Re: basic security review
I think I have touched upon everything in the code base that seems to be a LoginModule implementation. Only thing that remains w.r.t LoginModules is the moving of NamedUPCredentialLoginModule to o.a.g.s.realm.providers. (I have not bothered about changing UPCredentialLoginModule as I have marked it deprecated. Let us wait for one release before deleting the deprecated LoginModule). I will call it a completion of one phase in security review. Thanks to David Jencks for refactoring the tests, it made adding new testcases much simpler. This should definitely help avoid any unwanted surprises like the one that resulted in G 2.0.1 and the one that crept in in the due course. One more thing that remains is updating the Wiki page to reflect all the LoginModules that have been reviewed (argh... I am feeling lazy :( ) There is definitely a lot more to be done. Let us keep the ball rolling. ++Vamsi On Oct 31, 2007 1:14 PM, Vamsavardhana Reddy [EMAIL PROTECTED] wrote: I think we should create JIRAs for each review activity that results in code changes and update the wiki with the JIRA number. This way we will be able to track the progress on each activity in one central place. Also, add important points from this discussion thread to the wiki too. ++Vamsi On 10/30/07, Prasad Kashyap [EMAIL PROTECTED] wrote: I agree. Our strategy to make Geronimo secure should include an elaborate set of unit testcases, a rich set of tests in the security-testsuite in our testsuite framework, along with peer review of code in components that are potential security risks. We should aim to have imbricate or maybe even duplicate tests than have gaps. Towards this end, I created a security-testsuite in our testsuite framework. It contains one test now. I shall add some more soon. Please contribute to this testsuite with more and more tests that you can think of. Thanx Prasad On 10/29/07, Jarek Gawor [EMAIL PROTECTED] wrote: A few security problems were discovered in Geronimo in the last few months and weeks. Most of them were Geronimo-specific except one. Therefore, I think we should spend a little bit of our time to review our code and check for potential security problems. As the first step, I think we should identify components that make security decisions (e.g. LoginModules) or enable access to server management and control (e.g. MEJB) or any other components that might be important for sever security. Once we have a few components identified we can start the review. Besides finding and fixing the potential security problems during the review we must also ensure that we have decent tests for these components that cover a range of inputs. For each problem that we do discover, we must write a test case to make sure it never happens again. Basically, a problem is not fully addressed until we have a test for it. For now, I created the following page where we can keep track of the components and the review: http://cwiki.apache.org/confluence/display/GMOxDEV/Security+Review Feel free to update it in any way. Opinions? Ideas? Thoughts? Jarek
Re: [jira] Updated: (GERONIMO-3300) Upgrade Dojo to 1.0
Hello all, I am in need of a little help on this. I have added everything that I believe I need to -add- Dojo 1.0.1 to the build. But, in the process, maven starts to ignore the fact that the 0.4.3 version is in the local repository directory. So, the build for 0.4.3 fails if you have a clean maven repo. If you have a maven repo that already contains 0.4.3, then the new 1.0.1 is added and everything works. How can I get maven to include both versions? I don't want to check in these changes though, because they break the build if you have a clean repo. Jay Jay D. McHugh (JIRA) wrote: [ https://issues.apache.org/jira/browse/GERONIMO-3300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh updated GERONIMO-3300: Description: Dojo 1.0 is now available. But, to upgrade we will either need to rewrite all of the plugins that use Dojo widgets to use the new (backward incompatible) versions -or- include both the 0.4.3 and 1.0.0 versions of Dojo. Having both versions would make it possible to transition over to the newer version of Dojo in a more leisurely fashion but would introduce a fairly significant amount of bloat. I would prefer that we would just replace the old version and rewrite whatever needs to be rewritten but that would depend on how soon we are trying to get G2.1 out the door. was: The new Dojo 0.9 Beta was just released. It will reduce the footprint of the main dojo.js to under 50k - But will require that some of the console screens to be reworked because the widget system was completely redesigned and is incompatible. Affects Version/s: (was: 2.0-M7) 2.1 Summary: Upgrade Dojo to 1.0 (was: Upgrade Dojo to 0.9) Upgrade Dojo to 1.0 --- Key: GERONIMO-3300 URL: https://issues.apache.org/jira/browse/GERONIMO-3300 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: console Affects Versions: 2.1 Reporter: Jay D. McHugh Assignee: Jay D. McHugh Dojo 1.0 is now available. But, to upgrade we will either need to rewrite all of the plugins that use Dojo widgets to use the new (backward incompatible) versions -or- include both the 0.4.3 and 1.0.0 versions of Dojo. Having both versions would make it possible to transition over to the newer version of Dojo in a more leisurely fashion but would introduce a fairly significant amount of bloat. I would prefer that we would just replace the old version and rewrite whatever needs to be rewritten but that would depend on how soon we are trying to get G2.1 out the door.
Our 2.1 assemblies are nearly 2x the size of 2.0.2
It looks like the size of our images is increasing dramatically (nearly 2x). For example, the geronimo-jetty6-minimal snapshots have been growing like this (these image sizes are from the snapshot repo): 16604006 Jul 26 18:54 geronimo-jetty6-minimal-2.1-20070726.182538-1-bin.tar.gz 17086729 Jul 26 18:53 geronimo-jetty6-minimal-2.1-20070726.182538-1-bin.zip 22310769 Nov 1 03:19 geronimo-jetty6-minimal-2.1-20071101.014839-2-bin.tar.gz 22744083 Nov 1 03:18 geronimo-jetty6-minimal-2.1-20071101.014839-2-bin.zip 30812531 Nov 30 22:45 geronimo-jetty6-minimal-2.1-20071130.211933-3-bin.tar.gz 31248864 Nov 30 22:43 geronimo-jetty6-minimal-2.1-20071130.211933-3-bin.zip The javaee5 images have also grown significantly. 57099671 Jul 26 18:39 geronimo-jetty6-jee5-2.1-20070726.182538-1-bin.tar.gz 58685668 Jul 26 18:36 geronimo-jetty6-jee5-2.1-20070726.182538-1-bin.zip 55113050 Nov 1 03:28 geronimo-jetty6-javaee5-2.1-20071101.014839-1-bin.tar.gz 56827820 Nov 1 03:25 geronimo-jetty6-javaee5-2.1-20071101.014839-1-bin.zip 71313050 Nov 30 22:54 geronimo-jetty6-javaee5-2.1-20071130.211933-2-bin.tar.gz 73094816 Nov 30 22:50 geronimo-jetty6-javaee5-2.1-20071130.211933-2-bin.zip I haven't looked into the cause yet ... but does anybody have some ideas on the culprit? Joe
[jira] Commented: (GERONIMO-3660) monitoring collecting agent needs to have a local interface for the MRC
[ https://issues.apache.org/jira/browse/GERONIMO-3660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12547290 ] Erik B. Craig commented on GERONIMO-3660: - Patch Committed revision 599959. Thanks viet monitoring collecting agent needs to have a local interface for the MRC --- Key: GERONIMO-3660 URL: https://issues.apache.org/jira/browse/GERONIMO-3660 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Attachments: geronimo-3660.patch The collecting agent (server side) needs to have a local interface. This will allow the collecting agent to get a hold of the ejb to process some data too. As a temporary solution, I used a RemoteInitialContextFactory to get a hold of the EJB which resides locally on that machine. However, Jarek submitted a patch to openEJB which now allows LocalInitialContextFactory to authenticate an EJB lookup, so we need to make use of it. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3660) monitoring collecting agent needs to have a local interface for the MRC
[ https://issues.apache.org/jira/browse/GERONIMO-3660?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen updated GERONIMO-3660: --- Attachment: geronimo-3660.patch monitoring collecting agent needs to have a local interface for the MRC --- Key: GERONIMO-3660 URL: https://issues.apache.org/jira/browse/GERONIMO-3660 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Attachments: geronimo-3660.patch The collecting agent (server side) needs to have a local interface. This will allow the collecting agent to get a hold of the ejb to process some data too. As a temporary solution, I used a RemoteInitialContextFactory to get a hold of the EJB which resides locally on that machine. However, Jarek submitted a patch to openEJB which now allows LocalInitialContextFactory to authenticate an EJB lookup, so we need to make use of it. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GERONIMO-3660) monitoring collecting agent needs to have a local interface for the MRC
monitoring collecting agent needs to have a local interface for the MRC --- Key: GERONIMO-3660 URL: https://issues.apache.org/jira/browse/GERONIMO-3660 Project: Geronimo Issue Type: Improvement Security Level: public (Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Attachments: geronimo-3660.patch The collecting agent (server side) needs to have a local interface. This will allow the collecting agent to get a hold of the ejb to process some data too. As a temporary solution, I used a RemoteInitialContextFactory to get a hold of the EJB which resides locally on that machine. However, Jarek submitted a patch to openEJB which now allows LocalInitialContextFactory to authenticate an EJB lookup, so we need to make use of it. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3659) monitoring client needs to allow the retention period to be configurable
[ https://issues.apache.org/jira/browse/GERONIMO-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12547227 ] Erik B. Craig commented on GERONIMO-3659: - Patch Committed revision 599885. Thanks Viet. monitoring client needs to allow the retention period to be configurable Key: GERONIMO-3659 URL: https://issues.apache.org/jira/browse/GERONIMO-3659 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Attachments: geronimo-3659.patch The Edit Server and Add Server pages should allow the admin to configure the retention period of the snapshots. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3659) monitoring client needs to allow the retention period to be configurable
[ https://issues.apache.org/jira/browse/GERONIMO-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen updated GERONIMO-3659: --- Attachment: geronimo-3659.patch erik and I have decided to take out the configuration during the adding of the server phase. If the user wants to configure the server, he/she will have to go through the edit page monitoring client needs to allow the retention period to be configurable Key: GERONIMO-3659 URL: https://issues.apache.org/jira/browse/GERONIMO-3659 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Attachments: geronimo-3659.patch The Edit Server and Add Server pages should allow the admin to configure the retention period of the snapshots. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GSHELL-86) command groups in help screen
command groups in help screen - Key: GSHELL-86 URL: https://issues.apache.org/jira/browse/GSHELL-86 Project: GShell Issue Type: Improvement Security Level: public (Regular issues) Reporter: Jarek Gawor Assignee: Jason Dillon The help screen shows the following: ... /deploy list-plugins Install plugins into a geronimo server connect Connect to a Geronimo server disconnectDisconnect from a Geronimo server .. which I would interpret that I need to type /deploy/connect to execute the command. But that does not work but deploy/connect works. So I would propose updating the help screen to show the slash at the end of the group name instead of the front. e.g.: ... deploy/ list-plugins Install plugins into a geronimo server connect Connect to a Geronimo server disconnectDisconnect from a Geronimo server .. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-3567) Monitoring client add/edit server pages need to be polished up
[ https://issues.apache.org/jira/browse/GERONIMO-3567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Erik B. Craig resolved GERONIMO-3567. - Resolution: Fixed Resolved in a series of other jiras Monitoring client add/edit server pages need to be polished up -- Key: GERONIMO-3567 URL: https://issues.apache.org/jira/browse/GERONIMO-3567 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Reporter: Erik B. Craig Assignee: Erik B. Craig -The add/edit server pages in the monitoring client need a 'test these settings' function that will verify the current information provided in the field, with a return of whether or not the server is responsive. -Disable snapshot query functionality needs to be added to the edit server page, with appropriate warning -Saving a new snapshotduration value should compare to the current, and change if different on the edit server page -Disable this server link should work on the edit server page, setting the servers status to disabled in database, also disabling associated graphs and should warn appropriatedly -Delete server should have appropriate warning -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-3658) Review RepeatedFailureLockoutLoginModule
[ https://issues.apache.org/jira/browse/GERONIMO-3658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vamsavardhana Reddy closed GERONIMO-3658. - Resolution: Fixed Completed: At revision: 599857 o Changes to bring RepeatedFailureLockoutLoginModule in line with http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html Review RepeatedFailureLockoutLoginModule Key: GERONIMO-3658 URL: https://issues.apache.org/jira/browse/GERONIMO-3658 Project: Geronimo Issue Type: Task Security Level: public(Regular issues) Components: security Affects Versions: 2.0.x, 2.1 Reporter: Vamsavardhana Reddy Assignee: Vamsavardhana Reddy Fix For: 2.0.x, 2.1 Review RepeatedFailureLockoutLoginModule for potential violations and security risks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3653) Getting java.lang.NoClassDefFoundError while starting geronimo as windows service
[ https://issues.apache.org/jira/browse/GERONIMO-3653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12547183 ] Jarek Gawor commented on GERONIMO-3653: --- I'm unable to replicate this problem. Works fine for me with G 2.0.2, Win XP, wrapper-windows-x86-32-3.2.3, and Sun jdk1.5.0_10. Maybe your 2.0.2 download was corrupted somehow. Please download it again and see if that corrects the problem. Getting java.lang.NoClassDefFoundError while starting geronimo as windows service -- Key: GERONIMO-3653 URL: https://issues.apache.org/jira/browse/GERONIMO-3653 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: startup/shutdown Affects Versions: 2.0.2 Environment: Windows XP, geronimo-tomcat6-jee5-2.0.2, wrapper-windows-x86-32-3.2.3,Sun java 1.5.0_14 Reporter: H.T I am getting the following error while starting geronimo as a windows service. I am referring the following link. http://cwiki.apache.org/GMOxDOC20/configuring-geronimo-as-a-windows-service.html Geronimo-tomcat6-jee5-2.0.1 startes well as a windows service, but with Geronimo-tomcat6-jee5-2.0.2, following error occurs. wrapper | -- Wrapper Started as Console wrapper | Launching a JVM... jvm 1| Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1| Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1| jvm 1| Booting Geronimo Kernel (in Java 1.5.0_11)... jvm 1| Starting Geronimo Application Server v2.0.2 jvm 1| jvm 1| [*] 0% 0s Loading jvm 1| [*- ] 0% 0s Loading org.apach... jvm 1| [*- ] 0% 1s Loading org.apach... jvm 1| [* ] 6% 1s Loading org.apach... jvm 1| [* ] 6% 1s Starting org.apach... jvm 1| [* ] 6% 2s Starting org.apach... jvm 1| [** ] 8% 2s Starting org.apach... jvm 1| [**- ] 8% 2s Loading org.apach... jvm 1| [** ] 9% 2s Loading org.apach... jvm 1| [*** ] 10% 2s Starting org.apach... jvm 1| [***- ] 10% 2s Loading org.apach... jvm 1| [***- ] 10% 2s Loading org.apach... jvm 1| [*** ] 11% 2s Loading org.apach... jvm 1| [*** ] 11% 3s Starting org.apach... jvm 1| [*** ] 11% 3s Starting org.apach... jvm 1| [ ] 13% 3s Starting org.apach... jvm 1| [-] 13% 3s Loading org.apach... jvm 1| [] 14% 3s Loading org.apach... jvm 1| [*] 15% 3s Starting org.apach... jvm 1| [*- ] 15% 3s Loading org.apach... jvm 1| [*- ] 15% 4s Loading org.apach... jvm 1| [*- ] 15% 4s Loading org.apach... jvm 1| [*- ] 15% 5s Loading org.apach... jvm 1| [* ] 17% 5s Loading org.apach... jvm 1| [* ] 17% 5s Starting org.apach... jvm 1| [** ] 18% 5s Starting org.apach... jvm 1| [**- ] 18% 5s Loading org.apach... jvm 1| [**- ] 18% 6s Loading org.apach... jvm 1| [**- ] 18% 6s Loading org.apach... jvm 1| [** ] 19% 6s Loading org.apach... jvm 1| [** ] 19% 7s Starting org.apach... jvm 1| [** ] 19% 7s Starting org.apach... jvm 1| [** ] 19% 8s Starting org.apach... jvm 1| [** ] 19% 8s Starting org.apach... jvm 1| [** ] 19% 9s Starting org.apach... jvm 1| [** ] 19% 9s Starting org.apach... jvm 1| [** ] 19% 10s Starting org.apach... jvm 1| [** ] 19% 10s Starting org.apach... jvm 1| [**
[jira] Assigned: (GERONIMO-3653) Getting java.lang.NoClassDefFoundError while starting geronimo as windows service
[ https://issues.apache.org/jira/browse/GERONIMO-3653?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jarek Gawor reassigned GERONIMO-3653: - Assignee: Jarek Gawor Getting java.lang.NoClassDefFoundError while starting geronimo as windows service -- Key: GERONIMO-3653 URL: https://issues.apache.org/jira/browse/GERONIMO-3653 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: startup/shutdown Affects Versions: 2.0.2 Environment: Windows XP, geronimo-tomcat6-jee5-2.0.2, wrapper-windows-x86-32-3.2.3,Sun java 1.5.0_14 Reporter: H.T Assignee: Jarek Gawor I am getting the following error while starting geronimo as a windows service. I am referring the following link. http://cwiki.apache.org/GMOxDOC20/configuring-geronimo-as-a-windows-service.html Geronimo-tomcat6-jee5-2.0.1 startes well as a windows service, but with Geronimo-tomcat6-jee5-2.0.2, following error occurs. wrapper | -- Wrapper Started as Console wrapper | Launching a JVM... jvm 1| Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1| Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1| jvm 1| Booting Geronimo Kernel (in Java 1.5.0_11)... jvm 1| Starting Geronimo Application Server v2.0.2 jvm 1| jvm 1| [*] 0% 0s Loading jvm 1| [*- ] 0% 0s Loading org.apach... jvm 1| [*- ] 0% 1s Loading org.apach... jvm 1| [* ] 6% 1s Loading org.apach... jvm 1| [* ] 6% 1s Starting org.apach... jvm 1| [* ] 6% 2s Starting org.apach... jvm 1| [** ] 8% 2s Starting org.apach... jvm 1| [**- ] 8% 2s Loading org.apach... jvm 1| [** ] 9% 2s Loading org.apach... jvm 1| [*** ] 10% 2s Starting org.apach... jvm 1| [***- ] 10% 2s Loading org.apach... jvm 1| [***- ] 10% 2s Loading org.apach... jvm 1| [*** ] 11% 2s Loading org.apach... jvm 1| [*** ] 11% 3s Starting org.apach... jvm 1| [*** ] 11% 3s Starting org.apach... jvm 1| [ ] 13% 3s Starting org.apach... jvm 1| [-] 13% 3s Loading org.apach... jvm 1| [] 14% 3s Loading org.apach... jvm 1| [*] 15% 3s Starting org.apach... jvm 1| [*- ] 15% 3s Loading org.apach... jvm 1| [*- ] 15% 4s Loading org.apach... jvm 1| [*- ] 15% 4s Loading org.apach... jvm 1| [*- ] 15% 5s Loading org.apach... jvm 1| [* ] 17% 5s Loading org.apach... jvm 1| [* ] 17% 5s Starting org.apach... jvm 1| [** ] 18% 5s Starting org.apach... jvm 1| [**- ] 18% 5s Loading org.apach... jvm 1| [**- ] 18% 6s Loading org.apach... jvm 1| [**- ] 18% 6s Loading org.apach... jvm 1| [** ] 19% 6s Loading org.apach... jvm 1| [** ] 19% 7s Starting org.apach... jvm 1| [** ] 19% 7s Starting org.apach... jvm 1| [** ] 19% 8s Starting org.apach... jvm 1| [** ] 19% 8s Starting org.apach... jvm 1| [** ] 19% 9s Starting org.apach... jvm 1| [** ] 19% 9s Starting org.apach... jvm 1| [** ] 19% 10s Starting org.apach... jvm 1| [** ] 19% 10s Starting org.apach... jvm 1| [** ] 19% 11s Starting org.apach... jvm 1| [** ] 19% 11s Starting org.apach... jvm 1| [** ] 19% 12s Starting org.apach...
[jira] Updated: (GERONIMO-3659) monitoring client needs to allow the retention period to be configurable
[ https://issues.apache.org/jira/browse/GERONIMO-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen updated GERONIMO-3659: --- Attachment: (was: geronimo-3659.patch) monitoring client needs to allow the retention period to be configurable Key: GERONIMO-3659 URL: https://issues.apache.org/jira/browse/GERONIMO-3659 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen The Edit Server and Add Server pages should allow the admin to configure the retention period of the snapshots. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3596) Unintuitive workings of the MySQL DBPool deployment wizard
[ https://issues.apache.org/jira/browse/GERONIMO-3596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12547169 ] Jay D. McHugh commented on GERONIMO-3596: - The new adapters are still working for me, but has anyone else had a chance to try these? It would be nice to be able to stop manually copying these into my server each time I rebuild. Unintuitive workings of the MySQL DBPool deployment wizard -- Key: GERONIMO-3596 URL: https://issues.apache.org/jira/browse/GERONIMO-3596 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: connector, databases, deployment Affects Versions: 2.0.2 Environment: ogre% uname -a FreeBSD ogre 7.0-BETA2 FreeBSD 7.0-BETA2 #4: Sat Nov 10 15:29:36 CET 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/OGRE amd64 ogre% java -version java version 1.6.0_02-p2 Java(TM) SE Runtime Environment (build 1.6.0_02-p2-root_04_nov_2007_14_03-b00) Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_02-p2-root_04_nov_2007_14_03-b00, mixed mode) Nothing else. I don't think it matters at all for this bug report anyway. Reporter: Jesper Louis Andersen Attachments: tranql-connector-mysql-local-1.2-SNAPSHOT.rar There is an unintuitive gotcha hidden in the DBPool wizard for the MySQL (and probably also the MySQL-XA) driver. It manifests itself with a NullPointerException when trying to connect to a database. See for instance the following mail: http://spteam-lists.blogspot.com/2007/11/re-apache-geronimo-202-and-mysql-data.html The reason is that if you DON'T fill out the URL field, you get the following deployment plan: ?xml version=1.0 encoding=UTF-8? connector xmlns=http://geronimo.apache.org/xml/ns/j2ee/connector-1.2; dep:environment xmlns:dep=http://geronimo.apache.org/xml/ns/deployment-1.2; dep:moduleId dep:groupIdconsole.dbpool/dep:groupId dep:artifactIdcxnet/dep:artifactId dep:version1.0/dep:version dep:typerar/dep:type /dep:moduleId dep:dependencies dep:dependency dep:groupIdmysql/dep:groupId dep:artifactIdmysql-connector-java/dep:artifactId dep:version5.1.5/dep:version dep:typejar/dep:type /dep:dependency /dep:dependencies /dep:environment resourceadapter outbound-resourceadapter connection-definition connectionfactory-interfacejavax.sql.DataSource/connectionfactory-interface connectiondefinition-instance namecxnet/name config-property-setting name=DatabaseNamefoo/config-property-setting config-property-setting name=Passwordfoo/config-property-setting config-property-setting name=UserNamefoo/config-property-setting config-property-setting name=URL/ connectionmanager no-transaction/ single-pool max-size10/max-size min-size0/min-size match-one/ /single-pool /connectionmanager /connectiondefinition-instance /connection-definition /outbound-resourceadapter /resourceadapter /connector + Notice the Empty URL parameter. Quick workaround: Supply the URL parameter or use the 'show plan' feature and add the URL in the plan. Steps to reproduce: 1. Add a mysql-connector-java JAR to the library section. I used 5.1.5 as a version, but it also fails with 5.0.8 and 3.1.14. 2. Click Database Pools - Wizard - choose 'foo' and MySQL as driver 3. Enter the fields: pool name, database driver, port number, user name, server name, database name, password and confirm password take care NOT to enter the URL. 4. Now click 'show plan'. It this point it should be obvious that we are trying to deploy a plan without an URL. The idea for a fix: 1. Gather fields from input. 2. If URL is empty, stitch together one from the other parameters. 3. Use the constructed URL. And do take care to report this back to the guy in the linked mail above ;) -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GERONIMO-3659) monitoring client needs to allow the retention period to be configurable
monitoring client needs to allow the retention period to be configurable Key: GERONIMO-3659 URL: https://issues.apache.org/jira/browse/GERONIMO-3659 Project: Geronimo Issue Type: Improvement Security Level: public (Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Attachments: geronimo-3659.patch The Edit Server and Add Server pages should allow the admin to configure the retention period of the snapshots. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-3568) Monitoring client serverview should update the last_seen field in database where possible
[ https://issues.apache.org/jira/browse/GERONIMO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen resolved GERONIMO-3568. Resolution: Duplicate Fix Version/s: 2.1 Assignee: Viet Hung Nguyen (was: Erik B. Craig) this was done in another jira Monitoring client serverview should update the last_seen field in database where possible - Key: GERONIMO-3568 URL: https://issues.apache.org/jira/browse/GERONIMO-3568 Project: Geronimo Issue Type: Sub-task Security Level: public(Regular issues) Components: monitoring Reporter: Erik B. Craig Assignee: Viet Hung Nguyen Fix For: 2.1 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-3527) Monitoring client needs default viewmode when selecting servers from the list
[ https://issues.apache.org/jira/browse/GERONIMO-3527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen resolved GERONIMO-3527. Resolution: Fixed Fix Version/s: 2.1 Monitoring client needs default viewmode when selecting servers from the list - Key: GERONIMO-3527 URL: https://issues.apache.org/jira/browse/GERONIMO-3527 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Reporter: Erik B. Craig Assignee: Erik B. Craig Fix For: 2.1 Currently selecting a server from the list in the monitoring client portlet links to #, must create a default view for this in the same styling of the default view for the 'views', with additional server-related functionality. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: GShell 1.0-alpha-1 update
On Nov 29, 2007, at 3:18 AM, Jason Dillon wrote: Folks, I've halted any significant changes to GShell so we can push out a stable release for Geronimo to consume in the next week or so. Right now it is pending some dependency releases: * plexus-cdc-anno * plexus-component-annotations * maven-remote-resources-plugin * groovy-maven-plugin * cobertura-maven-plugin I've got the ball rolling on each of those and with a wee bit of luck and probably a healthy dose of pestering folks, we should get all of these resolved to facilitate the first *official* GShell release... yay! I'm hoping to get GShell 1.0-alpha-1 out in the next week or so, really as soon as the deps are published I will start the ball moving. I could use a little help in the mean time for things like legal oversight and anything else I might have missed to help make the vote+release as smooth as possible, So if you have a few minutes spare it would be nice if you could build the tree and poke around a bit er something. Hi Jason, I took a look at the GShell source. Things look good. Two files had old-style src license headers. I'm updating those. Remaining work, legal-wise, is getting license/notice files in your jars (and updating notice/license file in the root directory). Let's sync up later today. Can discuss the maven-remote-resources plugin and see if we can get it working for GShell... --kevan
[jira] Closed: (GERONIMO-3657) Review FileAuditLoginModule
[ https://issues.apache.org/jira/browse/GERONIMO-3657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vamsavardhana Reddy closed GERONIMO-3657. - Resolution: Fixed Completed: At revision: 599854 o Changes to bring FileAuditLoginModule in line with http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/JAASLMDevGuide.html Review FileAuditLoginModule --- Key: GERONIMO-3657 URL: https://issues.apache.org/jira/browse/GERONIMO-3657 Project: Geronimo Issue Type: Task Security Level: public(Regular issues) Components: security Affects Versions: 2.0.x, 2.1 Reporter: Vamsavardhana Reddy Assignee: Vamsavardhana Reddy Fix For: 2.0.x, 2.1 Review FileAuditLoginModule for potential violations and security risks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: [DISCUSS] Release geronimo-txmanager 2.1
On Nov 27, 2007, at 5:46 PM, Donald Woods wrote: +1 Let me know if you need help releasing them Donald, That would be great. --kevan
[jira] Resolved: (GERONIMO-3649) monitoring client needs to have links on the side fixed
[ https://issues.apache.org/jira/browse/GERONIMO-3649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen resolved GERONIMO-3649. Resolution: Fixed Fix Version/s: 2.1 monitoring client needs to have links on the side fixed --- Key: GERONIMO-3649 URL: https://issues.apache.org/jira/browse/GERONIMO-3649 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: monitoring Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Fix For: 2.1 Attachments: geronimo-3649.patch Need to fix the links on the side for Server Edit and View Server pages. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-3122) Unable to create a (MySQL) database pool
[ https://issues.apache.org/jira/browse/GERONIMO-3122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh resolved GERONIMO-3122. - Resolution: Duplicate Accidental clone of 2368 Unable to create a (MySQL) database pool Key: GERONIMO-3122 URL: https://issues.apache.org/jira/browse/GERONIMO-3122 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: databases Affects Versions: 2.0-M3 Environment: mysql/mysql-connector-java/3.1.12/jar MySQL 5.0.27 Win-Xp Java 1.6 Reporter: nrkkalyan I tried to create new database pool using 1. Database Pool Wizard 2. Importing from Jboss 4. That time I got the following exception. EXCEPTION WHILE CREATING DATABASE POOL USING THE GERONIMO DATABASE POOL WIZARD /// Geronimo Application Server started 22:44:35,401 ERROR [DatabasePoolPortlet] Unable to save connection pool javax.enterprise.deploy.spi.exceptions.InvalidModuleException: No configurer for module type: rar registered at org.apache.geronimo.deployment.plugin.jmx.JMXDeploymentManager.createConfiguration(JMXDeploymentManager.java:302) at org.apache.geronimo.console.databasemanager.wizard.DatabasePoolPortlet.save(DatabasePoolPortlet.java:880) at org.apache.geronimo.console.databasemanager.wizard.DatabasePoolPortlet.processAction(DatabasePoolPortlet.java:338) at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229) at org.apache.pluto.core.PortletServlet.doPost(PortletServlet.java:163) at javax.servlet.http.HttpServlet.service(HttpServlet.java:713) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:687) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:590) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:505) at org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120) at org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68) at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164) at org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82) at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227) at org.apache.pluto.portalImpl.Servlet.doPost(Servlet.java:267) at javax.servlet.http.HttpServlet.service(HttpServlet.java:713) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:56) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:338) at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:47) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:517) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) at java.lang.Thread.run(Thread.java:619) EXCEPTION WHILE CREATING
[jira] Closed: (GERONIMO-3608) Move Jetty*Stats and Jetty*StatsImpl to geronimo-management
[ https://issues.apache.org/jira/browse/GERONIMO-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Anita Kulshreshtha closed GERONIMO-3608. Resolution: Fixed Fix Version/s: 2.1 Move Jetty*Stats and Jetty*StatsImpl to geronimo-management Key: GERONIMO-3608 URL: https://issues.apache.org/jira/browse/GERONIMO-3608 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: Jetty, management Affects Versions: 2.1 Environment: All Reporter: Anita Kulshreshtha Assignee: Anita Kulshreshtha Fix For: 2.1 Move Jetty*Stats and Jetty*StatsImpl to geronimo-management . The relevant discussion can be found at - http://www.nabble.com/Re%3A-Can-we-deal-generically-with-container-specific-jsr77-statistics--p13688310s134.html -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-3640) Eliminate UPCredentialLoginModule
[ https://issues.apache.org/jira/browse/GERONIMO-3640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12547111 ] Vamsavardhana Reddy commented on GERONIMO-3640: --- For now, I have marked UPCredentialLoginModule as deprecated. We will remove the class from the codebase after the next release. Completed: At revision: 599796 o Marked UPCredentialLoginModule as deprecated. o Replaced the only reference to UPCredentialLoginModule in ConfigurationEntryTest with GeronimoPasswordCredentialLoginModule. Eliminate UPCredentialLoginModule - Key: GERONIMO-3640 URL: https://issues.apache.org/jira/browse/GERONIMO-3640 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: security Affects Versions: 2.0.x, 2.1 Reporter: Vamsavardhana Reddy Assignee: Vamsavardhana Reddy Fix For: 2.0.x, 2.1 UPCredentialLoginModule seems to serve the same purpose as GeronimoPasswordCredentialLoginModule. Searching the codebase for references to UPCredentialLoginModule yields no results. Also GeronimoPasswordCredentialLoginModule is the one used by Security realms portlet. It may be a good idea to eliminate UPCredentialLoginModule and related classes. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-3659) monitoring client needs to allow the retention period to be configurable
[ https://issues.apache.org/jira/browse/GERONIMO-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen resolved GERONIMO-3659. Resolution: Fixed Fix Version/s: 2.1 monitoring client needs to allow the retention period to be configurable Key: GERONIMO-3659 URL: https://issues.apache.org/jira/browse/GERONIMO-3659 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Fix For: 2.1 Attachments: geronimo-3659.patch The Edit Server and Add Server pages should allow the admin to configure the retention period of the snapshots. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[PROPOSAL] Migrate Project Yoko from Incubator to Geronimo / CXF
The members of project yoko have been considering the future of Yoko as a project. There have been several milestones delivered and the project is used by other ASF projects. The project is not as active as other ASF projects and it makes sense to move the code from Yoko to other projects. The Yoko team has the following proposal for your consideration. Proposed Code Donation from Project Yoko to Apache CXF and Apache Geronimo The Yoko community has been successful in delivering several milestones of the ORB implementation while in the Apache Incubator. These milestones are used by other Apache projects (namely Geronimo and Harmony) to support their releases. The WebServices bindings are dependent on CXF. The Yoko community has decided that the Yoko project does not have quite the momentum to carry itself as an independent project but has sufficient value for other projects for them to consider receiving the code and committers for that code-base as sub-projects. Since the code under consideration is used by Apache Geronimo, Apache CXF and Apache Harmony the movement of the code should continue to allow for independent releases so the code can be easily shared with other dependent projects. The proposed division is: yoko-spec-corba - this is the org.omg interface classes. rmi-spec - this is the javax.rmi spec implementation core - This is the actual ORB implementation. rmi-impl - This is the implementation of the RMIIIOP support. These modules are also used by Harmony. In addition to the code we propose that the following committers in Apache Yoko be accepted as committers in Apache Geronimo given their demonstration of delivering code, creating releases and functioning as a community. Those noted with asterisks are already Geronimo committers. Continued involvement with the core: Rick McGuire * David Jencks * Alan Cabrera * Lars Kuhne Alexey Petrenko Darren Middleman The remainder of the modules in Yoko are part of the webservices support and are independent of the underlying ORB implementation. api -- interface classes used for the web services support. bindings -- code to implement the CORBA-Web services bindings. tools -- tools for generation WSDL and IDL for the bindings maven-plugin -- some maven plugins that can use the tools for generating binding-related build artifacts. None of the maven-plugin code is used by the ORB. There is also a distribution directory with some sample applications. One set of samples demonstrates using the core ORB, the other set is for WebServices. We recommend that the distribution directory should move to Apache CXF as the webservices examples use the orb samples to bind them as web services. Since Apache Geronimo's only use of CORBA is for exporting EJBs, these samples are not particularly valuable for Geronimo. The Yoko community did not have any committers that expressed an interest in continuing work on these bindings. As such, only the code would be moving to apache CXF.
[jira] Updated: (GERONIMO-3659) monitoring client needs to allow the retention period to be configurable
[ https://issues.apache.org/jira/browse/GERONIMO-3659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Viet Hung Nguyen updated GERONIMO-3659: --- Attachment: geronimo-3659.patch monitoring client needs to allow the retention period to be configurable Key: GERONIMO-3659 URL: https://issues.apache.org/jira/browse/GERONIMO-3659 Project: Geronimo Issue Type: Improvement Security Level: public(Regular issues) Components: monitoring Affects Versions: 2.1 Environment: windows Reporter: Viet Hung Nguyen Assignee: Viet Hung Nguyen Attachments: geronimo-3659.patch The Edit Server and Add Server pages should allow the admin to configure the retention period of the snapshots. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GERONIMO-3657) Review FileAuditLoginModule
Review FileAuditLoginModule --- Key: GERONIMO-3657 URL: https://issues.apache.org/jira/browse/GERONIMO-3657 Project: Geronimo Issue Type: Task Security Level: public (Regular issues) Components: security Affects Versions: 2.0.x, 2.1 Reporter: Vamsavardhana Reddy Assignee: Vamsavardhana Reddy Fix For: 2.0.x, 2.1 Review FileAuditLoginModule for potential violations and security risks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-3122) Unable to create a (MySQL) database pool
[ https://issues.apache.org/jira/browse/GERONIMO-3122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jay D. McHugh closed GERONIMO-3122. --- Unable to create a (MySQL) database pool Key: GERONIMO-3122 URL: https://issues.apache.org/jira/browse/GERONIMO-3122 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: databases Affects Versions: 2.0-M3 Environment: mysql/mysql-connector-java/3.1.12/jar MySQL 5.0.27 Win-Xp Java 1.6 Reporter: nrkkalyan I tried to create new database pool using 1. Database Pool Wizard 2. Importing from Jboss 4. That time I got the following exception. EXCEPTION WHILE CREATING DATABASE POOL USING THE GERONIMO DATABASE POOL WIZARD /// Geronimo Application Server started 22:44:35,401 ERROR [DatabasePoolPortlet] Unable to save connection pool javax.enterprise.deploy.spi.exceptions.InvalidModuleException: No configurer for module type: rar registered at org.apache.geronimo.deployment.plugin.jmx.JMXDeploymentManager.createConfiguration(JMXDeploymentManager.java:302) at org.apache.geronimo.console.databasemanager.wizard.DatabasePoolPortlet.save(DatabasePoolPortlet.java:880) at org.apache.geronimo.console.databasemanager.wizard.DatabasePoolPortlet.processAction(DatabasePoolPortlet.java:338) at org.apache.pluto.core.PortletServlet.dispatch(PortletServlet.java:229) at org.apache.pluto.core.PortletServlet.doPost(PortletServlet.java:163) at javax.servlet.http.HttpServlet.service(HttpServlet.java:713) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.apache.pluto.core.PortletServlet.service(PortletServlet.java:153) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:687) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:590) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:505) at org.apache.pluto.invoker.impl.PortletInvokerImpl.invoke(PortletInvokerImpl.java:120) at org.apache.pluto.invoker.impl.PortletInvokerImpl.action(PortletInvokerImpl.java:68) at org.apache.pluto.PortletContainerImpl.processPortletAction(PortletContainerImpl.java:164) at org.apache.pluto.portalImpl.core.PortletContainerWrapperImpl.processPortletAction(PortletContainerWrapperImpl.java:82) at org.apache.pluto.portalImpl.Servlet.doGet(Servlet.java:227) at org.apache.pluto.portalImpl.Servlet.doPost(Servlet.java:267) at javax.servlet.http.HttpServlet.service(HttpServlet.java:713) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:56) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:338) at org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:47) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:517) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445) at java.lang.Thread.run(Thread.java:619) EXCEPTION WHILE CREATING DATABASE POOL USING IMPORT FROM JBOSS 4 ///
[jira] Updated: (GERONIMO-3656) Startup failed when used with Saxon 9 XSLT engine
[ https://issues.apache.org/jira/browse/GERONIMO-3656?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ivo Abadjiev updated GERONIMO-3656: --- Attachment: geronimo.log Startup failed when used with Saxon 9 XSLT engine - Key: GERONIMO-3656 URL: https://issues.apache.org/jira/browse/GERONIMO-3656 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Affects Versions: 2.0.2 Environment: Windows XP SP2, JDK 1.5_12, all Saxon 9 jars copied into JDK's endorsed Reporter: Ivo Abadjiev Attachments: geronimo.log Tried with both, geronimo-jetty6-jee5-2.0.2-bin.zip and geronimo-tomcat6-jee5-2.0.2-bin.zip distributions. When application server is started for first time (via geronimo run) every thing seams seams fine. Application server creates some resources in local file system. The problem appears after stop and start again. Steps to reproduce - copy all Saxon XST engine jars into JDK endorsed folder - unzip geronimo-jetty6-jee5-2.0.2-bin.zip or geronimo-tomcat6-jee5-2.0.2-bin.zip - start application server (geronimo run) - stop it - start it again - see attached geronimo.log -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3655) Invalid MdbInstanceFactory behaviour
[ https://issues.apache.org/jira/browse/GERONIMO-3655?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alexei Akimov updated GERONIMO-3655: Attachment: badmdb.zip Sample application to reproduce the prolem Invalid MdbInstanceFactory behaviour Key: GERONIMO-3655 URL: https://issues.apache.org/jira/browse/GERONIMO-3655 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: OpenEJB Affects Versions: 2.0.1, 2.0.2 Environment: Microsoft Windows XP, Sun Java 1.5.0_10, Apache Geronimo 2.0.1 Reporter: Alexei Akimov Attachments: badmdb.zip org.apache.openejb.core.mdb.MdbInstanceFactory class pass invalid ThreadContext instance to ThreadContext.exit method at line 263 of its constructBean method. This brokes stack-like usage of ThreadContext objects and leads to problems during lazy initialization of ejb components when they called for the first time from the web tier. In particular ClassCastException is thrown in org.apache.geronimo.tomcat.interceptor.InstanceContextBeforeAfter.before() at line 49, because ConnectorInstanceContextImpl instance is returned instead of SharedConnectorInstanceContext instance. This error results in that org.apache.geronimo.tomcat.listener.DispatchListener.beforeDispatch method does not put any data into the current context stack so when the afterDispatch method is called the current context stack throws java.util.EmptyStackException. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GERONIMO-3655) Invalid MdbInstanceFactory behaviour
Invalid MdbInstanceFactory behaviour Key: GERONIMO-3655 URL: https://issues.apache.org/jira/browse/GERONIMO-3655 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Components: OpenEJB Affects Versions: 2.0.2, 2.0.1 Environment: Microsoft Windows XP, Sun Java 1.5.0_10, Apache Geronimo 2.0.1 Reporter: Alexei Akimov org.apache.openejb.core.mdb.MdbInstanceFactory class pass invalid ThreadContext instance to ThreadContext.exit method at line 263 of its constructBean method. This brokes stack-like usage of ThreadContext objects and leads to problems during lazy initialization of ejb components when they called for the first time from the web tier. In particular ClassCastException is thrown in org.apache.geronimo.tomcat.interceptor.InstanceContextBeforeAfter.before() at line 49, because ConnectorInstanceContextImpl instance is returned instead of SharedConnectorInstanceContext instance. This error results in that org.apache.geronimo.tomcat.listener.DispatchListener.beforeDispatch method does not put any data into the current context stack so when the afterDispatch method is called the current context stack throws java.util.EmptyStackException. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Created: (GERONIMO-3656) Startup failed when used with Saxon 9 XSLT engine
Startup failed when used with Saxon 9 XSLT engine - Key: GERONIMO-3656 URL: https://issues.apache.org/jira/browse/GERONIMO-3656 Project: Geronimo Issue Type: Bug Security Level: public (Regular issues) Affects Versions: 2.0.2 Environment: Windows XP SP2, JDK 1.5_12, all Saxon 9 jars copied into JDK's endorsed Reporter: Ivo Abadjiev Tried with both, geronimo-jetty6-jee5-2.0.2-bin.zip and geronimo-tomcat6-jee5-2.0.2-bin.zip distributions. When application server is started for first time (via geronimo run) every thing seams seams fine. Application server creates some resources in local file system. The problem appears after stop and start again. Steps to reproduce - copy all Saxon XST engine jars into JDK endorsed folder - unzip geronimo-jetty6-jee5-2.0.2-bin.zip or geronimo-tomcat6-jee5-2.0.2-bin.zip - start application server (geronimo run) - stop it - start it again - see attached geronimo.log -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-3641) NamedUPCredentialLoginModule vs ConfiguredIdentityNamedUsernamePasswordLoginModule
[ https://issues.apache.org/jira/browse/GERONIMO-3641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vamsavardhana Reddy updated GERONIMO-3641: -- Affects Version/s: (was: 2.0.x) (was: 2.1) Fix Version/s: (was: 2.0.x) (was: 2.1) Looks like there is nothing to be addressed here. My bad, this should have been an e-mail to dev-list instead of a JIRA :( NamedUPCredentialLoginModule vs ConfiguredIdentityNamedUsernamePasswordLoginModule -- Key: GERONIMO-3641 URL: https://issues.apache.org/jira/browse/GERONIMO-3641 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: security Reporter: Vamsavardhana Reddy I see that ConfiguredIdentityNamedUsernamePasswordLoginModule and NamedUPCredentialLoginModule are added to geronimo codebase around the same time (rev 159325 and rev 159560). The difference between the two is that NamedUPCredentialLoginModule uses the user supplied username and password where as ConfiguredIdentityNamedUsernamePasswordLoginModule gets the username and password from options supplied to the login module. NamedUPCredentialLoginModule is used by the Security realms portlet whereas there are no references to ConfiguredIdentityNamedUsernamePasswordLoginModule in the codebase. I guess one of them (most likely ConfiguredIdentityNamedUsernamePasswordLoginModule) is redundant and it should be eliminated. What am I missing? -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Closed: (GERONIMO-3641) NamedUPCredentialLoginModule vs ConfiguredIdentityNamedUsernamePasswordLoginModule
[ https://issues.apache.org/jira/browse/GERONIMO-3641?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vamsavardhana Reddy closed GERONIMO-3641. - Resolution: Invalid NamedUPCredentialLoginModule vs ConfiguredIdentityNamedUsernamePasswordLoginModule -- Key: GERONIMO-3641 URL: https://issues.apache.org/jira/browse/GERONIMO-3641 Project: Geronimo Issue Type: Bug Security Level: public(Regular issues) Components: security Reporter: Vamsavardhana Reddy I see that ConfiguredIdentityNamedUsernamePasswordLoginModule and NamedUPCredentialLoginModule are added to geronimo codebase around the same time (rev 159325 and rev 159560). The difference between the two is that NamedUPCredentialLoginModule uses the user supplied username and password where as ConfiguredIdentityNamedUsernamePasswordLoginModule gets the username and password from options supplied to the login module. NamedUPCredentialLoginModule is used by the Security realms portlet whereas there are no references to ConfiguredIdentityNamedUsernamePasswordLoginModule in the codebase. I guess one of them (most likely ConfiguredIdentityNamedUsernamePasswordLoginModule) is redundant and it should be eliminated. What am I missing? -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
Re: [DISCUSS] Release geronimo-txmanager 2.1
On Nov 27, 2007, at 7:41 PM, David Jencks wrote: Would anyone object if I modified it to use the maven-remote- resources plugin? Maybe. I think the NOTICE files that it generates are messy (even the new version), misleading or confusing, and sometimes incorrect. Since I'm the one that complains about it, I'll take a look at it to see if can be customized to address my issues. May need some help from you or Jason Dillon... --kevan
[jira] Created: (GERONIMO-3658) Review RepeatedFailureLockoutLoginModule
Review RepeatedFailureLockoutLoginModule Key: GERONIMO-3658 URL: https://issues.apache.org/jira/browse/GERONIMO-3658 Project: Geronimo Issue Type: Task Security Level: public (Regular issues) Components: security Affects Versions: 2.0.x, 2.1 Reporter: Vamsavardhana Reddy Assignee: Vamsavardhana Reddy Fix For: 2.0.x, 2.1 Review RepeatedFailureLockoutLoginModule for potential violations and security risks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.