users@glassfish.java.net

Re: Doubt about standalone remote ejb client and security realm

From: Nithya Subramanian <Nithya.Subramanian_at_Sun.COM>
Date: Mon, 24 Nov 2008 21:25:30 +0530

V B Kumar Jayanti wrote:
> Danilo Levantesi wrote:
>
>> Hi to all.
>> I'm developing a standalone remote ejb client for some protected
>> EJBs (via @RolesAllowed), and I've, successfully, followed the FAQ
>> instructions: I can authenticate using ProgrammaticLogin and lookup
>> via InitialContext.
>>
>> Now I've a doubt: ProgrammaticLogin has a login method where the
>> developer can specify the realm name.
>>
>> If I specify the realm
>> (programmaticLogin.login("username","password","custom_realm",
>> false), and the remote EJB has an entry (*) in sun-ejb.xml with that
>> realm name, it works.
>>
>>
>>
> OK
>
>> If I specify the realm, but the remote EJB hasn't an entry in
>> sun-ejb.xml, then I get a CORBA_NO_PERMISSION exception on client
>> side, and a login exception on server side
>> (javax.security.auth.login.LoginException: Failed file login for
>> username).
>>
>>
> This is also reasonable.
>
>> It seems the credentials are checked against the file realm and not
>> against the specified custom_realm: is this the right behaviour?
>>
>> Moreover, if I set my custom_realm as the default realm, it still
>> continues authenticating against the file realm.
>>
>>
>>
> This seems to indicate the file realm is hardcoded soemwhere which
> should probably be changed. It should have got the default realm from
> the domain config.
>
> regards,
> kumar
Could you please try using an appclient instead of a standalone java
client and check if the same error recurs?

Thanks,
Nithya
>
>>
>> (*) <ejb>
>> <ejb-name>BeanName</ejb-name>
>> <ior-security-config>
>> ...
>> <as-context>
>> <auth-method>USERNAME_PASSWORD</auth-method>
>> <realm>custom_realm</realm>
>> <required>true</required>
>> </as-context>
>> ...
>> </ior-security-config> </ejb>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.