I'm trying to run a simple web application in a JavaEE stack in CloudBees. As part of this application, I define a security realm which is a DataSourceRealm
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ResmanRealm</realm-name>
<form-login-config>
<form-login-page>/welcome.xhtml</form-login-page>
<form-error-page>/welcome.xhtml</form-error-page>
</form-login-config>
</login-config>
I've written this to date using a local Glassfish3 server, in which I define the ResmanRealm against a JDBC resource. In Glassfish3-config-speak, that ends up looking like this
<auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" name="ResmanRealm">
<property name="jaas-context" value="jdbcRealm"></property>
<property name="encoding" value="Hex"></property>
<property name="password-column" value="password"></property>
<property name="datasource-jndi" value="jdbc/ResManPool"></property>
<property name="group-table" value="V_USER_ROLE"></property>
<property name="user-table" value="USER"></property>
<property name="group-name-column" value="role"></property>
<property name="digest-algorithm" value="SHA-256"></property>
<property name="user-name-column" value="name"></property>
</auth-realm>
So, this all works locally. I saw that in Cloudbees, there's a cloudbees xml file which the doco states is legacy, but looked like it had some form of support to for this. What I cannot find is any examples of how to define a security realm as a Configuration Parameter. It looks like if could be a resource (in CloudBees-speak), and you could define it as you bind a database to an application. But, an example would be nice, as the existing resource examples (at least the ones I can find) are a bit general.
Also, the output log from my (currently unsuccessful) application startup don't show that DataSourceRealms are being loaded?
[#|2013-02-25T11:03:51.319+0000|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=12;_ThreadName=AutoDeployer;|SEC1010: Entering Security Startup Service|#]
[#|2013-02-25T11:03:51.333+0000|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=12;_ThreadName=AutoDeployer;|SEC1143: Loading policy provider com.sun.enterprise.security.provider.PolicyWrapper.|#]
[#|2013-02-25T11:03:51.452+0000|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.realm|_ThreadID=12;_ThreadName=AutoDeployer;|SEC1115: Realm [admin-realm] of classtype [com.sun.enterprise.security.auth.realm.file.FileRealm] successfully created.|#]
[#|2013-02-25T11:03:51.461+0000|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.realm|_ThreadID=12;_ThreadName=AutoDeployer;|SEC1115: Realm [file] of classtype [com.sun.enterprise.security.auth.realm.file.FileRealm] successfully created.|#]
[#|2013-02-25T11:03:51.483+0000|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.realm|_ThreadID=12;_ThreadName=AutoDeployer;|SEC1115: Realm [certificate] of classtype [com.sun.enterprise.security.auth.realm.certificate.CertificateRealm] successfully created.|#]
[#|2013-02-25T11:03:51.498+0000|INFO|glassfish3.1.2|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=12;_ThreadName=AutoDeployer;|SEC1011: Security Service(s) Started Successfully|#]
So, if anyone's had success with defining DataSourceRealms ina JavaEE stack in CloudBees, I'd appreciate any nudges in the right direction. Thanks for any info.
CloudBees now supports JaaS Authentication and Security Realms on the Glassfish3 and Glassfish4 stacks as documented here:
Glassfish3:
Docs: https://developer.cloudbees.com/bin/view/RUN/Glassfish3_JaaS_Authentication
Demo app: https://github.com/CloudBees-community/glassfish-clickstart
Glassfish4:
Docs: https://developer.cloudbees.com/bin/view/RUN/Glassfish4_JaaS_Authentication
Demo app: https://github.com/CloudBees-community/glassfish4-clickstart
Please not that CloudBees security realms for Glassfish3 and Glassfish4 are exclusively based on JdbcRealms which seems to be your need.
Container based authentication isn't available on CloudBees stacks, but the tomcat6 for legacy reasons. Preferred approach is to instrument application with a security framework (spring-security or any other)
Related
I'm going to describe an odd situation.. We have a product with a properly working CAS and LDAP integration. The problem is that not all of our clients use LDAP, which is fine, EXCEPT that the integration is still in place and so CAS is actively attempting to connect to the ldap server (and failing of course). It attempts to connect every five minutes, which creates a very bloated Tomcat log. My goal is to prevent it from attempting to connect without gutting the integration. I'm hoping someone knows of a way to prevent or manage when/how CAS attempts to connect to the defined LDAP server.
I've attempted to remove key components of the CAS property file as well as the deployerConfigContext.xml but the integration has too many dependencies, and I haven't been successful.
Here are some of the properties that are used in the cas.properties file. Setting the ldap.auth.enabled to false allows our integration to not use LDAP when authenticating the user but doesn't prevent CAS from attempting to connect to the LDAP server:
ldap.auth.enabled=false
ldap.url=ldap://xyz.customurl.com
ldap.useStartTLS=false
ldap.rootDn=DC=xyz,DC=xyz,DC=com
ldap.baseDn=DC=xyz,DC=xyz,DC=com
ldap.connectTimeout=3000
ldap.managerDn=CN=xyz,CN=Users,DC=xyz,DC=xyz,DC=com
ldap.managerPassword=xyz
ldap.authn.searchFilter=(&(sAMAccountName={user})(objectClass=user))
ldap.domain=123.456.7.890
ldap.pool.minSize=1
ldap.pool.maxSize=10
ldap.pool.validateOnCheckout=false
ldap.pool.validatePeriodically=true
ldap.pool.blockWaitTime=3000
ldap.pool.validatePeriod=300
ldap.pool.prunePeriod=300
ldap.pool.idleTime=600
ldap.usePpolicy=false
ldap.allowMultipleDns=true
This is the relevant section from the deployerConfigContext.xml. I've tried commenting the entire ldap section but have received various other errors that caused TomCat to crash:
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="sAMAccountName"
c:authenticator-ref="authenticator" lazy-init="true"/>
<ldaptive:ad-authenticator id="authenticator"
ldapUrl="${ldap.url}"
userFilter="${ldap.authn.searchFilter}"
bindDn="${ldap.managerDn}"
bindCredential="${ldap.managerPassword}"
allowMultipleDns="${ldap.allowMultipleDns:false}"
connectTimeout="${ldap.connectTimeout}"
validateOnCheckOut="${ldap.pool.validateOnCheckout}"
failFastInitialize="false"
blockWaitTime="${ldap.pool.blockWaitTime}"
idleTime="${ldap.pool.idleTime}"
baseDn="${ldap.baseDn}"
maxPoolSize="${ldap.pool.maxSize}"
minPoolSize="${ldap.pool.minSize}"
validatePeriodically="${ldap.pool.validatePeriodically}"
validatePeriod="${ldap.pool.validatePeriod}"
prunePeriod="${ldap.pool.prunePeriod}"
useSSL="${ldap.use.ssl:false}"
subtreeSearch="${ldap.subtree.search:true}"
useStartTLS="${ldap.useStartTLS}"/>
The stack trace for the CAS to LDAP server connection is huge. Here is a small snippet. I can attach the whole thing if that is useful.
org.ldaptive.provider.ConnectionException:
javax.naming.CommunicationException: ldap.url.com:389 [Root exception
is java.net.UnknownHostException: ldap.url.com
I toggle between JDBC and LDAP/AD Handlers. Ensure that you comment out your ldap handler under:
deployerConfigContext.xml
xpath:
/beans
/bean[class=org.jasig.cas.authentication.AuthenticationManagerImpl]
/property[name=authenticationHandlers]
/list/
We satisfactorily resolved this by disabling this log4j property in the log4j configuration file in CAS:
<Logger name="org.ldaptive.pool.BlockingConnectionPool" level="debug">
<AppenderRef ref="console" />
</Logger>
Another option may have been to create a log4j filter and target the particular message that was causing the tomcat file to become huge.
Recently, I switched to the websphere liberty 8.5.5.9. The adminCenter replaced the admin console. I used to configure many things in the admin console of lower Websphere version. but in the new admincenter, I couldn't find them any more, e.g. configure a datasource. any suggestions?
The Admin Console is the UI for WebSphere Traditional whereas Admin Center is the UI for WebSphere Liberty. Just like there are differences between the functionality of WebSphere Traditional and Liberty, same can be said for Admin Console and Admin Center.
Although Admin Center does not provide a 'wizard' type of experience that Admin Console does, you can use the Server Config tool to create a datasource and it can help guide you through the process by showing all the fields that can be set (including any defaults). If you stay in the Design view for the configuration file (likely server.xml) of the server that you want to alter, you can select 'Add Child' and select 'Datasource.' If will then populate all the fields with descriptions and defaults:
Data Source in Design View of Server Config in Admin Center
You can get similar assistance in the 'Source' view by activating content assist via ctrl+space. This functionality is not unique to datasource, but is provided for all elements.
In WebSphere Liberty you can configure your DataSource directly in the server.xml (similar to most server-level configurations in Liberty).
Here is an example from the Liberty documentation:
<dataSource id="DefaultDataSource" jndiName="jdbc/derbyEmbedded">
<jdbcDriver libraryRef="DerbyLib"/>
<properties.derby.embedded databaseName="C:/databases/SAMPLEDB" createDatabase="create"/>
</dataSource>
<library id="DerbyLib">
<fileset dir="C:/db-derby-10.8.1.2-bin/lib"/>
</library>
To use a datasource, be sure to enable a JDBC feature in your server.xml, such as this:
<featureManager>
<feature>jdbc-4.1</feature>
</featureManager>
If you're not sure where to find your server.xml, by default it is in this location:
${wlp.install.dir}/servers/${your.server.name}/server.xml
For full doc on configuring data sources in Liberty, see: Configuring relational database connectivity in Liberty
In addition to editing the server.xml as described by aguibert, you can create and edit data sources using the Liberty AdminCenter as described in this IBM KnowledgeCenter topic.
Issue:
Try to configure infinspan cache with jpa-store and hibernate OGM. I can able to access the infinispan server cache through hotrod client with simple cache store, the configuration is follows,
I have configured following in ..\infinispan-server-8.1.0.CR1\standalone\configuration\standalone.xml and run the server by command ../bin>standalone.bat
<subsystem xmlns="urn:infinispan:server:core:8.1">
<cache-container name="local" default-cache="default" statistics="true">
...
<local-cache name="testCache">
<compatibility/>
</local-cache>
</<cache-container>
<subsystem>
In client side, accessing the cache sucessfully using hotrod client like below code.
Configuration config = new ConfigurationBuilder().addServer().host("127.0.0.1").port(11222).build();
RemoteCacheManager cacheManager = new RemoteCacheManager(config);
RemoteCache<Integer, TestEntity> cache = cacheManager.getCache("testCache");
1. How to configure jpa-store (with load from database and write into database) in standalone.xml?
I have tried with below code in standalone.xml.
<persistence passivation="false">
<jpa-store xmlns="urn:infinispan:config:store:jpa:8.0"
shared="true" preload="true"
persistence-unit="CachePersistenceUnit"
entity-class="TestEntity"
singleton="false"
batch-size="1">
</jpa-store>
</persistence>
Caused by: javax.xml.stream.XMLStreamException: WFLYCTL0198: Unexpected element '{urn:infinispan:server:core:8.1}persistence' encountered
at org.jboss.as.controller.parsing.ParseUtils.unexpectedElement(ParseUtils.java:89)
at org.jboss.as.clustering.infinispan.subsystem.InfinispanSubsystemXMLReader.parseCacheElement(InfinispanSubsystemXMLReader.java:971)
at org.jboss.as.clustering.infinispan.subsystem.InfinispanSubsystemXMLReader.parseLocalCache(InfinispanSubsystemXMLReader.java:706)
at org.jboss.as.clustering.infinispan.subsystem.InfinispanSubsystemXMLReader.parseContainer(InfinispanSubsystemXMLReader.java:247)
at org.jboss.as.clustering.infinispan.subsystem.InfinispanSubsystemXMLReader.readElement(InfinispanSubsystemXMLReader.java:97)
at org.jboss.as.clustering.infinispan.subsystem.InfinispanSubsystemXMLReader.readElement(InfinispanSubsystemXMLReader.java:70)
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
at org.jboss.staxmapper.XMLExtendedStreamReaderImpl.handleAny(XMLExtendedStreamReaderImpl.java:69)
at org.jboss.as.server.parsing.StandaloneXml_4.parseServerProfile(StandaloneXml_4.java:547)
at org.jboss.as.server.parsing.StandaloneXml_4.readServerElement(StandaloneXml_4.java:244)
at org.jboss.as.server.parsing.StandaloneXml_4.readElement(StandaloneXml_4.java:143)
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:69)
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:47)
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69)
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:123)
... 3 more
How to auto deploy project (customized infinispan manager class(java class), persistence.xml and infinispan-config.xml) in infinispan server(Jboss)?
The two questions are actually related:
Infinispan Server is designed as a backend data store and hence it's not designed to have applications deployed on it.
With that in mind, since you can't deployed applications onto it, you can't deploy JPA entities and hence it does not make sense to be able to configure a JPA cache store in Server mode.
You are able to deploy JPA entities on Wildfly/EAP or similar environments, where it is possible to deploy an Infinispan based application (see tutorials here) and configure a JPA store.
Cheers,
Galder
I'm trying to get integration testing working for a GlassFish 2.x project, using Maven2 and Cargo. I finally have Cargo attempting to deploy my EAR but it fails to start because the data source is not configured. The app also depends on a few JMS queues and a connection factory - how do I add these?
The Cargo Glassfish 2.x plugin says existing configurations are not supported, so I can't do that.
Using the maven-glassfish-plugin is an option, but we also run OC4J so a Cargo solution would be preferred.
edit: The resources are: 1 JDBC connection pool, 1 JDBC resource, 4 JMS queues, 2 JMS connection factories and a custom security realm (pear tree optional). The realm needs an entry in the login.conf like:
myRealm {
uk.co.mycom.MyGlassFishLoginModule required;
};
I'm not sure (I never used this) but IIRC, you should be able to put your datasource configuration in a sun-resources.xml file and package it under META-INF/sun-resources.xml in your EAR and GlassFish is supposed to create the resources at deploy time.
Here is an example sun-resources.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE resources PUBLIC "-//Sun Microsystems Inc.//DTD Application Server 9.0 Domain//EN" "sun-resources_1_3.dtd">
<resources>
<jdbc-connection-pool name="SPECjPool" steady-pool-size="100"
max-pool-size="150" max-wait-time-in-millis="60000"
pool-resize-quantity="2" idle-timeout-in-seconds="300"
is-isolation-level-guaranteed="true"
is-connection-validation-required="false"
connection-validation-method="auto-commit"
fail-all-connections="false"
datasource-classname="oracle.jdbc.pool.OracleDataSource">
<property name="URL"
value="jdbc:oracle:thin:#iasperfsol12:1521:specdb"/>
<property name="User" value="spec"/>
<property name="Password" value="spec"/>
<property name="MaxStatements" value="200"/>
<property name="ImplicitCachingEnabled" value="true"/>
</jdbc-connection-pool>
<jdbc-resource enabled="true" pool-name="SPECjPool"
jndi-name="jdbc/SPECjDB"/>
</resources>
Give it a try.
Resources
The sun-resources.xml File
Thanks, that worked. The datasource seems to have gone in okay and the app has deployed. However from the doc you linked, I can't see how to add the other things I need (edited more detail into my question about these). This solution also means that I will have to (use profiles to?) build my EAR differently for IT, which is imperfect.
I somehow missed that you wanted to create other resources than Datasources and I've seen several threads reporting that the suggested approach won't work with GlassFish v2 for any resources (like JMS resources). My bad.
So, given the current state, your options are (IMO):
contribute to Cargo to provide an "existing" configuration implementation for GlassFish v2
use the maven-glassfish-plugin as you suggested
I don't have any better suggestions.
I'm currently trying to 'port' my Java EE 5 Application from Jboss 6 M2 to Glassfish 3.0.1
Jboss used to create my JMS Destination Queues a deployment-time thanks to the -service.xml files. I really liked this feature and I would like to find a way to do the same thing on Glassfish. Is this even possible ?
I'm not sure of the exact status with GlassFish 3.0.1 but according to these threads:
http://markmail.org/thread/cqj56ehulg7qdenp
http://markmail.org/thread/zs4naxy534ijbpic
creating JMS destinations at deploy time was not supported. But these threads are pretty old and things might have changed (see below).
You can however declare them in a sun-resources.xml file and pass it to the asadmin add-resources command.
That being said, several documents (like this one or this one) mention the deployment of application-scoped-resources defined in a sun-resources.xml bundled in the application (that will become glassfish-resources.xml in GlassFish 3.1) as part of the deploy/undeploy of the app but:
I don't know if this is relevant for 3.0.1.
I don't know the exact status, especially for JMS resources.
This would require testing.
With glassfish v4x, Connection factory and destinations(ie queue and topics) can be configured in domain.xml file under glassfish/domains/your-domain-name
Eg :
<resources>
<connector-connection-pool resource-adapter-name="jmsra" max-pool-size="250" steady-pool-size="1" name="jms/DurableConnectionFactory-Connection-Pool" description="connection factory for durable subscriptions" connection-definition-name="javax.jms.ConnectionFactory">
<property name="ClientId" description="MyID" value="MyID"></property>
</connector-connection-pool>
<connector-resource pool-name="jms/DurableConnectionFactory-Connection-Pool" description="connection factory for durable subscriptions" jndi-name="jms/DurableConnectionFactory"></connector-resource>
<admin-object-resource res-adapter="jmsra" description="PhysicalQueue" res-type="javax.jms.Queue" jndi-name="jms/MyQueue">
<property name="Name" value="PhysicalQueue">
</property>
</admin-object-resource>
</resources>