I'd like to bundle my own "realm" implementation with my app, because I
want to call an EJB method in order to authenticate users
Tomcat comes with JDBCRealm which can be used to lookup
username/password directly in the app DB bypassing application code
and Tomcat does like to "bundle" a Realm implementation inside the app
The only "issue" I see is the security context to use to access this
"realm-EJB"
Did I miss something ?
Could you bundle a built-in Tomcat Realm that does the trick ?
some thing like
<Realm className="xxxx.EJBRealm" beanLookup="java:comp/env/MyAuthBean"
authenticateMethod="authenticateUser" runAs="superuser" />
or CDI-EL based
assuming the presence of a @Named("authbean")
<Realm className="xxxx.CDIRealm"
authenticateMethod="#{authbean.authenticateUser}" runAs="superuser" />
Thanks
Enrico
