You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by sscott <ss...@mapit.net> on 2016/04/01 13:43:47 UTC
Re: TomEE Ejbd Transport configuration
Romain,
The AuthRequestHandler is never run when I try to access an EJB through my
context. For some reason the ServiceServlet does not run when I try to
access my context. As the log shows, the server goes into
org.apache.openejb.cdi.ThreadSingletonServiceImpl instead of running the
servlet. I'm still trying to understand why. The servlet runs as expected
in the tomee context without touching the ThreadSingletonServiceImpl. I am
now using wget and having the same problem. If I change to using one of my
servlets - it still runs the ThreadSingletonServiceImpl, but also runs my
servlet, but when I configure the
org.apache.openejb.server.httpd.ServerServlet in my web.xml, the
ServerServlet does not run in my context.
Could anyone confirm they have EJB remote lookup working outside of the
tomee context?
Thank you.
sscott
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678043.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by Romain Manni-Bucau <rm...@gmail.com>.
2016-04-06 13:29 GMT+02:00 sscott <ss...@mapit.net>:
> Thank you for your help. I was able to get everything working, but I couldn't
> have done it without your assistance.
> I copied my JAAS Login Module to the ${tomee.base}/lib.
> My Login Module uses a database, so I had to add this context to the JAAS
> Login Module so it could find the DataSource (defined in tomee.xml).
>
> and use this JNDI prefix
>
> I just need to stop EJB lookup in the tomee context
> (http://127.0.0.1:8080/tomee/ejb) because we do not want our users in the
> tomcat-users.xml to have EJB access.
> The docs say:
> You can easily remove it (servlet config) if you don't use remote EJBs.
> Another way is to deactivate the servlet using the "activated" init
> parameter of the servlet.
>
> My Plume 1.7.2 install does not have a tomee directory with the servlet
> configuration. Is there still a way to de-activate the EJB lookup in the
> tomee context?
Yes: http://tomee.apache.org/properties-listing.html
(tomee.remote.support=false)
> Thanks again.
> sscott
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678093.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by sscott <ss...@mapit.net>.
Thank you for your help. I was able to get everything working, but I couldn't
have done it without your assistance.
I copied my JAAS Login Module to the ${tomee.base}/lib.
My Login Module uses a database, so I had to add this context to the JAAS
Login Module so it could find the DataSource (defined in tomee.xml).
and use this JNDI prefix
I just need to stop EJB lookup in the tomee context
(http://127.0.0.1:8080/tomee/ejb) because we do not want our users in the
tomcat-users.xml to have EJB access.
The docs say:
You can easily remove it (servlet config) if you don't use remote EJBs.
Another way is to deactivate the servlet using the "activated" init
parameter of the servlet.
My Plume 1.7.2 install does not have a tomee directory with the servlet
configuration. Is there still a way to de-activate the EJB lookup in the
tomee context?
Thanks again.
sscott
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678093.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Le 4 avr. 2016 19:48, "sscott" <ss...@mapit.net> a écrit :
>
> Romain,
> Thank you for the information.
> Are you saying I cannot have an application wide security-constraint if I
> want to perform remote ejb lookup within my context?
>
> Also,
> I discovered the TomcatWebAppBuilder populates a map of realms using a
> String as the key. The key in the realms map is the application context,
so
> the appName="xxx" in my Realm configuration that is referenced in the JAAS
> login.config must match the application context. I was using
> appName="XxxApp" before (did not match application context xxx).
> my webapp/META_INF/context.xml realm is now
>
> my login.config is now
>
>
> I can login to the http://localhost:8080/xxx/ application using the
browser
> with my JAAS Login Module, but when I try to use the
> RemoteInitialContextFactory to access an EJB using
> http://localhost:8080/xxx/ejb I get this error:
>
>
> I don't want to put my xxx application Login Module in the
${tomee.base}/lib
> because it is only used for the /xxx/ context.
> My xxx.frameworks.security.jaas.DBMSLoginModuleImpl class is packaged in a
> jar file under the xxx ear file /lib directory.
> Do you understand why it is found when the browser navigates to
> http://localhost:8080/xxx/index.html, but is not found when I use the
> RemoteInitialContextFactory to access the same context
> (http://localhost:8080/xxx/ejb)?
Browser go through tomcat pipeline whereas ejbd go through internal tomee
pipeline skipping part of tomcat one. Means resolution is different - http
is just there as transport. That said using tye right key you can reuse
your jaas realm but passing security constraint is not possible without
custom code or you nees to use basic auth and put the user/pwd in the url
but you will auth twice (once for tomcat and once for ejbd)
> Thanks again for all your help.
> sscott
>
>
>
>
>
> --
> View this message in context:
http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678071.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by sscott <ss...@mapit.net>.
Romain,
Thank you for the information.
Are you saying I cannot have an application wide security-constraint if I
want to perform remote ejb lookup within my context?
Also,
I discovered the TomcatWebAppBuilder populates a map of realms using a
String as the key. The key in the realms map is the application context, so
the appName="xxx" in my Realm configuration that is referenced in the JAAS
login.config must match the application context. I was using
appName="XxxApp" before (did not match application context xxx).
my webapp/META_INF/context.xml realm is now
my login.config is now
I can login to the http://localhost:8080/xxx/ application using the browser
with my JAAS Login Module, but when I try to use the
RemoteInitialContextFactory to access an EJB using
http://localhost:8080/xxx/ejb I get this error:
I don't want to put my xxx application Login Module in the ${tomee.base}/lib
because it is only used for the /xxx/ context.
My xxx.frameworks.security.jaas.DBMSLoginModuleImpl class is packaged in a
jar file under the xxx ear file /lib directory.
Do you understand why it is found when the browser navigates to
http://localhost:8080/xxx/index.html, but is not found when I use the
RemoteInitialContextFactory to access the same context
(http://localhost:8080/xxx/ejb)?
Thanks again for all your help.
sscott
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678071.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by Romain Manni-Bucau <rm...@gmail.com>.
2016-04-01 18:29 GMT+02:00 sscott <ss...@mapit.net>:
> Romain,
> That was part of the issue, thank you so much for helping me narrow it down.
> After adding an asterisk to the
> security-constraint/web-resource-collection/url-pattern
>
> I was able to get EJB access working in my context with the UserDatabase
> realm.
> Strangley it doesn't work with this pattern.
>
>
if you lookup with /xxx/ejb then /ejb/* doesn't match by servlet spec.
If that's what you want just use /ejb as value
> I also had to remove these lines
>
The code is weird right cause you need the init param + system
property (guess it was a copy/paste error)
> from the ServerServlet configuration because these lines in ServerServlet
> don't work
>
>
> The bad news is, after adding the asterisk to the
> security-constraint/web-resource-collection/url-pattern, my JAAS Realm
> stopped authenticating. I haven't found the details in the specification
> regarding an asterisk in the url-pattern element yet, but I appreciate your
> help getting the ServerServlet working with the UserDatabase realm.
> Thank you.
> sscott
>
ejbd doesn't use security-constraint and you shouldn't go through it
to ensure it works - but other parts of the webapp can use it (if you
have another servlet).
Once respected you should go in TomcatSecurityService and be able to
check the realm which is used - default should be server.xml one so
UserDatabase if you didn't modify it.
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678049.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by sscott <ss...@mapit.net>.
Romain,
That was part of the issue, thank you so much for helping me narrow it down.
After adding an asterisk to the
security-constraint/web-resource-collection/url-pattern
I was able to get EJB access working in my context with the UserDatabase
realm.
Strangley it doesn't work with this pattern.
I also had to remove these lines
from the ServerServlet configuration because these lines in ServerServlet
don't work
The bad news is, after adding the asterisk to the
security-constraint/web-resource-collection/url-pattern, my JAAS Realm
stopped authenticating. I haven't found the details in the specification
regarding an asterisk in the url-pattern element yet, but I appreciate your
help getting the ServerServlet working with the UserDatabase realm.
Thank you.
sscott
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678049.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by Romain Manni-Bucau <rm...@gmail.com>.
I think the security-constraint on / preempts the ejbd calls and makes
the stream not the expected one.
Romain Manni-Bucau
@rmannibucau | Blog | Github | LinkedIn | Tomitriber
2016-04-01 15:05 GMT+02:00 sscott <ss...@mapit.net>:
> Romain,
> I appreciate your continued support.
> I think the "Cannot open input stream to server" message is created in the
> client code and does not mean the code on the server was run.
> These are the contents of my web.xml, please help me understand the
> conflicting configuration if you see it.
>
> My tomcat-users.xml has this
>
>
> I copied the contents of the ServerServlet and repackaged it with my servlet
> that was working with wget. After doing that I was able to get the
> ServerServlet to run with wget, but it does not run using the
> RemoteInitialContextFactory.
> Thank you.
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678045.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by sscott <ss...@mapit.net>.
Romain,
I appreciate your continued support.
I think the "Cannot open input stream to server" message is created in the
client code and does not mean the code on the server was run.
These are the contents of my web.xml, please help me understand the
conflicting configuration if you see it.
My tomcat-users.xml has this
I copied the contents of the ServerServlet and repackaged it with my servlet
that was working with wget. After doing that I was able to get the
ServerServlet to run with wget, but it does not run using the
RemoteInitialContextFactory.
Thank you.
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678045.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: TomEE Ejbd Transport configuration
Posted by Romain Manni-Bucau <rm...@gmail.com>.
The fact it goes into ThreadSingletonServiceImpl is not an issue (even
normal and it is before the servlet is called). Saw several users
using it so can be a conflicting configuration in your web.xml.
"Cannot open input stream to server" tends to show it has been called
otherwise what would create this message?
Romain Manni-Bucau
@rmannibucau | Blog | Github | LinkedIn | Tomitriber
2016-04-01 13:43 GMT+02:00 sscott <ss...@mapit.net>:
> Romain,
> The AuthRequestHandler is never run when I try to access an EJB through my
> context. For some reason the ServiceServlet does not run when I try to
> access my context. As the log shows, the server goes into
> org.apache.openejb.cdi.ThreadSingletonServiceImpl instead of running the
> servlet. I'm still trying to understand why. The servlet runs as expected
> in the tomee context without touching the ThreadSingletonServiceImpl. I am
> now using wget and having the same problem. If I change to using one of my
> servlets - it still runs the ThreadSingletonServiceImpl, but also runs my
> servlet, but when I configure the
> org.apache.openejb.server.httpd.ServerServlet in my web.xml, the
> ServerServlet does not run in my context.
> Could anyone confirm they have EJB remote lookup working outside of the
> tomee context?
> Thank you.
> sscott
>
>
>
> --
> View this message in context: http://tomee-openejb.979440.n4.nabble.com/TomEE-Ejbd-Transport-configuration-tp4678016p4678043.html
> Sent from the TomEE Users mailing list archive at Nabble.com.