Authorization-constraint imposes authentication

Today I came along a strange problem in Geronimo: I wanted to grant access to everyone (even to those who are not logged in) to a URL which is protected by a <security-constraint>. So I defined a <default-principal> in my geronimo-web.xml and assigned this user to my role which is required to access the URL. To my surprise the login form appeared every time I tried to access the URL.

After some research in the net I found the Geronimo bug 2564 which describes my problem pretty precise. I also found the blog entry Inconsistency between Servlet specification implementations which reveals different implementations of the security part of J2EE. In a foil about J2EE security I spotted the following phrase which would explain my problems:

Authorization-constraint imposes authentication

So I removed the <security-constraint> from my URL and accepted that J2EE (or its implementations?) are not perfect in every way...

Install Eclipse and WTP

A working development environment is really important for every developer because it highly speeds up your building time and helps you to avoid failures. I personally use Eclipse and the Web Tools Project Plugin for my daily development for Geronimo. I'll show you how to install and configure the following products:

• Eclipse 3.2
• Eclipse Web Tools 1.5
• Geronimo Eclipse Plugin 1.2 for Geronimo 1.1
  

Eclipse Web Tools

Download the "All-in-one" package for your operating system from the download page of the Eclipse Web Tools and extract the downloaded archive to any folder you want. Under Linux I prefer to keep the applications I downloaded by myself under ~/applications. So my Eclipse is located under ~/applications/eclipse.

While you're downloading the archive create a folder to save your projects (e.g. ~/workspace). Launch now Eclipse by executing the binary inside the eclipse folder. Point the appearing dialog to the folder you've just created and press "OK". Close the welcome tab by pressing the cross in the left upper corner.





Geronimo Eclipse Plugin

Select now "Window / Open Perspective / Other..." from the menu bar and choose "J2EE" from the list. Open the wizard to define a new server by selecting "File / New / Other...", filtering for "server" and clicking "Next >". Click on the link named "Don't see your server listed? Click here", select "Geronimo v1.1", click "Next >" and accept the appearing license by clicking "Finish".

Confirm the dialog with "OK", wait until the download is complete and click then "Yes". Eclipse restarts and you need to launch the wizard again by selecting "File / New / Other..." from the menu bar and find the server wizard by using the filter. Click "Next >" and select "Apache Geronimo v1.1 Server" from the group "Apache". Click again "Next >", fill out the "Application Server Installation Directory" and click "Finish".

The server appears now in the view part labeled "Servers" and you should be able to run it by clicking on the button "Start the Server".

If you changed the default user ID or password of Geronimo (system/manager) you can set them by double-clicking on the server and alter the security settings.

Some thoughts about the future of Geronimo

Geronimo is great because it's free and and open source. Now that Sun has open sourced Java and Glassfish there are some new points in the application server fight. Glassfish was actually announced to be open source before but now it will be available under the GPL. Is Geronimo still needed? Geronimo is still J2EE 1.4 and there seems to be a lot of development to be done to make Geronimo Java EE 5 compatible. Glassfish is already on the level of Java EE 5.

A thing I like at the moment more on Geronimo over Glassfish is it's simple installation. But I think we will see some improvements in the future. And since Glassfish will be included in Ubuntu the installation on Linux systems becomes hopefully really easy.

The question is, if there are still any reasons to use Geronimo in the future since Glassfish exists and will become productive ready soon? Is the market great enough for three (JBoss is also still here) open source servers?

AJAX, Unicode and Java

As you might already noticed I'm actually busy in using JavaScript. That's mainly because I develop an AJAX application based on J2EE. To simplify my work with JavaScript I use the library mootools which is a great facilitation over plain JavaScript, especially if you'd like to to your stuff object oriented.

By using the library I came around a strange problem with unicode handling. My application was written completely in UTF-8 but as soon as I sent data over AJAX to the server it didn't get handled correctly.

After some search I came across the solution: simply add the following line of to the top of your Servlet to let it know the POST data is UTF-8 encoded.

public class ChatServlet extends javax.servlet.http.HttpServlet implements
  javax.servlet.Servlet {

protected void doPost(HttpServletRequest request,
    HttpServletResponse response) throws ServletException, IOException {
  request.setCharacterEncoding("UTF-8");
}
}