Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0.1, 2.1
    • Fix Version/s: 2.0.2, 2.1
    • Component/s: OpenEJB, security
    • Security Level: public (Regular issues)
    • Labels:
      None
    • Environment:

      All

      Description

      Currently access to MEJB is not controlled. Add configurable security for MEJB.

      1. MEJB.java
        1 kB
        Anita Kulshreshtha
      2. mejb-ear-2.1-SNAPSHOT.ear
        17 kB
        Anita Kulshreshtha
      3. mejb.patch
        43 kB
        Anita Kulshreshtha
      4. configs.patch
        0.5 kB
        Anita Kulshreshtha
      5. mejb-ejb-2.1-SNAPSHOT.jar
        7 kB
        Anita Kulshreshtha
      6. mejb-war-2.1-SNAPSHOT.war
        9 kB
        Anita Kulshreshtha
      7. configs.patch
        44 kB
        Anita Kulshreshtha
      8. configs.diff
        21 kB
        Anita Kulshreshtha
      9. mejb.diff
        19 kB
        Anita Kulshreshtha
      10. GERONIMO-3456.patch
        77 kB
        Anita Kulshreshtha
      There are no Sub-Tasks for this issue.

        Activity

        Hide
        Donald Woods added a comment -

        Fix needs to go into trunk, too...

        Show
        Donald Woods added a comment - Fix needs to go into trunk, too...
        Hide
        Anita Kulshreshtha added a comment -

        I have attached MEJB for review. It can be deployed as an ear or stand alone ejb module. I have tested it by deploying it as an ear on trunk. The ear file is also attached. The ear contains an extra web part that is meant only for testing. By default the "mejbuser" role is mapped to "admin" .

        Show
        Anita Kulshreshtha added a comment - I have attached MEJB for review. It can be deployed as an ear or stand alone ejb module. I have tested it by deploying it as an ear on trunk. The ear file is also attached. The ear contains an extra web part that is meant only for testing. By default the "mejbuser" role is mapped to "admin" .
        Hide
        Anita Kulshreshtha added a comment -
        • mejb.patch deploys MEJB as an EJB module. The JNDI lookup is (available from var/geronimo.log)
          mejb-ejb/ejb/mgmt/MEJB/javax.managemment.j2ee.ManagementHome.
        • configs.patch disables the old MEJB
        • The mejb-ejb jar is attached for convenience.
          "mejbuser' role is mapped to "admin"
        Show
        Anita Kulshreshtha added a comment - mejb.patch deploys MEJB as an EJB module. The JNDI lookup is (available from var/geronimo.log) mejb-ejb/ejb/mgmt/MEJB/javax.managemment.j2ee.ManagementHome. configs.patch disables the old MEJB The mejb-ejb jar is attached for convenience. "mejbuser' role is mapped to "admin"
        Hide
        Anita Kulshreshtha added a comment -
        • The app mejb-war-2.1-SNAPSHOT.war is an app to access MEJB
        Show
        Anita Kulshreshtha added a comment - The app mejb-war-2.1-SNAPSHOT.war is an app to access MEJB
        Hide
        Anita Kulshreshtha added a comment -
        • config.patch (created from configs dir) for building mejb config
        Show
        Anita Kulshreshtha added a comment - config.patch (created from configs dir) for building mejb config
        Hide
        Anita Kulshreshtha added a comment -

        The configs.patch has duplicates. Please use configs.diff

        Show
        Anita Kulshreshtha added a comment - The configs.patch has duplicates. Please use configs.diff
        Hide
        Anita Kulshreshtha added a comment -

        The mejb.patch also has duplicates. please apply mejb.diff to applications dir

        Show
        Anita Kulshreshtha added a comment - The mejb.patch also has duplicates. please apply mejb.diff to applications dir
        Hide
        Anita Kulshreshtha added a comment -

        The openejb deployer had to be modified to deploy applications without starting the openejb configuration. Once the patches for openejb
        and openejb-builder attached to [1] are committed, I will commit this work.

        [1] http://issues.apache.org/jira/browse/GERONIMO-3481

        Show
        Anita Kulshreshtha added a comment - The openejb deployer had to be modified to deploy applications without starting the openejb configuration. Once the patches for openejb and openejb-builder attached to [1] are committed, I will commit this work. [1] http://issues.apache.org/jira/browse/GERONIMO-3481
        Hide
        Anita Kulshreshtha added a comment -

        GERONIMO-3456 is the latest patch

        Show
        Anita Kulshreshtha added a comment - GERONIMO-3456 is the latest patch
        Hide
        Anita Kulshreshtha added a comment -

        committed in rev579616. The default security settings are -

        • "admin" - read access
        • To get R/W access create a "mejb-admin" group (GeronimoGroupPrincipal). Any user in this group will have R/W access
        Show
        Anita Kulshreshtha added a comment - committed in rev579616. The default security settings are - "admin" - read access To get R/W access create a "mejb-admin" group (GeronimoGroupPrincipal). Any user in this group will have R/W access
        Hide
        Vamsavardhana Reddy added a comment -

        Rev 579681 in branches\2.0.

        Show
        Vamsavardhana Reddy added a comment - Rev 579681 in branches\2.0.
        Hide
        Kevan Miller added a comment -

        Anita, can this jira be closed, now?

        Show
        Kevan Miller added a comment - Anita, can this jira be closed, now?

          People

          • Assignee:
            Anita Kulshreshtha
            Reporter:
            Anita Kulshreshtha
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development