https://issues.apache.org/jira/browse/TOMEE-400
*Romain Manni-Bucau* *Twitter: @rmannibucau* *Blog: http://rmannibucau.wordpress.com* 2012/8/22 Enrico Olivelli <eolive...@gmail.com> > Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto: > > hmm, the point is you tomcat creates the realm before the app is started >> (== the webapp classloader is not available) so you have to put your realm >> in the container >> > > it is exactly the reason for I'm asking you to put this kind of support in > TomEE, because you cannot deploy a "Realm" implementation directly in your > own application > My trick is just to let the developer of the app bundle in its own app the > only "logic" that implements the real autentication, leaving the container > to "manage" security > > in order to lookup beans you have to make a JNDI lookup only for every > call to "autenticate", so the realm actually doesn't need to have access to > the application context before initialization > > > >> FYI you can use the tomee maven plugin: >> >> <plugin> >> <groupId>org.apache.openejb.**maven</groupId> >> <artifactId>tomee-maven-**plugin</artifactId> >> <version>1.0.0-SNAPSHOT</**version> >> <configuration> >> <libs> >> <lib>examples:EJBRealm:1.0-**SNAPSHOT</lib> >> </libs> >> </configuration> >> </plugin> >> >> I don't know if tomcat already have a kind of lazy realm instantiator but >> we could add one in tomee to manage such cases >> >> *Romain Manni-Bucau* >> *Twitter: @rmannibucau* >> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >> * >> >> >> >> >> >> 2012/8/22 Thiago Veronezi <thi...@veronezi.org> >> >> Hmmmm... I like your idea! >>> I will try to implement something like that now. >>> >>> >>> []s, >>> Thiago. >>> >>> >>> On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli <eolive...@gmail.com >>> >>>> wrote: >>>> This is not what I meant >>>> I'm attaching an example >>>> >>>> EJBRealm.zip is a simple Tomcat Realm that performs a JNDI lookup to get >>>> an application provided EJB and invokes a method to authenticate the >>>> user >>>> <Realm className="ejbrealm.EJBRealm" >>>> >>> beanname="java:global/****localhost/MyAuth/AuthBean" >>> >>>> realmname="MyRealm" loginMethod="loginUser" /> >>>> >>>> MyAuth.zip is an example webapp which uses it >>>> >>>> - Enrico >>>> >>>> >>>> Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto: >>>> >>>> realm are typically managed by tomcat so tomcat pacakging should work >>>> >>>>> the link between realm and ejbcontext is done through a wrapper realm >>>>> called tomeerealm (added automcatically on the snapshot) so simply >>>>> >>>> define >>> >>>> the jaasrealm: >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>> examples/cdi-ejbcontext-jaas/****src/main/tomee/conf/server.**xml< >>>>> >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** >>> examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml> >>> >>>> here is a sample: >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>> examples/cdi-ejbcontext-jaas/< >>>>> >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** >>> examples/cdi-ejbcontext-jaas/<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/> >>> >>>> *Romain Manni-Bucau* >>>>> *Twitter: @rmannibucau* >>>>> *Blog: http://rmannibucau.wordpress.****com< >>>>> >>>> http://rmannibucau.wordpress.**com <http://rmannibucau.wordpress.com>> >>> >>>> * >>>>> >>>>> >>>>> >>>>> >>>>> 2012/8/22 Enrico Olivelli <eolive...@gmail.com> >>>>> >>>>> I'd like to bundle my own "realm" implementation with my app, >>>>> because I >>>>> >>>>>> want to call an EJB method in order to authenticate users >>>>>> >>>>>> Tomcat comes with JDBCRealm which can be used to lookup >>>>>> >>>>> username/password >>> >>>> directly in the app DB bypassing application code >>>>>> and Tomcat does like to "bundle" a Realm implementation inside the app >>>>>> >>>>>> The only "issue" I see is the security context to use to access this >>>>>> "realm-EJB" >>>>>> >>>>>> Did I miss something ? >>>>>> >>>>>> Could you bundle a built-in Tomcat Realm that does the trick ? >>>>>> some thing like >>>>>> <Realm className="xxxx.EJBRealm" beanLookup="java:comp/env/**** >>>>>> MyAuthBean" >>>>>> authenticateMethod="******authenticateUser" runAs="superuser" /> >>>>>> >>>>>> or CDI-EL based >>>>>> assuming the presence of a @Named("authbean") >>>>>> <Realm className="xxxx.CDIRealm" authenticateMethod="#{**** >>>>>> authbean.authenticateUser}" >>>>>> runAs="superuser" /> >>>>>> >>>>>> Thanks >>>>>> Enrico >>>>>> >>>>>> >>>>>> >>>>>> >
