Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fish 8925 adding epicyro implementation #7068

Open
wants to merge 38 commits into
base: Payara7
Choose a base branch
from
Open

Fish 8925 adding epicyro implementation #7068

wants to merge 38 commits into from
+4,544 −20,302

Conversation

breakponchito
Copy link
Contributor

@breakponchito breakponchito commented Nov 15, 2024
edited
Loading

Implementing epicyro on Payara 7

Description

We are trying to decouple the Jakarta Authentication by using epicyro provider. Epicyro provideds most of the functionality needed to provide Jakarta Authentication mechanism.

Important Info

Blockers

Testing

New tests

Testing Performed

Manual testing by starting and deploying a web applications on payara:
image

Testing Environment

Windows 11, azul jdk 21, maven 3.9.5

Documentation

Notes for Reviewers

breakponchito and others added 5 commits October 30, 2024 23:45
@breakponchito
FISH-8925: starting changes to use epicyro
94296f9
@Pandrex247
Security API downgrade shim
911a08b 
Signed-off-by: Andrew Pielage <pandrex247@hotmail.com>
@breakponchito
FISH-8925: rebasing last changes from Payara7 branch
b51a9ff
@breakponchito
Merge remote-tracking branch 'origin/FISH-8925-adding-epicyro-impleme…
21a1a22 
…ntation' into FISH-8925-adding-epicyro-implementation

# Conflicts:
#	core/pom.xml
#	nucleus/common/internal-api/src/main/java/fish/payara/internal/notification/EventLevel.java
@breakponchito
FISH-8925: introducing epicyro for jakarta authentication in payara 7
5627fea
@breakponchito breakponchito added the PR: DO NOT MERGE Don't merge PR until further notice label Nov 15, 2024
@breakponchito
Copy link
Contributor Author

For now I can build the server but I have osgi issue to run server

kalinchan and others added 6 commits November 15, 2024 09:29
@kalinchan
FISH-9630 Use UserPrincipal instead of PrincipalImpl
70835b7
@Pandrex247
Correct comment name
78126c4
@Pandrex247
Add soteria downgrade shim
79f2fd8 
Signed-off-by: Andrew Pielage <pandrex247@hotmail.com>
@Pandrex247
Bundle name correction and missing ';'
9afed1f 
Signed-off-by: Andrew Pielage <pandrex247@hotmail.com>
@kalinchan
Merge pull request payara#7069 from kalinchan/FISH-9630
345626f 
FISH-9630 Use UserPrincipal instead of PrincipalImpl
@breakponchito
FISH-8925: fixing osgi issues and adding more changes tu run authenti…
d8175ad 
…cation with epicyro
@breakponchito
Copy link
Contributor Author

Now the server can run but any of the web applications can be seen

@breakponchito
Copy link
Contributor Author

From last changes I tried to set the exousia DefaultPolicy to fix an issue from authentication part that cause to not load any web application. Still in progress because now when trying to load default web application I'm seeing the following exception:

`
[#|2024-11-26T23:10:00.915-0600|ADVERTENCIA|Payara 7.2024.1.Alpha3|jakarta.enterprise.web|_ThreadID=217;_ThreadName=Thread-23;_TimeMillis=1732684200915;_LevelValue=900;|
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.glassfish.deployment.common.DeploymentException: Error in generating security policy for __admingui -- Cannot invoke "jakarta.security.jacc.Policy.refresh()" because the return value of "org.glassfish.exousia.AuthorizationService.getPolicy()" is null
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.glassfish.deployment.common.DeploymentException: Error in generating security policy for __admingui -- Cannot invoke "jakarta.security.jacc.Policy.refresh()" because the return value of "org.glassfish.exousia.AuthorizationService.getPolicy()" is null

`

@breakponchito
Copy link
Contributor Author

I added more changes to set the default providers from exousia instead of our version and now partially load the resources of the admin console page:

image

still dealing with an issue to get the following two resources:

  • com_sun_faces_ajax.js
  • and the result after calling the j_security_check

@breakponchito
Copy link
Contributor Author

finally the server is running again after latest changes to fix the callback handler validation for credentials:

image

@breakponchito
Copy link
Contributor Author

@Pandrex247 right now checking how to fix some quicklook tests failures:
image

@breakponchito
Copy link
Contributor Author

Jenkins test please

@Pandrex247
Don't exclude from semantic versioning
cf189d1 
Signed-off-by: Andrew Pielage <pandrex247@hotmail.com>
@Pandrex247 Pandrex247 mentioned this pull request Dec 2, 2024
Open
@Pandrex247
Copy link
Member

Run against all currently passing TCKs kicked off here: https://jenkins.payara.fish/blue/organizations/jenkins/JakartaEE-11-TCK/detail/JakartaEE-11-TCK/90/pipeline

It seems that this causes quite a few other TCKs to start failing:

  • Concurrency
  • JAX-RS
  • WebSockets

@Pandrex247
Copy link
Member

From the authentication TCK runner, there appears to be numerous issues with deployment (which look similar to what's happening with the other TCKs):

org.apache.catalina.LifecycleException: org.glassfish.deployment.common.DeploymentException: Error in generating security policy for test.war -- State could not be DELETED but actual state is
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:5775)
	at com.sun.enterprise.web.WebModule.start(WebModule.java:619)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:982)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:965)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:694)
	at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1811)
	at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1563)
	at com.sun.enterprise.web.WebApplication.start(WebApplication.java:107)
	at org.glassfish.internal.data.EngineRef.start(EngineRef.java:123)
	at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:292)
	at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:361)
	at com.sun.enterprise.v3.server.ApplicationLifecycle.initialize(ApplicationLifecycle.java:633)
	at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:571)

@breakponchito
Copy link
Contributor Author

Jenkins test please

@breakponchito
Copy link
Contributor Author

@Pandrex247 still with 2 errors on the side of quicklook tests but now the TCK is passing: https://jenkins.payara.fish/blue/organizations/jenkins/JakartaEE-11-TCK/detail/JakartaEE-11-TCK/93/pipeline

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Pandrex247 Pandrex247 Awaiting requested review from Pandrex247

@aubi aubi Awaiting requested review from aubi

@luiseufrasio luiseufrasio Awaiting requested review from luiseufrasio

@Viii3 Viii3 Awaiting requested review from Viii3

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
PR: DO NOT MERGE Don't merge PR until further notice
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@breakponchito @Pandrex247 @kalinchan @luiseufrasio