You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by "Sarah.kho" <sa...@gmail.com> on 2010/04/06 00:50:52 UTC
application client and secure ejbs. how do we determine the
security realm?
Hi
Can you please let me know when we have a secure ejb in the enterprise
application and the application client need to access that ejb, what happens
to the sending username and password to the server?
how to configure the geronimo-application-client.xml for for security
checking?
thanks.
--
View this message in context: http://n3.nabble.com/application-client-and-secure-ejbs-how-do-we-determine-the-security-realm-tp698976p698976.html
Sent from the Users mailing list archive at Nabble.com.
Re: application client and secure ejbs. how do we determine the security realm?
Posted by David Jencks <da...@yahoo.com>.
IIRC you write a CallbackHandler that obtains the credentials from a source of your choosing (such as the client command line or a login dialog) and configure this in the application-client.xml (the spec dd, not the geronimo plan). You also need to configure a security realm in the app client that contains the org.apache.geronimo.openejb.OpenejbRemoteLoginModule configured to connect to the server. There might possibly be an example of how to do this in the geronimo testsuite in a client security test.
I don't think you want to configure the security info on how to log into the server in the app client configuration.... that would mean anyone who got the app client could log into the server with no further credentials.
hope this helps
david jencks
On Apr 5, 2010, at 3:50 PM, Sarah.kho wrote:
>
> Hi
> Can you please let me know when we have a secure ejb in the enterprise
> application and the application client need to access that ejb, what happens
> to the sending username and password to the server?
>
> how to configure the geronimo-application-client.xml for for security
> checking?
>
>
> thanks.
> --
> View this message in context: http://n3.nabble.com/application-client-and-secure-ejbs-how-do-we-determine-the-security-realm-tp698976p698976.html
> Sent from the Users mailing list archive at Nabble.com.