geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joerg Friede <joerg.fri...@3kraft.com>
Subject how to specify security realm in openejb-jar.xml
Date Mon, 22 May 2006 09:46:34 GMT
Hi,

i try to secure my EJB's and then access them from a standalone 
java-client using the following connection properties

props.setProperty("java.naming.factory.initial","org.openejb.client.RemoteInitialContextFactory");
props.setProperty("java.naming.provider.url", "127.0.0.1:4201");
props.setProperty("java.naming.security.principal", "system");
props.setProperty("java.naming.security.credentials", "manager");

specified the role in ejb-jar.xml

<security-role>
         <role-name>AdminRole</role-name>
</security-role>

 <method-permission >
      <role-name>AdminRole</role-name>
      <method >
         <ejb-name>Manager</ejb-name>
         <method-name>*</method-name>
      </method>
   </method-permission>

and then mapped the role in openejb-jar.xml

<security:security>
    <security:default-principal>
        <security:principal 
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" 
name="Anonymous" />
    </security:default-principal>
    <security:role-mappings>
        <security:role role-name="AdminRole">
        <security:principal 
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
name="admin"/>
        </security:role>
    </security:role-mappings>
    </security:security>

Still i receive a "java.rmi.AccessException: access denied 
(javax.security.jacc.EJBMethodPermission Manager create,Home,)".


In the chapter EJB-Security (page 299) of his book (PDF) Aaron Mulder 
wrote that there is a "security-realm-name" element, but this is not 
included in the XSD and therefore deployment fails.

Is there another way to specify the security realm (to authenticate 
users against) in the file openejb-jar.xml, as in geronimo-web.xml?

Thanks for your help, Joerg Friede



Mime
View raw message