Assume we want use properties files realm for user auditing. On Geronimo server, deploy a module as followed:

<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>test-realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.framework</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="test-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">test-realm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>test-realm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
                    <log:option name="usersURI">var/security/demo_users.properties</log:option>
                    <log:option name="groupsURI">var/security/demo_groups.properties</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>


Then deploy a client-side-realm for application client to authenticate with OpenEJB container as followed:

<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>remote-openejb-realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.framework</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
    <dependency>
               <groupId>org.apache.geronimo.modules</groupId>
               <artifactId>geronimo-openejb</artifactId>
               <type>jar</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="remote-openejb-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">remote-openejb-realm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>remote-openejb-realm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.openejb.OpenejbRemoteLoginModule</log:login-module-class>
    <log:option name="RemoteSecurityRealm">test-realm</log:option>
                    <log:option name="ServerURI">ejbd://localhost:4201</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>

In your geronimo-application-client.xml, specify the client-side-realm module as its dependency and realm name. Aslo you need to profide your <callback-handler> as David J mentioned earlier. See the snippet as followed:

<?xml version="1.0" encoding="UTF-8"?>

<application-client xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"
  xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"
  xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
  xmlns:security="http://geronimo.apache.org/xml/ns/security-2.0"
  xmlns:connector="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
 
 <sys:client-environment>
  <sys:moduleId>
  <sys:groupId>org.apache.geronimo.samples</sys:groupId>
  <sys:artifactId>Myclient</sys:artifactId>
  <sys:version>2.2.0</sys:version>
  <sys:type>jar</sys:type>
  </sys:moduleId>
  <sys:dependencies>
      <sys:dependency>
        <sys:groupId>console.realm</sys:groupId>
        <sys:artifactId>remote-openejb-realm</sys:artifactId>
        <sys:version>1.0</sys:version>
        <sys:type>car</sys:type>
      </sys:dependency>
    </sys:dependencies>
 </sys:client-environment>
  
  <sys:server-environment> 
   <sys:moduleId>
   <sys:groupId>org.apache.geronimo.samples</sys:groupId>
   <sys:artifactId>MyServer</sys:artifactId>
   <sys:version>2.2.0</sys:version>
   <sys:type>jar</sys:type>
   </sys:moduleId>
   <sys:dependencies>
      <sys:dependency>
        <sys:groupId>console.realm</sys:groupId>
        <sys:artifactId>remote-openejb-realm</sys:artifactId>
        <sys:version>1.0</sys:version>
        <sys:type>car</sys:type>
      </sys:dependency>
    </sys:dependencies>    
  </sys:server-environment> 
  
  <realm-name>remote-openejb-realm</realm-name>
  <callback-handler>org.apache.geronimo.samples.Myclient.appClient.MyCallbackHandler</callback-handler>    
</application-client>

Hope this helpls.

Jeff C


On Tue, Apr 6, 2010 at 11:16 PM, Sarah.kho <sarah.kho@gmail.com> wrote:

Hi,

I studied the page but it does not have the name of the deployment
descriptor which I should include those sample code inside it. should I
include them inside the geronimo-application-client.xml?

it also says that the realm should also be specified at the server side. i
think it means in the openejb-jar.xml. can you give me the sample snippet
for that one as well?

thanks
--
View this message in context: http://n3.nabble.com/when-using-an-application-client-to-consume-a-secure-ejb-who-perform-the-authentication-tp699700p700639.html
Sent from the Users mailing list archive at Nabble.com.