I'm not sure exactly what you are doing, so I'll explain how an
OpenEJB JNDI based login works.
On the client side when you create a JNDIContext with the principal
and credentials set the OpenEJB JNDI code will open a connection to
the server and perform a remote login. The server redirects the
login request to the OpenEJB SecurityService.login(String user,
String pass) method. The SecurityService authenticates the user and
returns a security token (java.lang.Object). The client stashes off
the token and send it on ever request.
To start with, your login module configuration will need to be on the
server side. In OpenEJB standalone, you can modify the $
{OPENEJB_HOME}/conf/login.conf file. I don't know what the
equivalent configuration is for Geronimo. Secondly, the current
security service code has the name of the login module hard coded.
In OpenEJB standalone it is hard coded to PropertiesLogin and in the
Geronimo integration it is hard coded to "OpenEJB".
If you get stuck and want to debug the server, all of the security
magic for ejb clients happens in GeronimoSecurityService or
SecurityServiceImpl for OpenEJB standalone.
-dain
On Apr 13, 2007, at 7:07 AM, Bert_nor wrote:
Standalone application
login.config:
dw_realm {
org.apache.geronimo.security.jaas.client.JaasLoginCoordinator
required
host="localhost"
port="4242"
realm="dw_realm";
};
LoginContext context = new LoginContext("dw_realm",...);
context.login();
Properties props = new Properties();
props.put("java.naming.factory.initial",
"org.apache.openejb.client.RemoteInitialContextFactory");
props.put("java.naming.factory.host", "127.0.0.1");
props.put("java.naming.factory.port", "4201");
props.put("java.naming.security.principal", ...);
props.put("java.naming.security.credentials", ...);
Context remoteContext = remoteContext = new InitialContext(props);
javax.naming.AuthenticationException: This principle is not
authorized.
at org.apache.openejb.client.JNDIContext.authenticate
(JNDIContext.java:144)
at
org.apache.openejb.client.JNDIContext.getInitialContext
(JNDIContext.java:116)
at javax.naming.spi.NamingManager.getInitialContext
(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx
(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.(InitialContext.java:197)
It's exception thrown from
org.apache.geronimo.openejb.GeronimoSecurityService.login(String user,
String pass) {
LoginContext context = new LoginContext("OpenEJB", new
UsernamePasswordCallbackHandler(user,
pass));-->javax.security.auth.login.LoginException: No LoginModules
configured for OpenEJB
Can be use realm for the current user?
--
View this message in context: http://www.nabble.com/Openejb%3A-This-
principle-is-not-authorized-tf3571824s134.html#a9979641
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
