already looked it several times and the IDE was opened ;) *Romain Manni-Bucau* *Twitter: @rmannibucau* *Blog: http://rmannibucau.wordpress.com*
2012/8/22 Thiago Veronezi <[email protected]> > Dude, you are incredibly fast!!! :O) > > > On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau > <[email protected]>wrote: > > > https://issues.apache.org/jira/browse/TOMEE-400 > > > > *Romain Manni-Bucau* > > *Twitter: @rmannibucau* > > *Blog: http://rmannibucau.wordpress.com* > > > > > > > > > > 2012/8/22 Enrico Olivelli <[email protected]> > > > > > Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto: > > > > > > hmm, the point is you tomcat creates the realm before the app is > started > > >> (== the webapp classloader is not available) so you have to put your > > realm > > >> in the container > > >> > > > > > > it is exactly the reason for I'm asking you to put this kind of support > > in > > > TomEE, because you cannot deploy a "Realm" implementation directly in > > your > > > own application > > > My trick is just to let the developer of the app bundle in its own app > > the > > > only "logic" that implements the real autentication, leaving the > > container > > > to "manage" security > > > > > > in order to lookup beans you have to make a JNDI lookup only for every > > > call to "autenticate", so the realm actually doesn't need to have > access > > to > > > the application context before initialization > > > > > > > > > > > >> FYI you can use the tomee maven plugin: > > >> > > >> <plugin> > > >> <groupId>org.apache.openejb.**maven</groupId> > > >> <artifactId>tomee-maven-**plugin</artifactId> > > >> <version>1.0.0-SNAPSHOT</**version> > > >> <configuration> > > >> <libs> > > >> <lib>examples:EJBRealm:1.0-**SNAPSHOT</lib> > > >> </libs> > > >> </configuration> > > >> </plugin> > > >> > > >> I don't know if tomcat already have a kind of lazy realm instantiator > > but > > >> we could add one in tomee to manage such cases > > >> > > >> *Romain Manni-Bucau* > > >> *Twitter: @rmannibucau* > > >> *Blog: http://rmannibucau.wordpress.**com< > > http://rmannibucau.wordpress.com> > > >> * > > >> > > >> > > >> > > >> > > >> > > >> 2012/8/22 Thiago Veronezi <[email protected]> > > >> > > >> Hmmmm... I like your idea! > > >>> I will try to implement something like that now. > > >>> > > >>> > > >>> []s, > > >>> Thiago. > > >>> > > >>> > > >>> On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli < > [email protected] > > >>> > > >>>> wrote: > > >>>> This is not what I meant > > >>>> I'm attaching an example > > >>>> > > >>>> EJBRealm.zip is a simple Tomcat Realm that performs a JNDI lookup to > > get > > >>>> an application provided EJB and invokes a method to authenticate the > > >>>> user > > >>>> <Realm className="ejbrealm.EJBRealm" > > >>>> > > >>> beanname="java:global/****localhost/MyAuth/AuthBean" > > >>> > > >>>> realmname="MyRealm" loginMethod="loginUser" /> > > >>>> > > >>>> MyAuth.zip is an example webapp which uses it > > >>>> > > >>>> - Enrico > > >>>> > > >>>> > > >>>> Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto: > > >>>> > > >>>> realm are typically managed by tomcat so tomcat pacakging should > > work > > >>>> > > >>>>> the link between realm and ejbcontext is done through a wrapper > realm > > >>>>> called tomeerealm (added automcatically on the snapshot) so simply > > >>>>> > > >>>> define > > >>> > > >>>> the jaasrealm: > > >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**< > > http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> > > >>>>> examples/cdi-ejbcontext-jaas/****src/main/tomee/conf/server.**xml< > > >>>>> > > >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** > > >>> examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml< > > > http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml > > > > > >>> > > >>>> here is a sample: > > >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**< > > http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> > > >>>>> examples/cdi-ejbcontext-jaas/< > > >>>>> > > >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** > > >>> examples/cdi-ejbcontext-jaas/< > > > http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/ > > > > > >>> > > >>>> *Romain Manni-Bucau* > > >>>>> *Twitter: @rmannibucau* > > >>>>> *Blog: http://rmannibucau.wordpress.****com< > > >>>>> > > >>>> http://rmannibucau.wordpress.**com < > http://rmannibucau.wordpress.com > > >> > > >>> > > >>>> * > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> 2012/8/22 Enrico Olivelli <[email protected]> > > >>>>> > > >>>>> I'd like to bundle my own "realm" implementation with my app, > > >>>>> because I > > >>>>> > > >>>>>> want to call an EJB method in order to authenticate users > > >>>>>> > > >>>>>> Tomcat comes with JDBCRealm which can be used to lookup > > >>>>>> > > >>>>> username/password > > >>> > > >>>> directly in the app DB bypassing application code > > >>>>>> and Tomcat does like to "bundle" a Realm implementation inside the > > app > > >>>>>> > > >>>>>> The only "issue" I see is the security context to use to access > this > > >>>>>> "realm-EJB" > > >>>>>> > > >>>>>> Did I miss something ? > > >>>>>> > > >>>>>> Could you bundle a built-in Tomcat Realm that does the trick ? > > >>>>>> some thing like > > >>>>>> <Realm className="xxxx.EJBRealm" beanLookup="java:comp/env/**** > > >>>>>> MyAuthBean" > > >>>>>> authenticateMethod="******authenticateUser" runAs="superuser" /> > > >>>>>> > > >>>>>> or CDI-EL based > > >>>>>> assuming the presence of a @Named("authbean") > > >>>>>> <Realm className="xxxx.CDIRealm" authenticateMethod="#{**** > > >>>>>> authbean.authenticateUser}" > > >>>>>> runAs="superuser" /> > > >>>>>> > > >>>>>> Thanks > > >>>>>> Enrico > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > > > > >
