Blog do projektu Open Source JavaHotel

sobota, 19 maja 2012

JSPWiki in the Cloud, JAAS security

I spent some time enabling JAAS security implemented in JSPWiki. After removing some bugs in the JSPWiki I was successful in the development mode (with options like: "Log in", "Preferences", "Adding new user", "Adding group" etc.). But after deploying to Google App Engine it failed with message like:
2012-05-18 23:41:43.072
org.apache.log4j.Logger error: Failed to start managers.
java.security.AccessControlException: access denied (javax.security.auth.AuthPermission modifyPrincipals)
 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:355)
 at java.security.AccessController.checkPermission(AccessController.java:567)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
 at com.google.apphosting.runtime.security.CustomSecurityManager.checkPermission(CustomSecurityManager.java:56)
 at javax.security.auth.Subject$SecureSet.add(Subject.java:1076)
 at java.util.Collections$SynchronizedCollection.add(Collections.java:1634)
 at org.apache.wiki.WikiSession.invalidate(WikiSession.java:615)
 at org.apache.wiki.WikiSession.guestSession(WikiSession.java:775)
 at org.apache.wiki.WikiSession.staticGuestSession(WikiSession.java:805)
 at org.apache.wiki.WikiSession.getWikiSession(WikiSession.java:744)


I also realized the in the development mode I added the following parameter to "Run" configuration : -D--enable_all_permissions=true just turning the security off. But of course it is out of my control in the production mode.
It seems that although javax.security.auth is listed on the Google App Engine list of supported packages it does not work and there is no way to overcome it.
So after spending some time I'm again at the very beginning with JSPWiki security. I see two options available : create security mechanism on my own or reuse some existing security framework (like Spring security).

niedziela, 6 maja 2012

JSPWiki in the Cloud

I started a cleaning phase and deployed a new version of JSPWikiForClouds.  So far I remove all references to javax.management. This package is not supported by Google App Engine and cannot figure out how to overcome. It does not seem impact core functionality. Solution implemented by javax.management (for instance: user management) should be resolved completely differently.
Current development status is available here.
Next step
Next step is to remove oscache package. This package is deprecated and not supported any longer. I will have to understand what is the role of this package in the JSPWiki application and decide if it can be simply removed or replaced with JCache (Google App Engine supports JCache to some extends).

wtorek, 1 maja 2012

JSPWiki in the Cloud

Story
I have been a user of the JSPWiki for years. I have it installed on my computer and simply using it as a local place for keeping different information and links. But for some time I have been wondering about putting it in the cloud (Google App Engine) and have it available from every computer I'm using, not only from my desktop. The only problem seemed to be that current PageProvider implementation (the way how wiki pages are persisted) does not support Google App Engine data store. But plugin based design of JSPWiki seemed to make it simple - just next implementation of PageProvider interface. So I started working moving JSPWiki into to the world (heaven) of clouds.
But I realized soon that Google App Engine implementation of PageProvider is the simplest piece of work.  The current implementation of JSPWiki cannot be executed in Google App Engine and substantial changes are necessary. What more important,  after having it running in development mode a lot of problems came up after deploying to a production environment. Also keeping backward compatibility with existing implementation JSPWiki is not possible. For instance : threads are not supported in Google App Engine but thread based services are not implemented as plugins but embedded inside the code.
The list of problems I found and solutions implemented is available here.
But finally, after fighting, loosing and winning a lot of battles, the first version emerged. It is only a subset of all features available but the core functionality is working. It also proves that the task (Google App Engine migration) is doable at all - this question was hovering over me all the time. So the PoC is passed.
Full source code is available here - I opened a new Open Source project.
What next
The purpose is of course to enable all features available but I cannot tell now when this target will be hit. The very first stage is cleaning. After breaking backward compatibility with the main JSPWiki trunk just remove all stuff  not used and temporary fixes.
After having the code clean the first feature implemented is security. Implementing authentication and authorization using services supported by Google App Engine. Probably the best method of authentication is Google authentication.