tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Artyom Karalov (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TOMEE-1191) Contextual realm is ignored when protecting EJB
Date Sun, 04 May 2014 14:49:14 GMT

    [ https://issues.apache.org/jira/browse/TOMEE-1191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13989003#comment-13989003
] 

Artyom Karalov commented on TOMEE-1191:
---------------------------------------

Should it work with my current TomEE installation or I need do update it?
Should I implement my own Realm or can use Tomcat embedded realms in the same way?

> Contextual realm is ignored when protecting EJB
> -----------------------------------------------
>
>                 Key: TOMEE-1191
>                 URL: https://issues.apache.org/jira/browse/TOMEE-1191
>             Project: TomEE
>          Issue Type: Bug
>    Affects Versions: 1.6.0.1
>         Environment: Windows 7 64 bit, Eclipse EE Kepler
>            Reporter: Artyom Karalov
>
> 1. I created new web application including EJBs
> 2. I defined context level realm in META-INF/context.xml 
> <Context reloadable="true" antiJARLocking="true">
>         <Realm className="org.apache.catalina.realm.DataSourceRealm" 
>                 localDataSource="true" dataSourceName="myDatasource" ... />
> </Context>
> 3. I protected web part in WEB-INF/web.xml and able to login with my database user
> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
>         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="srm" version="3.0">
>         <welcome-file-list>
>                 <welcome-file>index.jsp</welcome-file>
>         </welcome-file-list>
>         <servlet>
>                 <servlet-name>ServerServlet</servlet-name>
>                 <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class>
>         </servlet>
>         <servlet-mapping>
>                 <servlet-name>ServerServlet</servlet-name>
>                 <url-pattern>/ejb/*</url-pattern>
>         </servlet-mapping>
>         <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>srm</web-resource-name>
>                         <url-pattern>/*</url-pattern>
>                         <http-method>GET</http-method>
>                 </web-resource-collection>                
>                 <auth-constraint>
>                         <role-name>admin</role-name>
>                 </auth-constraint>
>         </security-constraint>
>         <login-config>
>                 <auth-method>BASIC</auth-method>
>                 <realm-name>Authentication required</realm-name>
>         </login-config>
>         <security-role>
>                 <role-name>admin</role-name>
>         </security-role>
> </web-app>
> 4. When protecting EJB (annotated with @DeclareRoles, @RolesAllowed) and calling it remotely
- default realm is used instead (from server.xml)
> Properties p = new Properties(); 
> p.put("java.naming.factory.initial", "org.apache.openejb.client.RemoteInitialContextFactory");

> p.put("java.naming.provider.url", "http://localhost:8080/srm/ejb"); 
> p.put("java.naming.security.principal", "tomee"); 
> p.put("java.naming.security.credentials", "tomee"); 
> InitialContext ctx = new InitialContext(p); 
> SecuredBeanRemote myBean = (SecuredBeanRemote)ctx.lookup("SecuredBeanRemote"); 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message