geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: application client and secure ejbs. how do we determine the security realm?
Date Mon, 05 Apr 2010 23:12:28 GMT
IIRC you write a CallbackHandler that obtains the credentials from a source of your choosing
(such as the client command line or a login dialog) and configure this in the application-client.xml
(the spec dd, not the geronimo plan).  You also need to configure a security realm in the
app client that contains the org.apache.geronimo.openejb.OpenejbRemoteLoginModule configured
to connect to the server.  There might possibly be an example of how to do this in the geronimo
testsuite in a client security test.

I don't think you want to configure the security info on how to log into the server in the
app client configuration.... that would mean anyone who got the app client could log into
the server with no further credentials.

hope this helps
david jencks

On Apr 5, 2010, at 3:50 PM, Sarah.kho wrote:

> Hi
> Can you please let me know when we have a secure ejb in the enterprise
> application and the application client need to access that ejb, what happens
> to the sending username and password to the server?
> how to configure the geronimo-application-client.xml for for security
> checking?
> thanks.
> -- 
> View this message in context:
> Sent from the Users mailing list archive at

View raw message