You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by mauro2java2011 <ma...@gmail.com> on 2014/03/11 09:38:42 UTC
use the java ee glaaery into TOMEE with secuirity
the following link
https://bitbucket.org/VineetReynolds/java-ee-6-galleria
into the source contain a ear applicatio nwith ejb and jsf .
it use security and roles
It is writed for glassfish .
How i can use it with tomee ?
i have simple to create groups and user to associate to gorups into
server.xml?
if you read at :
https://bitbucket.org/VineetReynolds/java-ee-6-galleria/src/b76114fb0477072853ddc459e3e746a5fc70851b/galleria-ejb/glassfish-integrationtest-install/glassfish/domains/domain1/config/domain.xml?at=default
------------------------------
<!-- THE PART OF SECURITY
<security-service activate-default-principal-to-role-mapping="true"
jacc="simple">
<auth-realm
classname="com.sun.enterprise.security.auth.realm.file.FileRealm"
name="admin-realm">
<property value="${com.sun.aas.instanceRoot}/config/admin-keyfile"
name="file"/>
<property value="fileRealm" name="jaas-context"/>
</auth-realm>
<auth-realm
classname="com.sun.enterprise.security.auth.realm.file.FileRealm"
name="file">
<property value="${com.sun.aas.instanceRoot}/config/keyfile"
name="file"/>
<property value="fileRealm" name="jaas-context"/>
</auth-realm>
<auth-realm
classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"
name="certificate"/>
<auth-realm name="GalleriaRealm"
classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm">
<property description="null" name="jaas-context"
value="jdbcRealm"></property>
<property name="encoding" value="Hex"></property>
<property description="null" name="password-column"
value="PASSWORD"></property>
<property name="datasource-jndi"
value="jdbc/galleriaDS"></property>
<property name="group-table" value="USERS_GROUPS"></property>
<property name="user-table" value="USERS"></property>
<property description="null" name="group-name-column"
value="GROUPID"></property>
<property name="digest-algorithm" value="SHA-512"></property>
<property description="null" name="user-name-column"
value="USERID"></property>
</auth-realm>
<jacc-provider
policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl"
policy-provider="com.sun.enterprise.security.provider.PolicyWrapper"
name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy"
name="repository"/>
</jacc-provider>
<jacc-provider
policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"
policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider"
name="simple"/>
<audit-module classname="com.sun.enterprise.security.Audit"
name="default">
<property value="false" name="auditOn"/>
</audit-module>
<message-security-config auth-layer="SOAP">
<provider-config provider-id="XWS_ClientProvider"
class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"
provider-type="client">
<request-policy auth-source="content"/>
<response-policy auth-source="content"/>
<property value="s1as" name="encryption.key.alias"/>
<property value="s1as" name="signature.key.alias"/>
<property value="false" name="dynamic.username.password"/>
<property value="false" name="debug"/>
</provider-config>
<provider-config provider-id="ClientProvider"
class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"
provider-type="client">
<request-policy auth-source="content"/>
<response-policy auth-source="content"/>
<property value="s1as" name="encryption.key.alias"/>
<property value="s1as" name="signature.key.alias"/>
<property value="false" name="dynamic.username.password"/>
<property value="false" name="debug"/>
<property
value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"
name="security.config"/>
</provider-config>
<provider-config provider-id="XWS_ServerProvider"
class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"
provider-type="server">
<request-policy auth-source="content"/>
<response-policy auth-source="content"/>
<property value="s1as" name="encryption.key.alias"/>
<property value="s1as" name="signature.key.alias"/>
<property value="false" name="debug"/>
</provider-config>
<provider-config provider-id="ServerProvider"
class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"
provider-type="server">
<request-policy auth-source="content"/>
<response-policy auth-source="content"/>
<property value="s1as" name="encryption.key.alias"/>
<property value="s1as" name="signature.key.alias"/>
<property value="false" name="debug"/>
<property
value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"
name="security.config"/>
</provider-config>
</message-security-config>
<property value="SHA-256" name="default-digest-algorithm"/>
</security-service>
------------------
if you see at
https://bitbucket.org/VineetReynolds/java-ee-6-galleria/src/b76114fb0477072853ddc459e3e746a5fc70851b/galleria-ejb/src/main/java/info/galleria/service/ejb/AlbumServiceImpl.java?at=default
you can see that into the declaration for the ejb :
@Stateless
@EJB(name = "java:global/galleria/galleria-ejb/AlbumService", beanInterface
= AlbumService.class)
@RolesAllowed({ "RegisteredUsers" })
@TransactionAttribute(TransactionAttributeType.REQUIRED)
public class AlbumServiceImpl implements AlbumService
{
the methods for the ejb are permit to "RegistredUsers" .
you can see that it is created a realm NAMED "GalleriaRealm" into glassfish
server
HOW I CAN ADAPT TO TOMEE ???
tank you for your attention
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by helio frota <00...@gmail.com>.
there is a part on jaas in tomee refcard
tomee.apache.org/refcard/refcard.html
Thanks !
Going to spread this refcard on CEJUG mailing list !
-----------------------------------------------------------
http://eprogramming.github.io/about.html
On Fri, Mar 14, 2014 at 8:08 AM, Romain Manni-Bucau
<rm...@gmail.com>wrote:
> I use it in server.xml usually
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
>
>
>
> 2014-03-14 12:06 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> > and
> > <Realm className="org.apache.catalina.realm.JAASRealm"
> > appName="PropertiesLoginModule"
> >
> >
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
> >
> >
> roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group">
> > </Realm>
> >
> > i can put it int othe Context.xml relative to a single web application
> but
> > not put into server.xml?
> >
> >
> >
> > --
> > View this message in context:
> http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668207.html
> > Sent from the OpenEJB User mailing list archive at Nabble.com.
>
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
I use it in server.xml usually
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-14 12:06 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> and
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="PropertiesLoginModule"
>
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
>
> roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group">
> </Realm>
>
> i can put it int othe Context.xml relative to a single web application but
> not put into server.xml?
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668207.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by mauro2java2011 <ma...@gmail.com>.
and
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PropertiesLoginModule"
userClassNames="org.apache.openejb.core.security.AbstractSecurityService$User"
roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Group">
</Realm>
i can put it int othe Context.xml relative to a single web application but
not put into server.xml?
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668207.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
MyApp is the name you use in JAAS
http://docs.oracle.com/javase/6/docs/api/javax/security/auth/login/LoginContext.html#LoginContext(java.lang.String)
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-14 11:52 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> tank you for your response.
> but from:
> Login configuration file (conf/login.config)
>
> PropertiesLogin {
> org.apache.openejb.core.security.jaas.PropertiesLoginModule required
> Debug=true
> UsersFile="users.properties"
> GroupsFile="groups.properties";
> };
> MyApp {
> org.apache.openejb.core.security.jaas.SQLLoginModule required
> dataSourceName="MyDataSource"
> userSelect="SELECT username, password FROM users WHERE username=?"
> groupSelect="SELECT username, grp FROM users WHERE username=?";
> };
>
>
> MyApp it is the name of the webapplication ????
> for example if i have many web app name web1 web2, web3 (or other names) i
> have to change the MyApp with web1 web2 web3 ?
> or MyApp remains inalterate?
>
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668204.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by mauro2java2011 <ma...@gmail.com>.
tank you for your response.
but from:
Login configuration file (conf/login.config)
PropertiesLogin {
org.apache.openejb.core.security.jaas.PropertiesLoginModule required
Debug=true
UsersFile="users.properties"
GroupsFile="groups.properties";
};
MyApp {
org.apache.openejb.core.security.jaas.SQLLoginModule required
dataSourceName="MyDataSource"
userSelect="SELECT username, password FROM users WHERE username=?"
groupSelect="SELECT username, grp FROM users WHERE username=?";
};
MyApp it is the name of the webapplication ????
for example if i have many web app name web1 web2, web3 (or other names) i
have to change the MyApp with web1 web2 web3 ?
or MyApp remains inalterate?
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668204.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
files go in conf/
to use another login module change the class and adapt the config.
here a sample using sql: http://tomee.apache.org/clients.html
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-14 11:01 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> last ask:
>
> fro mthe your page:
> http://tomee.apache.org/tomee-jaas.html
>
> i read into the : login.config :
> PropertiesLogin {
> org.apache.openejb.core.security.jaas.PropertiesLoginModule required
> Debug=false
> UsersFile="users.properties"
> GroupsFile="groups.properties";
> };
>
>
> 1ask : if i understand , o have to create 2 file properties:
> users.properties and groups.properties .
> But what i t is the location for put the 2 file properties ?
> 2 ask : if i not use the users.properties and groupsproperties files , but a
> database , how i modify it?
>
>
>
>
>
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668201.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by mauro2java2011 <ma...@gmail.com>.
last ask:
fro mthe your page:
http://tomee.apache.org/tomee-jaas.html
i read into the : login.config :
PropertiesLogin {
org.apache.openejb.core.security.jaas.PropertiesLoginModule required
Debug=false
UsersFile="users.properties"
GroupsFile="groups.properties";
};
1ask : if i understand , o have to create 2 file properties:
users.properties and groups.properties .
But what i t is the location for put the 2 file properties ?
2 ask : if i not use the users.properties and groupsproperties files , but a
database , how i modify it?
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668201.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
setenv.sh would work, in the shell too.
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-11 18:45 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> ok but from what file i have to put :
>
> export CATALINA_OPTS="-D....=..." (or set under windows)
>
> ? into setenv.sh ?'
> into catalina.sh???
>
>
>
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668172.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by mauro2java2011 <ma...@gmail.com>.
ok but from what file i have to put :
export CATALINA_OPTS="-D....=..." (or set under windows)
? into setenv.sh ?'
into catalina.sh???
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668172.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
export CATALINA_OPTS="-D....=..." (or set under windows)
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-11 15:40 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> i have to test it .
> But if with system.properties not work, how i have to set ? i have read to
> set JAVA_OPT but how and int owhat file??
> please a example? tank you
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668165.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by mauro2java2011 <ma...@gmail.com>.
i have to test it .
But if with system.properties not work, how i have to set ? i have read to
set JAVA_OPT but how and int owhat file??
please a example? tank you
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668165.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
well tomcat only handles jaas for servlet, tomee does for all part of
EE (it explains the diff).
system.properties was not working on some version, can't recall right
now which one but normally it should be on JVM system properties. Did
you try system.properties and it failed?
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-11 15:07 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> Tank you for reference card of tomer.
> The Djava.security.auth.login.config is congiguravle from
> /conf/system.properties ?
>
> The jaas on your reference card it is different from that referenced at
> jdbc realm tutorial referenced above in my precedent post ( not the gallery
> but the other tutorial ) ??
> Il giorno 11/mar/2014 12.34, "Romain Manni-Bucau [via OpenEJB]" <
> ml-node+s979440n4668159h4@n4.nabble.com> ha scritto:
>
>> there is a part on jaas in tomee refcard
>> tomee.apache.org/refcard/refcard.html
>>
>> for galleria no need to hack normally to activated jaas.
>>
>> For history:
>> http://openejb.979440.n4.nabble.com/Bug-TomEE-43-quot-library-directory-ignored-quot-is-fixed-in-1-0-0-beta-2-td4517874.html#a4523075
>> Romain Manni-Bucau
>> Twitter: @rmannibucau
>> Blog: http://rmannibucau.wordpress.com/
>> LinkedIn: http://fr.linkedin.com/in/rmannibucau
>> Github: https://github.com/rmannibucau
>>
>>
>>
>> 2014-03-11 12:26 GMT+01:00 mauro2java2011 <[hidden email]<http://user/SendEmail.jtp?type=node&node=4668159&i=0>>:
>>
>>
>> > please the request simple , but the following tutorial can work ?
>> > I can adpt the gallery app with the following tutorial for security?
>> >
>> >
>> http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and-tomcat-7-with-form-based-authentication/
>> >
>> >
>> >
>> >
>> > --
>> > View this message in context:
>> http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668158.html
>> > Sent from the OpenEJB User mailing list archive at Nabble.com.
>>
>>
>> ------------------------------
>> If you reply to this email, your message will be added to the discussion
>> below:
>>
>> http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668159.html
>> To unsubscribe from use the java ee glaaery into TOMEE with secuirity, click
>> here<http://openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4668156&code=bWF1cm8yamF2YTIwMTFAZ21haWwuY29tfDQ2NjgxNTZ8LTExMTcxODc2MjU=>
>> .
>> NAML<http://openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>>
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668163.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by mauro2java2011 <ma...@gmail.com>.
Tank you for reference card of tomer.
The Djava.security.auth.login.config is congiguravle from
/conf/system.properties ?
The jaas on your reference card it is different from that referenced at
jdbc realm tutorial referenced above in my precedent post ( not the gallery
but the other tutorial ) ??
Il giorno 11/mar/2014 12.34, "Romain Manni-Bucau [via OpenEJB]" <
ml-node+s979440n4668159h4@n4.nabble.com> ha scritto:
> there is a part on jaas in tomee refcard
> tomee.apache.org/refcard/refcard.html
>
> for galleria no need to hack normally to activated jaas.
>
> For history:
> http://openejb.979440.n4.nabble.com/Bug-TomEE-43-quot-library-directory-ignored-quot-is-fixed-in-1-0-0-beta-2-td4517874.html#a4523075
> Romain Manni-Bucau
> Twitter: @rmannibucau
> Blog: http://rmannibucau.wordpress.com/
> LinkedIn: http://fr.linkedin.com/in/rmannibucau
> Github: https://github.com/rmannibucau
>
>
>
> 2014-03-11 12:26 GMT+01:00 mauro2java2011 <[hidden email]<http://user/SendEmail.jtp?type=node&node=4668159&i=0>>:
>
>
> > please the request simple , but the following tutorial can work ?
> > I can adpt the gallery app with the following tutorial for security?
> >
> >
> http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and-tomcat-7-with-form-based-authentication/
> >
> >
> >
> >
> > --
> > View this message in context:
> http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668158.html
> > Sent from the OpenEJB User mailing list archive at Nabble.com.
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668159.html
> To unsubscribe from use the java ee glaaery into TOMEE with secuirity, click
> here<http://openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4668156&code=bWF1cm8yamF2YTIwMTFAZ21haWwuY29tfDQ2NjgxNTZ8LTExMTcxODc2MjU=>
> .
> NAML<http://openejb.979440.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668163.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
there is a part on jaas in tomee refcard tomee.apache.org/refcard/refcard.html
for galleria no need to hack normally to activated jaas.
For history: http://openejb.979440.n4.nabble.com/Bug-TomEE-43-quot-library-directory-ignored-quot-is-fixed-in-1-0-0-beta-2-td4517874.html#a4523075
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-11 12:26 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> please the request simple , but the following tutorial can work ?
> I can adpt the gallery app with the following tutorial for security?
>
> http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and-tomcat-7-with-form-based-authentication/
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668158.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by mauro2java2011 <ma...@gmail.com>.
please the request simple , but the following tutorial can work ?
I can adpt the gallery app with the following tutorial for security?
http://www.thejavageek.com/2013/07/07/configure-jdbcrealm-jaas-for-mysql-and-tomcat-7-with-form-based-authentication/
--
View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156p4668158.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
Re: use the java ee glaaery into TOMEE with secuirity
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
found https://gist.github.com/rmannibucau/2079015, not sure it is
still relevant,
about the real just configure JAASRealm in server.xml and configure
JAAS asusual in tomee http://tomee.apache.org/tomee-jaas.html
Romain Manni-Bucau
Twitter: @rmannibucau
Blog: http://rmannibucau.wordpress.com/
LinkedIn: http://fr.linkedin.com/in/rmannibucau
Github: https://github.com/rmannibucau
2014-03-11 9:38 GMT+01:00 mauro2java2011 <ma...@gmail.com>:
> the following link
> https://bitbucket.org/VineetReynolds/java-ee-6-galleria
> into the source contain a ear applicatio nwith ejb and jsf .
> it use security and roles
>
> It is writed for glassfish .
>
> How i can use it with tomee ?
> i have simple to create groups and user to associate to gorups into
> server.xml?
>
> if you read at :
> https://bitbucket.org/VineetReynolds/java-ee-6-galleria/src/b76114fb0477072853ddc459e3e746a5fc70851b/galleria-ejb/glassfish-integrationtest-install/glassfish/domains/domain1/config/domain.xml?at=default
>
> ------------------------------
> <!-- THE PART OF SECURITY
> <security-service activate-default-principal-to-role-mapping="true"
> jacc="simple">
> <auth-realm
> classname="com.sun.enterprise.security.auth.realm.file.FileRealm"
> name="admin-realm">
> <property value="${com.sun.aas.instanceRoot}/config/admin-keyfile"
> name="file"/>
> <property value="fileRealm" name="jaas-context"/>
> </auth-realm>
> <auth-realm
> classname="com.sun.enterprise.security.auth.realm.file.FileRealm"
> name="file">
> <property value="${com.sun.aas.instanceRoot}/config/keyfile"
> name="file"/>
> <property value="fileRealm" name="jaas-context"/>
> </auth-realm>
> <auth-realm
> classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"
> name="certificate"/>
> <auth-realm name="GalleriaRealm"
> classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm">
> <property description="null" name="jaas-context"
> value="jdbcRealm"></property>
> <property name="encoding" value="Hex"></property>
> <property description="null" name="password-column"
> value="PASSWORD"></property>
> <property name="datasource-jndi"
> value="jdbc/galleriaDS"></property>
> <property name="group-table" value="USERS_GROUPS"></property>
> <property name="user-table" value="USERS"></property>
> <property description="null" name="group-name-column"
> value="GROUPID"></property>
> <property name="digest-algorithm" value="SHA-512"></property>
> <property description="null" name="user-name-column"
> value="USERID"></property>
> </auth-realm>
> <jacc-provider
> policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl"
> policy-provider="com.sun.enterprise.security.provider.PolicyWrapper"
> name="default">
> <property value="${com.sun.aas.instanceRoot}/generated/policy"
> name="repository"/>
> </jacc-provider>
> <jacc-provider
> policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"
> policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider"
> name="simple"/>
> <audit-module classname="com.sun.enterprise.security.Audit"
> name="default">
> <property value="false" name="auditOn"/>
> </audit-module>
> <message-security-config auth-layer="SOAP">
> <provider-config provider-id="XWS_ClientProvider"
> class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"
> provider-type="client">
> <request-policy auth-source="content"/>
> <response-policy auth-source="content"/>
> <property value="s1as" name="encryption.key.alias"/>
> <property value="s1as" name="signature.key.alias"/>
> <property value="false" name="dynamic.username.password"/>
> <property value="false" name="debug"/>
> </provider-config>
> <provider-config provider-id="ClientProvider"
> class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"
> provider-type="client">
> <request-policy auth-source="content"/>
> <response-policy auth-source="content"/>
> <property value="s1as" name="encryption.key.alias"/>
> <property value="s1as" name="signature.key.alias"/>
> <property value="false" name="dynamic.username.password"/>
> <property value="false" name="debug"/>
> <property
> value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"
> name="security.config"/>
> </provider-config>
> <provider-config provider-id="XWS_ServerProvider"
> class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"
> provider-type="server">
> <request-policy auth-source="content"/>
> <response-policy auth-source="content"/>
> <property value="s1as" name="encryption.key.alias"/>
> <property value="s1as" name="signature.key.alias"/>
> <property value="false" name="debug"/>
> </provider-config>
> <provider-config provider-id="ServerProvider"
> class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule"
> provider-type="server">
> <request-policy auth-source="content"/>
> <response-policy auth-source="content"/>
> <property value="s1as" name="encryption.key.alias"/>
> <property value="s1as" name="signature.key.alias"/>
> <property value="false" name="debug"/>
> <property
> value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml"
> name="security.config"/>
> </provider-config>
> </message-security-config>
> <property value="SHA-256" name="default-digest-algorithm"/>
> </security-service>
>
>
>
> ------------------
> if you see at
> https://bitbucket.org/VineetReynolds/java-ee-6-galleria/src/b76114fb0477072853ddc459e3e746a5fc70851b/galleria-ejb/src/main/java/info/galleria/service/ejb/AlbumServiceImpl.java?at=default
>
> you can see that into the declaration for the ejb :
> @Stateless
> @EJB(name = "java:global/galleria/galleria-ejb/AlbumService", beanInterface
> = AlbumService.class)
> @RolesAllowed({ "RegisteredUsers" })
> @TransactionAttribute(TransactionAttributeType.REQUIRED)
> public class AlbumServiceImpl implements AlbumService
> {
>
>
> the methods for the ejb are permit to "RegistredUsers" .
>
> you can see that it is created a realm NAMED "GalleriaRealm" into glassfish
> server
> HOW I CAN ADAPT TO TOMEE ???
>
>
> tank you for your attention
>
>
>
>
>
>
>
>
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/use-the-java-ee-glaaery-into-TOMEE-with-secuirity-tp4668156.html
> Sent from the OpenEJB User mailing list archive at Nabble.com.