Although we have a single servlet front-end, and do programmatic
usermanagement (including login), the actual user manager and role manager
stuff all happens down in EJB-land (in a session bean being referenced from
the servlet). So we do not use JNDI properties at all for authentication,
except for some secondary application clients.
Incidentally, the location of jndi.properties, and how it works, is dictated
by Java (I think starting with JDK 1.2, but it could have been 1.3). If
there exists a jndi.properties in your classpath, it will get read. So this
behaviour is entirely independent of J2EE.
So I'm sorry if I gave the wrong impression. Based on user input, the
servlet is telling the EJB (and dependents) when usermanager things need to
be done; the servlet is not actually doing that itself.
Incidentally, the JNDI lookup that works just fine here is precisely:
roleManager = (RoleManager)new
nitialContext().lookup( "java:comp/RoleManager" );
I might add that we are using the EJBUserManager, and we have found that the
programmatic control of groups doesn't work properly, so we hacked a
workaround (concern when updating or adding users). Otherwise everything
described above is cool.
Assuming you figure out the jndi.properties thing, then you ought to be able
to obtain the principal name and the credentials (password) from the
environment, and pass that info into a session bean that can actually do the
usermanager and role manager stuff. IMO.
Hope this helps.
Arved
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tim Endres
Sent: Tuesday, November 21, 2000 3:45 PM
To: Orion-Interest
Subject: -- Arved -- Can you please help me with servlet authentication?
Arved,
Please excuse me for calling you out on this one, but you are the only one
on the mailing list who claims to have succeeded in doing what I want. The
documentation (surprise) is meaningless, and the mailing list archive is
failing me.
I have a servlet in a web-app that is deployed alongside my ejb application
under Orion. Orion is the app server, web server, and servlet engine.
Simple.
I want to handle user authentication within my servlet, so I do not want any
sort of "FORM based login page" or any other mechanism. I would like for the
InitialContex that my servlet uses to establish the principal that is
accessing
my Session Beans, and then I perform finer access control within those as an
extension to the EJB permissions. In certain instances, I would like to use
RoleManager.login() to change the EJB user that is in force.
First, I can not get Orion to read jndi.properties from anywhere. So, I am
explicitly loading them myself. I now explicitly put them into the System
properties and the values are:
System.setProperty
( "java.naming.factory.initial",
"com.evermind.server.ApplicationInitialContextFactory" );
System.setProperty
( "java.naming.provider.url", "ormi://localhost/appname" );
System.setProperty
( "java.naming.security.principal", "appuser" );
System.setProperty
( "java.naming.security.credentials", "password" );
I have defined 'appuser' in principals.xml, and I have put it in the
'administrators' group.
I have added a custom UserManager to echo out what is going on just to give
me some
idea on what is happening, and all I see is a call to
serManager.getGroup( "appuser" ).
No matter what I have tried, I have these problems:
1) I am always considered a "guest". It appears that Orion ignores my
principal
setting in the jndi properties. I get no error messages anywhere about
it. Yet,
when a Java application uses the same settings in jndi.properties, it
works.
Even if I change the principal from 'appuser' to 'random', the calls
to the
UserManager still reference 'appuser', which is very confusing.
2) I can not get servlets to load any jndi.properties from anywhere on
the
CLASSPATH (WEB-INF/classes does not work, nor does WEB-INF). I have
listed
the ClassLoader tree, and WEB-INF/classes is the path for the servlet
loader.
3) I can not get a RoleManager reference to save my life. No matter what
I do
in my code (using initCtx.lookup( "java:comp/env/RoleManager" ) ad
nauseum)
I get a NamingException saying RoleManager is not found. Yet, everyone
talks
about using it just that way! And lookups on my other names works. Do
I need
an <ejb-ref> for RoleManager?
4) I can not find any logging of any errors related to authentication...
PLEASE, could you share in detail the steps you took to get your servlets to
be able
to login a user by direct login (RoleManager.login()), and how you got your
jndi
properties to be accepted so that you could specify your user credentials. I
am just
frustrated now.
TIA,
tim.
