[RESOLVED]Re: Geronimo not found at login subject for Jackrabbit JCA.

[Markku Saarela]

After removing <container-managed-security />  from geronimo-ra.xml and 
res-auth element from jackrabbit resource-ref in web.xml it works.

jackrabbit in my case is running in-vm so i remove any pooling.
Thanks to all for help.

- markku

ps. still my ultimate goal is to go for container managed security, so i 
look for code to realize that.

David Jencks wrote:

On Nov 8, 2008, at 2:27 AM, Markku Saarela wrote:

Here is configuration documentation:
http://jackrabbit.apache.org/jackrabbit-configuration.html#JackrabbitConfiguration-Securityconfiguration 


After read this documentation i thought that i do not need to use 
jaas, but now i realize that there is jaas available and in 
geronimo-ra.xml i found element <container-managed-security /> so i'm 
actually using container managed security.

So how to configure that (geronimo documentation is little bit 
confusing)?

I looked around the somewhat confusingly organized jackrabbit svn 
(j2ca stuff seems to be present only in branches???) and found 
http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca which 
seems like it might bear some resemblance to the code you are using.  
This code does not support container managed security at all.  Unless 
you want to add this capability to jackrabbit you need to stop 
configuring container managed security in your geronimo plan.

If you do want to add this capability to jackrabbit, the place to 
start is in 
http://svn.eu.apache.org/viewvc/jackrabbit/branches/1.5/jackrabbit-jca/src/main/java/org/apache/jackrabbit/jca/JCAManagedConnectionFactory.java?annotate=703899 


162 :                  public ManagedConnection 
createManagedConnection(Subject subject, ConnectionRequestInfo cri)
163 :                 throws ResourceException {
164 :     dpfister     510465    
165 :                 if (cri == null) {
166 :                 return new AnonymousConnection();
167 :                 }
168 :     dpfister     230772     return 
createManagedConnection((JCAConnectionRequestInfo) cri);
169 :                 }


and

182 :                  public ManagedConnection 
matchManagedConnections(Set set, Subject subject, 
ConnectionRequestInfo cri)
183 :                 throws ResourceException {
184 :                 for (Iterator i = set.iterator(); i.hasNext();) {
185 :                 Object next = i.next();
186 :                
187 :                 if (next instanceof JCAManagedConnection) {
188 :                 JCAManagedConnection mc = (JCAManagedConnection) 
next;
189 :                 if (equals(mc.getManagedConnectionFactory())) {
190 :                 JCAConnectionRequestInfo otherCri = 
mc.getConnectionRequestInfo();
191 :                 if (equals(cri, otherCri)) {
192 :                 return mc;
193 :                 }
194 :                 }
195 :                 }
196 :                 }
197 :                
198 :                 return null;
199 :                 }


where the Subject supplied from container managed security is ignored.

Out of curiousity, does jackrabbit run in-vm or are connections to a 
remote server?  If in-vm it might be better to run with pooling turned 
off as it is likely that creating a new managed connection is lighter 
weight than the synchronization involved in pooling existing connections.

thanks
david jencks





- markku

David Jencks wrote:
Could you point to some documentation on the JCARepositoryHandle  
and the ra.xml for this connector?

For container managed security you need to use something like the 
plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/CallerIdentityPasswordCredentialLoginModule.java 
which you can deploy in a JAAS configuration using the 
PasswordCredentialLoginModuleWrapperGBean.java

Since you are trying to supply the credentials in what appears to be 
a "get connection" call I wonder if you actually want container 
managed security?

thanks
david jencks


On Nov 7, 2008, at 11:17 PM, Markku Saarela wrote:

Hi,

Jackrabbit 1.4 (1.4.1 core)  JCA deployed to Geronimo 2.1.1. Web 
application or ejb session bean  failed with repository login. 
InitialContext lookup find Repository but calling repository.login( 
new SimpleCredentials( "system", "manager".toCharArray() ) ); 
method results exception:

Caused by: javax.resource.ResourceException: No subject for 
container managed security
    at 
org.apache.geronimo.connector.outbound.SubjectInterceptor.getConnection(SubjectIntercepto 

r.java:51)
    at 
org.apache.geronimo.connector.outbound.ConnectionHandleInterceptor.getConnection(Connecti 

onHandleInterceptor.java:43)
    at 
org.apache.geronimo.connector.outbound.TCCLInterceptor.getConnection(TCCLInterceptor.java 

:39)
    at 
org.apache.geronimo.connector.outbound.ConnectionTrackingInterceptor.getConnection(Connec 

tionTrackingInterceptor.java:66)
    at 
org.apache.geronimo.connector.outbound.AbstractConnectionManager.allocateConnection(Abstr 

actConnectionManager.java:87)
    at 
org.apache.jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java:98) 


So how to configure Geronimo to provide subject to connector?

rgds,

Markku