[jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
[ https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh reassigned GERONIMO-3855: --- Assignee: Jay D. McHugh PortletSecurityException in Plugins portlet --- Key: GERONIMO-3855 URL: https://issues.apache.org/jira/browse/GERONIMO-3855 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Paul McMahan Assignee: Jay D. McHugh Cannot take any actions in the Plugins portlet. Recreate: Go to the Plugins portlet in the admin console Click any action-- Update Repository List or Add Repository or Export a Plugin or Assemble a Server Note the exception: javax.servlet.ServletException: javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:116) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) root cause javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.services.container.PortletURLProviderImpl.setSecure(PortletURLProviderImpl.java:67) org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:261) org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:112) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
Hi Jay, Do you have a fix in mind for this issue? I had started to look into it. Here's what I discovered so far: 1) Pluto has essentially dropped the 1.2 release. This was formerly their trunk. It has now been saved to a tag in favor of a new trunk that is the merger of the 286 portlet work and the 1.1.* base. I do not know if this code base has the necessary infrastructure (ie. spring based portal driver) that we require for the pluggable console. 2) The new Pluto trunk (2.0-SNAPSHOT) is substantially different primarily because of the inclusion of the JSR-286 work. A quick attempt to just replace the pluto version in our build resulted in some build failures in Geronimo. 3) The issue we are hitting with the PortletSecurityException was discussed on the pluto dev list here: http://www.nabble.com/Pluto-1.1.2-vs-1.1.4-td14194243.html So, one possible fix would be to make some of the changes recommended in on the pluto dev thread above in our private build. However, this now concerns me because it means that we are continuing to build on a base that it seems Pluto has recently abandoned. The other alternative would be to attempt to move to 2.0-SNAPSHOT or 1.1.5-SNAPSHOT assuming we can work out any challenges these releases bring, they have the necessary fix for the PortletSecurityException, and they contain the necessary portal driver structure for our pluggable console support. This is certainly not a quick fix but gets us on a more stable base. Joe Jay D. McHugh (JIRA) wrote: [ https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh reassigned GERONIMO-3855: --- Assignee: Jay D. McHugh PortletSecurityException in Plugins portlet --- Key: GERONIMO-3855 URL: https://issues.apache.org/jira/browse/GERONIMO-3855 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Paul McMahan Assignee: Jay D. McHugh Cannot take any actions in the Plugins portlet. Recreate: Go to the Plugins portlet in the admin console Click any action-- Update Repository List or Add Repository or Export a Plugin or Assemble a Server Note the exception: javax.servlet.ServletException: javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:116) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) root cause javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.services.container.PortletURLProviderImpl.setSecure(PortletURLProviderImpl.java:67) org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:261) org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:112) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
Hey Joe (and everyone else), I took a look at both the trunk and 1.1.* branches of Pluto and they have not (or at least -appear- to have not) gotten around to implementing the same 'secure portlet page' functionality that was in 1.0.x. But, I tried a suggestion that was on one of the Pluto mailing list of simply commenting out the throwing of the exception (the only thing that the setSecure() method does is throw an exception saying that setSecure is not implemented). In my testing, the https protocol is being carried along to the successive pages though - so until Pluto does implement (or we submit a patch for) secure portlet pages - It seems to me that we at least need a functioning console. Once Pluto trunk or a release begins supporting secure portlet pages - then we can get back onto an unmodified copy. I am in the middle of running through a full build with tests before committing a new pinned version of Pluto. Does anyone have any other thoughts before I do my commit? Jay Joe Bohn wrote: Hi Jay, Do you have a fix in mind for this issue? I had started to look into it. Here's what I discovered so far: 1) Pluto has essentially dropped the 1.2 release. This was formerly their trunk. It has now been saved to a tag in favor of a new trunk that is the merger of the 286 portlet work and the 1.1.* base. I do not know if this code base has the necessary infrastructure (ie. spring based portal driver) that we require for the pluggable console. 2) The new Pluto trunk (2.0-SNAPSHOT) is substantially different primarily because of the inclusion of the JSR-286 work. A quick attempt to just replace the pluto version in our build resulted in some build failures in Geronimo. 3) The issue we are hitting with the PortletSecurityException was discussed on the pluto dev list here: http://www.nabble.com/Pluto-1.1.2-vs-1.1.4-td14194243.html So, one possible fix would be to make some of the changes recommended in on the pluto dev thread above in our private build. However, this now concerns me because it means that we are continuing to build on a base that it seems Pluto has recently abandoned. The other alternative would be to attempt to move to 2.0-SNAPSHOT or 1.1.5-SNAPSHOT assuming we can work out any challenges these releases bring, they have the necessary fix for the PortletSecurityException, and they contain the necessary portal driver structure for our pluggable console support. This is certainly not a quick fix but gets us on a more stable base. Joe Jay D. McHugh (JIRA) wrote: [ https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh reassigned GERONIMO-3855: --- Assignee: Jay D. McHugh PortletSecurityException in Plugins portlet --- Key: GERONIMO-3855 URL: https://issues.apache.org/jira/browse/GERONIMO-3855 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Paul McMahan Assignee: Jay D. McHugh Cannot take any actions in the Plugins portlet. Recreate: Go to the Plugins portlet in the admin console Click any action-- Update Repository List or Add Repository or Export a Plugin or Assemble a Server Note the exception: javax.servlet.ServletException: javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:116) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) root cause javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.services.container.PortletURLProviderImpl.setSecure(PortletURLProviderImpl.java:67) org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:261) org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:112) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
On Feb 19, 2008, at 7:17 PM, Jay D. McHugh wrote: Hey Joe (and everyone else), I took a look at both the trunk and 1.1.* branches of Pluto and they have not (or at least -appear- to have not) gotten around to implementing the same 'secure portlet page' functionality that was in 1.0.x. But, I tried a suggestion that was on one of the Pluto mailing list of simply commenting out the throwing of the exception (the only thing that the setSecure() method does is throw an exception saying that setSecure is not implemented). In my testing, the https protocol is being carried along to the successive pages though - so until Pluto does implement (or we submit a patch for) secure portlet pages - It seems to me that we at least need a functioning console. Once Pluto trunk or a release begins supporting secure portlet pages - then we can get back onto an unmodified copy. I am in the middle of running through a full build with tests before committing a new pinned version of Pluto. Does anyone have any other thoughts before I do my commit? Sounds good to me Jay. Thanks for digging into this one... --kevan
Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
Updating our private copy as a stop-gap sounds like a good solution for now. +1 -Donald Jay D. McHugh wrote: Hey Joe (and everyone else), I took a look at both the trunk and 1.1.* branches of Pluto and they have not (or at least -appear- to have not) gotten around to implementing the same 'secure portlet page' functionality that was in 1.0.x. But, I tried a suggestion that was on one of the Pluto mailing list of simply commenting out the throwing of the exception (the only thing that the setSecure() method does is throw an exception saying that setSecure is not implemented). In my testing, the https protocol is being carried along to the successive pages though - so until Pluto does implement (or we submit a patch for) secure portlet pages - It seems to me that we at least need a functioning console. Once Pluto trunk or a release begins supporting secure portlet pages - then we can get back onto an unmodified copy. I am in the middle of running through a full build with tests before committing a new pinned version of Pluto. Does anyone have any other thoughts before I do my commit? Jay Joe Bohn wrote: Hi Jay, Do you have a fix in mind for this issue? I had started to look into it. Here's what I discovered so far: 1) Pluto has essentially dropped the 1.2 release. This was formerly their trunk. It has now been saved to a tag in favor of a new trunk that is the merger of the 286 portlet work and the 1.1.* base. I do not know if this code base has the necessary infrastructure (ie. spring based portal driver) that we require for the pluggable console. 2) The new Pluto trunk (2.0-SNAPSHOT) is substantially different primarily because of the inclusion of the JSR-286 work. A quick attempt to just replace the pluto version in our build resulted in some build failures in Geronimo. 3) The issue we are hitting with the PortletSecurityException was discussed on the pluto dev list here: http://www.nabble.com/Pluto-1.1.2-vs-1.1.4-td14194243.html So, one possible fix would be to make some of the changes recommended in on the pluto dev thread above in our private build. However, this now concerns me because it means that we are continuing to build on a base that it seems Pluto has recently abandoned. The other alternative would be to attempt to move to 2.0-SNAPSHOT or 1.1.5-SNAPSHOT assuming we can work out any challenges these releases bring, they have the necessary fix for the PortletSecurityException, and they contain the necessary portal driver structure for our pluggable console support. This is certainly not a quick fix but gets us on a more stable base. Joe Jay D. McHugh (JIRA) wrote: [ https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh reassigned GERONIMO-3855: --- Assignee: Jay D. McHugh PortletSecurityException in Plugins portlet --- Key: GERONIMO-3855 URL: https://issues.apache.org/jira/browse/GERONIMO-3855 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Paul McMahan Assignee: Jay D. McHugh Cannot take any actions in the Plugins portlet. Recreate: Go to the Plugins portlet in the admin console Click any action-- Update Repository List or Add Repository or Export a Plugin or Assemble a Server Note the exception: javax.servlet.ServletException: javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:116) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) root cause javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.services.container.PortletURLProviderImpl.setSecure(PortletURLProviderImpl.java:67) org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:261) org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:112) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) smime.p7s Description: S/MIME Cryptographic Signature
Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
Yes, I think this is a good short-term solution (as I mentioned below). However I think we still need a longer term solution since it appears that pluto is building on a new base. Are you planning to pull in additional fixes or are you building the same level of Pluto that I built earlier? ... I'm not sure if they even applied any additional maintenance to the old trunk before they created the tag ... have you checked? Joe Jay D. McHugh wrote: Hey Joe (and everyone else), I took a look at both the trunk and 1.1.* branches of Pluto and they have not (or at least -appear- to have not) gotten around to implementing the same 'secure portlet page' functionality that was in 1.0.x. But, I tried a suggestion that was on one of the Pluto mailing list of simply commenting out the throwing of the exception (the only thing that the setSecure() method does is throw an exception saying that setSecure is not implemented). In my testing, the https protocol is being carried along to the successive pages though - so until Pluto does implement (or we submit a patch for) secure portlet pages - It seems to me that we at least need a functioning console. Once Pluto trunk or a release begins supporting secure portlet pages - then we can get back onto an unmodified copy. I am in the middle of running through a full build with tests before committing a new pinned version of Pluto. Does anyone have any other thoughts before I do my commit? Jay Joe Bohn wrote: Hi Jay, Do you have a fix in mind for this issue? I had started to look into it. Here's what I discovered so far: 1) Pluto has essentially dropped the 1.2 release. This was formerly their trunk. It has now been saved to a tag in favor of a new trunk that is the merger of the 286 portlet work and the 1.1.* base. I do not know if this code base has the necessary infrastructure (ie. spring based portal driver) that we require for the pluggable console. 2) The new Pluto trunk (2.0-SNAPSHOT) is substantially different primarily because of the inclusion of the JSR-286 work. A quick attempt to just replace the pluto version in our build resulted in some build failures in Geronimo. 3) The issue we are hitting with the PortletSecurityException was discussed on the pluto dev list here: http://www.nabble.com/Pluto-1.1.2-vs-1.1.4-td14194243.html So, one possible fix would be to make some of the changes recommended in on the pluto dev thread above in our private build. However, this now concerns me because it means that we are continuing to build on a base that it seems Pluto has recently abandoned. The other alternative would be to attempt to move to 2.0-SNAPSHOT or 1.1.5-SNAPSHOT assuming we can work out any challenges these releases bring, they have the necessary fix for the PortletSecurityException, and they contain the necessary portal driver structure for our pluggable console support. This is certainly not a quick fix but gets us on a more stable base. Joe Jay D. McHugh (JIRA) wrote: [ https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh reassigned GERONIMO-3855: --- Assignee: Jay D. McHugh PortletSecurityException in Plugins portlet --- Key: GERONIMO-3855 URL: https://issues.apache.org/jira/browse/GERONIMO-3855 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Paul McMahan Assignee: Jay D. McHugh Cannot take any actions in the Plugins portlet. Recreate: Go to the Plugins portlet in the admin console Click any action-- Update Repository List or Add Repository or Export a Plugin or Assemble a Server Note the exception: javax.servlet.ServletException: javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:116) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) root cause javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.services.container.PortletURLProviderImpl.setSecure(PortletURLProviderImpl.java:67) org.apache.pluto.core.PortletContainerImpl.doAction(PortletContainerImpl.java:261) org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:112) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
Joe, I went one revision id newer than the one that you previously built (just so the artifact names would be different). I agree that we need to keep an eye on Pluto. I think (I may be wrong though) that we will want to keep track of what is going on with the 2.0 version (trunk) because that is where the 'pluggable' feature was added. Also, that is where the new jsr-286 spec is being fleshed out. There have not been any releases against Pluto trunk yet - and when I tried to build it over the weekend, the build hit an error (I don't remember what though). Jay Joe Bohn wrote: Yes, I think this is a good short-term solution (as I mentioned below). However I think we still need a longer term solution since it appears that pluto is building on a new base. Are you planning to pull in additional fixes or are you building the same level of Pluto that I built earlier? ... I'm not sure if they even applied any additional maintenance to the old trunk before they created the tag ... have you checked? Joe Jay D. McHugh wrote: Hey Joe (and everyone else), I took a look at both the trunk and 1.1.* branches of Pluto and they have not (or at least -appear- to have not) gotten around to implementing the same 'secure portlet page' functionality that was in 1.0.x. But, I tried a suggestion that was on one of the Pluto mailing list of simply commenting out the throwing of the exception (the only thing that the setSecure() method does is throw an exception saying that setSecure is not implemented). In my testing, the https protocol is being carried along to the successive pages though - so until Pluto does implement (or we submit a patch for) secure portlet pages - It seems to me that we at least need a functioning console. Once Pluto trunk or a release begins supporting secure portlet pages - then we can get back onto an unmodified copy. I am in the middle of running through a full build with tests before committing a new pinned version of Pluto. Does anyone have any other thoughts before I do my commit? Jay Joe Bohn wrote: Hi Jay, Do you have a fix in mind for this issue? I had started to look into it. Here's what I discovered so far: 1) Pluto has essentially dropped the 1.2 release. This was formerly their trunk. It has now been saved to a tag in favor of a new trunk that is the merger of the 286 portlet work and the 1.1.* base. I do not know if this code base has the necessary infrastructure (ie. spring based portal driver) that we require for the pluggable console. 2) The new Pluto trunk (2.0-SNAPSHOT) is substantially different primarily because of the inclusion of the JSR-286 work. A quick attempt to just replace the pluto version in our build resulted in some build failures in Geronimo. 3) The issue we are hitting with the PortletSecurityException was discussed on the pluto dev list here: http://www.nabble.com/Pluto-1.1.2-vs-1.1.4-td14194243.html So, one possible fix would be to make some of the changes recommended in on the pluto dev thread above in our private build. However, this now concerns me because it means that we are continuing to build on a base that it seems Pluto has recently abandoned. The other alternative would be to attempt to move to 2.0-SNAPSHOT or 1.1.5-SNAPSHOT assuming we can work out any challenges these releases bring, they have the necessary fix for the PortletSecurityException, and they contain the necessary portal driver structure for our pluggable console support. This is certainly not a quick fix but gets us on a more stable base. Joe Jay D. McHugh (JIRA) wrote: [ https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh reassigned GERONIMO-3855: --- Assignee: Jay D. McHugh PortletSecurityException in Plugins portlet --- Key: GERONIMO-3855 URL: https://issues.apache.org/jira/browse/GERONIMO-3855 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Paul McMahan Assignee: Jay D. McHugh Cannot take any actions in the Plugins portlet. Recreate: Go to the Plugins portlet in the admin console Click any action-- Update Repository List or Add Repository or Export a Plugin or Assemble a Server Note the exception: javax.servlet.ServletException: javax.portlet.PortletSecurityException: No Supported org.apache.pluto.driver.PortalDriverServlet.doGet(PortalDriverServlet.java:116) org.apache.pluto.driver.PortalDriverServlet.doPost(PortalDriverServlet.java:158) javax.servlet.http.HttpServlet.service(HttpServlet.java:713) javax.servlet.http.HttpServlet.service(HttpServlet.java:806) root cause javax.portlet.PortletSecurityException: No Supported
Re: [jira] Assigned: (GERONIMO-3855) PortletSecurityException in Plugins portlet
Thanks Jay. I hit the same build error when I attempted as well ... I think it was an unresolved dependency or something. Yes, we will have to keep an eye on 2.0. Also, it appears that moving to 2.0 will require some Geronimo changes as well. Thanks for working on this patch. Joe Jay D. McHugh wrote: Joe, I went one revision id newer than the one that you previously built (just so the artifact names would be different). I agree that we need to keep an eye on Pluto. I think (I may be wrong though) that we will want to keep track of what is going on with the 2.0 version (trunk) because that is where the 'pluggable' feature was added. Also, that is where the new jsr-286 spec is being fleshed out. There have not been any releases against Pluto trunk yet - and when I tried to build it over the weekend, the build hit an error (I don't remember what though). Jay Joe Bohn wrote: Yes, I think this is a good short-term solution (as I mentioned below). However I think we still need a longer term solution since it appears that pluto is building on a new base. Are you planning to pull in additional fixes or are you building the same level of Pluto that I built earlier? ... I'm not sure if they even applied any additional maintenance to the old trunk before they created the tag ... have you checked? Joe Jay D. McHugh wrote: Hey Joe (and everyone else), I took a look at both the trunk and 1.1.* branches of Pluto and they have not (or at least -appear- to have not) gotten around to implementing the same 'secure portlet page' functionality that was in 1.0.x. But, I tried a suggestion that was on one of the Pluto mailing list of simply commenting out the throwing of the exception (the only thing that the setSecure() method does is throw an exception saying that setSecure is not implemented). In my testing, the https protocol is being carried along to the successive pages though - so until Pluto does implement (or we submit a patch for) secure portlet pages - It seems to me that we at least need a functioning console. Once Pluto trunk or a release begins supporting secure portlet pages - then we can get back onto an unmodified copy. I am in the middle of running through a full build with tests before committing a new pinned version of Pluto. Does anyone have any other thoughts before I do my commit? Jay Joe Bohn wrote: Hi Jay, Do you have a fix in mind for this issue? I had started to look into it. Here's what I discovered so far: 1) Pluto has essentially dropped the 1.2 release. This was formerly their trunk. It has now been saved to a tag in favor of a new trunk that is the merger of the 286 portlet work and the 1.1.* base. I do not know if this code base has the necessary infrastructure (ie. spring based portal driver) that we require for the pluggable console. 2) The new Pluto trunk (2.0-SNAPSHOT) is substantially different primarily because of the inclusion of the JSR-286 work. A quick attempt to just replace the pluto version in our build resulted in some build failures in Geronimo. 3) The issue we are hitting with the PortletSecurityException was discussed on the pluto dev list here: http://www.nabble.com/Pluto-1.1.2-vs-1.1.4-td14194243.html So, one possible fix would be to make some of the changes recommended in on the pluto dev thread above in our private build. However, this now concerns me because it means that we are continuing to build on a base that it seems Pluto has recently abandoned. The other alternative would be to attempt to move to 2.0-SNAPSHOT or 1.1.5-SNAPSHOT assuming we can work out any challenges these releases bring, they have the necessary fix for the PortletSecurityException, and they contain the necessary portal driver structure for our pluggable console support. This is certainly not a quick fix but gets us on a more stable base. Joe Jay D. McHugh (JIRA) wrote: [ https://issues.apache.org/jira/browse/GERONIMO-3855?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh reassigned GERONIMO-3855: --- Assignee: Jay D. McHugh PortletSecurityException in Plugins portlet --- Key: GERONIMO-3855 URL: https://issues.apache.org/jira/browse/GERONIMO-3855 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Paul McMahan Assignee: Jay D. McHugh Cannot take any actions in the Plugins portlet. Recreate: Go to the Plugins portlet in the admin console Click any action-- Update Repository List or Add Repository or Export a Plugin or Assemble a Server Note the exception: javax.servlet.ServletException: javax.portlet.PortletSecurityException: No Supported