Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto:
hmm, the point is you tomcat creates the realm before the app is started
(== the webapp classloader is not available) so you have to put your realm
in the container
it is exactly the reason for I'm asking you to put this kind of support
in TomEE, because you cannot deploy a "Realm" implementation directly in
your own application
My trick is just to let the developer of the app bundle in its own app
the only "logic" that implements the real autentication, leaving the
container to "manage" security
in order to lookup beans you have to make a JNDI lookup only for every
call to "autenticate", so the realm actually doesn't need to have access
to the application context before initialization
FYI you can use the tomee maven plugin:
<plugin>
<groupId>org.apache.openejb.maven</groupId>
<artifactId>tomee-maven-plugin</artifactId>
<version>1.0.0-SNAPSHOT</version>
<configuration>
<libs>
<lib>examples:EJBRealm:1.0-SNAPSHOT</lib>
</libs>
</configuration>
</plugin>
I don't know if tomcat already have a kind of lazy realm instantiator but
we could add one in tomee to manage such cases
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/22 Thiago Veronezi <[email protected]>
Hmmmm... I like your idea!
I will try to implement something like that now.
[]s,
Thiago.
On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli <[email protected]
wrote:
This is not what I meant
I'm attaching an example
EJBRealm.zip is a simple Tomcat Realm that performs a JNDI lookup to get
an application provided EJB and invokes a method to authenticate the user
<Realm className="ejbrealm.EJBRealm"
beanname="java:global/**localhost/MyAuth/AuthBean"
realmname="MyRealm" loginMethod="loginUser" />
MyAuth.zip is an example webapp which uses it
- Enrico
Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto:
realm are typically managed by tomcat so tomcat pacakging should work
the link between realm and ejbcontext is done through a wrapper realm
called tomeerealm (added automcatically on the snapshot) so simply
define
the jaasrealm:
http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**
examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml<
http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml
here is a sample:
http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**
examples/cdi-ejbcontext-jaas/<
http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**com<
http://rmannibucau.wordpress.com>
*
2012/8/22 Enrico Olivelli <[email protected]>
I'd like to bundle my own "realm" implementation with my app, because I
want to call an EJB method in order to authenticate users
Tomcat comes with JDBCRealm which can be used to lookup
username/password
directly in the app DB bypassing application code
and Tomcat does like to "bundle" a Realm implementation inside the app
The only "issue" I see is the security context to use to access this
"realm-EJB"
Did I miss something ?
Could you bundle a built-in Tomcat Realm that does the trick ?
some thing like
<Realm className="xxxx.EJBRealm" beanLookup="java:comp/env/****
MyAuthBean"
authenticateMethod="****authenticateUser" runAs="superuser" />
or CDI-EL based
assuming the presence of a @Named("authbean")
<Realm className="xxxx.CDIRealm" authenticateMethod="#{****
authbean.authenticateUser}"
runAs="superuser" />
Thanks
Enrico
