users@glassfish.java.net

Re: what is use of sun-acc.xml? I think any configuration included in this file is ignored by appclient script.

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Mon, 31 Aug 2009 17:41:34 +0530

Sarah kho wrote:
> Hi Tim,
> Have you recieved any reply from security team on this subject?
> I just need to know what is use of elements like:
> <auth-realm name="simRealm"
> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
> <property name="file" value="/home/sarah/simRealm.txt"/>
> <property name="jaas-context" value="fileRealm"/>
> </auth-realm>
>
The realms are defined in Domain.xml, with syntax like above.
> and
> <security ....> </security>
> elements. We have similar elements in the sun-ejb-jar.xml. I can not
> understand what is use of these configurations compared to what we
> have in sun-ejb-jar.xml.
The realm against which authentication needs to happen is configured in
sun-ejb-jar <as-context> element. The realm referenced here should be a
realm that was defined in domain.xml.

Thanks.
> Thanks,
> Sarah.
>
> On Mon, Aug 24, 2009 at 8:05 PM, Tim Quinn <Timothy.Quinn_at_sun.com
> <mailto:Timothy.Quinn_at_sun.com>> wrote:
>
> Hi, Sarah.
>
> The sun-acc.xml is indeed used by the ACC. Your question about
> the realm, though, is a little complicated.
>
> I have copied the security team on this so they can weigh in, but
> my understanding is that the server knows the realm within which
> access to the guarded EJB must be authorized. The username and
> password returned from the client is then authenticated within
> that realm.
> As a result the client program or user does not really choose or
> specify what realm to use for authentication.
> [Ron, I know we've talked about this extensively in the past. Do
> I have this right?]
>
> - Tim
>
>
>
> Sarah kho wrote:
>
> Hi
> I am trying to use sun-acc.xml to confugure the authentication
> of my client application.
> I changed the sun-acc.xml as follow to enforce the
> authentication to happen with simRealm but it does not work ot
> I think it is ignored by the appclient script.
> here is my sun-acc.xml
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!DOCTYPE client-container PUBLIC "-//Sun Microsystems
> Inc.//DTD Application Server 8.0 Application Client
> Container//EN"
> "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd">
>
> <client-container>
> <target-server name="127.0.0.1" address="127.0.0.1" port="3700"/>
> <auth-realm name="simRealm"
> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
> <property name="file" value="/home/sarah/simRealm.txt"/>
> <property name="jaas-context" value="fileRealm"/>
> </auth-realm> <log-service file="" level="WARNING"/>
> </client-containe
>
> and here is how I execute the application client:
> ./appclient -client /home/sarah/app-client.jar -xml
> /home/sarah/sun-acc.xml
> Can you please let me know whether I am using the file
> correctly or there is something else that I have ignored or
> miss understood?
> The EJBs I am trying to access are secured and only few roles
> and groups has access to them. I defined all f those groups
> and users in that file realm.
> Thanks.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> <mailto:users-unsubscribe_at_glassfish.dev.java.net>
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
> <mailto:users-help_at_glassfish.dev.java.net>
>
>