You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2016/12/12 07:48:00 UTC
svn commit: r1773746 - in
/tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content:
advanced/client/jndi.adoc documentation.adoc
Author: rmannibucau
Date: Mon Dec 12 07:48:00 2016
New Revision: 1773746
URL: http://svn.apache.org/viewvc?rev=1773746&view=rev
Log:
adding auth doc for remote jndi client
Removed:
tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/documentation.adoc
Modified:
tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc
Modified: tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc
URL: http://svn.apache.org/viewvc/tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc?rev=1773746&r1=1773745&r2=1773746&view=diff
==============================================================================
--- tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc (original)
+++ tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc Mon Dec 12 07:48:00 2016
@@ -74,3 +74,43 @@ ctx.lookup("java:....");
Contrarly to local one, the remote factory supports `Context.SECURITY_*` options in a thread safe manner and you can do lookups at runtime using them.
See link:../../admin/cluster/index.html[Cluster] page for more details on the options.
+
+=== Security
+
+The context configuration can take additional configuration to handle EJB security:
+
+[source]
+----
+p.put("openejb.authentication.realmName", "my-realm"); // optional
+p.put(Context.SECURITY_PRINCIPAL, "alfred");
+p.put(Context.SECURITY_CREDENTIALS, "bat");
+----
+
+The realm will be used by JAAS to get the right LoginModules and principal/credentials to
+do the actual authentication.
+
+==== HTTP case
+
+Often HTTP layer is secured and in this case you need to authenticate before the EJBd (remote EJB TomEE protocol) layer.
+Thanks to TomEE/Tomcat integration login there will propagate to the EJBd context.
+
+This can be done passing the token you need to set as `Authorization` header in the `PROVIDER_URL`:
+
+[source]
+----
+// tomee/openejb principal/credentials
+p.put(Context.PROVIDER_URL, "http://localhost:8080/tomee/ejb?authorization=Basic%20dG9tZWU6b3BlbmVqYg==");
+----
+
+The token passed as `authorization` query parameter is the header value URL encoded. It can
+be any token like a basic one, a custom one, an OAuth2 one (in this case you need to renew it programmatically
+and change your client instance when renewing) etc...
+
+TIP: basic being very common there is a shortcut with two alternate query parameter replacing `authorization` one: `basic.password` and `basic.username`.
+
+Finally if you don't use `Authorization` header you can change the used header setting `authorizationHeader` query parameter.
+
+NOTE: `authorization`, `authorizationHeader`, `basic.username`, and `basic.password` are removed
+from the URL before opening the connection and therefore not logged in the remote server access log since version 7.0.3.
+
+