users@glassfish.java.net

Non-default security realm and ProgrammaticLogin in Glassfish?

From: <glassfish_at_javadesktop.org>
Date: Fri, 09 Nov 2007 09:25:40 PST

I have an ejb application jar with the following sun-ejb-jar.xml DD

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<sun-ejb-jar>
        <security-role-mapping>
                <role-name>user</role-name>
                <group-name>clerks</group-name>
        </security-role-mapping>
        <security-role-mapping>
                <role-name>power</role-name>
                <group-name>manager</group-name>
        </security-role-mapping>

        <enterprise-beans>
                <unique-id>0</unique-id>
                <ejb>
                        <ejb-name>PermitServiceBean</ejb-name>
                        <jndi-name>
                                ejb/permit/stateless/PermitServiceBean
                        </jndi-name>
                        <ior-security-config>
                                <as-context>
                                        <auth-method>USERNAME_PASSWORD</auth-method>
                                        <realm>permit</realm>
                                        <required>true</required>
                                </as-context>
                        </ior-security-config>
                        <gen-classes />
                </ejb>
        </enterprise-beans>
</sun-ejb-jar>

So this is specifying that the EJB will require authentication/authorization against the "permit" realm.

"permit" is configured as a Security realm but it is not the default security realm.

On the Java SE client side, I'm using the ProgrammaticLogin class to authenticate to the PermitServiceBean.

Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY,
                                "com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("org.omg.CORBA.ORBInitialHost", "localhost");
props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
InitialContext ctx = new InitialContext(props);
ProgrammaticLogin programmaticLogin = new ProgrammaticLogin();
programmaticLogin.login("testuser", "testpassword", "permit", true);
serviceBean = (PermitServiceRemote) ctx
                                 .lookup("ejb/permit/stateless/PermitServiceBean");

When I run my login code the following error message is being logged in the Glassfish server.xml:

[#|2007-11-09T10:55:50.314-0600|FINEST|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=21;_ThreadName=p: thread-pool-1; w: 5;ClassName=com.sun.enterprise.security.auth.LoginContextDriver;MethodName=doPasswordLogin;_RequestID=45ec3153-8d2d-42c9-8216-94ea6eb3df0f;|doPasswordLogin fails
javax.security.auth.login.LoginException: Failed file login for testuser.

It looks like the authentication is happening on the default Security Realm (file) instead of the "permit" realm.

I was wondering if someone could tell me what is it that I'm missing or confirm if this is a bug.
[Message sent by forum member 'r_sudh' (r_sudh)]

http://forums.java.net/jive/thread.jspa?messageID=244785
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.