[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12738770#action_12738770 ] viola.lu commented on GERONIMO-4553: hi, David: As you said: global - visible to all applications no matter what their dependencies non-global - visible to applications that have the realm's plugin as an ancestor (parent or more distant ancestor).But after i created a global security reaml, but still have to add it to my web app as dependency, otherwise there is a deployment failure, pls check https://issues.apache.org/jira/browse/GERONIMO-4772 to get more details, thanks. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.2 Attachments: dbpool_properties.patch, GERONIMO-4553-b21-updated.patch, GERONIMO-4553-b21.patch, realm_properties.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12736886#action_12736886 ] David Jencks commented on GERONIMO-4553: I agree, standalone is a much better term. Thanks for thinking of it! Let me try to explain again... maybe you can fix the english text as well as do translations :-) global -- visible to all applications no matter what their dependencies. However, without a dependency there is no guarantee that the relam will be there if the application that uses it is. non-global -- visible to applications that have the realm's plugin as an ancestor (parent or more distant ancestor). The dependency this establishes ensures that the realm will be installed and started when that app is installed and started. And, IIRC, ejb security can only use global realms or ones that are ancestors of the openejb plugin itself since there is only the single login facility in the ejbd. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21-updated.patch, GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12735977#action_12735977 ] Rex Wang commented on GERONIMO-4553: Sorry, I had a typo in ahead comments... I should said Server-wide not Server-side...:-) Anyway, I used some time to understand the difference between server-wide/non-server-wide and global/non-global, IIUC, the server-wide means the realm is a standalone realm. And both global and no-global realm are must be a server-wide realm. If we want duplicate-named security realms, they can not be both global. Right? Thanks -Rex Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21-updated.patch, GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12736138#action_12736138 ] David Jencks commented on GERONIMO-4553: The idea server-wide is highly misleading since you can use a security realm anywhere whether it is deployed in a non-javaee plugin (called server-wide) or inside a javaee app (not server-wide). If the realm is global you can just use it and if it is non-global you need a dependency on whatever the realm is deployed in. I think the term server-wide only confuses everyone and hides geronimo's flexibility. That said if you want security realms with duplicate names, at most one of them can be global. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21-updated.patch, GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12735489#action_12735489 ] David Jencks commented on GERONIMO-4553: Rex, sorry for letting this drop for so long... server-side shouldn't be there any more, at one time there was a way to have a client side login where some login modules ran on the client and some on the server. This didn't work very well and had conceptual problems. global means that the security realm is registered with the single global Configuration instance. non-global means you have to call LoginContext.login(. realmConfiguration) with the Configuration for that particular security realm. non-global security realms are how this feature works. Is any more work needed on this jira? Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21-updated.patch, GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12713447#action_12713447 ] Rex Wang commented on GERONIMO-4553: hi David, what is the difference between Server-side and Global. When I create a realm from web console that can be either server-side and non-global, is there some scenario needs such realm? thanks -Rex Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21-updated.patch, GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125) at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12713040#action_12713040 ] David Jencks commented on GERONIMO-4553: Rev 778726. I implemented scoping security realms to parents for all the web containers, renaming the publish' attribute to 'global' and modified the console to enable editing the 'global' attribute. There are a couple of new strings that need chinese translations in the plugins console. Ejbs still use global security realms. I'm not convinced ejb web service security is hooked up for anything except axis1. If it is it might be broken. At this point the console should warn but not try to prevent creating security realms with duplicate names. I haven't checked to see what actually happens. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12713047#action_12713047 ] Rex Wang commented on GERONIMO-4553: Ooops.I didn't see your head commit let me check what happened. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21-updated.patch, GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125) at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538) at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12712465#action_12712465 ] David Jencks commented on GERONIMO-4553: I experimented a bit with scoping security realms to an apps parents. This is pretty straightforward for jetty7, slightly less so for jetty6, I'm not sure about tomcat, and AFAICT impractical for openejb at this time. The problem with openejb is that authentication happens independently of which app you are dealing with, for instance when trying to get the ejb remote initial context. I'll probably commit my jetty7/jetty6 work and keep thinking about openejb and tomcat. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12711957#action_12711957 ] David Jencks commented on GERONIMO-4553: As my original report stated pretty clearly, I think we need to allow creation of duplicate-named security realms. With the current global security realm names, we have to prevent starting the new one. Ideally I think we should follow the same system as normal gbean visibility and only let plugins see security realms defining in their ancestor plugins. This would let us start both realms and switch between them using an artifact alias. A while back I introduced a couple new ContextManager login methods that take a Configuration to support this, but haven't been able to complete the feature. If we can't implement this way of allowing duplicate security realms I would prefer to just not start any duplicates rather than preventing them from being created. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Rex Wang Fix For: 2.1.5, 2.2 Attachments: GERONIMO-4553-b21.patch If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12711206#action_12711206 ] Ashish Jain commented on GERONIMO-4553: --- This error can be avoided if the duplicate realm is not started. However there are some issues involved 1) We need to copy the realm and deploy it manually using Deploy New or may be the command line tool 2) An entry for the newly created realm is not reflected in config.xml if the realm is only deployed and not started. I guess this can be addressed in a JIRA if we feel it is an issues. I think the realm entry should come up in config.xml with load=false. User will have to perform few manual steps 1) He will have to edit the config.xml and add load=false for geronimo-admin gbean in server-security-config 2) Remove load=false for the duplicate realm. 3) edit artifact-aliases.properties. The utility is that user can always revert back the configuration in case there are any issues with the duplicate realm. All the above steps can be suggested to the user when he inputs the name of the realm and moves to the next section. Please suggest if this is how we may want to address this situation Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Fix For: 2.1.5, 2.2 If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12680403#action_12680403 ] Forrest Xia commented on GERONIMO-4553: --- Another finding: If created a duplicated security realm geronimo-admin, and then uninstall it, thus, the server won't be stopped gracefully. The error message shows Invalid login. That seems a major problem to server. Thoughts? Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Joe Bohn Fix For: 2.1.4, 2.2 If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125) at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:538) at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12680509#action_12680509 ] Joe Bohn commented on GERONIMO-4553: Yes, I came to the same conclusions Forrest. My patch was only intended to provide an error message when creating a duplicate stand-alone security realm. I was not trying to support the scenario of permitting the creation of duplicate realms or making the geronimo-admin realm a standalone realm. It was my understanding that this JIRA was primarily created because of the lack of any indication in the console when creating duplicate realms and was specifically written against the console. My change does address the scenario of standalone realms but unfortunately does not address the case of a duplicate realm between standalone and non-standalone configurations. For that we need more than just console changes (as you noted) since the portlet receives no indication of any failure in this scenario. I didn't get to dig any deeper into this yet so if you want to pull together a patch that would be great. However, I think we can release 2.1.4 without a fix for this issue if necessary. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Joe Bohn Fix For: 2.1.4, 2.2 If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12680535#action_12680535 ] David Jencks commented on GERONIMO-4553: I haven't looked at what joe's patch does yet. My goal at this point is mostly to nofity the user that there is a problem that needs further investigation when a duplicate security realm name is defined. Supplying them with hints about how to fix it would be even better. IMO however we can't automatically fix the problem they have caused. On the other hand we do need to let them create a duplicate realm because they may need to switch from one to another. After doing so, they will have to edit some configuration files by hand.We could try to automate switching but I don't think it is worth the effort because it is too likely that the user will be left with no way at all to log on as the old realm has stopped and the new one not started in case of any error. Forrest-- server-security-config is designed to contain everything you will want to change if you want to customize the admin security for geronimo. As such it should not have anything removed. We might want to create a way of creating a plugin with everything that is in server-security-config from the console. For trunk I actually have a different plan in mind. I think we should make the security realms scoped to the ancestor plugins of whatever needs the realm, just like we do with gbean searches for references. When I first worked on the code I didn't realize it was possible to pass the LoginConfiguration in to the LoginContext constructor; however we can use this to prevent interference between realms. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Joe Bohn Fix For: 2.1.4, 2.2 If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12680384#action_12680384 ] Forrest Xia commented on GERONIMO-4553: --- Some tries on this jira, here are my understandings and findings: 1. Actually geronimo default security realm(used by admin console and other modules) is named geronimo-admin, not geronimo-realm. It is created via system module org.apache.geronimo.framework/server-security-config//car. 2. Noticed David's proposed instruction to replace a default realm, I do not figure out a way to substitue it with a new generated duplicate-named geronimo-admin. Because the default geronimo security realm geronimo-admin is created via org.apache.geronimo.framework/server-security-config//car. The default geronimo-admin realm is not a standalone module and to be replacable via artifact alias method. 3. Joe's patch just fix the case when the security realm is a standalone module, it cannot stop creation of duplicate-named security realm when it's not a standalone module. 4. If this JIRA's goal is to make admin console shows some error message(whenever a security realm name is duplicated in standalone or not standalone) same as those in the server.log, I don't think current patch reaches that goal. However, if the goal is to allow user creating a self-defined security realm duplicate-named geronimo-admin, then use it to replace the default geronimo one to login admin console(or for other module use). I think we might need to make geronimo-admin realm separated from server-security-config module first, then use artifact alias method to substitute it. Any thoughts? thanks! Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Joe Bohn Fix For: 2.1.4, 2.2 If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12678451#action_12678451 ] Joe Bohn commented on GERONIMO-4553: It seems that the error is different when creating a duplicate geronimo-admin realm vs. another realm (such test). In either case, the realm creation fails but the stack trace is different. I just checked in a small change in branches/2.1 (rev. 749758) to notify the user if the save fails when attempting to create the realm for any reason. It's only moderately better than no error ... but better than what we have now in my opinion. Do you think this is sufficient David? I'll merge the same change into trunk just to keep things consistent. Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Joe Bohn Fix For: 2.1.4, 2.2 If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at
[jira] Commented: (GERONIMO-4553) Admin console does not show error when creating duplicate security realm
[ https://issues.apache.org/jira/browse/GERONIMO-4553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12678457#action_12678457 ] Joe Bohn commented on GERONIMO-4553: Hmmm ... things are a bit more strange than I thought. I can realm named geronimo-admin (no error is returned to the portlet at all). The name is different than our default realm (which is geronimo-realm) - but there is still the error that you mentioned originally. If I attempt to create a second geronimo-admin realm then I get a different error (that is echoed back to the portlet) and my code will display an error. So there is more going on here than I first thought. I think the change I made is still valid but I'm not sure it addresses this issue completely. Thoughts? Admin console does not show error when creating duplicate security realm Key: GERONIMO-4553 URL: https://issues.apache.org/jira/browse/GERONIMO-4553 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: console, security Affects Versions: 2.1.4, 2.2 Reporter: David Jencks Assignee: Joe Bohn Fix For: 2.1.4, 2.2 If you create a security realm with a duplicate name (such as geronimo-admin) using the admin console, everything appears to work in the ui however the command line console shows the error: 2009-02-24 09:47:11,123 ERROR [ProxyCollection] Listener threw exception java.lang.IllegalArgumentException: ConfigurationEntry named: geronimo-admin already registered at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.addConfiguration(GeronimoLoginConfiguration.java:112) at org.apache.geronimo.security.jaas.GeronimoLoginConfiguration.memberAdded(GeronimoLoginConfiguration.java:97) at org.apache.geronimo.gbean.runtime.ProxyCollection.addTarget(ProxyCollection.java:102) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.targetAdded(GBeanCollectionReference.java:96) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference.addTarget(GBeanCollectionReference.java:180) at org.apache.geronimo.gbean.runtime.GBeanCollectionReference$1.running(GBeanCollectionReference.java:110) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:524) at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) at