[Dev] Heads up! Revisited.

Brett Wooldridge bwooldridge at alterpoint.com
Tue Jul 29 22:32:20 CDT 2008 

Fixed formatting (hopefully) screwed up by mail client:

Big check-in.  Long email.

This check-in encompasses two primary things:


 1.  The replacement/removal of the pax-web dependencies.  We now use the Jetty-supplied OSGi bundles straight-up.
 2.  Enabling JAAS security.

You will need the following new project (required by Jetty):

org.ziptie.slf4j

This is the simple logging façade used by Jetty for their logging, in our case it binds to log4j.

Additionally, the org.ziptie.server.auth package was renamed to org.ziptie.server.security.  You will need this project too.

Remove the org.ziptie.zap.pax-web project, it is no longer used.

You can stop reading here, if you are a ZipTie developer and don't care about the details - just add the projects above, update the world, and build clean.  Read on if you think this change affects your work...

-------------------------------
The primary server crate changed with the removal of the all pax-web bundles, and the addition of the Jetty bundles.  In our crate we only use a portion of the Jetty bundles, but I included the other's commented out for possible future use.  The Jetty new bundles in the crate are:

  <!-- Jetty -->
   <bundle id="org.mortbay.jetty.servlet-api-2.5" location="core/servlet-api-2.5-6.1.11.jar" version=""/>
   <bundle id="org.mortbay.jetty.server" location="core/jetty-6.1.11.jar" version=""/>
   <bundle id="org.mortbay.jetty.util" location="core/jetty-util-6.1.11.jar" version=""/>
   <bundle id="org.mortbay.jetty.naming" location="core/jetty-naming-6.1.11.jar" version=""/>
   <bundle id="org.mortbay.jetty.plus" location="core/jetty-plus-6.1.11.jar" version=""/>
<!--
   <bundle id="org.mortbay.jetty.annoations" location="core/jetty-annotations-6.1.11.jar" version=""/>
   <bundle id="org.mortbay.jetty.management" location="core/jetty-management-6.1.11.jar" version=""/>
   <bundle id="org.mortbay.jetty.jsp-2.1" location="core/jsp-2.1.jar" version=""/>
   <bundle id="org.mortbay.jetty.jsp-api-2.1" location="core/jsp-api-2.1.jar" version=""/>
 -->

Note we are picking up our Servlet API dependency from the Jetty-supplied bundle.  If you have bundles picking up that API from another servlet bundle, you should remove that dependency (and add this one) to avoid future weirdness.

Note that the org.ziptie.slf4j bundle was also added:

  <bundle id="org.ziptie.slf4j" location="core/" version="" />

See the diff of the crate in fisheye.
----------------------------------
WebRegistry extension point changes:

Occurrences of url-prefix were changed to url-pattern to reflect the fact that we use the Jetty url-pattern capability which supports more than just prefixing.  This will require you to change any extensions of this extension point.  Suggested is a simple text search/replace for "url-prefix" in *.xml files.

Note also that url-pattern is required for Resource extensions.  Alias and name are no longer part of the Extension Point.  Resolution is by url-pattern alone.

See the ZAP documentation here: http://docs.ziptie.org/doku.php?id=zap:top#jetty_web_registry

----------------------------------
The following are the changes/additions to OSGi config.ini file containing new system properties and boot delegations (you will need these if you are managing your own config.ini file):

################################################ # Java System Properties
java.security.auth.login.config=osgi-config/security/ziptie_login.config

################################################ # ZipTie System properties
org.ziptie.zap.web.jetty.xml=jetty.xml

# Bootdelegation
org.osgi.framework.system.packages=\
 com.sun.security.auth.login,\
 org.w3c.dom.traversal,\
 javax.management.loading,\
 javax.management.modelmbean,\
 javax.security.auth,\
 javax.security.auth.callback,\
 javax.security.auth.login,\
 javax.security.auth.spi,\
 com.sun.org.apache.xalan.internal,\
 com.sun.org.apache.xalan.internal.res,\
 com.sun.org.apache.xalan.internal.xsltc.trax,\
 com.sun.org.apache.xpath.internal,\
 com.sun.org.apache.xpath.internal.jaxp,\
 com.sun.org.apache.xpath.internal.objects,\
 com.sun.org.apache.xml.internal.utils

org.osgi.framework.bootdelegation=\
 ...ditto...

----------------------------------
The configuration of Jetty is controlled by the osgi-conf/jetty/jetty.xml file by default.  The name of the file used for Jetty, is controlled by the org.ziptie.zap.web.jetty.xml system property, but it defaults to the above if not defined.  You should not have to make any major edits to this file, but the bind host/port etc. are readily changeable.  Note the pretty much everything available to you through Jetty is capable of being configured here, including the restructuring of handlers, creation of contexts, registration of servlets, etc.  These are all well beyond the scope of this email, but you should know it is available to you should you chose to leverage it.

----------------------------------
Lastly, the Jetty JAAS security Realm is enabled.  The JAAS configuration file used is controlled by the standard Java system property java.security.auth.login.config.  Ours is defined in config.ini and contains this value:

java.security.auth.login.config=osgi-config/security/ziptie_login.config

There is also a file in osgi-config/security called nop_login.config that directs JAAS to use the org.ziptie.zap.web.NoopLoginModule.  You can use this alternatively to the ziptie_login.config if you do not want ZipTie-based authentication.

-Brett

------ End of Forwarded Message
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ziptie.org/pipermail/dev/attachments/20080729/761b4728/attachment.html

More information about the Dev mailing list