geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kory Markevich" <Kory_Markev...@ACL.com>
Subject EJB Authentication Problem
Date Mon, 24 Sep 2007 18:17:23 GMT
I've been doing some research into using Geronimo 2.0.1 to host some
EJB3 session beans, interacting with a stand-alone client.  I can
connect to the server and call methods fine, but I've encountered some
difficulties with security.  Specifically I've tried using
Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS when
creating the InitialContext, but this seems to be broken.  After some
tracing it seems that
org.apache.geronimo.openejb.GeronimoSecurityService.login( ) tries to
create a LoginContext with a null security realm, which throws an
exception and prevents authentication.  I noticed that the latest
version of OpenEJB has added the key openejb.authentication.realmName,
but this is not available in 2.0.1 (and it seems a bit backward having
to have the client specify the security realm.)

I have been able to use
org.apache.openejb.client.ClientSecurity.directAuthentication( ) to
successfully authenticate, but it seems a bit hacky and is very OpenEJB
specific (and also requires the client to provide the realm name.)

Is there something I'm missing or doing wrong?  I'm fairly new to EE
stuff so hopefully it's just some newbie mistake.

BTW, a couple other things I noticed:

- EJB security is disabled if the geronimo-application.xml doesn't at
least have an empty <security/> entry.  This means any security
annotations are completely ignored, which surprised me.
- EJB3 EAR's will not deploy using the Eclipse plugin unless they
contain an application.xml file.  Renaming the ZIP file to an EAR and
manually deploying works fine.
- When creating new EJB3 projects in Eclipse, all geronimo-*.xml files
reference the old schemas.  If the schemas are changed to the 2.0.1
versions, then the editors fail (I'm assuming this is due to the EMF
JIRA entry?)
- When starting Eclipse, there are 3 warnings in the log compaining
about 'org.apache.geronimo.deployment.model' and
'org.apache.geronimo.v11.deployment.model'.  I tried to disable the 1.0
and 1.1 features to get rid of the warnings (since I didn't need those
versions,) but then Geronimo 2.0 wouldn't be listed as an option when
creating new projects.  The feature wasn't flagged as being broken
however.
 
________________________________


Kory Markevich
Tech Lead
ACL Services Ltd. 

1550 Alberni Street | Vancouver | BC | V6G 1A5
Tel: 604 669 4225
Email: kory_markevich@acl.com  | Web: www.acl.com  

________________________________

The contents of this email are confidential and are for the intended
recipient(s) named above only. If you are not the intended recipient,
any copying, distribution or use of this email is prohibited. If you
have received this email in error, please notify the sender and delete
the email.


Mime
View raw message