i don't get it, you can define your LoginModule in the webapp i think, you even have the useContextClassLoader parameter
*Romain Manni-Bucau* *Twitter: @rmannibucau* *Blog: http://rmannibucau.wordpress.com* 2012/8/23 Enrico Olivelli <[email protected]> > Yes, the problem in Tomcat JAAS Realm is that you have to bundle your > LoginModule with the container > It would be very nice to let the app provide a LoginModule > > do not drop LazyRealm, it fills a gap in Tomcat Realm standard > implementations (what about giving it, without CDI, to Tomcat directly?) > > I can't understand why JavaEE specs does not cover this common case > I always developed Software as a Service apps, I could never use Container > Managed security ! > > > Il 23/08/2012 09:58, Romain Manni-Bucau ha scritto: > >> hmm thinking a bit more, what about JAAS? it already works out of the box >> and you are not tomcat dependent in the java files >> >> *Romain Manni-Bucau* >> *Twitter: @rmannibucau* >> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >> * >> >> >> >> >> 2012/8/23 Enrico Olivelli <[email protected]> >> >> I love it >>> >>> remember that Tomcat wants a "GenericPrincipal" not a simple Principal >>> so application code have to be proxyed according to this need >>> >>> My goal is that the app only needs to provide an EJB or CDI Bean with a >>> "authenticate" method which takes username/password and answers with the >>> list of roles of the user >>> >>> with your solution I will provide a bean with such a method >>> Principal authenticate(String username, String password) >>> that will be mapped to the Tomcat Realm authenticate(username,**** >>> password) >>> >>> method >>> some "magic" needs to be done to map application provided Principal with >>> the GenericPrincipal of Tomcat and the roles list >>> any idea ? >>> >>> >>> - Enrico >>> >>> >>> Il 23/08/2012 09:27, Romain Manni-Bucau ha scritto: >>> >>> hmm that's another need. >>>> >>>> Here how i see things: >>>> 1) the LazyRealm manage the classloader stuff >>>> 2) another realm (DelegatorRealm?) does the same using bean matching >>>> (almost) signatures of realm using java types (java == not tomcat) and >>>> uses >>>> reflection to invoke the delegate >>>> >>>> wdyt? >>>> >>>> *Romain Manni-Bucau* >>>> *Twitter: @rmannibucau* >>>> *Blog: http://rmannibucau.wordpress.****com<http://rmannibucau.** >>>> wordpress.com <http://rmannibucau.wordpress.com>> >>>> >>>> * >>>> >>>> >>>> >>>> >>>> 2012/8/23 Enrico Olivelli <[email protected]> >>>> >>>> Because realmClass needs to be a implementation of >>>> >>>>> org.apache.catalina.Realm >>>>> and so in my app I will always need to add a compile time dep on tomcat >>>>> in >>>>> my app >>>>> I would like not to have any compile time dep neither on Tomcat nor on >>>>> OpenEJB/TomEE if possibile >>>>> >>>>> >>>>> Il 23/08/2012 08:48, Romain Manni-Bucau ha scritto: >>>>> >>>>> Why is there a dep? That's just xml >>>>> >>>>>> Le 23 août 2012 07:55, "Enrico Olivelli" <[email protected]> a >>>>>> écrit >>>>>> : >>>>>> >>>>>> Thank you >>>>>> >>>>>> Your impl is great! >>>>>>> >>>>>>> But with this LazyRealm the app needs to depend compile-time from >>>>>>> tomcat-catalina "realm" interface (even if it can be created with >>>>>>> CDI, >>>>>>> so I >>>>>>> think that in this way devs can lookup EJBs) >>>>>>> I think it should be more powerful to provide a Realm that could call >>>>>>> directly one business method inside the app (as the EJB example or >>>>>>> the >>>>>>> EL >>>>>>> example) >>>>>>> the EL example is very powerfull, because devs who use JSF often >>>>>>> declare >>>>>>> <commandButton action="#{usermanager.login(..********....)" > >>>>>>> >>>>>>> >>>>>>> >>>>>>> but I think that an EJB stub would be enough >>>>>>> >>>>>>> maybe it would be useful to let the app provide a implementation of >>>>>>> JASS >>>>>>> LoginModule or some other "standard" way to authenticate the user >>>>>>> (without >>>>>>> deploying it in the container, that is sometimes out of the >>>>>>> possibilities >>>>>>> of the dev, IT rules!) >>>>>>> >>>>>>> another idea >>>>>>> you can add a wrapper to the application "realm" in LazyRealm to >>>>>>> adapt >>>>>>> it >>>>>>> to the Realm interface, I think the only useful method is >>>>>>> authenticate(username,********password) method as the example I >>>>>>> sent, >>>>>>> >>>>>>> Tomcat >>>>>>> >>>>>>> >>>>>>> wants it to return a Tomcat specific Principal impl that contains the >>>>>>> roles >>>>>>> list >>>>>>> >>>>>>> Thanks >>>>>>> - Enrico >>>>>>> >>>>>>> >>>>>>> Il 22/08/2012 21:39, Romain Manni-Bucau ha scritto: >>>>>>> >>>>>>> PS: the realm should be able to use cdi, simply add cdi="true" to >>>>>>> the >>>>>>> >>>>>>> realm >>>>>>>> definition (that's not the default) >>>>>>>> >>>>>>>> *Romain Manni-Bucau* >>>>>>>> *Twitter: @rmannibucau* >>>>>>>> *Blog: http://rmannibucau.wordpress.********com<http://rmannibucau. >>>>>>>> ** >>>>>>>> wordpress.com <http://rmannibucau.wordpress.****com< >>>>>>>> http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com> >>>>>>>> > >>>>>>>> * >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2012/8/22 Romain Manni-Bucau <[email protected]> >>>>>>>> >>>>>>>> already looked it several times and the IDE was opened ;) >>>>>>>> >>>>>>>> *Romain Manni-Bucau* >>>>>>>> >>>>>>>>> *Twitter: @rmannibucau* >>>>>>>>> >>>>>>>>> *Blog: http://rmannibucau.wordpress.********com< >>>>>>>>> http://rmannibucau.** >>>>>>>>> wordpress.com <http://rmannibucau.wordpress.****com< >>>>>>>>> http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com> >>>>>>>>> > >>>>>>>>> >>>>>>>>> * >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> 2012/8/22 Thiago Veronezi <[email protected]> >>>>>>>>> >>>>>>>>> Dude, you are incredibly fast!!! :O) >>>>>>>>> >>>>>>>>> On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau >>>>>>>>> >>>>>>>>>> <[email protected]>wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> https://issues.apache.org/********jira/browse/TOMEE-400<https://issues.apache.org/******jira/browse/TOMEE-400> >>>>>>>>>> <https:**//issues.apache.org/****jira/**browse/TOMEE-400<https://issues.apache.org/****jira/browse/TOMEE-400> >>>>>>>>>> > >>>>>>>>>> <https://**issues.apache.org/****jira/**browse/TOMEE-400<http://issues.apache.org/**jira/**browse/TOMEE-400> >>>>>>>>>> <https**://issues.apache.org/**jira/**browse/TOMEE-400<https://issues.apache.org/**jira/browse/TOMEE-400> >>>>>>>>>> > >>>>>>>>>> <https://**issues.apache.org/****jira/browse/**TOMEE-400<http://issues.apache.org/**jira/browse/**TOMEE-400> >>>>>>>>>> <http:**//issues.apache.org/jira/**browse/**TOMEE-400<http://issues.apache.org/jira/browse/**TOMEE-400> >>>>>>>>>> > >>>>>>>>>> <https:**//issues.apache.org/**jira/**browse/TOMEE-400<http://issues.apache.org/jira/**browse/TOMEE-400> >>>>>>>>>> <https:**//issues.apache.org/jira/**browse/TOMEE-400<https://issues.apache.org/jira/browse/TOMEE-400> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>>> *Romain Manni-Bucau* >>>>>>>>>>> *Twitter: @rmannibucau* >>>>>>>>>>> *Blog: http://rmannibucau.wordpress.********com< >>>>>>>>>>> http://rmannibucau. >>>>>>>>>>> ** >>>>>>>>>>> wordpress.com <http://rmannibucau.wordpress.****com< >>>>>>>>>>> http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>>> * >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2012/8/22 Enrico Olivelli <[email protected]> >>>>>>>>>>> >>>>>>>>>>> Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto: >>>>>>>>>>> >>>>>>>>>>> hmm, the point is you tomcat creates the realm before the >>>>>>>>>>> app >>>>>>>>>>> >>>>>>>>>>>> is >>>>>>>>>>>> >>>>>>>>>>>> started >>>>>>>>>>>> >>>>>>>>>>>> (== the webapp classloader is not available) so you have to put >>>>>>>>>>> your >>>>>>>>>>> >>>>>>>>>>> realm >>>>>>>>>>> >>>>>>>>>>>> in the container >>>>>>>>>>>> >>>>>>>>>>>> it is exactly the reason for I'm asking you to put this >>>>>>>>>>>> kind >>>>>>>>>>>> >>>>>>>>>>>>> of >>>>>>>>>>>>> >>>>>>>>>>>>> support >>>>>>>>>>>>> >>>>>>>>>>>> in >>>>>>>>>>> >>>>>>>>>>> TomEE, because you cannot deploy a "Realm" implementation >>>>>>>>>>> directly >>>>>>>>>>> >>>>>>>>>>> in >>>>>>>>>>>> >>>>>>>>>>>> your >>>>>>>>>>>> >>>>>>>>>>>> own application >>>>>>>>>>> >>>>>>>>>>> My trick is just to let the developer of the app bundle in its >>>>>>>>>>>> own >>>>>>>>>>>> app >>>>>>>>>>>> >>>>>>>>>>>> the >>>>>>>>>>>> >>>>>>>>>>>> only "logic" that implements the real autentication, >>>>>>>>>>> leaving the >>>>>>>>>>> >>>>>>>>>>> container >>>>>>>>>>>> >>>>>>>>>>>> to "manage" security >>>>>>>>>>> >>>>>>>>>>> in order to lookup beans you have to make a JNDI lookup only for >>>>>>>>>>>> every >>>>>>>>>>>> call to "autenticate", so the realm actually doesn't need to >>>>>>>>>>>> have >>>>>>>>>>>> >>>>>>>>>>>> access >>>>>>>>>>>> >>>>>>>>>>>> to >>>>>>>>>>> >>>>>>>>>>> the application context before initialization >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> FYI you can use the tomee maven plugin: >>>>>>>>>>>> >>>>>>>>>>>> <plugin> >>>>>>>>>>>> >>>>>>>>>>>>> <groupId>org.apache.openejb.****** >>>>>>>>>>>>> ****maven</groupId> >>>>>>>>>>>>> <artifactId>tomee-maven-********** >>>>>>>>>>>>> plugin</artifactId> >>>>>>>>>>>>> <version>1.0.0-SNAPSHOT</**********version> >>>>>>>>>>>>> >>>>>>>>>>>>> <configuration> >>>>>>>>>>>>> <libs> >>>>>>>>>>>>> <lib>examples:EJBRealm:1.0-******* >>>>>>>>>>>>> ***SNAPSHOT</lib> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> </libs> >>>>>>>>>>>>> </configuration> >>>>>>>>>>>>> </plugin> >>>>>>>>>>>>> >>>>>>>>>>>>> I don't know if tomcat already have a kind of lazy realm >>>>>>>>>>>>> instantiator >>>>>>>>>>>>> >>>>>>>>>>>>> but >>>>>>>>>>>>> >>>>>>>>>>>>> we could add one in tomee to manage such cases >>>>>>>>>>>> >>>>>>>>>>>> *Romain Manni-Bucau* >>>>>>>>>>>> >>>>>>>>>>>>> *Twitter: @rmannibucau* >>>>>>>>>>>>> >>>>>>>>>>>>> *Blog: http://rmannibucau.wordpress.**********com< >>>>>>>>>>>>> >>>>>>>>>>>>> http://rmannibucau.wordpress.********com < >>>>>>>>>>>>> >>>>>>>>>>>>> http://rmannibucau.wordpress.******com<http://rmannibucau.** >>>>>>>>>>>> wordpress.com >>>>>>>>>>>> <http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com> >>>>>>>>>>>> >> >>>>>>>>>>>> * >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> 2012/8/22 Thiago Veronezi <[email protected]> >>>>>>>>>>>>> >>>>>>>>>>>>> Hmmmm... I like your idea! >>>>>>>>>>>>> >>>>>>>>>>>>> I will try to implement something like that now. >>>>>>>>>>>>> >>>>>>>>>>>>> []s, >>>>>>>>>>>>>> Thiago. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli < >>>>>>>>>>>>>> >>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>> This is not what I meant >>>>>>>>>>>> >>>>>>>>>>>> I'm attaching an example >>>>>>>>>>>>> >>>>>>>>>>>>>> EJBRealm.zip is a simple Tomcat Realm that performs a JNDI >>>>>>>>>>>>>>> lookup >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> to >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> get >>>>>>>>>>>>>> >>>>>>>>>>>>> an application provided EJB and invokes a method to >>>>>>>>>>>> authenticate >>>>>>>>>>>> the >>>>>>>>>>>> >>>>>>>>>>>>> user >>>>>>>>>>>>> >>>>>>>>>>>>> <Realm className="ejbrealm.EJBRealm" >>>>>>>>>>>> >>>>>>>>>>>> beanname="java:global/********** >>>>>>>>>>>>> **localhost/MyAuth/AuthBean" >>>>>>>>>>>>> >>>>>>>>>>>>> realmname="MyRealm" loginMethod="loginUser" /> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> MyAuth.zip is an example webapp which uses it >>>>>>>>>>>>>> >>>>>>>>>>>>>>> - Enrico >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> realm are typically managed by tomcat so tomcat >>>>>>>>>>>>>>> pacakging >>>>>>>>>>>>>>> should >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> work >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> the link between realm and ejbcontext is done through a >>>>>>>>>>>>>> wrapper >>>>>>>>>>>>>> >>>>>>>>>>>>> realm >>>>>>>>>>>>> >>>>>>>>>>>>> called tomeerealm (added automcatically on the snapshot) so >>>>>>>>>>>>>> simply >>>>>>>>>>>>>> >>>>>>>>>>>>>> define >>>>>>>>>>>>> the jaasrealm: >>>>>>>>>>>>> >>>>>>>>>>>>>> http://svn.apache.org/repos/**** >>>>>>>>>>>>>>> ********asf/openejb/trunk/**<http://svn.apache.org/repos/**********asf/openejb/trunk/**> >>>>>>>>>>>>>>> openejb/*<http://svn.apache.**org/repos/********asf/openejb/ >>>>>>>>>>>>>>> **trunk/openejb/*<http://svn.apache.org/repos/********asf/openejb/trunk/openejb/*> >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> ***<http://svn.apache.org/**** >>>>>>>>>>>>>>>> repos/******asf/openejb/trunk/****<http://svn.apache.org/**repos/******asf/openejb/trunk/**> >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/******asf/openejb/ >>>>>>>>>>>>>>>> **trunk/openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> <http://svn.apache.org/******repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>>>> **<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>>>> **> >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.*** >>>>>>>>>>>>>>>> *org/repos/****asf/openejb/** >>>>>>>>>>>>>>>> trunk/openejb/**<http://svn.**apache.org/repos/****asf/** >>>>>>>>>>>>>>>> openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> **< >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> http://svn.apache.org/repos/******<http://svn.apache.org/repos/****> >>>>>>>>>>>>>>>> ****asf/openejb/trunk/openejb/******<http://svn.apache.org/ >>>>>>>>>>>>>>>> **repos/******asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> <http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> **<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> <http://svn.apache.**org/**repos/**asf/openejb/trunk/** >>>>>>>>>>>>>>> openejb/**<http://svn.apache.** >>>>>>>>>>>>>>> org/repos/**asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> >>>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/*** >>>>>>>>>>>>>> *********src/main/tomee/conf/**** >>>>>>>>>>>>>> >>>>>>>>>>>>>> server.** >>>>>>>>>>>>> >>>>>>>>>>>> **xml< >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> http://svn.apache.org/repos/********<http://svn.apache.org/repos/******> >>>>>>>>>>>>>> <http://svn.apache.org/**repos/****<http://svn.apache.org/repos/****> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>>>> **asf/openejb/trunk/openejb/******< >>>>>>>>>>>>>>>> http://svn.apache.org/repos/**** >>>>>>>>>>>>>>>> ****asf/openejb/trunk/openejb/***<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/*> >>>>>>>>>>>>>>>> ***<http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> **<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> <http://svn.apache.**org/**repos/**asf/openejb/trunk/** >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.** >>>>>>>>>>>>>>>> org/repos/**asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/*** >>>>>>>>>>>>>>> *******src/main/tomee/conf/** >>>>>>>>>>>>>>> server.** >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> **xml< >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> http://svn.apache.org/repos/******<http://svn.apache.org/repos/****> >>>>>>>>>>>>>> **asf/openejb/trunk/openejb/****< >>>>>>>>>>>>>> http://svn.apache.org/repos/******asf/openejb/trunk/openejb/* >>>>>>>>>>>>>> ***<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> **<http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> <http://svn.apache.**org/repos/**asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/********src/main/tomee/conf/** >>>>>>>>>>>>> server.** >>>>>>>>>>>>> >>>>>>>>>>>> **xml< >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> http://svn.apache.org/**repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/**asf/openejb/trunk/**> >>>>>>>>>>> <http://**svn.apache.org/**repos/asf/**openejb/trunk/**<http://svn.apache.org/**repos/asf/openejb/trunk/**> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>> openejb/examples/cdi-******ejbcontext-jaas/src/main/** >>>>>>>>>> >>>>>>>>>> tomee/conf/server.xml<http://****svn.apache.org/repos/asf/** >>>>>>>>>> openejb/trunk/openejb/****examples/cdi-ejbcontext-jaas/**** >>>>>>>>>> src/main/tomee/conf/server.**xml<http://svn.apache.org/** >>>>>>>>>> repos/asf/openejb/trunk/**openejb/examples/cdi-** >>>>>>>>>> ejbcontext-jaas/src/main/**tomee/conf/server.xml<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml> >>>>>>>>>> > >>>>>>>>>> **> >>>>>>>>>> here is a sample: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> http://svn.apache.org/repos/************asf/openejb/trunk/**<http://svn.apache.org/repos/**********asf/openejb/trunk/**> >>>>>>>>>>> >>>>>>>>>>>> openejb/****<http://svn.**apache.org/repos/********asf/** >>>>>>>>>>>> openejb/trunk/openejb/****<http://svn.apache.org/repos/********asf/openejb/trunk/openejb/****> >>>>>>>>>>>> > >>>>>>>>>>>> <http://svn.**apache.org/**repos/******asf/**<http://apache.org/repos/******asf/**> >>>>>>>>>>>> openejb/trunk/openejb/**<http:**//svn.apache.org/repos/******** >>>>>>>>>>>> asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>> > >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> <http://svn.apache.org/******repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**> >>>>>>>>>>>>> **<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>> **> >>>>>>>>>>>>> >>>>>>>>>>>>>> openejb/**<http://svn.apache.****org/repos/****asf/openejb/** >>>>>>>>>>>>>>>> trunk/openejb/**<http://svn.**apache.org/repos/****asf/** >>>>>>>>>>>>>>>> openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> **< >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> http://svn.apache.org/repos/******<http://svn.apache.org/repos/****> >>>>>>>>>>>>>>>> ****asf/openejb/trunk/openejb/******<http://svn.apache.org/ >>>>>>>>>>>>>>>> **repos/******asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> <http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> **<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> <http://svn.apache.**org/**repos/**asf/openejb/trunk/** >>>>>>>>>>>>>>> openejb/**<http://svn.apache.** >>>>>>>>>>>>>>> org/repos/**asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> >>>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/< >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> http://svn.apache.org/repos/******<http://svn.apache.org/repos/****> >>>>>>>>>>>>> ****asf/openejb/trunk/openejb/******<http://svn.apache.org/** >>>>>>>>>>>>> repos/******asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**> >>>>>>>>>>>>> > >>>>>>>>>>>>> <http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>> > >>>>>>>>>>>>> >>>>>>>>>>>>>> **<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> openejb/**<http://svn.apache.**org/repos/****asf/openejb/** >>>>>>>>>>>>>>>> trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> <http://svn.apache.**org/**repos/**asf/openejb/trunk/** >>>>>>>>>>>>>>>> openejb/**<http://svn.apache.** >>>>>>>>>>>>>>>> org/repos/**asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/< >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> http://svn.apache.org/repos/******<http://svn.apache.org/repos/****> >>>>>>>>>>>>>> **asf/openejb/trunk/openejb/****< >>>>>>>>>>>>>> http://svn.apache.org/repos/******asf/openejb/trunk/openejb/* >>>>>>>>>>>>>> ***<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> **<http://svn.apache.org/**repos/****asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> <http://svn.apache.**org/repos/**asf/openejb/trunk/** >>>>>>>>>>>>>> openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> >>>>>>>>>>>>> examples/cdi-ejbcontext-jaas/<******http://svn.apache.org/** >>>>>>>>>>>>> repos/** <http://svn.apache.org/repos/**> >>>>>>>>>>>>> >>>>>>>>>>>> ** >>>>>>>>>>>> <http://svn.apache.org/repos/****<http://svn.apache.org/repos/**> >>>>>>>>>>>> > >>>>>>>>>>>> >>>>>>>>>>>> asf/openejb/trunk/openejb/******examples/cdi-ejbcontext-jaas/< >>>>>>>>>>> **** >>>>>>>>>>> >>>>>>>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**> >>>>>>>>>> examples/cdi-ejbcontext-jaas/<**http://svn.apache.org/repos/** >>>>>>>>>> asf/openejb/trunk/openejb/**examples/cdi-ejbcontext-jaas/<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/> >>>>>>>>>> > >>>>>>>>>> *Romain Manni-Bucau* >>>>>>>>>> >>>>>>>>>> *Twitter: @rmannibucau* >>>>>>>>>>> >>>>>>>>>>>> *Blog: http://rmannibucau.wordpress.************com< >>>>>>>>>>>>> >>>>>>>>>>>>>> http://rmannibucau.wordpress.**********com < >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> http://rmannibucau.wordpress.********com< >>>>>>>>>>>>>>>> http://rmannibucau.** >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> wordpress.com <http://rmannibucau.wordpress.****com< >>>>>>>>>>>>>> http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com> >>>>>>>>>>>>>> > >>>>>>>>>>>>>> * >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2012/8/22 Enrico Olivelli <[email protected]> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'd like to bundle my own "realm" implementation with >>>>>>>>>>>>>>>> my >>>>>>>>>>>>>>>> app, >>>>>>>>>>>>>>>> because I >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> want to call an EJB method in order to authenticate >>>>>>>>>>>>>>>> users >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Tomcat comes with JDBCRealm which can be used to lookup >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> username/password >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> directly in the app DB bypassing application code >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> and Tomcat does like to "bundle" a Realm implementation >>>>>>>>>>>>>>> inside >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> app >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The only "issue" I see is the security context to use to >>>>>>>>>>>>>> >>>>>>>>>>>>> access >>>>>>>>>>> >>>>>>>>>>> this >>>>>>>>>>>> >>>>>>>>>>>>> "realm-EJB" >>>>>>>>>>>>>> Did I miss something ? >>>>>>>>>>>>>> >>>>>>>>>>>>> Could you bundle a built-in Tomcat Realm that does the trick >>>>>>>>>>>>> ? >>>>>>>>>>>>> >>>>>>>>>>>>>> some thing like >>>>>>>>>>>>>>>>> <Realm className="xxxx.EJBRealm" >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> beanLookup="java:comp/env/**** >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> MyAuthBean" >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> authenticateMethod="**************authenticateUser" >>>>>>>>>>>>>> >>>>>>>>>>>>> runAs="superuser" >>>>>>>>>>>> >>>>>>>>>>>> /> >>>>>>>>>>>> >>>>>>>>>>>>> or CDI-EL based >>>>>>>>>>>>>>>>> assuming the presence of a @Named("authbean") >>>>>>>>>>>>>>>>> <Realm className="xxxx.CDIRealm" >>>>>>>>>>>>>>>>> authenticateMethod="#{**** >>>>>>>>>>>>>>>>> authbean.authenticateUser}" >>>>>>>>>>>>>>>>> runAs="superuser" /> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>> Enrico >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >
