trying to deploy and some kind of profile like jetty/tomcat and cxf/axis2 and it (should) use the same logic as the deployer to figure out what is needed. For the archetype, it should be adding the dependencies and deployer dependencies to the pom and listing the deployer dependencies the car-maven-plugin needs to start. Great idea ! This will increase the usability of geronimo plugin development remarkably from the user's perspective since this allow the user to get the specific plugin only by selecting some simple and understandable options. re stringtemplate vs. velocity I don't know enough about how the archetype framework to judge whether anything except velocity is plausible. As I know, currently Maven Archetype only supports velocity as the template. Are you actively working on this project? If not I might see if there's some fairly easy way to access the decision making the current deployers use. I have not started doing this for some reasons. It would be great if you can help find the way to access the deployers decision making API. thanks! david jencks On Mar 17, 2009, at 1:26 AM, Shawn Jiang wrote: It looks to me as if there are no plans in the javaee apps parts of the samples apps, so the plans are all in the plugin modules. I really don't think we want to duplicate the functionality of the existing archetypes that do a fine job of creating projects for java ee apps. If you really do want to help people make projects like the sample apps, the way to do that is to improve the plugin archetype. Thanks for your comments. actually, what I said was to make the pom.xml and plan.xml template but not the JEE app itself. For example: servlet-examples/ pom.xml servlet-examples-jetty/ pom.xml src/ main/ plan/ plan.xml servlet-examples-tomcat/ servlet-examples-war/ From this pespective, what I was talking about is to create plugins archetype instead of JEE app archetype. I like your ideas about what can be generated in the geronimo plan. I think we can also generate a lot more of the pom than we do now. I agree. I would be very tempted to try stringtemplate instead of velocity. I think its clear MVC separation and roots in code generation technology (it's the output stage for antlr) may prove useful for the manipulation we need to do. But how could we reuse the existing powerful maven archetype if using stringtemplate ? I feel that StringTemplate is more useful in a MVC framework but not in a project generating tool. Do you agree ? While enabling people to reproduce our sample apps is probably better than what we do now, I'd prefer to help them with apps that actually do a realistic amount of work. I think improving the plugin archetype would be a really big help. I suggest to start with the current sample plugins. The final goal is to reduce most of the effort to release all samples for each geronimo version by providing stable archetype. thanks david jencks On Tue, Mar 17, 2009 at 3:35 PM, David Jencks david_jen...@yahoo.comwrote: On Mar 16, 2009, at 11:50 PM, Shawn Jiang wrote: From my point of view, every current geronimo sample could be converted to a archetype. So that the user just needs install maven and he could just type a command like this: mvn archetype:generate -DarcheTypeCatalog= http://geronimo.apache.org/archetypes/samples he will get a sample menu like this: Choose archetype: 1: internal - hello (geronimo sample web application project) 2: internal - calculator-stateless-pojo (geronimo sample ejb project) 3: internal - mdb (geronimo Message-Driven Bean sample project) 4: internal - GBean(simple geronimo GBean project) 5: internal - 6: internal - 7: internal - Choose a number: (1/2/3/4/5/6/7) 1: : 1 select 1 to create a hello sample project will bring him to a wizard like this: Define value for geronimo_version: : 2.1.4 Define value for context_root: : hellocontext Define value for groupId: : my.first.geronimo.web Define value for artifactId: : helloApp Define value for version: 1.0-SNAPSHOT: : Define value for package: my.first.geronimo.web: : Confirm properties
[jira] Resolved: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
[ https://issues.apache.org/jira/browse/GERONIMO-4607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jarek Gawor resolved GERONIMO-4607. --- Resolution: Fixed Fix Version/s: 2.2 2.1.5 Assignee: Jarek Gawor This was already fixed in trunk (revision 758915) and branches/2.1 (revision 758914). Useless META-INF dir in the JEE server assembly --- Key: GERONIMO-4607 URL: https://issues.apache.org/jira/browse/GERONIMO-4607 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: buildsystem Affects Versions: 2.1.4, 2.2 Reporter: Jack Cai Assignee: Jarek Gawor Priority: Minor Fix For: 2.1.5, 2.2 Attachments: Geronimo-4607.patch In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4243) EAR Deploy Error
[
https://issues.apache.org/jira/browse/GERONIMO-4243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12694143#action_12694143
]
Gus commented on GERONIMO-4243:
---
I've just attempted to deploy the same ear on 2.2-SNAPSHOT (wow, it takes a
long time to build), and get the same error.
EAR Deploy Error
Key: GERONIMO-4243
URL: https://issues.apache.org/jira/browse/GERONIMO-4243
Project: Geronimo
Issue Type: Sub-task
Security Level: public(Regular issues)
Components: console, deployment, Jetty, Tomcat, webservices
Affects Versions: 2.1.2, 2.1.3, 2.2
Environment: Java
java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
java.awt.printerjob sun.print.PSPrinterJob
java.class.path
/usr/local/geronimo/bin/server.jar
/usr/local/geronimo/bin/jpa.jar
java.class.version49.0
java.endorsed.dirs
/usr/local/geronimo/lib/endorsed
/usr/local/java/jre/lib/endorsed
java.ext.dirs
/usr/local/geronimo/lib/ext
/usr/local/java/jre/lib/ext
java.home /home/oxseed/jdk1.5.0_15/jre
java.io.tmpdir/home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/temp
java.library.path
/home/oxseed/jdk1.5.0_15/jre/lib/i386/server
/home/oxseed/jdk1.5.0_15/jre/lib/i386
/home/oxseed/jdk1.5.0_15/jre/../lib/i386
java.runtime.name Java(TM) 2 Runtime Environment, Standard Edition
java.runtime.version 1.5.0_15-b04
java.specification.name Java Platform API Specification
java.specification.vendor Sun Microsystems Inc.
java.specification.version1.5
java.util.prefs.PreferencesFactory
java.vendor- Sun Microsystems Inc.
java.vendor.url http://java.sun.com/
java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi
java.version- 1.5.0_15
Virtual Machine
java.vm.info mixed mode
java.vm.name Java HotSpot(TM) Server VM
java.vm.specification.nameJava Virtual Machine Specification
java.vm.specification.vendor Sun Microsystems Inc.
java.vm.specification.version 1.0
java.vm.vendorSun Microsystems Inc.
java.vm.version 1.5.0_15-b04
Operating System
os.arch i386
os.name Linux
os.version2.6.16.33-xen
Sun
sun.arch.data.model 32
sun.boot.class.path
/usr/local/geronimo/lib/endorsed/yoko-spec-corba-1.0.jar
/usr/local/geronimo/lib/endorsed/yoko-rmi-spec-1.0.jar
/home/oxseed/jdk1.5.0_15/jre/lib/rt.jar
/home/oxseed/jdk1.5.0_15/jre/lib/i18n.jar
/home/oxseed/jdk1.5.0_15/jre/lib/sunrsasign.jar
/home/oxseed/jdk1.5.0_15/jre/lib/jsse.jar
/home/oxseed/jdk1.5.0_15/jre/lib/jce.jar
/home/oxseed/jdk1.5.0_15/jre/lib/charsets.jar
/home/oxseed/jdk1.5.0_15/jre/classes
sun.boot.library.path
/home/oxseed/jdk1.5.0_15/jre/lib/i386
sun.cpu.endianlittle
sun.cpu.isalist
sun.io.unicode.encoding UnicodeLittle
sun.java2d.fontpath
sun.os.patch.levelunknown
User
user.country US
user.dir /home/oxseed
user.home /home/oxseed
user.language en
user.name oxseed
user.timezone Europe/Berlin
user.variant
Etc
admin.disabledtrue
catalina.base /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
catalina.home /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
catalina.useNamingfalse
com.sun.management.jmxremote
com.sun.management.jmxremote.authenticate false
com.sun.management.jmxremote.port 8004
com.sun.management.jmxremote.ssl false
common.loader ${catalina.home}/lib ${catalina.home}/lib/*.jar
derby.storage.fileSyncTransactionLog true
derby.system.home /home/oxseed
duct tape
file.encoding ANSI_X3.4-1968
file.encoding.pkg sun.io
file.separator/
java.naming.factory.initial
org.apache.xbean.naming.global.GlobalContextManager
java.naming.factory.url.pkgs org.apache.xbean.naming
java.naming.provider.url rmi://0.0.0.0:1099
java.net.preferIPv4Stack true
java.rmi.server.RMIClassLoaderSpi
org.apache.geronimo.kernel.rmi.RMIClassLoaderSpiImpl
java.rmi.server.randomIDs true
java.security.ProviderSUN
javax.rmi.CORBA.PortableRemoteObjectClass
org.apache.yoko.rmi.impl.PortableRemoteObjectImpl
javax.rmi.CORBA.StubClass org.apache.yoko.rmi.impl.StubImpl
javax.rmi.CORBA.UtilClass org.apache.geronimo.corba.util.UtilDelegateImpl
javax.security.jacc.PolicyConfigurationFactory.provider
org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory
javax.security.jacc.policy.provider
org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy
javax.xml.soap.MessageFactory
org.apache.geronimo.webservices.saaj.GeronimoMessageFactory
javax.xml.soap.MetaFactory
org.apache.geronimo.webservices.saaj.GeronimoMetaFactory
javax.xml.soap.SOAPConnectionFactory
[jira] Closed: (GERONIMO-4607) Useless META-INF dir in the JEE server assembly
[ https://issues.apache.org/jira/browse/GERONIMO-4607?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jack Cai closed GERONIMO-4607. -- Oops, didn't notice that. Closing this issue then. Useless META-INF dir in the JEE server assembly --- Key: GERONIMO-4607 URL: https://issues.apache.org/jira/browse/GERONIMO-4607 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: buildsystem Affects Versions: 2.1.4, 2.2 Reporter: Jack Cai Assignee: Jarek Gawor Priority: Minor Fix For: 2.1.5, 2.2 Attachments: Geronimo-4607.patch In the JEE server assembly, there is a useless META-INF dir in the root. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4597) Validate Web Admin Console input - address admin console security vulnerabilities
[ https://issues.apache.org/jira/browse/GERONIMO-4597?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Bohn updated GERONIMO-4597: --- Description: This JIRA addresses the following security vulnerabilities in the web admin console: CVE-2008-5518: Apache Geronimo web administration console directory traversal vulnerabilities. A vulnerability was found in several portlets including Services/Repository, Embedded DB/DB Manager, and Security/Keystores when running the Apache Geronimo server on Windows. This issue may allow a remote attacker to upload any file in any directory. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server. Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes. CVE-2009-0038: Apache Geronimo web administration console XSS vulnerabilities Various linked and stored cross-site scripting (XSS) vulnerabilities were found in the Apache Geronimo administrative console and related utilities. Using this vulnerability an attacker can steal an administrator's cookie and then authenticate as administrator or perform certain administrative actions. For example, a user can inject XSS in some URLs or in several input fields in various portlets. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server. Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) and Marc Schoenefeld (Red Hat Security Response Team) for responsibly reporting this issue and assisting us with validating our fixes. CVE-2009-0039: Apache Geronimo web administration console XSRF vulnerabilities Various cross-site request forgery (XSRF or CSRF) vulnerabilities were identified in the Apache Geronimo web administration console. Exploiting these issues may allow a remote attacker to perform certain administrative actions, e.g. change web administration password, upload applications, etc... using predictable URL requests once the user has authenticated and obtained a valid session with the server. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server. Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue and assisting us with validating our fixes. It corrects the issues with the addition of directory checks and a servlet filter to check for XSS and XSRF vulnerabilities Summary: Validate Web Admin Console input - address admin console security vulnerabilities (was: Validate Web Admin Console input) Validate Web Admin Console input - address admin console security vulnerabilities - Key: GERONIMO-4597 URL: https://issues.apache.org/jira/browse/GERONIMO-4597 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1, 2.1.1, 2.1.2, 2.1.3 Reporter: Joe Bohn Assignee: Joe Bohn Fix For: 2.1.4, 2.1.5, 2.2 This JIRA addresses the following security vulnerabilities in the web admin console: CVE-2008-5518: Apache Geronimo web administration console directory traversal vulnerabilities. A vulnerability was found in several portlets including Services/Repository, Embedded DB/DB Manager, and Security/Keystores when running the Apache Geronimo server on Windows. This issue may allow a remote attacker to upload any file in any directory. This affects all full JavaEE Geronimo assemblies or other distributions which include the administration web console up to and including Apache Geronimo 2.1.3. An alternative workaround (if you choose to not upgrade to Apache Geronimo 2.1.4) would be to stop or undeploy the administration web console application in the server. Credit: The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) for responsibly reporting this issue
[ANNOUNCE] Availability of Geronimo 2.1.4
The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.1.4 server. This is primarily a maintenance release. Among the updates and fixes included in the release are several security fixes for vulnerabilities in the administration console. Details of the security vulnerabilities fixed in this release can be found in the Security Report: http://geronimo.apache.org/21x-security-report.html Other fixes and enhancements are listed in the Release Notes: http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT Visit the Downloads page for details on downloading Apache Geronimo v2.1.4 server assemblies: http://geronimo.apache.org/downloads.html A big THANK YOU to all that contributed to this release! Great work everyone! Joe
[SECURITY] Web Administration Console vulnerabilities
The Apache Geronimo project has learned of several security vulnerabilities in the Geronimo Administration Console. If you use a full javaee5 configuration of the Geronimo server or have installed the console into another Geronimo server configuration you may be affected by these vulnerabilities. The vulnerabilities affect all full JavaEE Geronimo assemblies or other distributions that include the administration web console up to and including Apache Geronimo 2.1.3. The vulnerabilities are in the areas of directory traversal from the administration console as well as XSS and XSRF exposures. All vulnerabilities have been addressed in the newly released Geronimo 2.1.4 server currently available for download at: http://geronimo.apache.org/downloads.html For specific information regarding the vulnerabilities please see the security report: http://geronimo.apache.org/21x-security-report.html The Apache Geronimo project would like to thank Digital Security Research Group (dsecrg.com) and Marc Schoenefeld (Red Hat Security Response Team) for responsibly reporting these issues and assisting us with validating our fixes.
Re: [ANNOUNCE] Availability of Geronimo 2.1.4
On Mar 31, 2009, at 12:21 PM, Joe Bohn wrote: The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.1.4 server. This is primarily a maintenance release. Among the updates and fixes included in the release are several security fixes for vulnerabilities in the administration console. Details of the security vulnerabilities fixed in this release can be found in the Security Report: http://geronimo.apache.org/21x-security-report.html Other fixes and enhancements are listed in the Release Notes: http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT Visit the Downloads page for details on downloading Apache Geronimo v2.1.4 server assemblies: http://geronimo.apache.org/downloads.html A big THANK YOU to all that contributed to this release! Great work everyone! Terrific! Joe and Donald deserve a special round-of-applause here -- they carried a lot of the burden in resolving these security vulnerabilities. Also thanks to Jarek and Joe for seeing this release out. As Joe noted in the SECURITY announcement, Digital Security Research Group (dsecrg.com) was extremely helpful in identifying, discussing, and testing these security issues. Thanks! --kevan
Re: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
Rahul,
A few comments. I would drop the 1) bullet since in the grand scheme
of things this is a little detail and instead I would focus more on
the 2) bullet.
I like the WS-SecurityPolicy idea but it might be a little too much to
do at once. So I would stage things in the following way:
1) First work on the basic WS-Security support. Add support for
Username Token Profile and X509 Certificate Token Profile.
2) Once 1) is working, add support for WS-SecurityPolicy
3) Once 2) is working, add support for WSSecurityFeature as described.
That will probably require adding similar extensions to CXF and Axis2
first.
Besides configuring WS-Security properties for web services we also
want to configure the same sort of properties for Web Service
references (@WebServiceRef). So that clients can also make WS-Security
secured calls.
Also, to make life easier, can you put this proposal onto some
personal Apache wiki page (http://wiki.apache.org/general) and I think
that way we could edit this together.
Thanks,
Jarek
On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa rahul@googlemail.com wrote:
Hello Devs,
I have written a very initial draft for gsoc WS-Security support for
JAX-WS Web Services project [1]. Please suggest any modifications.
Thanks to Jarek for his thoughts and immediate help.
// Quote
Title: WS-Security support for JAX-WS Web Services
Abstract:
To integrate and enable the WS-Security features of Apache Axis2 and
Apache CXF in Apache Geronimo on web services.
Description:
Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
of these libraries have some WS-Security features. But these features
are not integrated/enabled in Geronimo. So the goal is to enable these
features from within Geronimo. That involves basically two things:
1) that the modules (i.e. WSS4J) that provide the WS-Security features
for Axis2 and CXF are installed with Geronimo, and
2) that the WS-Security features such as [XML Security ('XML
Signature' - allows one to send along with the message a digital
signature of it, which assures that no one modified the message
content between the sender and receiver, 'XML Encryption' -allows one
to encrypt the message body or only its part using the given
cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
scenario adds username and password values to the message header,
'Timestamps' - Timestamps specify how long the security data remains
valid, 'SAML Tokens')] can be enabled and configured on web services
via Geronimo deployment descriptors and/or annotations. For example,
given some web service that is annotated with @WebService; so to
ensure that the service only accepts WS-Security -secured messages, it
should be something like “to add @WS-Security annotation”.
Further in detail, we can consider WS-Security policies which can be
applied to the SOAP messages that pass between web services and web
service controls. A WS-Security is controlled in WS-Security policy
files. The WS-Security policy file (WSSE file) defines the security
policy applied to the SOAP messages that pass between web services and
their clients.[1]
So we can use something like following annotation
@WS-Security file=MyWebServicePolicy.wsse
Example:
@WebService
@WS-Security file=MyWebServicePolicy.wsse
public class xyz
The @WS-Security annotation determines the WS-Security policy file
(WSSE) to be applied to (1) incoming SOAP invocations of the web
service's methods and (2) the outgoing SOAP messages containing the
value returned by the web service's methods.[1]. The attribute file in
the above mentioned annotation specifies the path to the WS-Security
policy file (WSSE file - MyWebServicePolicy.wsse) used by the web
service.
In addition, I think we can also define some security feature
something like SecurityFeature similar to other WebService Feature(s)
such as AddressingFeature, MTOMFeature
and RespectBindingFeature
. This new feature can also have the “enabled property” like other
features that is used to store whether a particular feature should be
enabled or disabled. This type should provide either a constructor
argument
and/or a method that will allow the web service developer to set the
enabled property. The meaning of enabled or disabled is determined by
each individual WebServiceFeature. It is important that web services
developers be able to enable/disable specific features when writing
their web applications. [2]
[1] http://e-docs.bea.com/workshop/docs81/doc/en/core/index.html
[2] http://jcp.org/aboutJava/communityprocess/mrel/jsr224/index2.html
//Unquote
Any suggestion will be appreciable.
* Please put my email id in cc if you reply to mailing list only as I
am not on the mailing list at this time. I have sent requests many
times but could not get the confirmation reply for joining the mailing
list so far.
Many Thanks.
Best Regards,
Rahul
[1]
Re: [ANNOUNCE] Availability of Geronimo 2.1.4
Joe Bohn wrote: The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.1.4 server. This is primarily a maintenance release. Among the updates and fixes included in the release are several security fixes for vulnerabilities in the administration console. Details of the security vulnerabilities fixed in this release can be found in the Security Report: http://geronimo.apache.org/21x-security-report.html Other fixes and enhancements are listed in the Release Notes: http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT Visit the Downloads page for details on downloading Apache Geronimo v2.1.4 server assemblies: http://geronimo.apache.org/downloads.html A big THANK YOU to all that contributed to this release! Great work everyone! Joe Congratulations!
Re: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
Jarek,
With CXF 2.2, adding support for WS-SecurityPolicy for WSDL first cases would
most likely be MUCH easier than doing basic WS-Security support. Add support
for Username Token Profile and X509 Certificate Token Profile.Basically,
if the WSDL contains the policies, set a few properties and it just works.
(things like the password callback and keystore information). See:
http://cwiki.apache.org/CXF20DOC/ws-securitypolicy.html
and also the ws-security samples in the 2.2 distribution.
I believe the same may be true for Axis2/Rampart.
#3 will definitely require some work in both CXF and Axis2, but that's not
necessarily a bad thing.
Dan
On Tue March 31 2009 4:08:53 pm Jarek Gawor wrote:
Rahul,
A few comments. I would drop the 1) bullet since in the grand scheme
of things this is a little detail and instead I would focus more on
the 2) bullet.
I like the WS-SecurityPolicy idea but it might be a little too much to
do at once. So I would stage things in the following way:
1) First work on the basic WS-Security support. Add support for
Username Token Profile and X509 Certificate Token Profile.
2) Once 1) is working, add support for WS-SecurityPolicy
3) Once 2) is working, add support for WSSecurityFeature as described.
That will probably require adding similar extensions to CXF and Axis2
first.
Besides configuring WS-Security properties for web services we also
want to configure the same sort of properties for Web Service
references (@WebServiceRef). So that clients can also make WS-Security
secured calls.
Also, to make life easier, can you put this proposal onto some
personal Apache wiki page (http://wiki.apache.org/general) and I think
that way we could edit this together.
Thanks,
Jarek
On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa rahul@googlemail.com wrote:
Hello Devs,
I have written a very initial draft for gsoc WS-Security support for
JAX-WS Web Services project [1]. Please suggest any modifications.
Thanks to Jarek for his thoughts and immediate help.
// Quote
Title: WS-Security support for JAX-WS Web Services
Abstract:
To integrate and enable the WS-Security features of Apache Axis2 and
Apache CXF in Apache Geronimo on web services.
Description:
Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
of these libraries have some WS-Security features. But these features
are not integrated/enabled in Geronimo. So the goal is to enable these
features from within Geronimo. That involves basically two things:
1) that the modules (i.e. WSS4J) that provide the WS-Security features
for Axis2 and CXF are installed with Geronimo, and
2) that the WS-Security features such as [XML Security ('XML
Signature' - allows one to send along with the message a digital
signature of it, which assures that no one modified the message
content between the sender and receiver, 'XML Encryption' -allows one
to encrypt the message body or only its part using the given
cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
scenario adds username and password values to the message header,
'Timestamps' - Timestamps specify how long the security data remains
valid, 'SAML Tokens')] can be enabled and configured on web services
via Geronimo deployment descriptors and/or annotations. For example,
given some web service that is annotated with @WebService; so to
ensure that the service only accepts WS-Security -secured messages, it
should be something like “to add @WS-Security annotation”.
Further in detail, we can consider WS-Security policies which can be
applied to the SOAP messages that pass between web services and web
service controls. A WS-Security is controlled in WS-Security policy
files. The WS-Security policy file (WSSE file) defines the security
policy applied to the SOAP messages that pass between web services and
their clients.[1]
So we can use something like following annotation
@WS-Security file=MyWebServicePolicy.wsse
Example:
@WebService
@WS-Security file=MyWebServicePolicy.wsse
public class xyz
The @WS-Security annotation determines the WS-Security policy file
(WSSE) to be applied to (1) incoming SOAP invocations of the web
service's methods and (2) the outgoing SOAP messages containing the
value returned by the web service's methods.[1]. The attribute file in
the above mentioned annotation specifies the path to the WS-Security
policy file (WSSE file - MyWebServicePolicy.wsse) used by the web
service.
In addition, I think we can also define some security feature
something like SecurityFeature similar to other WebService Feature(s)
such as AddressingFeature, MTOMFeature
and RespectBindingFeature
. This new feature can also have the “enabled property” like other
features that is used to store whether a particular feature should be
enabled or disabled. This type should provide either a constructor
Re: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
Thanks Dan. I was actually looking at this CXF (and Rampart)
documentation and debating which would be easier or simpler to start
with. And I figured that starting with WS-SecurityPolicy will require
getting more parts right and more things to understand so that's why I
proposed to start small(er) and work from there. Having
WS-SecurityPolicy support in Geronimo would be great but I'm not
concerned about that from this project point of view. I'll be happy as
long as we get Username Token Profile and X509 Certificate Token
Profile support in Geronimo using or not using WS-SecurityPolicy.
Thanks,
Jarek
On Tue, Mar 31, 2009 at 4:24 PM, Daniel Kulp dk...@apache.org wrote:
Jarek,
With CXF 2.2, adding support for WS-SecurityPolicy for WSDL first cases would
most likely be MUCH easier than doing basic WS-Security support. Add support
for Username Token Profile and X509 Certificate Token Profile. Basically,
if the WSDL contains the policies, set a few properties and it just works.
(things like the password callback and keystore information). See:
http://cwiki.apache.org/CXF20DOC/ws-securitypolicy.html
and also the ws-security samples in the 2.2 distribution.
I believe the same may be true for Axis2/Rampart.
#3 will definitely require some work in both CXF and Axis2, but that's not
necessarily a bad thing.
Dan
On Tue March 31 2009 4:08:53 pm Jarek Gawor wrote:
Rahul,
A few comments. I would drop the 1) bullet since in the grand scheme
of things this is a little detail and instead I would focus more on
the 2) bullet.
I like the WS-SecurityPolicy idea but it might be a little too much to
do at once. So I would stage things in the following way:
1) First work on the basic WS-Security support. Add support for
Username Token Profile and X509 Certificate Token Profile.
2) Once 1) is working, add support for WS-SecurityPolicy
3) Once 2) is working, add support for WSSecurityFeature as described.
That will probably require adding similar extensions to CXF and Axis2
first.
Besides configuring WS-Security properties for web services we also
want to configure the same sort of properties for Web Service
references (@WebServiceRef). So that clients can also make WS-Security
secured calls.
Also, to make life easier, can you put this proposal onto some
personal Apache wiki page (http://wiki.apache.org/general) and I think
that way we could edit this together.
Thanks,
Jarek
On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa rahul@googlemail.com wrote:
Hello Devs,
I have written a very initial draft for gsoc WS-Security support for
JAX-WS Web Services project [1]. Please suggest any modifications.
Thanks to Jarek for his thoughts and immediate help.
// Quote
Title: WS-Security support for JAX-WS Web Services
Abstract:
To integrate and enable the WS-Security features of Apache Axis2 and
Apache CXF in Apache Geronimo on web services.
Description:
Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
of these libraries have some WS-Security features. But these features
are not integrated/enabled in Geronimo. So the goal is to enable these
features from within Geronimo. That involves basically two things:
1) that the modules (i.e. WSS4J) that provide the WS-Security features
for Axis2 and CXF are installed with Geronimo, and
2) that the WS-Security features such as [XML Security ('XML
Signature' - allows one to send along with the message a digital
signature of it, which assures that no one modified the message
content between the sender and receiver, 'XML Encryption' -allows one
to encrypt the message body or only its part using the given
cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
scenario adds username and password values to the message header,
'Timestamps' - Timestamps specify how long the security data remains
valid, 'SAML Tokens')] can be enabled and configured on web services
via Geronimo deployment descriptors and/or annotations. For example,
given some web service that is annotated with @WebService; so to
ensure that the service only accepts WS-Security -secured messages, it
should be something like “to add @WS-Security annotation”.
Further in detail, we can consider WS-Security policies which can be
applied to the SOAP messages that pass between web services and web
service controls. A WS-Security is controlled in WS-Security policy
files. The WS-Security policy file (WSSE file) defines the security
policy applied to the SOAP messages that pass between web services and
their clients.[1]
So we can use something like following annotation
@WS-Security file=MyWebServicePolicy.wsse
Example:
@WebService
@WS-Security file=MyWebServicePolicy.wsse
public class xyz
The @WS-Security annotation determines the WS-Security policy file
(WSSE) to be applied to (1) incoming SOAP invocations of the web
service's methods and (2) the
Fwd: Initial Draft for gsoc [WS-Security support for JAX-WS Web Services] project
// Apologize, forgot to click on Reply All.
Best Regards,
Rahul
-- Forwarded message --
From: rahul.soa rahul@googlemail.com
Date: Tue, Mar 31, 2009 at 11:44 PM
Subject: Re: Initial Draft for gsoc [WS-Security support for JAX-WS
Web Services] project
To: Jarek Gawor jga...@gmail.com
Hello Jarek/Daniel/Devs,
Thanks for your comments.
I added the proposal quickly as I sent in my previous email on the
following link:
http://wiki.apache.org/general/rahulsoa
I will keep it updating with the discussion we are having.
Thanks.
Best Regards,
Rahul
On Tue, Mar 31, 2009 at 10:08 PM, Jarek Gawor jga...@gmail.com wrote:
Rahul,
A few comments. I would drop the 1) bullet since in the grand scheme
of things this is a little detail and instead I would focus more on
the 2) bullet.
I like the WS-SecurityPolicy idea but it might be a little too much to
do at once. So I would stage things in the following way:
1) First work on the basic WS-Security support. Add support for
Username Token Profile and X509 Certificate Token Profile.
2) Once 1) is working, add support for WS-SecurityPolicy
3) Once 2) is working, add support for WSSecurityFeature as described.
That will probably require adding similar extensions to CXF and Axis2
first.
Besides configuring WS-Security properties for web services we also
want to configure the same sort of properties for Web Service
references (@WebServiceRef). So that clients can also make WS-Security
secured calls.
Also, to make life easier, can you put this proposal onto some
personal Apache wiki page (http://wiki.apache.org/general) and I think
that way we could edit this together.
Thanks,
Jarek
On Mon, Mar 30, 2009 at 8:04 PM, rahul.soa rahul@googlemail.com wrote:
Hello Devs,
I have written a very initial draft for gsoc WS-Security support for
JAX-WS Web Services project [1]. Please suggest any modifications.
Thanks to Jarek for his thoughts and immediate help.
// Quote
Title: WS-Security support for JAX-WS Web Services
Abstract:
To integrate and enable the WS-Security features of Apache Axis2 and
Apache CXF in Apache Geronimo on web services.
Description:
Apache Geronimo supports two JAX-WS providers: Axis2 and CXF and both
of these libraries have some WS-Security features. But these features
are not integrated/enabled in Geronimo. So the goal is to enable these
features from within Geronimo. That involves basically two things:
1) that the modules (i.e. WSS4J) that provide the WS-Security features
for Axis2 and CXF are installed with Geronimo, and
2) that the WS-Security features such as [XML Security ('XML
Signature' - allows one to send along with the message a digital
signature of it, which assures that no one modified the message
content between the sender and receiver, 'XML Encryption' -allows one
to encrypt the message body or only its part using the given
cryptography algorithm) and Tokens ('Username Tokens' - WS-Security
scenario adds username and password values to the message header,
'Timestamps' - Timestamps specify how long the security data remains
valid, 'SAML Tokens')] can be enabled and configured on web services
via Geronimo deployment descriptors and/or annotations. For example,
given some web service that is annotated with @WebService; so to
ensure that the service only accepts WS-Security -secured messages, it
should be something like “to add @WS-Security annotation”.
Further in detail, we can consider WS-Security policies which can be
applied to the SOAP messages that pass between web services and web
service controls. A WS-Security is controlled in WS-Security policy
files. The WS-Security policy file (WSSE file) defines the security
policy applied to the SOAP messages that pass between web services and
their clients.[1]
So we can use something like following annotation
@WS-Security file=MyWebServicePolicy.wsse
Example:
@WebService
@WS-Security file=MyWebServicePolicy.wsse
public class xyz
The @WS-Security annotation determines the WS-Security policy file
(WSSE) to be applied to (1) incoming SOAP invocations of the web
service's methods and (2) the outgoing SOAP messages containing the
value returned by the web service's methods.[1]. The attribute file in
the above mentioned annotation specifies the path to the WS-Security
policy file (WSSE file - MyWebServicePolicy.wsse) used by the web
service.
In addition, I think we can also define some security feature
something like SecurityFeature similar to other WebService Feature(s)
such as AddressingFeature, MTOMFeature
and RespectBindingFeature
. This new feature can also have the “enabled property” like other
features that is used to store whether a particular feature should be
enabled or disabled. This type should provide either a constructor
argument
and/or a method that will allow the web service developer to set the
enabled property. The meaning of enabled or disabled is determined by
[BUILD] trunk: Failed for Revision: 760743
Geronimo Revision: 760743 built with tests included
See the full build-2100.log file at
http://people.apache.org/builds/geronimo/server/binaries/trunk/20090331/build-2100.log
Download the binaries from
http://people.apache.org/builds/geronimo/server/binaries/trunk/20090331
[INFO] BUILD SUCCESSFUL
[INFO]
[INFO] Total time: 35 minutes 37 seconds
[INFO] Finished at: Tue Mar 31 21:39:47 EDT 2009
[INFO] Final Memory: 678M/973M
[INFO]
TESTSUITE RESULTS (Failures only)
=
See detailed results at
http://people.apache.org/builds/geronimo/server/testsuite/ResultsSummary.html
Assembly: tomcat
=
See the full test.log file at
http://people.apache.org/builds/geronimo/server/binaries/trunk/20090331/logs-2100-tomcat/test.log
[INFO] snapshot
org.apache.geronimo.assemblies:geronimo-tomcat6-javaee5:2.2-SNAPSHOT: checking
for updates from codehaus-snapshots
[INFO] Using assembly artifact:
org.apache.geronimo.assemblies:geronimo-tomcat6-javaee5:zip:bin:2.2-SNAPSHOT:provided
[INFO] Using geronimoHome:
/home/geronimo/geronimo/trunk/testsuite/target/geronimo-tomcat6-javaee5-2.2-SNAPSHOT
[INFO] Installing assembly...
[INFO] Expanding:
/home/geronimo/.m2/repository/org/apache/geronimo/assemblies/geronimo-tomcat6-javaee5/2.2-SNAPSHOT/geronimo-tomcat6-javaee5-2.2-SNAPSHOT-bin.zip
into /home/geronimo/geronimo/trunk/testsuite/target
[INFO] Starting Geronimo server...
[INFO] Selected option set: default
[INFO] Redirecting output to:
/home/geronimo/geronimo/trunk/testsuite/target/geronimo-logs/org.apache.geronimo.mavenplugins.geronimo.server.StartServerMojo.log
[INFO] Waiting for Geronimo server...
[INFO] Geronimo server started in 0:00:41.842
[INFO] [shitty:install {execution: default}]
[INFO] Installing /home/geronimo/geronimo/trunk/testsuite/pom.xml to
/home/geronimo/.m2/repository/org/apache/geronimo/testsuite/testsuite/2.2-SNAPSHOT/testsuite-2.2-SNAPSHOT.pom
[INFO] [shitty:test {execution: default}]
[INFO] Starting 36 test builds
[INFO]
[INFO]
---
[INFO]
[INFO] commands-testsuite/deploy RUNNING
[INFO] commands-testsuite/deploy SUCCESS (0:00:59.058)
[INFO] commands-testsuite/gshell RUNNING
[INFO] commands-testsuite/gshell SUCCESS (0:00:28.026)
[INFO] commands-testsuite/jaxws RUNNING
[INFO] commands-testsuite/jaxws SUCCESS (0:00:33.593)
[INFO] commands-testsuite/shutdownRUNNING
[INFO] commands-testsuite/shutdownSUCCESS (0:00:15.652)
[INFO] concurrent-testsuite/concurrent-basic RUNNING
[INFO] concurrent-testsuite/concurrent-basic SUCCESS (0:06:22.860)
[INFO] console-testsuite/advanced RUNNING
[INFO] console-testsuite/advanced SUCCESS (0:01:28.419)
[INFO] console-testsuite/basicRUNNING
[INFO] console-testsuite/basicSUCCESS (0:01:54.133)
[INFO] corba-testsuite/corba-helloworld RUNNING
[INFO] corba-testsuite/corba-helloworld SUCCESS (0:00:48.609)
[INFO] corba-testsuite/corba-marshal RUNNING
[INFO] corba-testsuite/corba-marshal SUCCESS (0:00:48.655)
[INFO] corba-testsuite/corba-mytime RUNNING
[INFO] corba-testsuite/corba-mytime SUCCESS (0:00:41.193)
[INFO] deployment-testsuite/deployment-tests RUNNING
[INFO] deployment-testsuite/deployment-tests SUCCESS (0:00:30.028)
[INFO] deployment-testsuite/jca-cms-tests RUNNING
[INFO] deployment-testsuite/jca-cms-tests SUCCESS (0:00:31.259)
[INFO] deployment-testsuite/manifestcp-tests RUNNING
[INFO] deployment-testsuite/manifestcp-tests SUCCESS (0:00:33.401)
[INFO] enterprise-testsuite/ejb-tests RUNNING
[INFO] enterprise-testsuite/ejb-tests SUCCESS (0:00:50.200)
[INFO] enterprise-testsuite/jms-tests RUNNING
[INFO] enterprise-testsuite/jms-tests SUCCESS (0:00:57.348)
[INFO] enterprise-testsuite/jpa-tests RUNNING
[INFO] enterprise-testsuite/jpa-tests SUCCESS (0:00:51.562)
[INFO] enterprise-testsuite/sec-clientRUNNING
[INFO] enterprise-testsuite/sec-clientSUCCESS (0:00:28.419)
[INFO] enterprise-testsuite/sec-tests RUNNING
[INFO] enterprise-testsuite/sec-tests SUCCESS (0:00:48.777)
[INFO] security-testsuite/test-security RUNNING
[INFO] security-testsuite/test-security FAILURE (0:00:38.733) Java
returned: 1
[INFO] web-testsuite/test-2.1-jspsRUNNING
[INFO] web-testsuite/test-2.1-jspsSUCCESS (0:00:29.498)
[INFO] web-testsuite/test-2.5-servletsRUNNING
[INFO] web-testsuite/test-2.5
[jira] Commented: (GERONIMO-4243) EAR Deploy Error
[
https://issues.apache.org/jira/browse/GERONIMO-4243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12694360#action_12694360
]
Ivan commented on GERONIMO-4243:
IMO, it may not the problem of ASM. In the case of db2jcc.jar, although some
files in it are with .class suffix, they are not common compiled class files.
For you could see the first four bytes are not CA FE BA BE.
Hi, Gus, maybe there are some files in your shipped jars are with the same
reason. Have you tried the
export JAVA_OPTS=-Dorg.apache.geronimo.jaxws.builder.useSimpleFinder=true,
while this option is on, Geronimo will not scan all the classes in the
classpath.
EAR Deploy Error
Key: GERONIMO-4243
URL: https://issues.apache.org/jira/browse/GERONIMO-4243
Project: Geronimo
Issue Type: Sub-task
Security Level: public(Regular issues)
Components: console, deployment, Jetty, Tomcat, webservices
Affects Versions: 2.1.2, 2.1.3, 2.2
Environment: Java
java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
java.awt.printerjob sun.print.PSPrinterJob
java.class.path
/usr/local/geronimo/bin/server.jar
/usr/local/geronimo/bin/jpa.jar
java.class.version49.0
java.endorsed.dirs
/usr/local/geronimo/lib/endorsed
/usr/local/java/jre/lib/endorsed
java.ext.dirs
/usr/local/geronimo/lib/ext
/usr/local/java/jre/lib/ext
java.home /home/oxseed/jdk1.5.0_15/jre
java.io.tmpdir/home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/temp
java.library.path
/home/oxseed/jdk1.5.0_15/jre/lib/i386/server
/home/oxseed/jdk1.5.0_15/jre/lib/i386
/home/oxseed/jdk1.5.0_15/jre/../lib/i386
java.runtime.name Java(TM) 2 Runtime Environment, Standard Edition
java.runtime.version 1.5.0_15-b04
java.specification.name Java Platform API Specification
java.specification.vendor Sun Microsystems Inc.
java.specification.version1.5
java.util.prefs.PreferencesFactory
java.vendor- Sun Microsystems Inc.
java.vendor.url http://java.sun.com/
java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi
java.version- 1.5.0_15
Virtual Machine
java.vm.info mixed mode
java.vm.name Java HotSpot(TM) Server VM
java.vm.specification.nameJava Virtual Machine Specification
java.vm.specification.vendor Sun Microsystems Inc.
java.vm.specification.version 1.0
java.vm.vendorSun Microsystems Inc.
java.vm.version 1.5.0_15-b04
Operating System
os.arch i386
os.name Linux
os.version2.6.16.33-xen
Sun
sun.arch.data.model 32
sun.boot.class.path
/usr/local/geronimo/lib/endorsed/yoko-spec-corba-1.0.jar
/usr/local/geronimo/lib/endorsed/yoko-rmi-spec-1.0.jar
/home/oxseed/jdk1.5.0_15/jre/lib/rt.jar
/home/oxseed/jdk1.5.0_15/jre/lib/i18n.jar
/home/oxseed/jdk1.5.0_15/jre/lib/sunrsasign.jar
/home/oxseed/jdk1.5.0_15/jre/lib/jsse.jar
/home/oxseed/jdk1.5.0_15/jre/lib/jce.jar
/home/oxseed/jdk1.5.0_15/jre/lib/charsets.jar
/home/oxseed/jdk1.5.0_15/jre/classes
sun.boot.library.path
/home/oxseed/jdk1.5.0_15/jre/lib/i386
sun.cpu.endianlittle
sun.cpu.isalist
sun.io.unicode.encoding UnicodeLittle
sun.java2d.fontpath
sun.os.patch.levelunknown
User
user.country US
user.dir /home/oxseed
user.home /home/oxseed
user.language en
user.name oxseed
user.timezone Europe/Berlin
user.variant
Etc
admin.disabledtrue
catalina.base /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
catalina.home /home/oxseed/geronimo-tomcat6-javaee5-2.1.2/var/catalina
catalina.useNamingfalse
com.sun.management.jmxremote
com.sun.management.jmxremote.authenticate false
com.sun.management.jmxremote.port 8004
com.sun.management.jmxremote.ssl false
common.loader ${catalina.home}/lib ${catalina.home}/lib/*.jar
derby.storage.fileSyncTransactionLog true
derby.system.home /home/oxseed
duct tape
file.encoding ANSI_X3.4-1968
file.encoding.pkg sun.io
file.separator/
java.naming.factory.initial
org.apache.xbean.naming.global.GlobalContextManager
java.naming.factory.url.pkgs org.apache.xbean.naming
java.naming.provider.url rmi://0.0.0.0:1099
java.net.preferIPv4Stack true
java.rmi.server.RMIClassLoaderSpi
org.apache.geronimo.kernel.rmi.RMIClassLoaderSpiImpl
java.rmi.server.randomIDs true
java.security.ProviderSUN
javax.rmi.CORBA.PortableRemoteObjectClass
org.apache.yoko.rmi.impl.PortableRemoteObjectImpl
javax.rmi.CORBA.StubClass org.apache.yoko.rmi.impl.StubImpl
javax.rmi.CORBA.UtilClass org.apache.geronimo.corba.util.UtilDelegateImpl
javax.security.jacc.PolicyConfigurationFactory.provider
org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory
