tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: Securing EJB with webapp Realm
Date Fri, 02 May 2014 05:03:30 GMT
Hi

Default realm is as you say the sefault but Ejbs use jaas so using
jaasrealm you ll merge both world. In other world rely on a database login
module and not a database realm but the jaasrealm.
Le 1 mai 2014 22:44, "aptem" <aptemk@gmail.com> a écrit :

> Hi.
> I am trying to build secured application including remote EJBs and embed as
> much as possible configuration into application.
>
> I created hsqldb datasource in WEB-INF/resources.xml
> <resources>
>   <Resource id="myDatasource" type="DataSource">
>                 JdbcUrl jdbc:hsqldb:file:data/mydb
>                 ...
>   </Resource>
> </resources>
>
> And datasource realm in META-INF/context.xml
> <Context reloadable="true" antiJARLocking="true">
>         <Realm className="org.apache.catalina.realm.DataSourceRealm"
>                 localDataSource="true" dataSourceName="myDatasource" ... />
> </Context>
>
> And protected my web application in WEB-INF/web.xml
> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns="http://java.sun.com/xml/ns/javaee"
>         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="srm" version="3.0">
>         <welcome-file-list>
>                 <welcome-file>index.jsp</welcome-file>
>         </welcome-file-list>
>         <servlet>
>                 <servlet-name>ServerServlet</servlet-name>
>
>
> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
>         </servlet>
>         <servlet-mapping>
>                 <servlet-name>ServerServlet</servlet-name>
>                 <url-pattern>/ejb/*</url-pattern>
>         </servlet-mapping>
>         <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>srm</web-resource-name>
>                         <url-pattern>/*</url-pattern>
>                         <http-method>GET</http-method>
>                 </web-resource-collection>
>                 <auth-constraint>
>                         <role-name>admin</role-name>
>                 </auth-constraint>
>         </security-constraint>
>         <login-config>
>                 <auth-method>BASIC</auth-method>
>                 <realm-name>Authentication required</realm-name>
>         </login-config>
>         <security-role>
>                 <role-name>admin</role-name>
>         </security-role>
> </web-app>
>
> Everything works fine for regular HTTP requests, but when trying to look up
> protected EJB (annotated with @DeclareRoles, @RolesAllowed) - default Realm
> from server.xml is used (I am able to call ejb with users defined in
> tomcat-users.xml, but not with users defined in my database).
> Properties p = new Properties();
> p.put("java.naming.factory.initial",
> "org.apache.openejb.client.RemoteInitialContextFactory");
> p.put("java.naming.provider.url", "http://localhost:8080/srm/ejb");
> p.put("java.naming.security.principal", "tomee");
> p.put("java.naming.security.credentials", "tomee");
> InitialContext ctx = new InitialContext(p);
> SecuredBeanRemote myBean =
> (SecuredBeanRemote)ctx.lookup("SecuredBeanRemote");
>
> Am I doing something wrong with configuration?
>
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Securing-EJB-with-webapp-Realm-tp4669071.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message