geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dain Sundstrom <d...@iq80.com>
Subject Re: Openejb: This principle is not authorized
Date Fri, 13 Apr 2007 17:08:24 GMT
I'm not sure exactly what you are doing, so I'll explain how an  
OpenEJB JNDI based login works.

On the client side when you create a JNDIContext with the principal  
and credentials set the OpenEJB JNDI code will open a connection to  
the server and perform a remote login.  The server redirects the  
login request to the OpenEJB SecurityService.login(String user,  
String pass) method.  The SecurityService authenticates the user and  
returns a security token (java.lang.Object).  The client stashes off  
the token and send it on ever request.

To start with, your login module configuration will need to be on the  
server side.  In OpenEJB standalone, you can modify the $ 
{OPENEJB_HOME}/conf/login.conf file.  I don't know what the  
equivalent configuration is for Geronimo.  Secondly, the current  
security service code has the name of the login module hard coded.   
In OpenEJB standalone it is hard coded to PropertiesLogin and in the  
Geronimo integration it is hard coded to "OpenEJB".

If you get stuck and want to debug the server, all of the security  
magic for ejb clients happens in GeronimoSecurityService or  
SecurityServiceImpl for OpenEJB standalone.

-dain

On Apr 13, 2007, at 7:07 AM, Bert_nor wrote:

> Standalone application
>
> login.config:
> dw_realm {
>     org.apache.geronimo.security.jaas.client.JaasLoginCoordinator  
> required
>     host="localhost"
>     port="4242"
>     realm="dw_realm";
> };
>
> LoginContext context = new LoginContext("dw_realm",...);
> context.login();
>
> Properties props = new Properties();
> props.put("java.naming.factory.initial",
> "org.apache.openejb.client.RemoteInitialContextFactory");
> props.put("java.naming.factory.host", "127.0.0.1");
> props.put("java.naming.factory.port", "4201");
> props.put("java.naming.security.principal", ...);
> props.put("java.naming.security.credentials", ...);
>
> Context remoteContext = remoteContext = new InitialContext(props);
>
> javax.naming.AuthenticationException: This principle is not  
> authorized.
> 	at org.apache.openejb.client.JNDIContext.authenticate 
> (JNDIContext.java:144)
> 	at
> org.apache.openejb.client.JNDIContext.getInitialContext 
> (JNDIContext.java:116)
> 	at javax.naming.spi.NamingManager.getInitialContext 
> (NamingManager.java:667)
> 	at javax.naming.InitialContext.getDefaultInitCtx 
> (InitialContext.java:247)
> 	at javax.naming.InitialContext.init(InitialContext.java:223)
> 	at javax.naming.InitialContext.<init>(InitialContext.java:197)
>
> It's exception thrown from
> org.apache.geronimo.openejb.GeronimoSecurityService.login(String user,
> String pass) {
>   LoginContext context = new LoginContext("OpenEJB", new
> UsernamePasswordCallbackHandler(user,
> pass));-->javax.security.auth.login.LoginException: No LoginModules
> configured for OpenEJB
>
> Can be use realm for the current user?
>
>
> -- 
> View this message in context: http://www.nabble.com/Openejb%3A-This- 
> principle-is-not-authorized-tf3571824s134.html#a9979641
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>


Mime
View raw message