I want to deploy an enterprise application with a web service facade to glassfish with Arquillian. I am not very experienced in this thema.
I send the WebService and Interface codes with annotiations.
WebService Implementation:
#Stateless
#WebService(endpointInterface = "ena.access.ticketsservices.facade.ITicketsRoleMappingsFacade")
#DeclareRoles({ "User", "Guest", "ProjectAdmin", "Admin" })
public class TicketsRoleMappingsFacade implements ITicketsRoleMappingsFacade {
...
}
Interface:
#WebService(name = "TicketsRoleMappingsFacade")
public interface ITicketsRoleMappingsFacade {
#WebMethod
#WebResult(name = "createProjectResult")
public Project createProject(#WebParam(name = "createproject") Project project);
}
And the following xml files are glassfish configuration files.
application.xml
<?xml version="1.0" encoding="UTF-8"?>
<application
version="6"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd">
<display-name>j2ee-ear</display-name>
<module>
<ejb>j2ee-ejb.jar</ejb>
</module>
<security-role>
<role-name>User</role-name>
</security-role>
<security-role>
<role-name>Guest</role-name>
</security-role>
<security-role>
<role-name>ProjectAdmin</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<library-directory>lib</library-directory>
</application>
glassfish-application.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-application PUBLIC -//GlassFish.org//DTD GlassFish Application Server 3.1 Java EE Application 6.0//EN http://glassfish.org/dtds/glassfish-application_6_0-1.dtd>
<glassfish-application>
<security-role-mapping>
<role-name>User</role-name>
<group-name>User</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Guest</role-name>
<group-name>Guest</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ProjectAdmin</role-name>
<group-name>ProjectAdmin</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Admin</role-name>
<group-name>Admin</group-name>
</security-role-mapping>
<realm>someRealm</realm>
</glassfish-application>
glassfish-ejb-jar.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-ejb-jar PUBLIC -//GlassFish.org//DTD GlassFish Application Server 3.1 EJB 3.1//EN http://glassfish.org/dtds/glassfish-ejb-jar_3_1-1.dtd>
<glassfish-ejb-jar>
<security-role-mapping>
<role-name>User</role-name>
<group-name>User</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Guest</role-name>
<group-name>Guest</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ProjectAdmin</role-name>
<group-name>ProjectAdmin</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>Admin</role-name>
<group-name>Admin</group-name>
</security-role-mapping>
<enterprise-beans>
<ejb>
<ejb-name>TicketsRoleMappingsFacade</ejb-name>
<webservice-endpoint>
<port-component-name>TicketsRoleMappingsFacade</port-component-name>
<port-component-uri>/TicketsRoleMappingsFacade</port-component-uri>
</webservice-endpoint>
</ejb>
</enterprise-beans>
</glassfish-ejb-jar>
When I build ear file with ShrinkWrap and deploy get the following lines in log servers log, so I think a part of deployment was succesfull:
[#|2013-08-03T17:23:57.322+0200|INFO|glassfish3.1.1|javax.enterprise.webservices.org.glassfish.webservices|_ThreadID=17;_ThreadName=Thread-2;|WS00019: EJB Endpoint deployed j2ee-ear listening at address at http://localhost:9999/TicketsRoleMappingsFacadeService/TicketsRoleMappingsFacade|#]
But I also get the following exception in Arquillian:
java.lang.IllegalArgumentException: contextRoot must not be null
at org.jboss.arquillian.container.spi.client.protocol.metadata.Servlet.<init>(Servlet.java:48)
at org.jboss.arquillian.container.glassfish.clientutils.GlassFishClientService.resolveWebModuleSubComponents(GlassFishClientService.java:357)
at org.jboss.arquillian.container.glassfish.clientutils.GlassFishClientService.doDeploy(GlassFishClientService.java:227)
at org.jboss.arquillian.container.glassfish.CommonGlassFishManager.deploy(CommonGlassFishManager.java:101)
at org.jboss.arquillian.container.glassfish.remote_3_1.GlassFishRestDeployableContainer.deploy(GlassFishRestDeployableContainer.java:71)
at org.jboss.arquillian.container.impl.client.container.ContainerDeployController$3.call(ContainerDeployController.java:161)
at org.jboss.arquillian.container.impl.client.container.ContainerDeployController$3.call(ContainerDeployController.java:128)
at org.jboss.arquillian.container.impl.client.container.ContainerDeployController.executeOperation(ContainerDeployController.java:271)
at org.jboss.arquillian.container.impl.client.container.ContainerDeployController.deploy(ContainerDeployController.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
at
....
I don't have any .war file for this test setup how can I specify the contextRoot for my web service?
If you don't have a WAR(web application) you theoretically would not need the application.xml. My suggestion, try to delete it.
The successful deployment of the application in glassfish does not mean it will work in Arquillian. Arquillian has some issues with file name and context-root (I had this issue with an WAR file)
An EAR, according to JavaEE 6 Documentation, usually is used to bind WARs and EJBs. So, in theory, if you do not have a WAR you don't exactly need an EAR. You can deploy the EJB directly.
After 8 years, it is nice to remember the problems of my master thesis...
As far as I remember there was no problem with the code above, but there was a bug in the old Arquillian version.
After a few weeks, my supervisor returned from holiday and just updated the Arquillian version in the parent project and tests started to work as expected.
Related
I have a hard time trying to configure the context-root for my web application consisting of two artifacts, a Web Archive and an EJB.jar (XYZ_war.war and XYZ_ejb.jar)
I can reach the application without any problems using
localhost/XYZ
(or on the remote server using www.domain.xy/XYZ)
but
with localhost
(or www.domain.xy)
the Glassfish default website from the docroot directory is displayed ('Your server is now runnning ...')
I do the deployment using the GlassFish Web Admin console.
All my searching here or elsewhere didn't help so far.
What am I missing?
Any help would be much appreciated.
Thanks!
glassfish-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish
Application Server 3.1 Servlet 3.0//EN"
"http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
<context-root>/XYZ</context-root>
</glassfish-web-app>
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>XYZ</display-name>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
</web-app>
domain.xml:
<network-listeners>
...
<network-listener protocol="http-listener-1" port="80" name="http-listener-1" thread-pool="http-thread-pool" transport="tcp">
...
</networklistener>
...
<applications>
<application context-root="/XYZ" object-type="user" name="XYZ_war" location="${com.sun.aas.instanceRootURI}/applications/XYZ_war/">
...
</application>
<application object-type="user" name="XYZ_ejb" location="${com.sun.aas.instanceRootURI}/applications/XYZ_ejb/">
...
</application>
</applications>
So if I understand correctly you are setting your context-root to /XYZ and you expect it to be /? How about setting it to /?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish
Application Server 3.1 Servlet 3.0//EN"
"http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
<context-root>/</context-root>
</glassfish-web-app>
Have fun :)
I have defined LDAP user registry and made a custom form login page in my Dynamic Web Application which running at Websphere Liberty Profile 8.5.5
How can I bind my form from login page to LDAP user registry, so all user's credentials will be checked against this LDAP registry?
Thank you.
1) One way is to define mapping in server.xml - see Setting up BasicRegistry and role mapping on the Liberty profile, although it says about Basic registry, defining mapping is the same:
<application type="war" id="myWebApp" name="myWebApp"
location="${server.config.dir}/apps/myWebApp.war">
<application-bnd>
<security-role name="user">
<user name="Bob" />
<user name="user1" />
<group name="mygroup" />
</security-role>
</application-bnd>
</application>
2) If you don't want to change server.xml you can define these mappings in the application in the binding file - ibm-application-bnd.xml - like this:
<?xml version="1.0" encoding="UTF-8"?>
<application-bnd
xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd"
version="1.0">
<security-role name="user">
<user name="user1" />
<group name="mygroup" />
</security-role>
</application-bnd>
If you are packaging app in the EAR, put that file in the META-INF folder.
If you are deploying war, create META-INF folder and put it there (this is currently undocumented feature, but is working at least in 8.5.5.6).
Here is the information to configure LDAP registry
https://www-01.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_sec_ldap.html
In addition to that, you may also need to set the realm-name in your form-login declaration. For example,
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyRegistryRealmName</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
I am trying to write own authenticator which will read particular custom cookies and authenticate user based od token which is stored in that cookie. As an example I took this class: org.jboss.security.negotiation.NegotiationAuthenticator
So I start to writing my own authenticator:
public class SampleAuthenticator extends AuthenticatorBase{
#Override
protected boolean authenticate(Request arg0, Response arg1, LoginConfig arg2) throws IOException {
System.out.println("===CHECK===");
return false;
}
As you can see my class contains only needed method that must be implemented with default values.
I have installed this authenticator as module in Jboss "modules" directory.
Then I have added new security-domain in standalone.xml:
<security-domain name="sso" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required" />
</authentication>
</security-domain>
I have made my module as global in standalone.xml as well (in jboss domain subsystem):
<global-modules>
<module name="com.myexample.authenticator"/>
</global-modules>
Now it seems that my authenticator is ready for use (just for output word "===CHECK===")
Into my example web application I have added jboss-web.xml descriptor:
<jboss-web>
<security-domain>sso</security-domain>
<valve>
<class-name>com.myexample.authenticator.SampleAuthenticator</class-name>
</valve>
</jboss-web>
My web.xml descriptor is following:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyResourceName</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>My kinda secure web application</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
Finally when I am trying to deploy my web application it is throwing this exception:
12:41:28,554 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.web.valve.myvalve: org.jboss.msc.service.StartException in service jboss.web.valve.myvalve: java.lang.ClassCastException: com.myexample.authenticator.SampleAuthenticator cannot be cast to org.apache.catalina.Valve
at org.jboss.as.web.WebValveService.start(WebValveService.java:92)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
Caused by: java.lang.ClassCastException: com.myexample.authenticator.SampleAuthenticator cannot be cast to org.apache.catalina.Valve
at org.jboss.as.web.WebValveService.start(WebValveService.java:72)
... 5 more
I am stuck at this point. I tried to reimplement some authenticators but this ClassCastException is always there.
Can anybody help me with writing own authenticator?
I am using Jboss EAP 6.2 with Jboss 7.1.1
Check the classpath, but has repeatedly deploy your classes.
If you have already defined in the JBoss module with the autenticator, should not have this class in the war or ear
The problem was that I was using wrong lib. Problem was solved by using this maven dependency:
<dependency>
<groupId>org.jboss.as</groupId>
<artifactId>jboss-as-web</artifactId>
<version>7.2.0.Final</version>
<scope>provided</scope>
</dependency>
I'd like to add the OpenAM/OpenSSO SSO feature to JBoss EAP 6 or JBoss AS 7. This means I must install an SSO Java EE agent on JBoss. Forgerock's OpenAM download page gives the opportunity to get agents for previous versions of JBoss, but new JBoss EAP 6 / JBoss AS 7 are not supported (for the moment).
Do you know if such an agent is available somewhere, or will be available in short future? If not, do you know how to change JBoss configuration to make it work with OpenAM?
It seems there is no official agent for JBoss EAP 6 for the moment.
However, I could make it work with OpenAM SSO by configuring my JBoss instance manually. To do it, I started with existing jboss_v42_agent.zip available on forgerock download site. Using the jars agent.jar, openssoclientsdk.jar and agent configuration files, I could build a JBoss module using this module.xml:
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="openam.agents">
<resources>
<resource-root path="agent.jar"/>
<resource-root path="openssoclientsdk.jar"/>
<resource-root path="."/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.servlet.api" />
<module name="org.picketbox"/>
</dependencies>
</module>
Then I must update standalone.xml by adding a security domain:
<security-domain name="AMRealm" cache-type="default">
<authentication>
<login-module code="com.sun.identity.agents.jboss.v40.AmJBossLoginModule" flag="required">
<module-option name="unauthenticatedIdentity" value="anonymous"/>
</login-module>
<login-module code="org.jboss.security.ClientLoginModule" flag="required">
<module-option name="restore-login-identity" value="true"/>
</login-module>
</authentication>
</security-domain>
Finaly I deployed the agentapp.war on JBoss after having modified the MANIFEST.MF by adding a line:
Dependencies: openam.agents
where openam.agents is the name of my module.
Now for the application I want to enable SSO for, I also must perform some updates:
web.xml: Add the and nodes:
<filter>
<filter-name>Agent</filter-name>
<display-name>Agent</display-name>
<description>OpenAM Tomcat Policy Agent Filter</description>
<filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Agent</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
jboss-web.xml: Declare the security-domain to be used
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>AMRealm</security-domain>
</jboss-web>
MANIFEST.MF: Apply same modification than in agentapp.was (add "Dependencies: openam.agents" line)
I'm not sure if it's the best way to enable SSO on JBoss EAP 6 / AS 7 (I'm not a expert), but it seems to work well.
One idea is putting an Apache http server with the OpenAM policy agent installed getting the requests in front of Jboss 7.
This is known as the reverse proxy integration. You can find out more here:
http://developers.sun.com/identity/reference/techart/app-integration.html
and http://docs.oracle.com/cd/E19575-01/820-3746/gjbna/index.html
Using the reverse proxy aproach you don't have to care about the application's runtime environment.
I noticed some days ago that forgerock has now released a J2EE Agent for JBoss 7.x but I haven't tested it yet. See http://forgerock.org/openam.html
does anyone knows if tomcat is able to password protect file (like apache .htaccess )?
i mean when user request a file from tomcat webapp its prompt a dialogue to enter user-name and password and made this using configuration.
or protect the file depend on its IP address .
hope someone can help me ?
regads
you can set basic authentication in tomcat.
Add your user to tomcat-users.xml. Something like :
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="myname" password="mypassword" roles="tomcat"/>
<user username="test" password="test"/>
</tomcat-users>
And Add configuration to your apps web.xml. like:
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/references/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>your-role</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>your-role</role-name>
</security-role>
links to understand more:
http://www.avajava.com/tutorials/lessons/how-do-i-use-basic-authentication-with-tomcat.html