geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Blythe" <cjblyth...@gmail.com>
Subject Re: Role-based security in EJB methods
Date Mon, 14 May 2007 21:24:33 GMT
David...

Thanks for the reply... Here are some more specifics. I am working with
Geronimo 1.1.1 and attempting to add role-based security to DayTrader (with
the help of Surya Duggirala). He has added the necessary security tags to
the web.xml and ejb-jar.xml and I am simply trying to figure out the
deployment plans for Geronimo.

Thus far I have done the following...

Added the security realm to the <web-app> portion of the deployment plan to
secure a URL in the web archive.
<security-realm-name>daytrader-realm</security-realm-name>

I have also added the following to the <openejb-jar> portion of the plan to
secure one of the session EJBs.

      <security>
        <default-principal realm-name="daytrader-realm">
          <principal name="anonymous" class="
org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
        </default-principal>
        <role-mappings>
          <role role-name="grp1">
            <realm realm-name="daytrader-realm">
              <principal name="group1" class="
org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
            </realm>
          </role>
        </role-mappings>
      </security>

When I access the secured URL, I am asked to provide my credentials as
expected. So, that appears to be working correctly. However, I'm not really
sure how to verify that my method level permissions on the secured Session
bean are being respected.

I can access the session bean via a non-secured URL that bypasses the
security configuration in the war. If the security configuration for my ejb
was being used, I would expect some form of exception to be thrown when I
try to access it via my non-secured URL (since I have not provided my
credentials), but I do not. This leads me to believe that I'm missing
something.

Any thoughts?

Thanks again...

Chris

On 5/14/07, David Jencks <david_jencks@yahoo.com> wrote:
>
>
> On May 14, 2007, at 10:33 AM, Christopher Blythe wrote:
>
> > Was wondering if there are any samples or tests for Geronimo that
> > use role-based authentication for EJB methods?
> >
> > More specifically, I was wondering how to configure the role
> > mappings in the Geronimo deployment plan. Most of the samples out
> > there revolve around the war, but I have not found anything
> > relating to the EJB jar.
>
> The role>> permission mapping is specified in the spec dd or via
> annotations.
>
> The part in the geronimo plan is a principal<< role mapping which
> works the same way for wars and ejb jars.
>
> I don't know if there are easy to find examples.  If this doesn't
> clear it up can you ask a more specific question?
>
> thanks
> david jencks
>
> >
> > Thanks...
> >
> > Chris
> >
> > --
> > "I say never be complete, I say stop being perfect, I say let...
> > lets evolve, let the chips fall where they may." - Tyler Durden
>
>


-- 
"I say never be complete, I say stop being perfect, I say let... lets
evolve, let the chips fall where they may." - Tyler Durden

Mime
View raw message