You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by chi runhua <ch...@gmail.com> on 2010/04/06 11:28:35 UTC
Re: when using an application client to consume a secure ejb, who
perform the authentication?
See this page for reference.
http://cwiki.apache.org/GMOxDOC22/configuring-javaee-app-client-security.html
<http://cwiki.apache.org/GMOxDOC22/configuring-javaee-app-client-security.html>Jeff
C
On Tue, Apr 6, 2010 at 3:49 PM, Sarah.kho <sa...@gmail.com> wrote:
>
> hi,
>
> can you please let me know when we use an application client and a secure
> ejb, which container perform authentication?
>
> thank you.
> --
> View this message in context:
> http://n3.nabble.com/when-using-an-application-client-to-consume-a-secure-ejb-who-perform-the-authentication-tp699700p699700.html
> Sent from the Users mailing list archive at Nabble.com.
>
Re: when using an application client to consume a secure ejb, who
perform the authentication?
Posted by chi runhua <ch...@gmail.com>.
Assume we want use properties files realm for user auditing. On Geronimo
server, deploy a module as followed:
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
<environment>
<moduleId>
<groupId>console.realm</groupId>
<artifactId>test-realm</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
<dependencies>
<dependency>
<groupId>org.apache.geronimo.framework</groupId>
<artifactId>j2ee-security</artifactId>
<type>car</type>
</dependency>
</dependencies>
</environment>
<gbean name="test-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType" xmlns:dep="
http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<attribute name="realmName">test-realm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="
http://geronimo.apache.org/xml/ns/loginconfig-2.0">
<log:login-module control-flag="REQUIRED"
wrap-principals="false">
<log:login-domain-name>test-realm</log:login-domain-name>
<
log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
<log:option
name="usersURI">var/security/demo_users.properties</log:option>
<log:option
name="groupsURI">var/security/demo_groups.properties</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
Then deploy a client-side-realm for application client to authenticate with
OpenEJB container as followed:
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
<environment>
<moduleId>
<groupId>console.realm</groupId>
<artifactId>remote-openejb-realm</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
<dependencies>
<dependency>
<groupId>org.apache.geronimo.framework</groupId>
<artifactId>j2ee-security</artifactId>
<type>car</type>
</dependency>
<dependency>
<groupId>org.apache.geronimo.modules</groupId>
<artifactId>geronimo-openejb</artifactId>
<type>jar</type>
</dependency>
</dependencies>
</environment>
<gbean name="remote-openejb-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType" xmlns:dep="
http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance">
<attribute name="realmName">remote-openejb-realm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="
http://geronimo.apache.org/xml/ns/loginconfig-2.0">
<log:login-module control-flag="REQUIRED"
wrap-principals="false">
<log:login-domain-name>remote-openejb-realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.openejb.OpenejbRemoteLoginModule</log:login-module-class>
<log:option name="RemoteSecurityRealm">test-realm</log:option>
<log:option
name="ServerURI">ejbd://localhost:4201</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
In your geronimo-application-client.xml, specify the client-side-realm
module as its dependency and realm name. Aslo you need to profide your
<callback-handler> as David J mentioned earlier. See the snippet as
followed:
<?xml version="1.0" encoding="UTF-8"?>
<application-client xmlns="
http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"
xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"
xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:security="http://geronimo.apache.org/xml/ns/security-2.0"
xmlns:connector="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
<sys:client-environment>
<sys:moduleId>
<sys:groupId>org.apache.geronimo.samples</sys:groupId>
<sys:artifactId>Myclient</sys:artifactId>
<sys:version>2.2.0</sys:version>
<sys:type>jar</sys:type>
</sys:moduleId>
<sys:dependencies>
<sys:dependency>
<sys:groupId>console.realm</sys:groupId>
<sys:artifactId>remote-openejb-realm</sys:artifactId>
<sys:version>1.0</sys:version>
<sys:type>car</sys:type>
</sys:dependency>
</sys:dependencies>
</sys:client-environment>
<sys:server-environment>
<sys:moduleId>
<sys:groupId>org.apache.geronimo.samples</sys:groupId>
<sys:artifactId>MyServer</sys:artifactId>
<sys:version>2.2.0</sys:version>
<sys:type>jar</sys:type>
</sys:moduleId>
<sys:dependencies>
<sys:dependency>
<sys:groupId>console.realm</sys:groupId>
<sys:artifactId>remote-openejb-realm</sys:artifactId>
<sys:version>1.0</sys:version>
<sys:type>car</sys:type>
</sys:dependency>
</sys:dependencies>
</sys:server-environment>
<realm-name>remote-openejb-realm</realm-name>
<callback-handler>org.apache.geronimo.samples.Myclient.appClient.
MyCallbackHandler</callback-handler>
</application-client>
Hope this helpls.
Jeff C
On Tue, Apr 6, 2010 at 11:16 PM, Sarah.kho <sa...@gmail.com> wrote:
>
> Hi,
>
> I studied the page but it does not have the name of the deployment
> descriptor which I should include those sample code inside it. should I
> include them inside the geronimo-application-client.xml?
>
> it also says that the realm should also be specified at the server side. i
> think it means in the openejb-jar.xml. can you give me the sample snippet
> for that one as well?
>
> thanks
> --
> View this message in context:
> http://n3.nabble.com/when-using-an-application-client-to-consume-a-secure-ejb-who-perform-the-authentication-tp699700p700639.html
> Sent from the Users mailing list archive at Nabble.com.
>
Re: when using an application client to consume a secure ejb, who
perform the authentication?
Posted by "Sarah.kho" <sa...@gmail.com>.
Hi,
I studied the page but it does not have the name of the deployment
descriptor which I should include those sample code inside it. should I
include them inside the geronimo-application-client.xml?
it also says that the realm should also be specified at the server side. i
think it means in the openejb-jar.xml. can you give me the sample snippet
for that one as well?
thanks
--
View this message in context: http://n3.nabble.com/when-using-an-application-client-to-consume-a-secure-ejb-who-perform-the-authentication-tp699700p700639.html
Sent from the Users mailing list archive at Nabble.com.