users@glassfish.java.net

Re: what is use of sun-acc.xml? I think any configuration included in this file is ignored by appclient script.

From: Sarah kho <sarah.kho_at_gmail.com>
Date: Mon, 31 Aug 2009 15:57:06 +0430

Hi Tim,
Have you recieved any reply from security team on this subject?
I just need to know what is use of elements like:
 <auth-realm name="simRealm"
classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
  <property name="file" value="/home/sarah/simRealm.txt"/>
  <property name="jaas-context" value="fileRealm"/>
</auth-realm>

and
<security ....> </security>
elements. We have similar elements in the sun-ejb-jar.xml. I can not
understand what is use of these configurations compared to what we have in
sun-ejb-jar.xml.
Thanks,
Sarah.

On Mon, Aug 24, 2009 at 8:05 PM, Tim Quinn <Timothy.Quinn_at_sun.com> wrote:

> Hi, Sarah.
>
> The sun-acc.xml is indeed used by the ACC. Your question about the realm,
> though, is a little complicated.
>
> I have copied the security team on this so they can weigh in, but my
> understanding is that the server knows the realm within which access to the
> guarded EJB must be authorized. The username and password returned from the
> client is then authenticated within that realm.
> As a result the client program or user does not really choose or specify
> what realm to use for authentication.
> [Ron, I know we've talked about this extensively in the past. Do I have
> this right?]
>
> - Tim
>
>
> Sarah kho wrote:
>
>> Hi
>> I am trying to use sun-acc.xml to confugure the authentication of my
>> client application.
>> I changed the sun-acc.xml as follow to enforce the authentication to
>> happen with simRealm but it does not work ot I think it is ignored by the
>> appclient script.
>> here is my sun-acc.xml
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <!DOCTYPE client-container PUBLIC "-//Sun Microsystems Inc.//DTD
>> Application Server 8.0 Application Client Container//EN" "
>> http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd
>> ">
>>
>> <client-container>
>> <target-server name="127.0.0.1" address="127.0.0.1" port="3700"/>
>> <auth-realm name="simRealm"
>> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
>> <property name="file" value="/home/sarah/simRealm.txt"/>
>> <property name="jaas-context" value="fileRealm"/>
>> </auth-realm> <log-service file="" level="WARNING"/>
>> </client-containe
>>
>> and here is how I execute the application client:
>> ./appclient -client /home/sarah/app-client.jar -xml
>> /home/sarah/sun-acc.xml
>> Can you please let me know whether I am using the file correctly or there
>> is something else that I have ignored or miss understood?
>> The EJBs I am trying to access are secured and only few roles and groups
>> has access to them. I defined all f those groups and users in that file
>> realm.
>> Thanks.
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>