tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aptem <>
Subject Securing EJB with webapp Realm
Date Thu, 01 May 2014 21:21:05 GMT
I am trying to build secured application including remote EJBs and embed as
much as possible configuration into application.

I created hsqldb datasource in WEB-INF/resources.xml
  <Resource id="myDatasource" type="DataSource">
  		JdbcUrl jdbc:hsqldb:file:data/mydb

And datasource realm in META-INF/context.xml
<Context reloadable="true" antiJARLocking="true">
	<Realm className="org.apache.catalina.realm.DataSourceRealm"
		localDataSource="true" dataSourceName="myDatasource" ... />		   

And protected my web application in WEB-INF/web.xml
<web-app xmlns:xsi=""
	xsi:schemaLocation="" id="srm" version="3.0">
		<realm-name>Authentication required</realm-name>

Everything works fine for regular HTTP requests, but when trying to look up
protected EJB (annotated with @DeclareRoles, @RolesAllowed) - default Realm
from server.xml is used (I am able to call ejb with users defined in
tomcat-users.xml, but not with users defined in my database).
Properties p = new Properties();
p.put("java.naming.provider.url", "http://localhost:8080/srm/ejb");
p.put("", "tomee");
p.put("", "tomee");
InitialContext ctx = new InitialContext(p);
SecuredBeanRemote myBean =

Am I doing something wrong with configuration?

View this message in context:
Sent from the OpenEJB User mailing list archive at

View raw message