I also tried creating a realm through the console, then exporting it as a plugin, undeploying the original, deploying as a plugin and restarting the server after doing the config.xml changes.
Doesn't work either. Complains about: org.omg.CORBA.COMM_FAILURE: socket() failed: Unable to create server SSL socket factory: Keystore 'geronimo-default' is locked; please use the keystore page in the admin console to unlock it: vmcid: Apache minor code: 0x5 completed: No Q On Fri, Sep 11, 2009 at 10:16 PM, Quintin Beukes <[email protected]> wrote: > No. This isn't working right. I don't know what I'm doing wrong. > > I take the exported plugin. Extract it to directory "x". > > Then I change only the groupId everywhere in the plugin frmo > "org.apache.geronimo.framework" to "test" and version from > "2.2-SNAPSHOT" to "2.2". Then I jar it again. > > Then I start geronimo and deploy this with deploy.sh install-plugin. > Successfully installed: test/server-security-config/2.2/car > > I stop the server, and then edit artifact_aliases.properties and change: > org.apache.geronimo.framework/server-security-config//car=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car > test/server-security-config//car=test/server-security-config/2.2/car > > TO > org.apache.geronimo.framework/server-security-config//car=test/server-security-config/2.2/car > org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car=test/server-security-config/2.2/car > test/server-security-config//car=test/server-security-config/2.2/car > > And config.xml from: > <module > name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car"/> > <module name="test/server-security-config/2.2/car"/> > > TO: > <module > name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car" > load="false"/> > <module name="test/server-security-config/2.2/car"/> > > Then I try and start the server, and all I get is this, ie. it starts > and right after loading my plugin stops the server without an error. > 2009-09-11 22:14:37,642 INFO [Log4jService] > ---------------------------------------------- > 2009-09-11 22:14:37,643 INFO [Log4jService] Started Logging Service > 2009-09-11 22:14:37,643 INFO [Log4jService] Runtime Information: > 2009-09-11 22:14:37,644 INFO [Log4jService] Install Directory = > /opt/testkms/server/geronimo-2.2-20090908 > 2009-09-11 22:14:37,645 INFO [JvmVendor] Sun JVM 1.5.0_17 > 2009-09-11 22:14:37,645 INFO [Log4jService] JVM in use = Sun > JVM 1.5.0_17 > 2009-09-11 22:14:37,645 INFO [Log4jService] Java Information: > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [java.runtime.name] = Java(TM) 2 Runtime Environment, Standard > Edition > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [java.runtime.version] = 1.5.0_17-b04 > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [os.name] = Linux > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [os.version] = 2.6.24-24-generic > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [sun.os.patch.level] = unknown > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [os.arch] = i386 > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [java.class.version] = 49.0 > 2009-09-11 22:14:37,645 INFO [Log4jService] System property > [locale] = en_ZA > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [unicode.encoding] = UnicodeLittle > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [file.encoding] = UTF-8 > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.vm.name] = Java HotSpot(TM) Client VM > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.vm.vendor] = Sun Microsystems Inc. > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.vm.version] = 1.5.0_17-b04 > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.vm.info] = mixed mode > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.home] = /opt/kms/java/sun-jdk1.5.0_17/jre > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.classpath] = null > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.library.path] = > /opt/kms/java/sun-jdk1.5.0_17/jre/lib/i386/client:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/i386:/opt/kms/java/sun-jdk1.5.0_17/jre/../lib/i386 > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.endorsed.dirs] = > /opt/testkms/server/geronimo-2.2-20090908/lib/endorsed:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/endorsed > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [java.ext.dirs] = > /opt/testkms/server/geronimo-2.2-20090908/lib/ext:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/ext > 2009-09-11 22:14:37,646 INFO [Log4jService] System property > [sun.boot.class.path] = > /opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-spec-corba-1.0.jar:/opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-rmi-spec-1.0.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/rt.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/i18n.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/sunrsasign.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/jsse.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/jce.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/charsets.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/classes > 2009-09-11 22:14:37,646 INFO [Log4jService] > ---------------------------------------------- > 2009-09-11 22:14:39,041 INFO [KernelContextGBean] bound gbean > org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaCompContext > at name java:comp > 2009-09-11 22:14:39,043 INFO [KernelContextGBean] bound gbean > org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaContext > at name java: > 2009-09-11 22:14:39,043 INFO [KernelContextGBean] bound gbean > org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=GeronimoContext > at name ger: > 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting > Property=javax.xml.soap.MetaFactory to > Value=org.apache.geronimo.webservices.saaj.GeronimoMetaFactory > 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting > Property=javax.xml.soap.MessageFactory to > Value=org.apache.geronimo.webservices.saaj.GeronimoMessageFactory > 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting > Property=java.net.preferIPv4Stack to Value=true > 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting > Property=javax.xml.soap.SOAPConnectionFactory to > Value=org.apache.geronimo.webservices.saaj.GeronimoSOAPConnectionFactory > 2009-09-11 22:14:40,087 INFO [SystemProperties] Setting > Property=javax.xml.soap.SOAPFactory to > Value=org.apache.geronimo.webservices.saaj.GeronimoSOAPFactory > 2009-09-11 22:14:40,087 INFO [SystemProperties] Setting > Property=java.security.Provider to Value=SUN > 2009-09-11 22:14:40,261 INFO [KernelContextGBean] unbound gbean > org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaContext > at name java: > 2009-09-11 22:14:40,264 INFO [KernelContextGBean] unbound gbean > org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=GeronimoContext > at name ger: > 2009-09-11 22:14:40,264 INFO [KernelContextGBean] unbound gbean > org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaCompContext > at name java:comp > 2009-09-11 22:14:40,265 INFO [Log4jService] Stopping Logging Service > 2009-09-11 22:14:40,265 INFO [Log4jService] > ---------------------------------------------- > > Q > On Fri, Sep 11, 2009 at 9:31 PM, Quintin Beukes <[email protected]> wrote: >> do i need to delete config.ser? >> >> Q >> >> On Fri, Sep 11, 2009 at 9:16 PM, Joe Dente <[email protected]> wrote: >>> That's how I got started. I have a project that includes a custom login >>> module as well as a customized geronimo-plugin.xml that originally was an >>> exported version of the server-security-config plugin. My plugin project >>> creates a simple jar with the geronimo-plugin.xml in my jar's 'META-INF' >>> folder. I then deploy this jar into Geronimo with the geronimo-plugin.xml >>> being my jar's deployment plan. You can also try and build a car using the >>> maven car plugin, although I haven't played around with this yet. I found >>> this wiki article to be helpful: >>> http://cwiki.apache.org/confluence/display/GMOxDOC22/Administering+plugins >>> >>> Joe >>> >>> --------------------- >>> Sorry, I've never created a plugin. To create a new >>> server-security-config plugin, do you mean I should copy >>> server-security-config using the console's plugin export and modify >>> it? >>> >>> Q >>> >>> On Fri, Sep 11, 2009 at 8:47 PM, Joe Dente <[email protected]> >>> wrote: >>>> To reproduce it create your own server-security-config plugin that uses >>>> any login module other than the properties-login gbean that is expected. >>>> You then need to deploy your new server-security-config plugin and have it >>>> completely replace the default server-security-config (see >>>> http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration). >>>> I achieved this by telling the server-security-config car to not load in >>>> the config.xml, telling my security plugin to load in the config.xml, and >>>> then adding artifact aliases for both the 2.1.4 and wildcard-versioned >>>> lines referring to the server-security-config plugin in the >>>> artifact_aliases.properties file. >>>> >>>> In artifact_alases.properties: >>>> >>>> org.apache.geronimo.framework/server-security-config//car=com.my.geronimo/my-security-config/1.0/car >>>> org.apache.geronimo.framework/server-security-config/2.1.4/car=org >>>> com.my.geronimo/my-security-config/1.0/car >>>> >>>> In config.xml: >>>> <module >>>> name="org.apache.geronimo.framework/server-security-config/2.1.4/car" >>>> load="false"/> >>>> <module name="com.my.geronimo/my-security-config/1.0/car"/> >>>> >>>> Now try and startup Geronimo. You will see the error discussing the >>>> missing expected gbean. >>>> Hope this helps, >>>> Joe >>>> >>>> >>>> >>>> ------------- >>>> Errr. Ouch. *rubbing the brused area in his brain*. >>>> >>>> I'm not that on with everything you said. I think the best thing would >>>> be to reproduce it. What would I do to reproduce it? >>>> >>>> Q >>>> >>>> On Fri, Sep 11, 2009 at 6:42 PM, David Jencks <[email protected]> >>>> wrote: >>>>> >>>>> On Sep 11, 2009, at 5:49 AM, Quintin Beukes wrote: >>>>> >>>>>> I'll be willing to have a look at it. >>>>>> >>>>>> can you give me a general idea what I'm supposed to look at and how it >>>>>> would be done? >>>>> >>>>> IIRC the failure is caused by an unsatisfied single valued gbean reference >>>>> to the properties login module gbean from something in the admin console. >>>>> You need to find the gbean reference and change it to a collection valued >>>>> reference so it's no longer a mandatory reference. You can wrap a >>>>> collection valued reference with SingleElementCollection to make it act >>>>> like >>>>> an optional single valued reference. >>>>> >>>>> hope this is clear enough to help.. >>>>> david jencks >>>>> >>>>>> >>>>>> Q >>>>>> >>>>>> On Fri, Sep 11, 2009 at 12:07 AM, David Jencks <[email protected]> >>>>>> wrote: >>>>>>> >>>>>>> Hi Joe! >>>>>>> On Sep 10, 2009, at 2:18 PM, Joe Dente wrote: >>>>>>> >>>>>>> Hi, >>>>>>> I've been working on replacing Geronimo 2.1.4's server-security-config >>>>>>> plugin's example security with our own security plugin. We need single >>>>>>> sign >>>>>>> on for our application which also means the same sign on process has to >>>>>>> work >>>>>>> with the Geronimo admin console. We need to be able to use custom realms >>>>>>> and >>>>>>> custom login modules in our server-security-config plugin replacement >>>>>>> that >>>>>>> may change depending on the environment we deploy to. I've run into two >>>>>>> limitations so far that I've found documented online. One is that unless >>>>>>> I >>>>>>> want to re-deploy other plugins that use the 'geronimo-admin' security >>>>>>> realm, than our custom security realm must be named 'geronimo-admin' as >>>>>>> well. The other is that I ran >>>>>>> intohttp://issues.apache.org/jira/browse/GERONIMO-4603, forcing me to >>>>>>> creating a dummy properties-login gbean in order for the tomcat >>>>>>> components >>>>>>> to start up. >>>>>>> >>>>>>> In my experience this is incredibly annoying. I don't have time but >>>>>>> wonder >>>>>>> if anyone else can see about fixing this for 2.2. >>>>>>> >>>>>>> I've created alias' for my plugin over the server-security-config >>>>>>> plugin >>>>>>> in >>>>>>> 'artifact-aliases.properties' file and I've also disabled the >>>>>>> server-security-config plugin and added my plugin as a loaded module in >>>>>>> the >>>>>>> 'config.xml'. Unfortunately, I still cannot log into the Geronimo >>>>>>> console >>>>>>> using my custom security realm and login module. Geronimo has no problem >>>>>>> starting with the current configuration and I can even login using my >>>>>>> custom >>>>>>> login module. Everything seems happy as far as the login process is >>>>>>> concerned when I step through the code, but instead of seeing the >>>>>>> Geronimo >>>>>>> console I get a tomcat error page stating 'Access to the specified >>>>>>> resource >>>>>>> () has been forbidden'. The logs are completely clean as well as the >>>>>>> console output. My only idea is that my admin users also need to be >>>>>>> members >>>>>>> of a specifically named Geronimo admin group (make my admin groups name >>>>>>> exactly match the one setup in the default security plugin)? I have not >>>>>>> tested this hypothesis out yet, because I have my own admin group that >>>>>>> is >>>>>>> used by our application that I would like to re-use as the Geronimo >>>>>>> console's admin group. Any other thoughts? >>>>>>> >>>>>>> In 2.1.x you are stuck with the principal-role mapping in the ee >>>>>>> application, although in 2.2 you can put it into a different plugin if >>>>>>> you >>>>>>> want and I think then swap it via an artifact-alias with one in a >>>>>>> different >>>>>>> plugin. >>>>>>> So, that means that you need to supply the principals the principal-role >>>>>>> mapping expects: >>>>>>> <security xmlns="http://geronimo.apache.org/xml/ns/security-1.2";> >>>>>>> <role-mappings> >>>>>>> <role role-name="admin"> >>>>>>> <principal >>>>>>> >>>>>>> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" >>>>>>> name="admin" /> >>>>>>> </role> >>>>>>> </role-mappings> >>>>>>> </security> >>>>>>> >>>>>>> So, your login module needs to supply a principal of >>>>>>> class GeronimoGroupPrincipal and name "admin". >>>>>>> Let us know if this doesn't work. >>>>>>> thanks >>>>>>> david jencks >>>>>>> >>>>>>> Thanks, >>>>>>> Joe >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Quintin Beukes >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Quintin Beukes >>>> >>> >>> >>> >>> -- >>> Quintin Beukes >>> >> >> >> >> -- >> Quintin Beukes >> > > > > -- > Quintin Beukes > -- Quintin Beukes
