Hi sahoo,
Now, the new integration with Felix Web Console 3.1.8 has been
finished and passed my test, and you can see my comment of
GLASSFISH-12975 and try it. There are some interesting topics on it.
At last, need to thank Alexey for quick fixing GLASSFISH-19023!
--Tang
Tang Yong wrote:
> Hi Sahoo,
>
> About current status of the improvement, I have commented on jira,
> please see[1] and [2], especially [2].
>
> [1] http://java.net/jira/browse/GLASSFISH-12975
> [2] http://java.net/jira/browse/GLASSFISH-19023
>
> [1] is blocked because [2].
>
> I want to know whether needing to investigate [2] in depth or not?
>
> --Tang
>
> Sahoo wrote:
>> Hi Tang,
>>
>> Sorry for the delay.
>>
>> I have looked at your github project. It looks good. Do you think we
>> should upgrade to Felix Web Console 3.1.4 so that we can take
>> advantage of the richer WebConsolerSecurityProvider2 interface of
>> Felix Web Console? That way we won't be limited to only "HTTP Basic
>> Authentication?" I guess we can include what you have done and then
>> improve it later on. I am in the process of finding out the
>> contribution acceptance process. Hopefully I will find the answers
>> soon. In the meanwhile, I noticed some of your files do not have
>> correct copyright and license headers. Pl. fix them and upload them to
>> JIRA or reference the new github URL from JIRA.
>>
>> You had a question about injection not working for
>> GlassFishSecurityProvider. I guess you directly instantiated the class
>> from the bundle activator in which case HK2 injection manager didn't
>> get an opportunity to perform injection. Use of GlassFish.getService
>> is alright.
>>
>> Thanks for all the good work you are doing.
>>
>> Sahoo
>>
>> [1]
>> http://felix.apache.org/site/web-console-security-provider.html#WebConsoleSecurityProvider-WebConsoleSecurityProvider2
>>
>>
>> On Wednesday 18 July 2012 05:24 PM, Tang Yong wrote:
>>> Hi Sahoo, Shaun,
>>>
>>> Now, I have resolved the problem which I met.
>>>
>>> After investigating again, I found that using
>>> org.glassfish.embeddable.GlassFish(simple-glassfish-api module)
>>> can get AuthenticationService and integrate felix-webconsole's
>>> authentication with Glassfish JAAS successfully.
>>>
>>> My souce has updated into github and please review it.
>>>
>>> Then, I will start to investigate cdi-related rfp/bug, firstly, I
>>> will investigate http://java.net/jira/browse/GLASSFISH-18370.
>>>
>>> [A Request]
>>> If having time, I wish sahoo can explain why from
>>> felix-webconsole-extension module, can not get HK2 services and
>>> components using Injection way?
>>>
>>> --Best Regard!
>>> --Tang
>>>
>>> Tang Yong wrote:
>>>> Hi Shaun,
>>>>
>>>> Thanks your suggestion very much.
>>>> I have tried and AuthenticationService has still been not injected
>>>> successfully.
>>>>
>>>> I have confirmed that my working enviroment is ok because I found that
>>>> some class on other modules liking deployment-admin can get injected
>>>> objects liking BaseServiceLocator.
>>>>
>>>> So, whether from felix-webconsole-extension module, can not get HK2
>>>> components or not?
>>>>
>>>> --Tang
>>>>
>>>> Shaun Pei wrote:
>>>>> Hi Yong
>>>>>
>>>>> Did you try to directly inject the AuthenticationService into your
>>>>> code?
>>>>> An example using AuthenticationService is
>>>>> com.sun.enterprise.admin.util.GenericAdminAuthenticator.java, which
>>>>> directly injects the AuthenticationService at line 150.
>>>>>
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>> Shaun
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Tang Yong [mailto:tangyong_at_cn.fujitsu.com] Sent: Tuesday,
>>>>> July 17, 2012 1:02 PM
>>>>> To: Sahoo; dev_at_glassfish.java.net
>>>>> Subject: About GLASSFISH-12975
>>>>>
>>>>> Dear Sahoo, Security Leader,
>>>>>
>>>>> About GLASSFISH-12975(Use glassfish admin realm for authentication
>>>>> and authorisation of OSGi admin console),
>>>>>
>>>>> I have made a basic prototype put on
>>>>> https://github.com/tangyong/GLASSFISH-12975.
>>>>>
>>>>> You can copy
>>>>> tree/master/felix-webconsole-extension/target/felix-webconsole-extension.jar
>>>>>
>>>>> into modules\autostart and start
>>>>> "GlassFish OSGi Administration Console", then, input GF's admin
>>>>> account and check whether having glassfish admin realm for
>>>>> authentication or not.
>>>>>
>>>>> The following is my design idea and a critical problem needed to
>>>>> discuss.
>>>>>
>>>>> [Desgin]
>>>>> 1 Implement the felix web console's WebConsoleSecurityProvider
>>>>> interface.
>>>>>
>>>>> Note:
>>>>> The current karaf's JaasSecurityProvider class implements felix web
>>>>> console's WebConsoleSecurityProvider2, and the
>>>>> WebConsoleSecurityProvider2 is not in
>>>>> org.apache.felix.webconsole-3.1.2.
>>>>>
>>>>> 2 On FelixWebConsoleExtensionActivator class, register GF's
>>>>> implementation of WebConsoleSecurityProvider.
>>>>>
>>>>> 3 On GF's implementation of WebConsoleSecurityProvider, integrate
>>>>> the glassfish admin realm called "admin-realm". On the current my
>>>>> prototype, I used LoginContextDriver.login(subject,
>>>>> PasswordCredential.class).
>>>>>
>>>>> However, I indeed did not want to use the way, because I found that
>>>>> if using
>>>>> org.glassfish.security.services.impl.AuthenticationServiceFactory
>>>>> to get authentication related to services which should be
>>>>> registered into HK2 components, I think that it will be very good
>>>>> because security-services module can get realm from domain.xml.
>>>>>
>>>>> So, I tried to do it and however, I met a big problem on the whole
>>>>> night.
>>>>>
>>>>> [Problem]
>>>>> Firstly, Please allow me put the codes having the problem as
>>>>> following:
>>>>>
>>>>> @Service
>>>>> public class GlassFishSecurityProvider implements
>>>>> WebConsoleSecurityProvider{
>>>>>
>>>>> @Inject
>>>>> StateManager manager;
>>>>>
>>>>> @Inject
>>>>> BaseServiceLocator serviceLocator;
>>>>>
>>>>> @Override
>>>>> public Object authenticate(String username, String password) {
>>>>> String currentState = manager.getCurrent();
>>>>> // Get Service Instance
>>>>> AuthenticationService atnService =
>>>>> serviceLocator.getComponent(AuthenticationService.class);
>>>>>
>>>>> // Get Service Configuration
>>>>> org.glassfish.security.services.config.AuthenticationService
>>>>> atnConfiguration =
>>>>> serviceLocator.getComponent(org.glassfish.security.services.config.AuthenticationService.class,currentState);
>>>>>
>>>>>
>>>>> // Initialize Service
>>>>> atnService.initialize(atnConfiguration);
>>>>>
>>>>> final Subject fs = null;
>>>>>
>>>>> try {
>>>>> atnService.login(username, password.toCharArray(), fs);
>>>>> } catch (LoginException e) { e.printStackTrace();
>>>>> return null;
>>>>> }
>>>>>
>>>>> return fs; }
>>>>>
>>>>> When debugging the authenticate method, both manager and
>>>>> serviceLocator are null. I have tried many ways and have no effect.
>>>>> So, I want to ask whether from felix-webconsole-extension module,
>>>>> can not get HK2 components or not?
>>>>>
>>>>> --Best Regard!
>>>>> --Tang
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>
>