Thank you
Your impl is great!
But with this LazyRealm the app needs to depend compile-time from
tomcat-catalina "realm" interface (even if it can be created with CDI,
so I think that in this way devs can lookup EJBs)
I think it should be more powerful to provide a Realm that could call
directly one business method inside the app (as the EJB example or the
EL example)
the EL example is very powerfull, because devs who use JSF often declare
<commandButton action="#{usermanager.login(......)" >
but I think that an EJB stub would be enough
maybe it would be useful to let the app provide a implementation of JASS
LoginModule or some other "standard" way to authenticate the user
(without deploying it in the container, that is sometimes out of the
possibilities of the dev, IT rules!)
another idea
you can add a wrapper to the application "realm" in LazyRealm to adapt
it to the Realm interface, I think the only useful method is
authenticate(username,password) method as the example I sent, Tomcat
wants it to return a Tomcat specific Principal impl that contains the
roles list
Thanks
- Enrico
Il 22/08/2012 21:39, Romain Manni-Bucau ha scritto:
PS: the realm should be able to use cdi, simply add cdi="true" to the realm
definition (that's not the default)
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/22 Romain Manni-Bucau <[email protected]>
already looked it several times and the IDE was opened ;)
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/22 Thiago Veronezi <[email protected]>
Dude, you are incredibly fast!!! :O)
On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau
<[email protected]>wrote:
https://issues.apache.org/jira/browse/TOMEE-400
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/22 Enrico Olivelli <[email protected]>
Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto:
hmm, the point is you tomcat creates the realm before the app is
started
(== the webapp classloader is not available) so you have to put your
realm
in the container
it is exactly the reason for I'm asking you to put this kind of
support
in
TomEE, because you cannot deploy a "Realm" implementation directly in
your
own application
My trick is just to let the developer of the app bundle in its own app
the
only "logic" that implements the real autentication, leaving the
container
to "manage" security
in order to lookup beans you have to make a JNDI lookup only for every
call to "autenticate", so the realm actually doesn't need to have
access
to
the application context before initialization
FYI you can use the tomee maven plugin:
<plugin>
<groupId>org.apache.openejb.**maven</groupId>
<artifactId>tomee-maven-**plugin</artifactId>
<version>1.0.0-SNAPSHOT</**version>
<configuration>
<libs>
<lib>examples:EJBRealm:1.0-**SNAPSHOT</lib>
</libs>
</configuration>
</plugin>
I don't know if tomcat already have a kind of lazy realm instantiator
but
we could add one in tomee to manage such cases
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**com<
http://rmannibucau.wordpress.com>
*
2012/8/22 Thiago Veronezi <[email protected]>
Hmmmm... I like your idea!
I will try to implement something like that now.
[]s,
Thiago.
On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli <
[email protected]
wrote:
This is not what I meant
I'm attaching an example
EJBRealm.zip is a simple Tomcat Realm that performs a JNDI lookup
to
get
an application provided EJB and invokes a method to authenticate
the
user
<Realm className="ejbrealm.EJBRealm"
beanname="java:global/****localhost/MyAuth/AuthBean"
realmname="MyRealm" loginMethod="loginUser" />
MyAuth.zip is an example webapp which uses it
- Enrico
Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto:
realm are typically managed by tomcat so tomcat pacakging should
work
the link between realm and ejbcontext is done through a wrapper
realm
called tomeerealm (added automcatically on the snapshot) so simply
define
the jaasrealm:
http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<
http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/****src/main/tomee/conf/server.**xml<
http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**
examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml<
http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml
here is a sample:
http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<
http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/<
http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**
examples/cdi-ejbcontext-jaas/<
http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.****com<
http://rmannibucau.wordpress.**com <
http://rmannibucau.wordpress.com
*
2012/8/22 Enrico Olivelli <[email protected]>
I'd like to bundle my own "realm" implementation with my app,
because I
want to call an EJB method in order to authenticate users
Tomcat comes with JDBCRealm which can be used to lookup
username/password
directly in the app DB bypassing application code
and Tomcat does like to "bundle" a Realm implementation inside
the
app
The only "issue" I see is the security context to use to access
this
"realm-EJB"
Did I miss something ?
Could you bundle a built-in Tomcat Realm that does the trick ?
some thing like
<Realm className="xxxx.EJBRealm"
beanLookup="java:comp/env/****
MyAuthBean"
authenticateMethod="******authenticateUser" runAs="superuser" />
or CDI-EL based
assuming the presence of a @Named("authbean")
<Realm className="xxxx.CDIRealm" authenticateMethod="#{****
authbean.authenticateUser}"
runAs="superuser" />
Thanks
Enrico
