Thank you!
On 08/21/2012 10:47 AM, Tang Yong wrote:
> Hi Alexey,
>
> >
> > I will confirm it, please wait for a while.
> >
> I have confirmed your fix and OK!(GF OSGi Admin Console has been
> accessed normally and on server.log error messages have disappeared)
>
> I have also seen your fix and known the reason.
> Thanks again!
>
> I will close the jira and add your comment on the thread.
>
> --Tang
>
> Tang Yong wrote:
>> Hi Alexey,
>>
>> Thanks your quick fix very much!
>>
>> I will confirm it, please wait for a while.
>>
>> Thanks!
>>
>> --Tang
>>
>> Oleksiy Stashok wrote:
>>> Hi Tang,
>>>
>>> I've just fixed that
>>>
>>> Project: glassfish
>>> Repository: svn
>>> Revision: 55568
>>> Author: oleksiys
>>> Date: 2012-08-21 08:35:33 UTC
>>> Link:
>>>
>>> Log Message:
>>> ------------
>>> + disable Grizzly async output stream for now
>>>
>>>
>>> Pls. let me know if you still see the issue.
>>>
>>> Thanks.
>>>
>>> WBR,
>>> Alexey.
>>>
>>> On 08/21/2012 09:25 AM, Tang Yong wrote:
>>>> Hi Alexey,
>>>>
>>>> > It should be used in sync mode too.
>>>> Right. Just Now, I found that before CoyoteAdapter started to
>>>> service request, connection has been assigned TCPNIOConnection. So,
>>>> the problem
>>>> maybe should be fixed on earlier time rather than
>>>> "grizzlyOutputBuffer.setAsyncEnabled(true);"
>>>>
>>>> > Can you pls. post the exception stacktrace?
>>>> Please see the attachment.
>>>>
>>>> previously, I also posted the stacktrace on
>>>> http://java.net/jira/browse/GLASSFISH-19023
>>>>
>>>> Thanks!
>>>> --Tang
>>>>
>>>> Oleksiy Stashok wrote:
>>>>> Hi Tang,
>>>>>
>>>>> On 08/21/2012 08:15 AM, Tang Yong wrote:
>>>>>> > So, I think that the problem maybe still exist, any idea?
>>>>>> From stacktrace of the problem, setCoyoteResponse(Response
>>>>>> coyoteResponse) method is indeed called, however, Grizzly asynic io
>>>>>> is not still disabled
>>>>>> (org.glassfish.grizzly.nio.transport.TCPNIOTransportFilter is
>>>>>> still used).
>>>>> It should be used in sync mode too.
>>>>> Can you pls. post the exception stacktrace?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> WBR,
>>>>> Alexey.
>>>>>
>>>>>>
>>>>>> --Tang
>>>>>>
>>>>>> Tang Yong wrote:
>>>>>>> Hi Alexey,
>>>>>>>
>>>>>>> Thanks your quick reply very much!
>>>>>>>
>>>>>>> > Do you have the latest GF built from sources?
>>>>>>> Yeah, I used 2012/8/20 Updated GF Trunk, so souces should be
>>>>>>> the latest.
>>>>>>>
>>>>>>> In addition, on Revision: 55496, swchan2 commented out the
>>>>>>> following
>>>>>>> sentence.
>>>>>>>
>>>>>>> //grizzlyOutputBuffer.setAsyncEnabled(true);
>>>>>>>
>>>>>>> Then, I confirmed that on 2012/8/20 Updated GF Trunk
>>>>>>> (main\appserver\web\web-core\src\main\java\org\apache\catalina\connector\OutputBuffer.java),
>>>>>>>
>>>>>>> the above sentence has been also commented out.
>>>>>>>
>>>>>>> So, I think that the problem maybe still exist, any idea?
>>>>>>>
>>>>>>> --Best Regard!
>>>>>>> --Tang
>>>>>>>
>>>>>>> Oleksiy Stashok wrote:
>>>>>>>> Hi Tang,
>>>>>>>>
>>>>>>>> [2] had to be fixed by this commit:
>>>>>>>>
>>>>>>>> Project: glassfish
>>>>>>>> Repository: svn
>>>>>>>> Revision: 55496
>>>>>>>> Author: swchan2
>>>>>>>> Date: 2012-08-15 19:48:01 UTC
>>>>>>>> Link:
>>>>>>>>
>>>>>>>> Log Message:
>>>>>>>> ------------
>>>>>>>> temporary disable Grizzly asynic io, wait for Grizzly 2.3.x
>>>>>>>>
>>>>>>>>
>>>>>>>> Do you have the latest GF built from sources?
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>> WBR,
>>>>>>>> Alexey.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 08/20/2012 02:41 PM, Tang Yong wrote:
>>>>>>>>> Hi Sahoo,
>>>>>>>>>
>>>>>>>>> About current status of the improvement, I have commented on
>>>>>>>>> jira,
>>>>>>>>> please see[1] and [2], especially [2].
>>>>>>>>>
>>>>>>>>> [1] http://java.net/jira/browse/GLASSFISH-12975
>>>>>>>>> [2] http://java.net/jira/browse/GLASSFISH-19023
>>>>>>>>>
>>>>>>>>> [1] is blocked because [2].
>>>>>>>>>
>>>>>>>>> I want to know whether needing to investigate [2] in depth or
>>>>>>>>> not?
>>>>>>>>>
>>>>>>>>> --Tang
>>>>>>>>>
>>>>>>>>> Sahoo wrote:
>>>>>>>>>> Hi Tang,
>>>>>>>>>>
>>>>>>>>>> Sorry for the delay.
>>>>>>>>>>
>>>>>>>>>> I have looked at your github project. It looks good. Do you
>>>>>>>>>> think we should upgrade to Felix Web Console 3.1.4 so that we
>>>>>>>>>> can take advantage of the richer WebConsolerSecurityProvider2
>>>>>>>>>> interface of Felix Web Console? That way we won't be limited
>>>>>>>>>> to only "HTTP Basic Authentication?" I guess we can include
>>>>>>>>>> what you have done and then improve it later on. I am in the
>>>>>>>>>> process of finding out the contribution acceptance process.
>>>>>>>>>> Hopefully I will find the answers soon. In the meanwhile, I
>>>>>>>>>> noticed some of your files do not have correct copyright and
>>>>>>>>>> license headers. Pl. fix them and upload them to JIRA or
>>>>>>>>>> reference the new github URL from JIRA.
>>>>>>>>>>
>>>>>>>>>> You had a question about injection not working for
>>>>>>>>>> GlassFishSecurityProvider. I guess you directly instantiated
>>>>>>>>>> the class from the bundle activator in which case HK2
>>>>>>>>>> injection manager didn't get an opportunity to perform
>>>>>>>>>> injection. Use of GlassFish.getService is alright.
>>>>>>>>>>
>>>>>>>>>> Thanks for all the good work you are doing.
>>>>>>>>>>
>>>>>>>>>> Sahoo
>>>>>>>>>>
>>>>>>>>>> [1]
>>>>>>>>>> http://felix.apache.org/site/web-console-security-provider.html#WebConsoleSecurityProvider-WebConsoleSecurityProvider2
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wednesday 18 July 2012 05:24 PM, Tang Yong wrote:
>>>>>>>>>>> Hi Sahoo, Shaun,
>>>>>>>>>>>
>>>>>>>>>>> Now, I have resolved the problem which I met.
>>>>>>>>>>>
>>>>>>>>>>> After investigating again, I found that using
>>>>>>>>>>> org.glassfish.embeddable.GlassFish(simple-glassfish-api module)
>>>>>>>>>>> can get AuthenticationService and integrate
>>>>>>>>>>> felix-webconsole's authentication with Glassfish JAAS
>>>>>>>>>>> successfully.
>>>>>>>>>>>
>>>>>>>>>>> My souce has updated into github and please review it.
>>>>>>>>>>>
>>>>>>>>>>> Then, I will start to investigate cdi-related rfp/bug,
>>>>>>>>>>> firstly, I
>>>>>>>>>>> will investigate http://java.net/jira/browse/GLASSFISH-18370.
>>>>>>>>>>>
>>>>>>>>>>> [A Request]
>>>>>>>>>>> If having time, I wish sahoo can explain why from
>>>>>>>>>>> felix-webconsole-extension module, can not get HK2 services
>>>>>>>>>>> and components using Injection way?
>>>>>>>>>>>
>>>>>>>>>>> --Best Regard!
>>>>>>>>>>> --Tang
>>>>>>>>>>>
>>>>>>>>>>> Tang Yong wrote:
>>>>>>>>>>>> Hi Shaun,
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks your suggestion very much.
>>>>>>>>>>>> I have tried and AuthenticationService has still been not
>>>>>>>>>>>> injected successfully.
>>>>>>>>>>>>
>>>>>>>>>>>> I have confirmed that my working enviroment is ok because I
>>>>>>>>>>>> found that
>>>>>>>>>>>> some class on other modules liking deployment-admin can get
>>>>>>>>>>>> injected objects liking BaseServiceLocator.
>>>>>>>>>>>>
>>>>>>>>>>>> So, whether from felix-webconsole-extension module, can not
>>>>>>>>>>>> get HK2 components or not?
>>>>>>>>>>>>
>>>>>>>>>>>> --Tang
>>>>>>>>>>>>
>>>>>>>>>>>> Shaun Pei wrote:
>>>>>>>>>>>>> Hi Yong
>>>>>>>>>>>>>
>>>>>>>>>>>>> Did you try to directly inject the AuthenticationService
>>>>>>>>>>>>> into your code?
>>>>>>>>>>>>> An example using AuthenticationService is
>>>>>>>>>>>>> com.sun.enterprise.admin.util.GenericAdminAuthenticator.java,
>>>>>>>>>>>>> which directly injects the AuthenticationService at line 150.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards
>>>>>>>>>>>>>
>>>>>>>>>>>>> Shaun
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> -----Original Message-----
>>>>>>>>>>>>> From: Tang Yong [mailto:tangyong_at_cn.fujitsu.com] Sent:
>>>>>>>>>>>>> Tuesday, July 17, 2012 1:02 PM
>>>>>>>>>>>>> To: Sahoo; dev_at_glassfish.java.net
>>>>>>>>>>>>> Subject: About GLASSFISH-12975
>>>>>>>>>>>>>
>>>>>>>>>>>>> Dear Sahoo, Security Leader,
>>>>>>>>>>>>>
>>>>>>>>>>>>> About GLASSFISH-12975(Use glassfish admin realm for
>>>>>>>>>>>>> authentication and authorisation of OSGi admin console),
>>>>>>>>>>>>>
>>>>>>>>>>>>> I have made a basic prototype put on
>>>>>>>>>>>>> https://github.com/tangyong/GLASSFISH-12975.
>>>>>>>>>>>>>
>>>>>>>>>>>>> You can copy
>>>>>>>>>>>>> tree/master/felix-webconsole-extension/target/felix-webconsole-extension.jar
>>>>>>>>>>>>>
>>>>>>>>>>>>> into modules\autostart and start
>>>>>>>>>>>>> "GlassFish OSGi Administration Console", then, input GF's
>>>>>>>>>>>>> admin account and check whether having glassfish admin
>>>>>>>>>>>>> realm for authentication or not.
>>>>>>>>>>>>>
>>>>>>>>>>>>> The following is my design idea and a critical problem
>>>>>>>>>>>>> needed to discuss.
>>>>>>>>>>>>>
>>>>>>>>>>>>> [Desgin]
>>>>>>>>>>>>> 1 Implement the felix web console's
>>>>>>>>>>>>> WebConsoleSecurityProvider interface.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Note:
>>>>>>>>>>>>> The current karaf's JaasSecurityProvider class implements
>>>>>>>>>>>>> felix web console's WebConsoleSecurityProvider2, and the
>>>>>>>>>>>>> WebConsoleSecurityProvider2 is not in
>>>>>>>>>>>>> org.apache.felix.webconsole-3.1.2.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2 On FelixWebConsoleExtensionActivator class, register
>>>>>>>>>>>>> GF's implementation of WebConsoleSecurityProvider.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 3 On GF's implementation of WebConsoleSecurityProvider,
>>>>>>>>>>>>> integrate the glassfish admin realm called "admin-realm".
>>>>>>>>>>>>> On the current my prototype, I used
>>>>>>>>>>>>> LoginContextDriver.login(subject, PasswordCredential.class).
>>>>>>>>>>>>>
>>>>>>>>>>>>> However, I indeed did not want to use the way, because I
>>>>>>>>>>>>> found that if using
>>>>>>>>>>>>> org.glassfish.security.services.impl.AuthenticationServiceFactory
>>>>>>>>>>>>>
>>>>>>>>>>>>> to get authentication related to services which should be
>>>>>>>>>>>>> registered into HK2 components, I think that it will be
>>>>>>>>>>>>> very good because security-services module can get realm
>>>>>>>>>>>>> from domain.xml.
>>>>>>>>>>>>>
>>>>>>>>>>>>> So, I tried to do it and however, I met a big problem on
>>>>>>>>>>>>> the whole night.
>>>>>>>>>>>>>
>>>>>>>>>>>>> [Problem]
>>>>>>>>>>>>> Firstly, Please allow me put the codes having the problem
>>>>>>>>>>>>> as following:
>>>>>>>>>>>>>
>>>>>>>>>>>>> @Service
>>>>>>>>>>>>> public class GlassFishSecurityProvider implements
>>>>>>>>>>>>> WebConsoleSecurityProvider{
>>>>>>>>>>>>>
>>>>>>>>>>>>> @Inject
>>>>>>>>>>>>> StateManager manager;
>>>>>>>>>>>>>
>>>>>>>>>>>>> @Inject
>>>>>>>>>>>>> BaseServiceLocator serviceLocator;
>>>>>>>>>>>>>
>>>>>>>>>>>>> @Override
>>>>>>>>>>>>> public Object authenticate(String username, String
>>>>>>>>>>>>> password) {
>>>>>>>>>>>>> String currentState = manager.getCurrent();
>>>>>>>>>>>>> // Get Service Instance
>>>>>>>>>>>>> AuthenticationService atnService =
>>>>>>>>>>>>> serviceLocator.getComponent(AuthenticationService.class);
>>>>>>>>>>>>>
>>>>>>>>>>>>> // Get Service Configuration
>>>>>>>>>>>>> org.glassfish.security.services.config.AuthenticationService
>>>>>>>>>>>>> atnConfiguration =
>>>>>>>>>>>>> serviceLocator.getComponent(org.glassfish.security.services.config.AuthenticationService.class,currentState);
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> // Initialize Service
>>>>>>>>>>>>> atnService.initialize(atnConfiguration);
>>>>>>>>>>>>>
>>>>>>>>>>>>> final Subject fs = null;
>>>>>>>>>>>>>
>>>>>>>>>>>>> try {
>>>>>>>>>>>>> atnService.login(username, password.toCharArray(), fs);
>>>>>>>>>>>>> } catch (LoginException e) { e.printStackTrace();
>>>>>>>>>>>>> return null;
>>>>>>>>>>>>> }
>>>>>>>>>>>>>
>>>>>>>>>>>>> return fs; }
>>>>>>>>>>>>>
>>>>>>>>>>>>> When debugging the authenticate method, both manager and
>>>>>>>>>>>>> serviceLocator are null. I have tried many ways and have
>>>>>>>>>>>>> no effect. So, I want to ask whether from
>>>>>>>>>>>>> felix-webconsole-extension module, can not get HK2
>>>>>>>>>>>>> components or not?
>>>>>>>>>>>>>
>>>>>>>>>>>>> --Best Regard!
>>>>>>>>>>>>> --Tang
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>
>>
>>
>>
>