PS: the realm should be able to use cdi, simply add cdi="true" to the realm definition (that's not the default)
*Romain Manni-Bucau* *Twitter: @rmannibucau* *Blog: http://rmannibucau.wordpress.com* 2012/8/22 Romain Manni-Bucau <[email protected]> > already looked it several times and the IDE was opened ;) > > *Romain Manni-Bucau* > *Twitter: @rmannibucau* > *Blog: http://rmannibucau.wordpress.com* > > > > > 2012/8/22 Thiago Veronezi <[email protected]> > >> Dude, you are incredibly fast!!! :O) >> >> >> On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau >> <[email protected]>wrote: >> >> > https://issues.apache.org/jira/browse/TOMEE-400 >> > >> > *Romain Manni-Bucau* >> > *Twitter: @rmannibucau* >> > *Blog: http://rmannibucau.wordpress.com* >> > >> > >> > >> > >> > 2012/8/22 Enrico Olivelli <[email protected]> >> > >> > > Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto: >> > > >> > > hmm, the point is you tomcat creates the realm before the app is >> started >> > >> (== the webapp classloader is not available) so you have to put your >> > realm >> > >> in the container >> > >> >> > > >> > > it is exactly the reason for I'm asking you to put this kind of >> support >> > in >> > > TomEE, because you cannot deploy a "Realm" implementation directly in >> > your >> > > own application >> > > My trick is just to let the developer of the app bundle in its own app >> > the >> > > only "logic" that implements the real autentication, leaving the >> > container >> > > to "manage" security >> > > >> > > in order to lookup beans you have to make a JNDI lookup only for every >> > > call to "autenticate", so the realm actually doesn't need to have >> access >> > to >> > > the application context before initialization >> > > >> > > >> > > >> > >> FYI you can use the tomee maven plugin: >> > >> >> > >> <plugin> >> > >> <groupId>org.apache.openejb.**maven</groupId> >> > >> <artifactId>tomee-maven-**plugin</artifactId> >> > >> <version>1.0.0-SNAPSHOT</**version> >> > >> <configuration> >> > >> <libs> >> > >> <lib>examples:EJBRealm:1.0-**SNAPSHOT</lib> >> > >> </libs> >> > >> </configuration> >> > >> </plugin> >> > >> >> > >> I don't know if tomcat already have a kind of lazy realm instantiator >> > but >> > >> we could add one in tomee to manage such cases >> > >> >> > >> *Romain Manni-Bucau* >> > >> *Twitter: @rmannibucau* >> > >> *Blog: http://rmannibucau.wordpress.**com< >> > http://rmannibucau.wordpress.com> >> > >> * >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> 2012/8/22 Thiago Veronezi <[email protected]> >> > >> >> > >> Hmmmm... I like your idea! >> > >>> I will try to implement something like that now. >> > >>> >> > >>> >> > >>> []s, >> > >>> Thiago. >> > >>> >> > >>> >> > >>> On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli < >> [email protected] >> > >>> >> > >>>> wrote: >> > >>>> This is not what I meant >> > >>>> I'm attaching an example >> > >>>> >> > >>>> EJBRealm.zip is a simple Tomcat Realm that performs a JNDI lookup >> to >> > get >> > >>>> an application provided EJB and invokes a method to authenticate >> the >> > >>>> user >> > >>>> <Realm className="ejbrealm.EJBRealm" >> > >>>> >> > >>> beanname="java:global/****localhost/MyAuth/AuthBean" >> > >>> >> > >>>> realmname="MyRealm" loginMethod="loginUser" /> >> > >>>> >> > >>>> MyAuth.zip is an example webapp which uses it >> > >>>> >> > >>>> - Enrico >> > >>>> >> > >>>> >> > >>>> Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto: >> > >>>> >> > >>>> realm are typically managed by tomcat so tomcat pacakging should >> > work >> > >>>> >> > >>>>> the link between realm and ejbcontext is done through a wrapper >> realm >> > >>>>> called tomeerealm (added automcatically on the snapshot) so simply >> > >>>>> >> > >>>> define >> > >>> >> > >>>> the jaasrealm: >> > >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**< >> > http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >> > >>>>> examples/cdi-ejbcontext-jaas/****src/main/tomee/conf/server.**xml< >> > >>>>> >> > >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** >> > >>> examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml< >> > >> http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml >> > > >> > >>> >> > >>>> here is a sample: >> > >>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**< >> > http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >> > >>>>> examples/cdi-ejbcontext-jaas/< >> > >>>>> >> > >>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** >> > >>> examples/cdi-ejbcontext-jaas/< >> > >> http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/ >> > > >> > >>> >> > >>>> *Romain Manni-Bucau* >> > >>>>> *Twitter: @rmannibucau* >> > >>>>> *Blog: http://rmannibucau.wordpress.****com< >> > >>>>> >> > >>>> http://rmannibucau.wordpress.**com < >> http://rmannibucau.wordpress.com >> > >> >> > >>> >> > >>>> * >> > >>>>> >> > >>>>> >> > >>>>> >> > >>>>> >> > >>>>> 2012/8/22 Enrico Olivelli <[email protected]> >> > >>>>> >> > >>>>> I'd like to bundle my own "realm" implementation with my app, >> > >>>>> because I >> > >>>>> >> > >>>>>> want to call an EJB method in order to authenticate users >> > >>>>>> >> > >>>>>> Tomcat comes with JDBCRealm which can be used to lookup >> > >>>>>> >> > >>>>> username/password >> > >>> >> > >>>> directly in the app DB bypassing application code >> > >>>>>> and Tomcat does like to "bundle" a Realm implementation inside >> the >> > app >> > >>>>>> >> > >>>>>> The only "issue" I see is the security context to use to access >> this >> > >>>>>> "realm-EJB" >> > >>>>>> >> > >>>>>> Did I miss something ? >> > >>>>>> >> > >>>>>> Could you bundle a built-in Tomcat Realm that does the trick ? >> > >>>>>> some thing like >> > >>>>>> <Realm className="xxxx.EJBRealm" >> beanLookup="java:comp/env/**** >> > >>>>>> MyAuthBean" >> > >>>>>> authenticateMethod="******authenticateUser" runAs="superuser" /> >> > >>>>>> >> > >>>>>> or CDI-EL based >> > >>>>>> assuming the presence of a @Named("authbean") >> > >>>>>> <Realm className="xxxx.CDIRealm" authenticateMethod="#{**** >> > >>>>>> authbean.authenticateUser}" >> > >>>>>> runAs="superuser" /> >> > >>>>>> >> > >>>>>> Thanks >> > >>>>>> Enrico >> > >>>>>> >> > >>>>>> >> > >>>>>> >> > >>>>>> >> > > >> > >> > >
