Hello Karan. Here is the issue regarding context-specific realm: https://issues.apache.org/jira/browse/OPENEJB-901 It has a war file attached, and instructions on how to reproduce. I've managed to use my JAASRealm as default realm, but it didn't work as expected, because, for example, isCallerInRole() does not uses the Realm.hasRole() method, hence it didn't work as expected. For that, I've registered another issue: https://issues.apache.org/jira/browse/OPENEJB-902. Thanks.
Luis Fernando Planella Gonzalez [EMAIL PROTECTED] Karan Malhi escreveu: > Luis, > > You can file a JIRA and definitely expect help on this issue from us. > Actually, I was going to ask you if setting the Realm for the host/engine > worked for you or not?, looks like it worked for you. I am trying to look > into it . If you are comfortable, we can keep exchanging emails on the dev > list itself . When more eyes look at it, we might get to the solution > faster. I will add suport so that tomcat looks under all three levels for > the realm. Hopefully, I should be able to figure something out tonight. > Gotta run! > > I am not a tomcat-openejb expert, but when the email is sent to the list, > those experts are definitely watching. :) > > BTW:- Could you also attach your code to the JIRA issue, this way I will be > able to download it and test it if it works or not. > On Thu, Aug 21, 2008 at 1:41 PM, Luis Fernando Planella Gonzalez < > [EMAIL PROTECTED]> wrote: > > >> Hi All! >> After a few days struggling with OpenEJB in Tomcat, and some deep >> debugging, >> I've 2 conclusions about TomcatSecurityService: >> >> - When a context uses a specific Realm, TomcatSecurityService ignores it, >> using the default host Realm (by default a UserDatabaseRealm). That is >> very >> annoying, because an user is authenticated in the web layer, but when >> accessing an EJB, he is not correctly authenticated. >> - At least in the method isCallerInRole, the TomcatSecurityService >> implementation does not override the AbstractSecurityService JAAS >> implementation, which is wrong IMHO. Since it is based on a Realm, it >> should >> delegate to Realm.hasRole() method. I don't know if this happens on other >> methods too. I could temporarely workarround the first problem by >> defining >> my realm on the whole host, but this was a showstopper. >> >> Now, my question: Is this the desired behaviour? Should I raise JIRA issues >> for those? I'm starting a project, which will be in development for a few >> months. Should I expect a fix for this or should I try to write my custom >> SecurityService? >> I'm really worried because it's critical for our project. >> Perhaps if someone could pass me the contact of a openejb-tomcat >> integration >> developer, I could exchange a few mails and try to understand this issue. >> Thanks very much. >> Luis >> >> > > > >
