Danilo Levantesi wrote:
>Hi to all.
>I'm developing a standalone remote ejb client for some protected EJBs (via
>@RolesAllowed), and I've, successfully, followed the FAQ instructions: I can
>authenticate using ProgrammaticLogin and lookup via InitialContext.
>
>Now I've a doubt: ProgrammaticLogin has a login method where the developer can
>specify the realm name.
>
>If I specify the realm
>(programmaticLogin.login("username","password","custom_realm", false), and
>the remote EJB has an entry (*) in sun-ejb.xml with that realm name, it
>works.
>
>
>
OK
>If I specify the realm, but the remote EJB hasn't an entry in sun-ejb.xml,
>then I get a CORBA_NO_PERMISSION exception on client side, and a login
>exception on server side (javax.security.auth.login.LoginException: Failed
>file login for username).
>
>
This is also reasonable.
>It seems the credentials are checked against the file realm and not against
>the specified custom_realm: is this the right behaviour?
>
>Moreover, if I set my custom_realm as the default realm, it still continues
>authenticating against the file realm.
>
>
>
This seems to indicate the file realm is hardcoded soemwhere which
should probably be changed. It should have got the default realm from
the domain config.
regards,
kumar
>
>(*) <ejb>
> <ejb-name>BeanName</ejb-name>
> <ior-security-config>
> ...
> <as-context>
> <auth-method>USERNAME_PASSWORD</auth-method>
> <realm>custom_realm</realm>
> <required>true</required>
> </as-context>
> ...
> </ior-security-config>
> </ejb>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>