Hi Tang,
Sorry for the delay.
I have looked at your github project. It looks good. Do you think we
should upgrade to Felix Web Console 3.1.4 so that we can take advantage
of the richer WebConsolerSecurityProvider2 interface of Felix Web
Console? That way we won't be limited to only "HTTP Basic
Authentication?" I guess we can include what you have done and then
improve it later on. I am in the process of finding out the contribution
acceptance process. Hopefully I will find the answers soon. In the
meanwhile, I noticed some of your files do not have correct copyright
and license headers. Pl. fix them and upload them to JIRA or reference
the new github URL from JIRA.
You had a question about injection not working for
GlassFishSecurityProvider. I guess you directly instantiated the class
from the bundle activator in which case HK2 injection manager didn't get
an opportunity to perform injection. Use of GlassFish.getService is alright.
Thanks for all the good work you are doing.
Sahoo
[1]
http://felix.apache.org/site/web-console-security-provider.html#WebConsoleSecurityProvider-WebConsoleSecurityProvider2
On Wednesday 18 July 2012 05:24 PM, Tang Yong wrote:
> Hi Sahoo, Shaun,
>
> Now, I have resolved the problem which I met.
>
> After investigating again, I found that using
> org.glassfish.embeddable.GlassFish(simple-glassfish-api module)
> can get AuthenticationService and integrate felix-webconsole's
> authentication with Glassfish JAAS successfully.
>
> My souce has updated into github and please review it.
>
> Then, I will start to investigate cdi-related rfp/bug, firstly, I
> will investigate http://java.net/jira/browse/GLASSFISH-18370.
>
> [A Request]
> If having time, I wish sahoo can explain why from
> felix-webconsole-extension module, can not get HK2 services and
> components using Injection way?
>
> --Best Regard!
> --Tang
>
> Tang Yong wrote:
>> Hi Shaun,
>>
>> Thanks your suggestion very much.
>> I have tried and AuthenticationService has still been not injected
>> successfully.
>>
>> I have confirmed that my working enviroment is ok because I found that
>> some class on other modules liking deployment-admin can get injected
>> objects liking BaseServiceLocator.
>>
>> So, whether from felix-webconsole-extension module, can not get HK2
>> components or not?
>>
>> --Tang
>>
>> Shaun Pei wrote:
>>> Hi Yong
>>>
>>> Did you try to directly inject the AuthenticationService into your
>>> code?
>>> An example using AuthenticationService is
>>> com.sun.enterprise.admin.util.GenericAdminAuthenticator.java, which
>>> directly injects the AuthenticationService at line 150.
>>>
>>>
>>>
>>> Regards
>>>
>>> Shaun
>>>
>>>
>>> -----Original Message-----
>>> From: Tang Yong [mailto:tangyong_at_cn.fujitsu.com] Sent: Tuesday, July
>>> 17, 2012 1:02 PM
>>> To: Sahoo; dev_at_glassfish.java.net
>>> Subject: About GLASSFISH-12975
>>>
>>> Dear Sahoo, Security Leader,
>>>
>>> About GLASSFISH-12975(Use glassfish admin realm for authentication
>>> and authorisation of OSGi admin console),
>>>
>>> I have made a basic prototype put on
>>> https://github.com/tangyong/GLASSFISH-12975.
>>>
>>> You can copy
>>> tree/master/felix-webconsole-extension/target/felix-webconsole-extension.jar
>>>
>>> into modules\autostart and start
>>> "GlassFish OSGi Administration Console", then, input GF's admin
>>> account and check whether having glassfish admin realm for
>>> authentication or not.
>>>
>>> The following is my design idea and a critical problem needed to
>>> discuss.
>>>
>>> [Desgin]
>>> 1 Implement the felix web console's WebConsoleSecurityProvider
>>> interface.
>>>
>>> Note:
>>> The current karaf's JaasSecurityProvider class implements felix web
>>> console's WebConsoleSecurityProvider2, and the
>>> WebConsoleSecurityProvider2 is not in
>>> org.apache.felix.webconsole-3.1.2.
>>>
>>> 2 On FelixWebConsoleExtensionActivator class, register GF's
>>> implementation of WebConsoleSecurityProvider.
>>>
>>> 3 On GF's implementation of WebConsoleSecurityProvider, integrate
>>> the glassfish admin realm called "admin-realm". On the current my
>>> prototype, I used LoginContextDriver.login(subject,
>>> PasswordCredential.class).
>>>
>>> However, I indeed did not want to use the way, because I found that
>>> if using
>>> org.glassfish.security.services.impl.AuthenticationServiceFactory
>>> to get authentication related to services which should be registered
>>> into HK2 components, I think that it will be very good because
>>> security-services module can get realm from domain.xml.
>>>
>>> So, I tried to do it and however, I met a big problem on the whole
>>> night.
>>>
>>> [Problem]
>>> Firstly, Please allow me put the codes having the problem as following:
>>>
>>> @Service
>>> public class GlassFishSecurityProvider implements
>>> WebConsoleSecurityProvider{
>>>
>>> @Inject
>>> StateManager manager;
>>>
>>> @Inject
>>> BaseServiceLocator serviceLocator;
>>>
>>> @Override
>>> public Object authenticate(String username, String password) {
>>> String currentState = manager.getCurrent();
>>> // Get Service Instance
>>> AuthenticationService atnService =
>>> serviceLocator.getComponent(AuthenticationService.class);
>>>
>>> // Get Service Configuration
>>> org.glassfish.security.services.config.AuthenticationService
>>> atnConfiguration =
>>> serviceLocator.getComponent(org.glassfish.security.services.config.AuthenticationService.class,currentState);
>>>
>>>
>>> // Initialize Service
>>> atnService.initialize(atnConfiguration);
>>>
>>> final Subject fs = null;
>>>
>>> try {
>>> atnService.login(username, password.toCharArray(), fs);
>>> } catch (LoginException e) { e.printStackTrace();
>>> return null;
>>> }
>>>
>>> return fs; }
>>>
>>> When debugging the authenticate method, both manager and
>>> serviceLocator are null. I have tried many ways and have no effect.
>>> So, I want to ask whether from felix-webconsole-extension module,
>>> can not get HK2 components or not?
>>>
>>> --Best Regard!
>>> --Tang
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>