Maybe I can request an enhancement on tomcat dev list for JAASRealm
I made some tests and it is really simple to pass jaas configuration
file (using com.sun.security.auth.login.ConfigFile or implementing
javax.security. auth.login <*0>.Configuration ) to LoginContext
LazyRealm is enough for me
the DelegateRealm will be a great out-of-the-box feature for TomEE !
maybe be a "SimpleDelegateRealm" that provides a "magic" mapping for the
authenticate(username,password) will be more "demo"/"tutorial" effective
I saw that Tomcat JAASReam uses this trick
provide a method
List<Object> authenticate(String username, String password)
Realm configuration defines which of these objects are to be treated as
"user" or as "role" using their class name
thanks
- Enrico
Il 23/08/2012 13:34, Romain Manni-Bucau ha scritto:
right, if you have a single application in the tomcat that's not an issue
otherwise it can be
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.com*
2012/8/23 Enrico Olivelli <[email protected]>
I made same tests
Tomcat JAASReam creates a LoginContext in this way
//JAASRealm.java at line 372 on Tomcat trunk
loginContext = new LoginContext(appName, callbackHandler);
this constructor uses the JVM system wide JAAS configuration (default JAAS
Configuration)
so if you want to use your own LoginModule you have to modify Tomcat
global configuration....
Il 23/08/2012 11:40, Romain Manni-Bucau ha scritto:
i don't get it, you can define your LoginModule in the webapp i think, you
even have the useContextClassLoader parameter
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
*
2012/8/23 Enrico Olivelli <[email protected]>
Yes, the problem in Tomcat JAAS Realm is that you have to bundle your
LoginModule with the container
It would be very nice to let the app provide a LoginModule
do not drop LazyRealm, it fills a gap in Tomcat Realm standard
implementations (what about giving it, without CDI, to Tomcat directly?)
I can't understand why JavaEE specs does not cover this common case
I always developed Software as a Service apps, I could never use
Container
Managed security !
Il 23/08/2012 09:58, Romain Manni-Bucau ha scritto:
hmm thinking a bit more, what about JAAS? it already works out of the
box
and you are not tomcat dependent in the java files
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.****com<http://rmannibucau.**
wordpress.com <http://rmannibucau.wordpress.com>>
*
2012/8/23 Enrico Olivelli <[email protected]>
I love it
remember that Tomcat wants a "GenericPrincipal" not a simple Principal
so application code have to be proxyed according to this need
My goal is that the app only needs to provide an EJB or CDI Bean with a
"authenticate" method which takes username/password and answers with
the
list of roles of the user
with your solution I will provide a bean with such a method
Principal authenticate(String username, String password)
that will be mapped to the Tomcat Realm authenticate(username,****
password)
method
some "magic" needs to be done to map application provided Principal
with
the GenericPrincipal of Tomcat and the roles list
any idea ?
- Enrico
Il 23/08/2012 09:27, Romain Manni-Bucau ha scritto:
hmm that's another need.
Here how i see things:
1) the LazyRealm manage the classloader stuff
2) another realm (DelegatorRealm?) does the same using bean matching
(almost) signatures of realm using java types (java == not tomcat) and
uses
reflection to invoke the delegate
wdyt?
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.******com<http://rmannibucau.**
wordpress.com
<http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
*
2012/8/23 Enrico Olivelli <[email protected]>
Because realmClass needs to be a implementation of
org.apache.catalina.Realm
and so in my app I will always need to add a compile time dep on
tomcat
in
my app
I would like not to have any compile time dep neither on Tomcat nor
on
OpenEJB/TomEE if possibile
Il 23/08/2012 08:48, Romain Manni-Bucau ha scritto:
Why is there a dep? That's just xml
Le 23 août 2012 07:55, "Enrico Olivelli" <[email protected]> a
écrit
:
Thank you
Your impl is great!
But with this LazyRealm the app needs to depend compile-time from
tomcat-catalina "realm" interface (even if it can be created with
CDI,
so I
think that in this way devs can lookup EJBs)
I think it should be more powerful to provide a Realm that could
call
directly one business method inside the app (as the EJB example or
the
EL
example)
the EL example is very powerfull, because devs who use JSF often
declare
<commandButton action="#{usermanager.login(..**********....)" >
but I think that an EJB stub would be enough
maybe it would be useful to let the app provide a implementation of
JASS
LoginModule or some other "standard" way to authenticate the user
(without
deploying it in the container, that is sometimes out of the
possibilities
of the dev, IT rules!)
another idea
you can add a wrapper to the application "realm" in LazyRealm to
adapt
it
to the Realm interface, I think the only useful method is
authenticate(username,**********password) method as the example I
sent,
Tomcat
wants it to return a Tomcat specific Principal impl that contains
the
roles
list
Thanks
- Enrico
Il 22/08/2012 21:39, Romain Manni-Bucau ha scritto:
PS: the realm should be able to use cdi, simply add cdi="true"
to
the
realm
definition (that's not the default)
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**********com<
http://rmannibucau.
**
wordpress.com <http://rmannibucau.wordpress.******com<
http://rmannibucau.**wordpress**.com <http://wordpress.com><
http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com>
*
2012/8/22 Romain Manni-Bucau <[email protected]>
already looked it several times and the IDE was opened ;)
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**********com<
http://rmannibucau.**
wordpress.com <http://rmannibucau.wordpress.******com<
http://rmannibucau.**wordpress**.com <http://wordpress.com><
http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com>
*
2012/8/22 Thiago Veronezi <[email protected]>
Dude, you are incredibly fast!!! :O)
On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau
<[email protected]>wrote:
https://issues.apache.org/**********jira/browse/TOMEE-400<https://issues.apache.org/********jira/browse/TOMEE-400>
<http**s://issues.apache.org/********jira/browse/TOMEE-400<https://issues.apache.org/******jira/browse/TOMEE-400>
<https:**//issues.apache.org/******jira/**browse/TOMEE-400<http://issues.apache.org/****jira/**browse/TOMEE-400>
<htt**ps://issues.apache.org/******jira/browse/TOMEE-400<https://issues.apache.org/****jira/browse/TOMEE-400>
<https://**issues.apache.org/******jira/**browse/TOMEE-400<http://issues.apache.org/****jira/**browse/TOMEE-400>
<htt**p://issues.apache.org/**jira/****browse/TOMEE-400<http://issues.apache.org/**jira/**browse/TOMEE-400>
<https**://issues.apache.org/****jira/**browse/TOMEE-400<http://issues.apache.org/**jira/**browse/TOMEE-400>
<https**://issues.apache.org/**jira/**browse/TOMEE-400<https://issues.apache.org/**jira/browse/TOMEE-400>
<https://**issues.apache.org/******jira/browse/**TOMEE-400<http://issues.apache.org/****jira/browse/**TOMEE-400>
<htt**p://issues.apache.org/**jira/**browse/**TOMEE-400<http://issues.apache.org/**jira/browse/**TOMEE-400>
<http:**//issues.apache.org/**jira/**browse/**TOMEE-400<http://issues.apache.org/jira/**browse/**TOMEE-400>
<http**://issues.apache.org/jira/**browse/**TOMEE-400<http://issues.apache.org/jira/browse/**TOMEE-400>
<https:**//issues.apache.org/****jira/**browse/TOMEE-400<http://issues.apache.org/**jira/**browse/TOMEE-400>
<http:**//issues.apache.org/jira/****browse/TOMEE-400<http://issues.apache.org/jira/**browse/TOMEE-400>
<https:**//issues.apache.org/**jira/**browse/TOMEE-400<http://issues.apache.org/jira/**browse/TOMEE-400>
<https:**//issues.apache.org/jira/**browse/TOMEE-400<https://issues.apache.org/jira/browse/TOMEE-400>
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**********com<
http://rmannibucau.
**
wordpress.com <http://rmannibucau.wordpress.******com<
http://rmannibucau.**wordpress**.com <http://wordpress.com><
http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com>
*
2012/8/22 Enrico Olivelli <[email protected]>
Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto:
hmm, the point is you tomcat creates the realm before
the
app
is
started
(== the webapp classloader is not available) so you have to
put
your
realm
in the container
it is exactly the reason for I'm asking you to put this
kind
of
support
in
TomEE, because you cannot deploy a "Realm" implementation
directly
in
your
own application
My trick is just to let the developer of the app bundle in
its
own
app
the
only "logic" that implements the real autentication,
leaving the
container
to "manage" security
in order to lookup beans you have to make a JNDI lookup only
for
every
call to "autenticate", so the realm actually doesn't need to
have
access
to
the application context before initialization
FYI you can use the tomee maven plugin:
<plugin>
<groupId>org.apache.openejb.********
****maven</groupId>
<artifactId>tomee-maven-************
plugin</artifactId>
<version>1.0.0-SNAPSHOT</*******
*****version>
<configuration>
<libs>
<lib>examples:EJBRealm:1.0-*********
***SNAPSHOT</lib>
</libs>
</configuration>
</plugin>
I don't know if tomcat already have a kind of lazy realm
instantiator
but
we could add one in tomee to manage such cases
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.************com<
http://rmannibucau.wordpress.**********com <
http://rmannibucau.wordpress.********com<
http://rmannibucau.**
wordpress.com <http://rmannibucau.wordpress.****com<
http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com>
*
2012/8/22 Thiago Veronezi <[email protected]>
Hmmmm... I like your idea!
I will try to implement something like that now.
[]s,
Thiago.
On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli <
[email protected]
wrote:
This is not what I meant
I'm attaching an example
EJBRealm.zip is a simple Tomcat Realm that performs a JNDI
lookup
to
get
an application provided EJB and invokes a method to
authenticate
the
user
<Realm className="ejbrealm.EJBRealm"
beanname="java:global/************
**localhost/MyAuth/AuthBean"
realmname="MyRealm" loginMethod="loginUser" />
MyAuth.zip is an example webapp which uses it
- Enrico
Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto:
realm are typically managed by tomcat so tomcat
pacakging
should
work
the link between realm and ejbcontext is done through a
wrapper
realm
called tomeerealm (added automcatically on the snapshot) so
simply
define
the jaasrealm:
http://svn.apache.org/repos/******<http://svn.apache.org/repos/****>
********asf/openejb/trunk/**<h**
ttp://svn.apache.org/repos/*****
*******asf/openejb/trunk/**<http://svn.apache.org/repos/**********asf/openejb/trunk/**>
openejb/*<http://svn.apache.****
org/repos/********asf/openejb/
**trunk/openejb/*<http://svn.**
apache.org/repos/********asf/**openejb/trunk/openejb/*<http://svn.apache.org/repos/********asf/openejb/trunk/openejb/*>
***<http://svn.apache.org/****
repos/******asf/openejb/trunk/******<
http://svn.apache.org/****repos/******asf/openejb/trunk/*
***<http://svn.apache.org/**repos/******asf/openejb/trunk/**>
openejb/**<http://svn.apache.***
*org/repos/******asf/openejb/
**trunk/openejb/**<http://svn.**
apache.org/repos/******asf/**openejb/trunk/openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**>
<http://svn.apache.org/********
repos/****asf/openejb/trunk/**<http://svn.apache.org/******repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****
repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
**>
openejb/**<http://svn.apache.*****
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.****
apache.org/repos/****asf/**<http://apache.org/repos/****asf/**>
openejb/trunk/openejb/**<http:**
//svn.apache.org/repos/******asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<
http://svn.apache.org/repos/********<http://svn.apache.org/repos/******>
<http://svn.apache.org/**repos/****<http://svn.apache.org/repos/****>
****asf/openejb/trunk/openejb/********<
http://svn.apache.org/
**repos/******asf/openejb/**trunk/**openejb/**<
http://svn.**apache.org/repos/******asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**>
<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****
repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
openejb/**<http://svn.apache.***
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.**apache.org/repos/****asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****
repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
openejb/**<http://svn.apache.***
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.**apache.org/repos/****asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
<http://svn.apache.**org/****repos/**asf/openejb/trunk/**
openejb/**<http://svn.apache.****
org/repos/**asf/openejb/trunk/****openejb/**<http://svn.**
apache.org/repos/**asf/**openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/*****
*********src/main/tomee/conf/******
server.**
**xml<
http://svn.apache.org/repos/**********<http://svn.apache.org/repos/********>
<http://svn.apache.org/**repos/******<http://svn.apache.org/repos/******>
<http://svn.apache.org/****repos/****<http://svn.apache.org/**repos/****>
<http://svn.apache.**org/repos/****<http://svn.apache.org/repos/****>
**asf/openejb/trunk/openejb/********<
http://svn.apache.org/repos/******<http://svn.apache.org/repos/****>
****asf/openejb/trunk/openejb/*****<
http://svn.apache.org/**repos/******asf/openejb/trunk/**
openejb/*<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/*>
***<http://svn.apache.org/****
repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
openejb/**<http://svn.apache.**org/repos/****asf/openejb/
**trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****
repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
openejb/**<http://svn.apache.***
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.**apache.org/repos/****asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
<http://svn.apache.**org/****repos/**asf/openejb/trunk/**
openejb/**<http://svn.apache.****
org/repos/**asf/openejb/trunk/****openejb/**<http://svn.*
*apache.org/repos/**asf/**openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/*****
*******src/main/tomee/conf/**
server.**
**xml<
http://svn.apache.org/repos/********<http://svn.apache.org/repos/******>
<http://svn.apache.org/**repos/****<http://svn.apache.org/repos/****>
**asf/openejb/trunk/openejb/******<
http://svn.apache.org/repos/****
****asf/openejb/trunk/openejb/***<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/*>
***<http://svn.apache.org/**repos/****asf/openejb/trunk/**
openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
openejb/**<http://svn.apache.**org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
<http://svn.apache.**org/**repos/**asf/openejb/trunk/**
openejb/**<http://svn.apache.**
org/repos/**asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/***
*******src/main/tomee/conf/**
server.**
**xml<
http://svn.apache.org/**repos/******asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
<http:**//svn.apache.org/**repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/**asf/openejb/trunk/**>
<http://**svn.apache.org/****repos/asf/**openejb/trunk/**<http://svn.apache.org/**repos/asf/**openejb/trunk/**>
<h**ttp://svn.apache.org/**repos/**asf/openejb/trunk/**<http://svn.apache.org/**repos/asf/openejb/trunk/**>
openejb/examples/cdi-********ejbcontext-jaas/src/main/**
tomee/conf/server.xml<http://******svn.apache.org/repos/asf/**
openejb/trunk/openejb/******examples/cdi-ejbcontext-jaas/******
src/main/tomee/conf/server.****xml<http://svn.apache.org/**
repos/asf/openejb/trunk/****openejb/examples/cdi-**
ejbcontext-jaas/src/main/****tomee/conf/server.xml<http://**
svn.apache.org/repos/asf/**openejb/trunk/openejb/**
examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml>
**>
**>
here is a sample:
http://svn.apache.org/repos/****
**********asf/openejb/trunk/**<http://svn.apache.org/repos/************asf/openejb/trunk/**>
**<http://svn.apache.org/repos/************asf/openejb/trunk/**<http://svn.apache.org/repos/**********asf/openejb/trunk/**>
openejb/****<http://svn.**apac**he.org/repos/********asf/**<http://apache.org/repos/********asf/**>
openejb/trunk/openejb/****<htt**
p://svn.apache.org/repos/*******
***asf/openejb/trunk/openejb/******<http://svn.apache.org/repos/********asf/openejb/trunk/openejb/****>
<http://svn.**apache.org/****repos/******asf/**<http://apache.org/**repos/******asf/**>
<http://**apache.org/repos/******asf/**<http://apache.org/repos/******asf/**>
openejb/trunk/openejb/**<http:****//
svn.apache.org/repos/**********<http://svn.apache.org/repos/********>
asf/openejb/trunk/openejb/**<h**
ttp://svn.apache.org/repos/*****
***asf/openejb/trunk/openejb/****<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**>
<http://svn.apache.org/********
repos/****asf/openejb/trunk/**<http://svn.apache.org/******repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
**>
openejb/**<http://svn.apache.***
***org/repos/****asf/openejb/****
trunk/openejb/**<http://svn.****
apache.org/repos/****asf/**<http://apache.org/repos/****asf/**>
openejb/trunk/openejb/**<http:**
//svn.apache.org/repos/******asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<
http://svn.apache.org/repos/********<http://svn.apache.org/repos/******>
<http://svn.apache.org/**repos/****<http://svn.apache.org/repos/****>
****asf/openejb/trunk/openejb/********<
http://svn.apache.org/
**repos/******asf/openejb/**trunk/**openejb/**<
http://svn.**apache.org/repos/******asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**>
<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****
repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
openejb/**<http://svn.apache.***
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.**apache.org/repos/****asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****
repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
openejb/**<http://svn.apache.***
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.**apache.org/repos/****asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
<http://svn.apache.**org/****repos/**asf/openejb/trunk/**
openejb/**<http://svn.apache.****
org/repos/**asf/openejb/trunk/****openejb/**<http://svn.**
apache.org/repos/**asf/**openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/<
http://svn.apache.org/repos/********<http://svn.apache.org/repos/******>
<http://svn.apache.org/**repos/****<http://svn.apache.org/repos/****>
****asf/openejb/trunk/openejb/********<
http://svn.apache.org/**** <http://svn.apache.org/**>
repos/******asf/openejb/trunk/****openejb/**<http://svn.**
apache.org/repos/******asf/**openejb/trunk/openejb/**<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**>
<http://svn.apache.org/******repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
openejb/**<http://svn.apache.***
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.**apache.org/repos/****asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<http://svn.apache.org/******
repos/****asf/openejb/trunk/**<http://svn.apache.org/****repos/****asf/openejb/trunk/**>
**<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
**>
openejb/**<http://svn.apache.***
*org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.**apache.org/repos/****asf/**
openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
<http://svn.apache.**org/****repos/**asf/openejb/trunk/**
openejb/**<http://svn.apache.****
org/repos/**asf/openejb/trunk/****openejb/**<http://svn.*
*apache.org/repos/**asf/**openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/<
http://svn.apache.org/repos/********<http://svn.apache.org/repos/******>
<http://svn.apache.org/**repos/****<http://svn.apache.org/repos/****>
**asf/openejb/trunk/openejb/******<
http://svn.apache.org/repos/****
****asf/openejb/trunk/openejb/***<http://svn.apache.org/repos/******asf/openejb/trunk/openejb/*>
***<http://svn.apache.org/**repos/****asf/openejb/trunk/**
openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<http://svn.apache.org/****repos/****asf/openejb/trunk/**<http://svn.apache.org/**repos/****asf/openejb/trunk/**>
openejb/**<http://svn.apache.**org/repos/****asf/openejb/**
trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
<http://svn.apache.**org/**repos/**asf/openejb/trunk/**
openejb/**<http://svn.apache.**
org/repos/**asf/openejb/trunk/**openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/<********
http://svn.apache.org/**
repos/** <http://svn.apache.org/repos/****<http://svn.apache.org/repos/**>
** <http://svn.apache.org/repos/******<http://svn.apache.org/repos/****>
<http://svn.apache.org/**repos/**<http://svn.apache.org/repos/**>
asf/openejb/trunk/openejb/********examples/cdi-ejbcontext-*
*jaas/<
****
http://svn.apache.org/repos/****
**asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
examples/cdi-ejbcontext-jaas/<****http://svn.apache.org/repos/*
*** <http://svn.apache.org/repos/**>
asf/openejb/trunk/openejb/****examples/cdi-ejbcontext-jaas/<**
http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**
examples/cdi-ejbcontext-jaas/<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/>
*Romain Manni-Bucau*
*Twitter: @rmannibucau*
*Blog: http://rmannibucau.wordpress.**************com<
http://rmannibucau.wordpress.************com <
http://rmannibucau.wordpress.**********com<
http://rmannibucau.**
wordpress.com <http://rmannibucau.wordpress.******com<
http://rmannibucau.**wordpress**.com <http://wordpress.com>
<http://rmannibucau.**wordpress.com<http://rmannibucau.wordpress.com>
*
2012/8/22 Enrico Olivelli <[email protected]>
I'd like to bundle my own "realm" implementation
with
my
app,
because I
want to call an EJB method in order to authenticate
users
Tomcat comes with JDBCRealm which can be used to lookup
username/password
directly in the app DB bypassing application code
and Tomcat does like to "bundle" a Realm
implementation
inside
the
app
The only "issue" I see is the security context to
use to
access
this
"realm-EJB"
Did I miss something ?
Could you bundle a built-in Tomcat Realm that does the
trick
?
some thing like
<Realm className="xxxx.EJBRealm"
beanLookup="java:comp/env/****
MyAuthBean"
authenticateMethod="****************authenticateUser"
runAs="superuser"
/>
or CDI-EL based
assuming the presence of a @Named("authbean")
<Realm className="xxxx.CDIRealm"
authenticateMethod="#{****
authbean.authenticateUser}"
runAs="superuser" />
Thanks
Enrico
