hmm thinking a bit more, what about JAAS? it already works out of the box and you are not tomcat dependent in the java files
*Romain Manni-Bucau* *Twitter: @rmannibucau* *Blog: http://rmannibucau.wordpress.com* 2012/8/23 Enrico Olivelli <[email protected]> > I love it > > remember that Tomcat wants a "GenericPrincipal" not a simple Principal > so application code have to be proxyed according to this need > > My goal is that the app only needs to provide an EJB or CDI Bean with a > "authenticate" method which takes username/password and answers with the > list of roles of the user > > with your solution I will provide a bean with such a method > Principal authenticate(String username, String password) > that will be mapped to the Tomcat Realm authenticate(username,**password) > method > some "magic" needs to be done to map application provided Principal with > the GenericPrincipal of Tomcat and the roles list > any idea ? > > > - Enrico > > > Il 23/08/2012 09:27, Romain Manni-Bucau ha scritto: > >> hmm that's another need. >> >> Here how i see things: >> 1) the LazyRealm manage the classloader stuff >> 2) another realm (DelegatorRealm?) does the same using bean matching >> (almost) signatures of realm using java types (java == not tomcat) and >> uses >> reflection to invoke the delegate >> >> wdyt? >> >> *Romain Manni-Bucau* >> *Twitter: @rmannibucau* >> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >> * >> >> >> >> >> 2012/8/23 Enrico Olivelli <[email protected]> >> >> Because realmClass needs to be a implementation of >>> org.apache.catalina.Realm >>> and so in my app I will always need to add a compile time dep on tomcat >>> in >>> my app >>> I would like not to have any compile time dep neither on Tomcat nor on >>> OpenEJB/TomEE if possibile >>> >>> >>> Il 23/08/2012 08:48, Romain Manni-Bucau ha scritto: >>> >>> Why is there a dep? That's just xml >>>> Le 23 août 2012 07:55, "Enrico Olivelli" <[email protected]> a écrit >>>> : >>>> >>>> Thank you >>>> >>>>> Your impl is great! >>>>> >>>>> But with this LazyRealm the app needs to depend compile-time from >>>>> tomcat-catalina "realm" interface (even if it can be created with CDI, >>>>> so I >>>>> think that in this way devs can lookup EJBs) >>>>> I think it should be more powerful to provide a Realm that could call >>>>> directly one business method inside the app (as the EJB example or the >>>>> EL >>>>> example) >>>>> the EL example is very powerfull, because devs who use JSF often >>>>> declare >>>>> <commandButton action="#{usermanager.login(..******....)" > >>>>> >>>>> >>>>> but I think that an EJB stub would be enough >>>>> >>>>> maybe it would be useful to let the app provide a implementation of >>>>> JASS >>>>> LoginModule or some other "standard" way to authenticate the user >>>>> (without >>>>> deploying it in the container, that is sometimes out of the >>>>> possibilities >>>>> of the dev, IT rules!) >>>>> >>>>> another idea >>>>> you can add a wrapper to the application "realm" in LazyRealm to adapt >>>>> it >>>>> to the Realm interface, I think the only useful method is >>>>> authenticate(username,******password) method as the example I sent, >>>>> Tomcat >>>>> >>>>> >>>>> wants it to return a Tomcat specific Principal impl that contains the >>>>> roles >>>>> list >>>>> >>>>> Thanks >>>>> - Enrico >>>>> >>>>> >>>>> Il 22/08/2012 21:39, Romain Manni-Bucau ha scritto: >>>>> >>>>> PS: the realm should be able to use cdi, simply add cdi="true" to the >>>>> >>>>>> realm >>>>>> definition (that's not the default) >>>>>> >>>>>> *Romain Manni-Bucau* >>>>>> *Twitter: @rmannibucau* >>>>>> *Blog: http://rmannibucau.wordpress.******com<http://rmannibucau.** >>>>>> wordpress.com >>>>>> <http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >>>>>> >> >>>>>> >>>>>> * >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 2012/8/22 Romain Manni-Bucau <[email protected]> >>>>>> >>>>>> already looked it several times and the IDE was opened ;) >>>>>> >>>>>> *Romain Manni-Bucau* >>>>>>> *Twitter: @rmannibucau* >>>>>>> >>>>>>> *Blog: http://rmannibucau.wordpress.******com<http://rmannibucau.** >>>>>>> wordpress.com >>>>>>> <http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >>>>>>> >> >>>>>>> >>>>>>> * >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2012/8/22 Thiago Veronezi <[email protected]> >>>>>>> >>>>>>> Dude, you are incredibly fast!!! :O) >>>>>>> >>>>>>> On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau >>>>>>>> <[email protected]>wrote: >>>>>>>> >>>>>>>> >>>>>>>> https://issues.apache.org/******jira/browse/TOMEE-400<https://issues.apache.org/****jira/browse/TOMEE-400> >>>>>>>> <https://**issues.apache.org/**jira/**browse/TOMEE-400<https://issues.apache.org/**jira/browse/TOMEE-400> >>>>>>>> > >>>>>>>> <https://**issues.apache.org/**jira/browse/**TOMEE-400<http://issues.apache.org/jira/browse/**TOMEE-400> >>>>>>>> <https:**//issues.apache.org/jira/**browse/TOMEE-400<https://issues.apache.org/jira/browse/TOMEE-400> >>>>>>>> > >>>>>>>> >>>>>>>>> *Romain Manni-Bucau* >>>>>>>>> *Twitter: @rmannibucau* >>>>>>>>> *Blog: http://rmannibucau.wordpress.******com<http://rmannibucau. >>>>>>>>> ** >>>>>>>>> wordpress.com >>>>>>>>> <http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >>>>>>>>> >> >>>>>>>>> >>>>>>>>> >>>>>>>>> * >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> 2012/8/22 Enrico Olivelli <[email protected]> >>>>>>>>> >>>>>>>>> Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto: >>>>>>>>> >>>>>>>>> hmm, the point is you tomcat creates the realm before the app >>>>>>>>>> is >>>>>>>>>> >>>>>>>>>> started >>>>>>>>>> >>>>>>>>> (== the webapp classloader is not available) so you have to put >>>>>>>>> your >>>>>>>>> >>>>>>>>> realm >>>>>>>>>> in the container >>>>>>>>>> >>>>>>>>>> it is exactly the reason for I'm asking you to put this kind >>>>>>>>>>> of >>>>>>>>>>> >>>>>>>>>>> support >>>>>>>>>> >>>>>>>>> in >>>>>>>>> >>>>>>>>> TomEE, because you cannot deploy a "Realm" implementation >>>>>>>>> directly >>>>>>>>> >>>>>>>>>> in >>>>>>>>>> >>>>>>>>>> your >>>>>>>>>> >>>>>>>>> own application >>>>>>>>> >>>>>>>>>> My trick is just to let the developer of the app bundle in its own >>>>>>>>>> app >>>>>>>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>> only "logic" that implements the real autentication, leaving the >>>>>>>>> >>>>>>>>>> container >>>>>>>>>> >>>>>>>>> to "manage" security >>>>>>>>> >>>>>>>>>> in order to lookup beans you have to make a JNDI lookup only for >>>>>>>>>> every >>>>>>>>>> call to "autenticate", so the realm actually doesn't need to have >>>>>>>>>> >>>>>>>>>> access >>>>>>>>>> >>>>>>>>> to >>>>>>>>> >>>>>>>>> the application context before initialization >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> FYI you can use the tomee maven plugin: >>>>>>>>>> >>>>>>>>>> <plugin> >>>>>>>>>>> <groupId>org.apache.openejb.**** >>>>>>>>>>> ****maven</groupId> >>>>>>>>>>> <artifactId>tomee-maven-******** >>>>>>>>>>> plugin</artifactId> >>>>>>>>>>> <version>1.0.0-SNAPSHOT</********version> >>>>>>>>>>> <configuration> >>>>>>>>>>> <libs> >>>>>>>>>>> <lib>examples:EJBRealm:1.0-***** >>>>>>>>>>> ***SNAPSHOT</lib> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> </libs> >>>>>>>>>>> </configuration> >>>>>>>>>>> </plugin> >>>>>>>>>>> >>>>>>>>>>> I don't know if tomcat already have a kind of lazy realm >>>>>>>>>>> instantiator >>>>>>>>>>> >>>>>>>>>>> but >>>>>>>>>>> >>>>>>>>>> we could add one in tomee to manage such cases >>>>>>>>>> >>>>>>>>>> *Romain Manni-Bucau* >>>>>>>>>>> *Twitter: @rmannibucau* >>>>>>>>>>> >>>>>>>>>>> *Blog: http://rmannibucau.wordpress.********com< >>>>>>>>>>> >>>>>>>>>>> http://rmannibucau.wordpress.******com < >>>>>>>>>>> >>>>>>>>>> http://rmannibucau.wordpress.****com<http://rmannibucau.** >>>>>>>>>> wordpress.com <http://rmannibucau.wordpress.com>> >>>>>>>>>> * >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2012/8/22 Thiago Veronezi <[email protected]> >>>>>>>>>>> >>>>>>>>>>> Hmmmm... I like your idea! >>>>>>>>>>> >>>>>>>>>>> I will try to implement something like that now. >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> []s, >>>>>>>>>>>> Thiago. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli < >>>>>>>>>>>> >>>>>>>>>>>> [email protected] >>>>>>>>>>>> >>>>>>>>>>> wrote: >>>>>>>>>> This is not what I meant >>>>>>>>>> >>>>>>>>>>> I'm attaching an example >>>>>>>>>>>>> >>>>>>>>>>>>> EJBRealm.zip is a simple Tomcat Realm that performs a JNDI >>>>>>>>>>>>> lookup >>>>>>>>>>>>> >>>>>>>>>>>>> to >>>>>>>>>>>>> >>>>>>>>>>>> get >>>>>>>>>>> >>>>>>>>>> an application provided EJB and invokes a method to authenticate >>>>>>>>> >>>>>>>>>> the >>>>>>>>>>> user >>>>>>>>>>> >>>>>>>>>> <Realm className="ejbrealm.EJBRealm" >>>>>>>>>> >>>>>>>>>>> beanname="java:global/**********localhost/MyAuth/AuthBean" >>>>>>>>>>>>> >>>>>>>>>>>>> realmname="MyRealm" loginMethod="loginUser" /> >>>>>>>>>>>> >>>>>>>>>>>> MyAuth.zip is an example webapp which uses it >>>>>>>>>>>>> >>>>>>>>>>>>> - Enrico >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto: >>>>>>>>>>>>> >>>>>>>>>>>>> realm are typically managed by tomcat so tomcat pacakging >>>>>>>>>>>>> should >>>>>>>>>>>>> >>>>>>>>>>>>> work >>>>>>>>>>>>> >>>>>>>>>>>> the link between realm and ejbcontext is done through a wrapper >>>>>>>>>>> realm >>>>>>>>>>> >>>>>>>>>>>> called tomeerealm (added automcatically on the snapshot) so >>>>>>>>>>>> simply >>>>>>>>>>>> >>>>>>>>>>> define >>>>>>>>>> >>>>>>>>>>> the jaasrealm: >>>>>>>>>>>>> >>>>>>>>>>>>> http://svn.apache.org/repos/**********asf/openejb/trunk/** >>>>>>>>>>>>> openejb/*<http://svn.apache.org/repos/********asf/openejb/trunk/openejb/*> >>>>>>>>>>>>> >>>>>>>>>>>>>> ***<http://svn.apache.org/**repos/******asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> <http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>>> **< >>>>>>>>>>>>>> >>>>>>>>>>>>>> http://svn.apache.org/repos/**** >>>>>>>>>>>>>> ****asf/openejb/trunk/openejb/****<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> <http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>> **<http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>> <http://svn.apache.**org/repos/**asf/openejb/trunk/** >>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>> > >>>>>>>>>>>>> >>>>>>>>>>>> examples/cdi-ejbcontext-jaas/**********src/main/tomee/conf/** >>>>>>>>>>>> >>>>>>>>>>> server.** >>>>>>>>>> >>>>>>>>>> **xml< >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> http://svn.apache.org/repos/******<http://svn.apache.org/repos/****> >>>>>>>>>>>>>> >>>>>>>>>>>>>> **asf/openejb/trunk/openejb/****< >>>>>>>>>>>>>> http://svn.apache.org/repos/******asf/openejb/trunk/openejb/* >>>>>>>>>>>>>> ***<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> **<http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> <http://svn.apache.**org/repos/**asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/********src/main/tomee/conf/** >>>>>>>>>>>>> server.** >>>>>>>>>>>>> >>>>>>>>>>>> **xml< >>>>>>>>>>>> >>>>>>>>>>>> http://svn.apache.org/repos/**** >>>>>>>>>>>> **asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>> **<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>> > >>>>>>>>>>>> >>>>>>>>>>> examples/cdi-ejbcontext-jaas/******src/main/tomee/conf/server.** >>>>>>>>>> **xml< >>>>>>>>>> >>>>>>>>> http://svn.apache.org/**repos/**asf/openejb/trunk/**<http://svn.apache.org/**repos/asf/openejb/trunk/**> >>>>>>>> openejb/examples/cdi-****ejbcontext-jaas/src/main/** >>>>>>>> >>>>>>>> tomee/conf/server.xml<http://**svn.apache.org/repos/asf/** >>>>>>>> openejb/trunk/openejb/**examples/cdi-ejbcontext-jaas/** >>>>>>>> src/main/tomee/conf/server.xml<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml> >>>>>>>> **> >>>>>>>> here is a sample: >>>>>>>> >>>>>>>>> http://svn.apache.org/repos/**********asf/openejb/trunk/** >>>>>>>>>> openejb/****<http://svn.apache.org/repos/********asf/openejb/trunk/openejb/****> >>>>>>>>>> <http://svn.**apache.org/repos/******asf/** >>>>>>>>>> openejb/trunk/openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> **< >>>>>>>>>>>>>> >>>>>>>>>>>>>> http://svn.apache.org/repos/**** >>>>>>>>>>>>>> ****asf/openejb/trunk/openejb/****<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> <http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>> **<http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>> <http://svn.apache.**org/repos/**asf/openejb/trunk/** >>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>> > >>>>>>>>>>>>> >>>>>>>>>>>> examples/cdi-ejbcontext-jaas/< >>>>>>>>>>>> >>>>>>>>>>> http://svn.apache.org/repos/**** >>>>>>>>>>> ****asf/openejb/trunk/openejb/****<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>> <http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>>>> **<http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> <http://svn.apache.**org/repos/**asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/< >>>>>>>>>>>>> >>>>>>>>>>>> http://svn.apache.org/repos/**** >>>>>>>>>>>> **asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>> **<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>> > >>>>>>>>>>>> >>>>>>>>>>> examples/cdi-ejbcontext-jaas/<****http://svn.apache.org/repos/** >>>>>>>>>> ** <http://svn.apache.org/repos/**> >>>>>>>>>> >>>>>>>>> asf/openejb/trunk/openejb/****examples/cdi-ejbcontext-jaas/<** >>>>>>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/** >>>>>>>> examples/cdi-ejbcontext-jaas/<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/> >>>>>>>> > >>>>>>>> *Romain Manni-Bucau* >>>>>>>> >>>>>>>>> *Twitter: @rmannibucau* >>>>>>>>>> >>>>>>>>>>> *Blog: http://rmannibucau.wordpress.**********com< >>>>>>>>>>>>>> >>>>>>>>>>>>>> http://rmannibucau.wordpress.********com < >>>>>>>>>>>>>> >>>>>>>>>>>>>> http://rmannibucau.wordpress.******com<http://rmannibucau.** >>>>>>>>>>>>> >>>>>>>>>>>> wordpress.com >>>>>>>>>>>> <http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >>>>>>>>>>>> >> >>>>>>>>>>>> >>>>>>>>>>>> * >>>>>>>>>>> >>>>>>>>>>>> 2012/8/22 Enrico Olivelli <[email protected]> >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'd like to bundle my own "realm" implementation with my >>>>>>>>>>>>>> app, >>>>>>>>>>>>>> because I >>>>>>>>>>>>>> >>>>>>>>>>>>>> want to call an EJB method in order to authenticate users >>>>>>>>>>>>>> >>>>>>>>>>>>>> Tomcat comes with JDBCRealm which can be used to lookup >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> username/password >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> directly in the app DB bypassing application code >>>>>>>>>>>>>> >>>>>>>>>>>>> and Tomcat does like to "bundle" a Realm implementation >>>>>>>>>>>>> inside >>>>>>>>>>>>> >>>>>>>>>>>>>> the >>>>>>>>>>>>>> >>>>>>>>>>>>>> app >>>>>>>>>>>>> >>>>>>>>>>>> The only "issue" I see is the security context to use to >>>>>>>>> access >>>>>>>>> >>>>>>>>>> this >>>>>>>>>>> >>>>>>>>>>>> "realm-EJB" >>>>>>>>>>>>> >>>>>>>>>>>> Did I miss something ? >>>>>>>>>> >>>>>>>>>>> Could you bundle a built-in Tomcat Realm that does the trick ? >>>>>>>>>>>>>>> some thing like >>>>>>>>>>>>>>> <Realm className="xxxx.EJBRealm" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> beanLookup="java:comp/env/**** >>>>>>>>>>>>>>> >>>>>>>>>>>>>> MyAuthBean" >>>>>>>>>>>>> >>>>>>>>>>>> authenticateMethod="************authenticateUser" >>>>>>>>>> runAs="superuser" >>>>>>>>>> >>>>>>>>>> /> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> or CDI-EL based >>>>>>>>>>>>>>> assuming the presence of a @Named("authbean") >>>>>>>>>>>>>>> <Realm className="xxxx.CDIRealm" >>>>>>>>>>>>>>> authenticateMethod="#{**** >>>>>>>>>>>>>>> authbean.authenticateUser}" >>>>>>>>>>>>>>> runAs="superuser" /> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>> Enrico >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >
