Dude, you are incredibly fast!!! :O)
On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau <[email protected]>wrote: > https://issues.apache.org/jira/browse/TOMEE-400 > > *Romain Manni-Bucau* > *Twitter: @rmannibucau* > *Blog: http://rmannibucau.wordpress.com* > > > > > 2012/8/22 Enrico Olivelli <[email protected]> > > > Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto: > > > > hmm, the point is you tomcat creates the realm before the app is started > >> (== the webapp classloader is not available) so you have to put your > realm > >> in the container > >> > > > > it is exactly the reason for I'm asking you to put this kind of support > in > > TomEE, because you cannot deploy a "Realm" implementation directly in > your > > own application > > My trick is just to let the developer of the app bundle in its own app > the > > only "logic" that implements the real autentication, leaving the > container > > to "manage" security > > > > in order to lookup beans you have to make a JNDI lookup only for every > > call to "autenticate", so the realm actually doesn't need to have access > to > > the application context before initialization > > > > > > > >> FYI you can use the tomee maven plugin: > >> > >> <plugin> > >> <groupId>org.apache.openejb.**maven</groupId> > >> <artifactId>tomee-maven-**plugin</artifactId> > >> <version>1.0.0-SNAPSHOT</**version> > >> <configuration> > >> <libs> > >> <lib>examples:EJBRealm:1.0-**SNAPSHOT</lib> > >> </libs> > >> </configuration> > >> </plugin> > >> > >> I don't know if tomcat already have a kind of lazy realm instantiator > but > >> we could add one in tomee to manage such cases > >> > >> *Romain Manni-Bucau* > >> *Twitter: @rmannibucau* > >> *Blog: http://rmannibucau.wordpress.**com< > http://rmannibucau.wordpress.com> > >> * > >> > >> > >> > >> > >> > >> 2012/8/22 Thiago Veronezi <[email protected]> > >> > >> Hmmmm... I like your idea! > >>> I will try to implement something like that now. > >>> > >>> > >>> []s, > >>> Thiago. > >>> > >>> > >>> On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli <[email protected] > >>> > >>>> wrote: > >>>> This is not what I meant > >>>> I'm attaching an example > >>>> > >>>> EJBRealm.zip is a simple Tomcat Realm that performs a JNDI lookup to > get > >>>> an application provided EJB and invokes a method to authenticate the > >>>> user > >>>> <Realm className="ejbrealm.EJBRealm" > >>>> > >>> beanname="java:global/****localhost/MyAuth/AuthBean" > >>> > >>>> realmname="MyRealm" loginMethod="loginUser" /> > >>>> > >>>> MyAuth.zip is an example webapp which uses it > >>>> > >>>> - Enrico > >>>> > >>>> > >>>> Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto: > >>>> > >>>> realm are typically managed by tomcat so tomcat pacakging should > work > >>>> > >>>>> the link between realm and ejbcontext is done through a wrapper realm > >>>>> called tomeerealm (added automcatically on the snapshot) so simply > >>>>> > >>>> define > >>> > >>>> the jaasrealm: > >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**< > http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> > >>>>> examples/cdi-ejbcontext-jaas/****src/main/tomee/conf/server.**xml< > >>>>> > >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** > >>> examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml< > http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml > > > >>> > >>>> here is a sample: > >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**< > http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> > >>>>> examples/cdi-ejbcontext-jaas/< > >>>>> > >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** > >>> examples/cdi-ejbcontext-jaas/< > http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/ > > > >>> > >>>> *Romain Manni-Bucau* > >>>>> *Twitter: @rmannibucau* > >>>>> *Blog: http://rmannibucau.wordpress.****com< > >>>>> > >>>> http://rmannibucau.wordpress.**com <http://rmannibucau.wordpress.com > >> > >>> > >>>> * > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> 2012/8/22 Enrico Olivelli <[email protected]> > >>>>> > >>>>> I'd like to bundle my own "realm" implementation with my app, > >>>>> because I > >>>>> > >>>>>> want to call an EJB method in order to authenticate users > >>>>>> > >>>>>> Tomcat comes with JDBCRealm which can be used to lookup > >>>>>> > >>>>> username/password > >>> > >>>> directly in the app DB bypassing application code > >>>>>> and Tomcat does like to "bundle" a Realm implementation inside the > app > >>>>>> > >>>>>> The only "issue" I see is the security context to use to access this > >>>>>> "realm-EJB" > >>>>>> > >>>>>> Did I miss something ? > >>>>>> > >>>>>> Could you bundle a built-in Tomcat Realm that does the trick ? > >>>>>> some thing like > >>>>>> <Realm className="xxxx.EJBRealm" beanLookup="java:comp/env/**** > >>>>>> MyAuthBean" > >>>>>> authenticateMethod="******authenticateUser" runAs="superuser" /> > >>>>>> > >>>>>> or CDI-EL based > >>>>>> assuming the presence of a @Named("authbean") > >>>>>> <Realm className="xxxx.CDIRealm" authenticateMethod="#{**** > >>>>>> authbean.authenticateUser}" > >>>>>> runAs="superuser" /> > >>>>>> > >>>>>> Thanks > >>>>>> Enrico > >>>>>> > >>>>>> > >>>>>> > >>>>>> > > >
