1 2 3 4 Previous Next 50 Replies Latest reply on May 14, 2008 8:49 AM by anil.saldhana Go to original post
      • 15. Re: Security Injection in AS5
        aloubyansky

         

        "adrian@jboss.org" wrote:
        We know it found the schema (assuming that file exists in the classpath
        and is reachable from the bean parsing deployer's classloader):
        TRACE [org.jboss.xb.binding.sunday.unmarshalling.DefaultSchemaResolver] (main) found schema InputSou
        rce, nsURI=urn:jboss:security-config:5.0, baseURI=null, schemaLocation=resource:security-config_5_0.
        xsd
        


        Actually, it didn't. This message would be logged even if it wasn't found. I am fixing it. And looking into why it is not found...

        • 16. Re: Security Injection in AS5

           

          "alex.loubyansky@jboss.com" wrote:
          "adrian@jboss.org" wrote:
          We know it found the schema (assuming that file exists in the classpath
          and is reachable from the bean parsing deployer's classloader):
          TRACE [org.jboss.xb.binding.sunday.unmarshalling.DefaultSchemaResolver] (main) found schema InputSou
          rce, nsURI=urn:jboss:security-config:5.0, baseURI=null, schemaLocation=resource:security-config_5_0.
          xsd
          


          Actually, it didn't. This message would be logged even if it wasn't found. I am fixing it. And looking into why it is not found...


          Are you going to fix the logging as well then? :-)
          Kind of pointless even having it when it is meaningless.

          • 17. Re: Security Injection in AS5
            aloubyansky

            Yes, by "fixing it" I meant the logging :) I am still figuring out why it can't find the schema.

            • 18. Re: Security Injection in AS5
              aloubyansky

              The XSD cannot be found in the classpath.

              log wrote:
              2008-03-27 15:36:04,375 TRACE [org.jboss.xb.binding.sunday.unmarshalling.DefaultSchemaResolver] (main) Mapped schemaLocation to filename: security-config_5_0.xsd
              2008-03-27 15:36:04,375 TRACE [org.jboss.xb.binding.sunday.unmarshalling.DefaultSchemaResolver] (main) getInputSource, nsURI=urn:jboss:security-config:5.0, baseURI=null, schemaLocation=resource:schema/security-config_5_0.xsd
              2008-03-27 15:36:04,375 TRACE [org.jboss.util.xml.JBossEntityResolver] (main) resolvePublicID, publicId=urn:jboss:security-config:5.0
              2008-03-27 15:36:04,375 TRACE [org.jboss.util.xml.JBossEntityResolver] (main) Found entity from publicId=urn:jboss:security-config:5.0 fileName=security-config_5_0.xsd
              2008-03-27 15:36:04,375 TRACE [org.jboss.util.xml.JBossEntityResolver] (main) Cannot load publicId from classpath resource: security-config_5_0.xsd


              The file is in the schema directory of the jboss-metadata.jar
              Changing the schemaLocation in the XML to include "schema/" doesn't work. I tried changing the mapping in the JBossEntityResolver to include the "schema/". Didn't work.

              log wrote:
              2008-03-27 15:50:25,614 TRACE [org.jboss.util.xml.JBossEntityResolver] (main) Found entity from publicId=urn:jboss:security-config:5.0 fileName=schema/security-config_5_0.xsd
              2008-03-27 15:50:25,614 TRACE [org.jboss.util.xml.JBossEntityResolver] (main) Cannot load publicId from classpath resource: schema/security-config_5_0.xsd


              • 19. Re: Security Injection in AS5
                aloubyansky

                Here is a list of URLs that form the classpath logged from the JBossEntityResolver.resolveEntity() for the security-config_5_0.xsd. The server's lib directory is not there.

                log wrote:
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) PRINT URLS FOR org.jboss.system.NoAnnotationURLClassLoader
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) urls total: 22
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-core-spi.jar
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-core.jar
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-client-spi.jar
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-client.jar
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-structure-spi.jar
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-spi.jar
                2008-03-31 16:17:20,761 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-impl.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-vfs-spi.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-deployers-vfs.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-system.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-j2se.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-mbeans.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-jmx.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-system-jmx.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/dom4j.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-aop-deployer-jdk50.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-aop-jboss4-jdk50.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-aop-jboss5.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/activation.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jaxb-impl.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/stax-api.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/wstx.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) PRINT URLS FOR org.jboss.system.NoAnnotationURLClassLoader
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) urls total: 29
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/endorsed/resolver.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/endorsed/serializer.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/endorsed/xalan.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/endorsed/xercesImpl.jar
                2008-03-31 16:17:20,771 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/endorsed/xml-apis.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/concurrent.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/log4j-boot.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-logging-spi.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-logging-log4j.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-logging-jdk.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-common-core.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-xml-binding.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jaxb-api.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-bootstrap.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/javassist.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-reflect.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-mdr.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-dependency.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-kernel.jar
                2008-03-31 16:17:20,781 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-metatype.jar
                2008-03-31 16:17:20,791 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-managed.jar
                2008-03-31 16:17:20,791 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-vfs.jar
                2008-03-31 16:17:20,791 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-classloading-spi.jar
                2008-03-31 16:17:20,791 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-classloader.jar
                2008-03-31 16:17:20,791 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-classloading.jar
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-classloading-vfs.jar
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-aop-jdk50.jar
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/jboss-aop-mc-int.jar
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/lib/trove.jar
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) PRINT URLS FOR sun.misc.Launcher$AppClassLoader
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) urls total: 2
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) file:/C:/jdk1.5.0_13/lib/tools.jar
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) file:/E:/cvsroot/trunk/build/output/jboss-5.0.0.CR1/bin/run.jar
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) PRINT URLS FOR sun.misc.Launcher$ExtClassLoader
                2008-03-31 16:17:20,852 INFO [STDOUT] (main) urls total: 4
                2008-03-31 16:17:20,862 INFO [STDOUT] (main) file:/C:/jdk1.5.0_13/jre/lib/ext/dnsns.jar
                2008-03-31 16:17:20,862 INFO [STDOUT] (main) file:/C:/jdk1.5.0_13/jre/lib/ext/localedata.jar
                2008-03-31 16:17:20,862 INFO [STDOUT] (main) file:/C:/jdk1.5.0_13/jre/lib/ext/sunjce_provider.jar
                2008-03-31 16:17:20,862 INFO [STDOUT] (main) file:/C:/jdk1.5.0_13/jre/lib/ext/sunpkcs11.jar


                • 20. Re: Security Injection in AS5
                  anil.saldhana

                  Alexey, do you want us to create a JIRA issue for this in JBossXB project? Or is this an issue related to any of the class loader changes (I am not sure what they were) in recent times?

                  • 21. Re: Security Injection in AS5
                    aloubyansky

                    It's a classloading issue.

                    • 22. Re: Security Injection in AS5
                      starksm64

                      I updated the existing org.jboss.test.classloader.test.UnifiedLoaderUnitTestCase.testResource which has a sar loading resources local to the ear, global resources and now a server lib jar resource. I had to add a jboss-structure.xml to add the dtds dir to the ear classpath for the local resource tests, but once that was added its finding global and server lib resources. Need to look more closely at how the security usecase differs.

                      • 23. Re: Security Injection in AS5
                        anil.saldhana

                        Thanks Scott. This issue is kind of blocking our intention of moving the security domain defs from conf/login-config.xml as beans closer to where they are needed. For example, I want to convert the services in messaging-service.xml into beans and define the "messaging" sec domain configuration there. I would like conf/login-config.xml to just have the "other" sec domain configuration. Rest go closer to the services where they are needed. Will be a good showcase for users when they start defining the sec domains.

                        • 24. Re: Security Injection in AS5
                          starksm64

                          The problem is that the BeanDeployer runs with a tcl that is associated with the conf/bootstrap-beans.xml deployment. This is the NoAnnotationURLClassLoader(bean=BootstrapClassLoader) that only has the server bootstrap libs in its classpath as Alexey showed. This cannot load the security-config_5_0.xsd schema from the server/xxx/lib/jboss-metadata.jar

                          You need to specify the vfsfile url of the schema file to get this to parse. Ideally you should be able to do:

                           <jbsx:policy
                           xsi:schemaLocation="urn:jboss:security-config:5.0 vfsfile:${jboss.server.lib.url}/jboss-metadata.jar/schema/security-config_5_0.xsd"
                          


                          but we are not resolving system property refs as part of the system id resolution, so I had to specify the full vfsfil url, in my case:

                          vfsfile:/Users/svn/JBossHead/jboss-head/build/output/jboss-5.0.0.CR1/server/default/lib/jboss-metadata.jar/schema/security-config_5_0.xsd

                          It still failed to work because the org.jboss.security.config.PolicyConfig does not exist in my workspace, but it got past the parsing error.

                          I'll create a feature request for the JBossEntityResolver.resolveEntity to try to run the input systemId through property resolution as without this its not practical to use vfs urls in config files.


                          • 25. Re: Security Injection in AS5
                            starksm64

                            The JBossEntityResolver.resolveEntity issue is:
                            http://jira.jboss.com/jira/browse/JBCOMMON-48

                            • 26. Re: Security Injection in AS5
                              starksm64

                              This is fixed but needs a new jboss-common-core 2.2.5.GA release. Note that the correct system property to use is the jboss.server.home.dir. No .url properties can be used as this ends up nesting a file: protocol inside of the vfsfile:

                               <bean name="StandardLoginConfig" class="org.jboss.security.auth.login.DynamicLoginConfig">
                               <property name="policyConfig">
                               <jbsx:policy
                               xsi:schemaLocation="urn:jboss:security-config:5.0 vfsfile:${jboss.server.home.dir}/lib/jboss-metadata.jar/schema/security-config_5_0.xsd"
                               xmlns:jbsx="urn:jboss:security-config:5.0"
                               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                              



                              • 27. Re: Security Injection in AS5
                                anil.saldhana

                                Scott, looks like the alps are already having a positive effect on you. :) I was going to request Stefan to tackle the JBCOMMON issue. Thanks for the quick resolution.

                                • 28. Re: Security Injection in AS5
                                  starksm64

                                  Stefan, you should be able to try this again as trunk has been updated to use the 2.2.5.beta1 jboss-common-core with the JBCOMMON-48 fix.

                                  • 29. Re: Security Injection in AS5
                                    sguilhen

                                    Scott,

                                    I've tried again, and it indeed goes past the parsing error when using the vsf schema location. Now I am also seeing the failure to load the org.jboss.security.config.PolicyConfig that you also reported:

                                    10:20:33,101 ERROR [AbstractKernelController] Error installing to Parse: name=vfsfile:/opt/workspace/JBAS-Trunk/build/output/jboss-5.0.0.CR1/server/default/deploy/security-policies-beans.xml state=Not Installed mode=Manual requiredState=Parse
                                    org.jboss.deployers.spi.DeploymentException: Error creating managed object for vfsfile:/opt/workspace/JBAS-Trunk/build/output/jboss-5.0.0.CR1/server/default/deploy/security-policies-beans.xml
                                     at org.jboss.deployers.spi.DeploymentException.rethrowAsDeploymentException(DeploymentException.java:49)
                                     at org.jboss.deployers.spi.deployer.helpers.AbstractParsingDeployerWithOutput.createMetaData(AbstractParsingDeployerWithOutput.java:253)
                                     at org.jboss.deployers.spi.deployer.helpers.AbstractParsingDeployerWithOutput.createMetaData(AbstractParsingDeployerWithOutput.java:223)
                                     ....
                                    Caused by: org.jboss.xb.binding.JBossXBException: Failed to parse source: Failed to resolve class name for {urn:jboss:security-config:5.0}policy: org.jboss.security.config.PolicyConfig
                                     at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:193)
                                     at org.jboss.xb.binding.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:153)
                                     at org.jboss.deployers.vfs.spi.deployer.SchemaResolverDeployer.parse(SchemaResolverDeployer.java:120)
                                     at org.jboss.deployers.vfs.spi.deployer.AbstractVFSParsingDeployer.parse(AbstractVFSParsingDeployer.java:143)
                                     at org.jboss.deployers.spi.deployer.helpers.AbstractParsingDeployerWithOutput.createMetaData(AbstractParsingDeployerWithOutput.java:249)
                                     ... 20 more
                                    Caused by: org.jboss.xb.binding.JBossXBRuntimeException: Failed to resolve class name for {urn:jboss:security-config:5.0}policy: org.jboss.security.config.PolicyConfig
                                     at org.jboss.xb.binding.sunday.unmarshalling.impl.runtime.RtElementHandler.loadClassForTerm(RtElementHandler.java:1038)
                                     at org.jboss.xb.binding.sunday.unmarshalling.impl.runtime.RtElementHandler.classForNonArrayItem(RtElementHandler.java:1367)
                                     at org.jboss.xb.binding.sunday.unmarshalling.impl.runtime.RtElementHandler.startElement(RtElementHandler.java:693)
                                     at org.jboss.xb.binding.sunday.unmarshalling.impl.runtime.RtElementHandler.startParticle(RtElementHandler.java:89)
                                     at org.jboss.xb.binding.sunday.unmarshalling.SundayContentHandler.startElement(SundayContentHandler.java:632)
                                     at org.jboss.xb.binding.parser.sax.SaxJBossXBParser$DelegatingContentHandler.startElement(SaxJBossXBParser.java:407)
                                    


                                    this class can be found in the server/xx/lib/jbosssx.jar. Would this be a classloading issue or am I missing some configuration?