Hi Lucian, Sure, it could be a Stateless session bean. But the container will instantiate that bean and make it available via JNDI. I'm not sure how the container does that or when it will become available in JNDI, so you should check your container's documentation.
When the container binds an SLSB to JNDI, it will assign it a jndi name. You need to reference that JNDI name in your ShiroFilter configuration via the JndiRealmFactory: [main] realmFactory.class = org.apache.shiro.realm.jndi.JndiRealmFactory realmFactory.jndiNames = some/jndi/path/SecurityRealmBean Cheers, Les On Thu, Jun 25, 2009 at 11:08 AM, eyedrop <[email protected]> wrote: > > Hi Les, > > Thanks for the prompt reply. Still have a few questions. > > Does that mean my subclass of JdbcRealm will be a session bean as well? > > like: > @Stateless > public class SecurityRealmBean extends JdbcRealm implements > SecurityRealmLocal { > > And what about using annotation @Resource for the 'jndiNames' property? > Sorry I'm a newbie at Java annotation. > > In this case, wouldn't the [main] in web.xml becomes: > [main] > realmA = com...SecurityRealmBean > > Thanks, > Lucian > > > > Les Hazlewood-2 wrote: > > > > > > Pretty close, but not quite. > > > > The realmFactory is a factory for Realms. So the jndi RealmFactory must > > be > > able to look up a Realm instance from JNDI - not a DataSource. > > > > The way to accomplish this is to instantiate and bind the > > org.apache.shiro.realm.jdbc.JdbcRealm in to JNDI. The jndiNames needs to > > be > > the name under which you bound the JdbcRealm. > > > > This could be easily done by subclassing the JdbcRealm to a custom > > subclass > > and using a JEE annotation so it can be used as an @Resource. The name > > you > > assign to it is the name that is used in the 'jndiNames' property. > > > > for example: > > > > [main] > > realmFactory.class = org.apache.shiro.realm.jndi.JndiRealmFactory > > realmFactory.jndiNames = realms/MyJdbcRealm > > > > However, I don't believe there is support to easily pull _any_ object out > > of > > JNDI such as just a DataSource. That sounds like what you might be > > looking > > for based on your example. > > > > However, this would be really easy to implement and very convenient for > > many > > JEE users - please add a Jira issue so we can add it in 1.0. > > > > 3. So would I be placing the method, authenticateUser, inside my session > >> bean class? If it is, then calling > >> SecurityUtils.getSubject() will use the JNDI datasource setup in the > >> web.xml to get the user? > > > > > > Yep, exactly. > > > > > >> I read that the default query string is "select > >> password from users where username = ?". What if my database has users > >> table slightly different than the default value? How would I go about > >> overriding the default query string? > > > > > > You can change it as an attribute on the JdbcRealm instance: > > > > setAuthenticationQuery > > setUserRolesQuery > > setPermissionsQuery > > etc. > > > > Cheers, > > > > Les > > > > > > -- > View this message in context: > http://n2.nabble.com/EJB-3-and-overriding-default-query-tp3149431p3155609.html > Sent from the Shiro Developer mailing list archive at Nabble.com. > >
