portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dennis Dam <d....@onehippo.com>
Subject Re: security, sso, cyclic reference
Date Wed, 21 Jan 2009 12:54:49 GMT

 I'm guessing the bean "org.apache.jetspeed.sso.spi.SSOUserManagerSPI" 
causes the problems as configured here?

    <meta key="j2:cat" value="default,security" />
    <constructor-arg index="0">
        <ref bean="org.apache.jetspeed.security.UserManager" />
        <ref bean="org.apache.jetspeed.security.GroupManager" />
        <ref bean="org.apache.jetspeed.security.RoleManager" />
        <ref bean="org.apache.jetspeed.sso.spi.SSOUserManagerSPI" />

I didn't realize (or simply overlooked) that that would break the test 
cases for the security component. If we can get rid of that reference, 
the problem would be solved right ? Maybe we can change the way 
principal panagers are configured in the 
JetspeedPrincipalManagerProvider. I mean, instead of configuring a list 
of managers through the above contructor argument, we could either let 
the principal managers register themselves with the provider, OR let the 
provider look up the available managers through reflection. I prefer the 
last option, because it seems the cleanest solution. Is there a Spring 
mechanism to wire all instances of a certain interface to the provider ?


David Sean Taylor wrote:
> Im trying to run the tests in jetspeed-security. A good portion of the 
> tests are broken due to a SSO-impl bean not being found rooted in 
> security-managers.xml. I am trying to get the tests fixed and get the 
> trunk back to the point where people can get on with their job with 
> running into broken (tests) builds.
> Unfortunately in trying to fix it, I've come across a cyclic reference 
> between jetspeed-security and jetspeed-sso.
> Does anyone object to merging the jetspeed-sso component into 
> jetspeed-security, and then removing the jetspeed-sso component?
> If yes (you do object), please suggest a better solution
> To reproduce this, you can add line 134 to AbstractSecurityTest.java
>         confList.add("sso.xml");
> and modify the unpack-test-resources in the jetspeed-security 
> pom.xml's assembly to include sso.xml:
> <include>transaction.xml,security-*.xml,sso.xml,static-bean-references.xml,boot/datasource.xml</include>

> add this dep to jetspeed-security:
>         <dependency>
>             <groupId>${pom.groupId}</groupId>
>             <artifactId>jetspeed-sso</artifactId>
>             <scope>test</scope>
>         </dependency>
> and run:
> mvn jetspeed:mvn -Dtarget=test-install
> Im seeing:
> [INFO] 
> ------------------------------------------------------------------------
> [INFO] The projects in the reactor contain a cyclic reference: Edge 
> between 'Vertex{label='org.apache.portals.jetspeed-2:jetspeed-sso'}' 
> and 'Vertex{label='org.apache.portals.jetspeed-2:jetspeed-security'}' 
> introduces to cycle in the graph 
> org.apache.portals.jetspeed-2:jetspeed-security --> 
> org.apache.portals.jetspeed-2:jetspeed-sso --> 
> org.apache.portals.jetspeed-2:jetspeed-security
> Another solution could be to use a modified assembly in the security 
> tests that does not bring in the SSO dependencies via 
> security-managers.xml
> This leads to another discussion regarding the validity of the demo 
> assemblies being reused in unit tests....
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

View raw message