Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Osgi updates for Grouper 5 #211

Draft
wants to merge 7 commits into
base: GROUPER_5_BRANCH
Choose a base branch
from

Conversation

scalding
Copy link

updates for the plugin framework for Grouper

  • (hopefully) better classloader configuration
  • updated webapp for testing
  • osgi security. Note that the security update is the first step toward setting up a plugin market, allowing for pulling remote jars and verifying trusted signed artifacts.

update osgi system packages
update osgi boot delegation
deprecate old namespace
use full location for bundle rather than just the file name
move property names to constants
add osgi security configuration
add tests and testing resources for osgi seucrity
see if I can slip the change to index.jsp so I can run in jetty :-D
update test webapp to allow disabling debug

** NOTE: the org.apache.felix.framework.security.jar is a locally modified version that has a fix for checking trusted certificates. this should be moved into the grouper repo or submitted to the upstream project.
# {valueType: "string", required: true, order: 2000}
grouper.felix.cache.rootdir = /tmp/grouperFelixCache

grouper.osgi.plugin.extauth.location=file:/Users/jj/Documents/workspace/community/grouper-ext-auth/target/grouper-authentication-plugin-0.0.1-SNAPSHOT.jar
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to change this to something more generic

private final static FrameworkStarter frameworkStarter = new FrameworkStarter();

// properties
public final static String GROUPER_OSGI_ENABLE = "grouper.osgi.enable";
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we continue to use osgi namespace, or do we use more generic plugins?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would vote to use osgi

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after our previous conversation, should likely be the opposite. since the grouper project has no intention of implementing osgi, some other term should be used. this statement is true for all questions related to osgi, something else should be used and documented.

packagesForBootDelegationString = GrouperConfig.retrieveConfig().propertyValueString("grouper.osgi.framework.boot.delegation");
Set<String> packagesForBootDelegation = new HashSet<>();
if (null != GrouperConfig.retrieveConfig().propertyValueString(GROUPER_OSGI_FRAMEWORK_BOOT_DELEGATION)) {
LOG.warn("You are setting a value for `grouper.osgi.framework.boot.delegation`. This is generally not needed adn should not be used unless there is a good reason to do so");
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo

packagesForBootDelegation.add("org.osgi.*");
packagesForBootDelegation.add("javax.*");
packagesForBootDelegation.add("org.apache.commons.logging");
packagesForBootDelegation.add("edu.internet2.middleware.grouper.*");
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to check this, but could cause a problem if a plugin ends up in the classpath (e.g. class clash)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

commented elsewhere, this policy seems dangerous, but this functionality is deprecated. followup on osgi plans

String keyStorePassword = "changeme";
keyStore.load(null, keyStorePassword.toCharArray());

CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are pem encoded x509 certs sufficient?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might be better to move this out of the classpath, perhaps to WEB-INF/plugins?

</dependencies>

<build>
<resources>
<resource>
<directory>../../../grouper/conf</directory>
<directory>../../grouper/conf</directory>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take this out

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I remember why this is here, but need to verify: ddls for some reason were missing from the classpath

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DDLs should be packaged in the grouper jar now

@@ -37,7 +37,7 @@
<module>../grouper-ui</module>
<module>../grouper-ws</module>
<module>../grouper-misc/grouper-installer</module>
<module>../grouper-misc/webapp/grouper-ui-webapp</module>
<module>../grouper-misc/webapp</module>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recommend removing this. This is the list of modules that are built and published at every release, and for which documentation is built. You can always build this manually, even if it's not in this list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants