dev@glassfish.java.net

Re: About GLASSFISH-12975

From: Tang Yong <tangyong_at_cn.fujitsu.com>
Date: Mon, 20 Aug 2012 21:41:29 +0900

Hi Sahoo,

About current status of the improvement, I have commented on jira,
please see[1] and [2], especially [2].

[1] http://java.net/jira/browse/GLASSFISH-12975
[2] http://java.net/jira/browse/GLASSFISH-19023

[1] is blocked because [2].

I want to know whether needing to investigate [2] in depth or not?

--Tang

Sahoo wrote:
> Hi Tang,
>
> Sorry for the delay.
>
> I have looked at your github project. It looks good. Do you think we
> should upgrade to Felix Web Console 3.1.4 so that we can take advantage
> of the richer WebConsolerSecurityProvider2 interface of Felix Web
> Console? That way we won't be limited to only "HTTP Basic
> Authentication?" I guess we can include what you have done and then
> improve it later on. I am in the process of finding out the contribution
> acceptance process. Hopefully I will find the answers soon. In the
> meanwhile, I noticed some of your files do not have correct copyright
> and license headers. Pl. fix them and upload them to JIRA or reference
> the new github URL from JIRA.
>
> You had a question about injection not working for
> GlassFishSecurityProvider. I guess you directly instantiated the class
> from the bundle activator in which case HK2 injection manager didn't get
> an opportunity to perform injection. Use of GlassFish.getService is
> alright.
>
> Thanks for all the good work you are doing.
>
> Sahoo
>
> [1]
> http://felix.apache.org/site/web-console-security-provider.html#WebConsoleSecurityProvider-WebConsoleSecurityProvider2
>
>
> On Wednesday 18 July 2012 05:24 PM, Tang Yong wrote:
>> Hi Sahoo, Shaun,
>>
>> Now, I have resolved the problem which I met.
>>
>> After investigating again, I found that using
>> org.glassfish.embeddable.GlassFish(simple-glassfish-api module)
>> can get AuthenticationService and integrate felix-webconsole's
>> authentication with Glassfish JAAS successfully.
>>
>> My souce has updated into github and please review it.
>>
>> Then, I will start to investigate cdi-related rfp/bug, firstly, I
>> will investigate http://java.net/jira/browse/GLASSFISH-18370.
>>
>> [A Request]
>> If having time, I wish sahoo can explain why from
>> felix-webconsole-extension module, can not get HK2 services and
>> components using Injection way?
>>
>> --Best Regard!
>> --Tang
>>
>> Tang Yong wrote:
>>> Hi Shaun,
>>>
>>> Thanks your suggestion very much.
>>> I have tried and AuthenticationService has still been not injected
>>> successfully.
>>>
>>> I have confirmed that my working enviroment is ok because I found that
>>> some class on other modules liking deployment-admin can get injected
>>> objects liking BaseServiceLocator.
>>>
>>> So, whether from felix-webconsole-extension module, can not get HK2
>>> components or not?
>>>
>>> --Tang
>>>
>>> Shaun Pei wrote:
>>>> Hi Yong
>>>>
>>>> Did you try to directly inject the AuthenticationService into your
>>>> code?
>>>> An example using AuthenticationService is
>>>> com.sun.enterprise.admin.util.GenericAdminAuthenticator.java, which
>>>> directly injects the AuthenticationService at line 150.
>>>>
>>>>
>>>>
>>>> Regards
>>>>
>>>> Shaun
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Tang Yong [mailto:tangyong_at_cn.fujitsu.com] Sent: Tuesday, July
>>>> 17, 2012 1:02 PM
>>>> To: Sahoo; dev_at_glassfish.java.net
>>>> Subject: About GLASSFISH-12975
>>>>
>>>> Dear Sahoo, Security Leader,
>>>>
>>>> About GLASSFISH-12975(Use glassfish admin realm for authentication
>>>> and authorisation of OSGi admin console),
>>>>
>>>> I have made a basic prototype put on
>>>> https://github.com/tangyong/GLASSFISH-12975.
>>>>
>>>> You can copy
>>>> tree/master/felix-webconsole-extension/target/felix-webconsole-extension.jar
>>>>
>>>> into modules\autostart and start
>>>> "GlassFish OSGi Administration Console", then, input GF's admin
>>>> account and check whether having glassfish admin realm for
>>>> authentication or not.
>>>>
>>>> The following is my design idea and a critical problem needed to
>>>> discuss.
>>>>
>>>> [Desgin]
>>>> 1 Implement the felix web console's WebConsoleSecurityProvider
>>>> interface.
>>>>
>>>> Note:
>>>> The current karaf's JaasSecurityProvider class implements felix web
>>>> console's WebConsoleSecurityProvider2, and the
>>>> WebConsoleSecurityProvider2 is not in
>>>> org.apache.felix.webconsole-3.1.2.
>>>>
>>>> 2 On FelixWebConsoleExtensionActivator class, register GF's
>>>> implementation of WebConsoleSecurityProvider.
>>>>
>>>> 3 On GF's implementation of WebConsoleSecurityProvider, integrate
>>>> the glassfish admin realm called "admin-realm". On the current my
>>>> prototype, I used LoginContextDriver.login(subject,
>>>> PasswordCredential.class).
>>>>
>>>> However, I indeed did not want to use the way, because I found that
>>>> if using
>>>> org.glassfish.security.services.impl.AuthenticationServiceFactory
>>>> to get authentication related to services which should be registered
>>>> into HK2 components, I think that it will be very good because
>>>> security-services module can get realm from domain.xml.
>>>>
>>>> So, I tried to do it and however, I met a big problem on the whole
>>>> night.
>>>>
>>>> [Problem]
>>>> Firstly, Please allow me put the codes having the problem as following:
>>>>
>>>> @Service
>>>> public class GlassFishSecurityProvider implements
>>>> WebConsoleSecurityProvider{
>>>>
>>>> @Inject
>>>> StateManager manager;
>>>>
>>>> @Inject
>>>> BaseServiceLocator serviceLocator;
>>>>
>>>> @Override
>>>> public Object authenticate(String username, String password) {
>>>> String currentState = manager.getCurrent();
>>>> // Get Service Instance
>>>> AuthenticationService atnService =
>>>> serviceLocator.getComponent(AuthenticationService.class);
>>>>
>>>> // Get Service Configuration
>>>> org.glassfish.security.services.config.AuthenticationService
>>>> atnConfiguration =
>>>> serviceLocator.getComponent(org.glassfish.security.services.config.AuthenticationService.class,currentState);
>>>>
>>>>
>>>> // Initialize Service
>>>> atnService.initialize(atnConfiguration);
>>>>
>>>> final Subject fs = null;
>>>>
>>>> try {
>>>> atnService.login(username, password.toCharArray(), fs);
>>>> } catch (LoginException e) { e.printStackTrace();
>>>> return null;
>>>> }
>>>>
>>>> return fs; }
>>>>
>>>> When debugging the authenticate method, both manager and
>>>> serviceLocator are null. I have tried many ways and have no effect.
>>>> So, I want to ask whether from felix-webconsole-extension module,
>>>> can not get HK2 components or not?
>>>>
>>>> --Best Regard!
>>>> --Tang
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
>