users@glassfish.java.net

RE: what is use of sun-acc.xml? I think any configuration included in this file is ignored by appclient script.

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Mon, 31 Aug 2009 08:55:12 -0400

        <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
          <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"/>
          <property name="jaas-context" value="fileRealm"/>
        </auth-realm>

the first property is the full path to the keystore file (constructed with keytool) e.g.
keytool -genkey -alias alias -keystore .keystore

http://www.java2s.com/Tutorial/Java/0490__Security/CreatingaNewKeyPairandSelfSignedCertificateUsingkeytool.htm

Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.




Date: Mon, 31 Aug 2009 15:57:06 +0430
From: sarah.kho_at_gmail.com
To: users_at_glassfish.dev.java.net
Subject: Re: what is use of sun-acc.xml? I think any configuration included in this file is ignored by appclient script.

Hi Tim,
Have you recieved any reply from security team on this subject?I just need to know what is use of elements like: <auth-realm name="simRealm" classname="com.sun.enterprise.security.auth.realm.file.FileRealm">

  <property name="file" value="/home/sarah/simRealm.txt"/>
  <property name="jaas-context" value="fileRealm"/>
</auth-realm>

and
<security ....> </security> elements. We have similar elements in the sun-ejb-jar.xml. I can not understand what is use of these configurations compared to what we have in sun-ejb-jar.xml.
Thanks,Sarah.
On Mon, Aug 24, 2009 at 8:05 PM, Tim Quinn <Timothy.Quinn_at_sun.com> wrote:

Hi, Sarah.



The sun-acc.xml is indeed used by the ACC. Your question about the realm, though, is a little complicated.



I have copied the security team on this so they can weigh in, but my understanding is that the server knows the realm within which access to the guarded EJB must be authorized. The username and password returned from the client is then authenticated within that realm.


As a result the client program or user does not really choose or specify what realm to use for authentication.

[Ron, I know we've talked about this extensively in the past. Do I have this right?]



- Tim





Sarah kho wrote:


Hi

I am trying to use sun-acc.xml to confugure the authentication of my client application.

I changed the sun-acc.xml as follow to enforce the authentication to happen with simRealm but it does not work ot I think it is ignored by the appclient script.

here is my sun-acc.xml

<?xml version="1.0" encoding="UTF-8"?>



<!DOCTYPE client-container PUBLIC "-//Sun Microsystems Inc.//DTD Application Server 8.0 Application Client Container//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd">




<client-container>

  <target-server name="127.0.0.1" address="127.0.0.1" port="3700"/>

  <auth-realm name="simRealm" classname="com.sun.enterprise.security.auth.realm.file.FileRealm">

  <property name="file" value="/home/sarah/simRealm.txt"/>

  <property name="jaas-context" value="fileRealm"/>

</auth-realm> <log-service file="" level="WARNING"/>

</client-containe



and here is how I execute the application client:

./appclient -client /home/sarah/app-client.jar -xml /home/sarah/sun-acc.xml

Can you please let me know whether I am using the file correctly or there is something else that I have ignored or miss understood?

The EJBs I am trying to access are secured and only few roles and groups has access to them. I defined all f those groups and users in that file realm.

Thanks.






---------------------------------------------------------------------

To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net

For additional commands, e-mail: users-help_at_glassfish.dev.java.net





_________________________________________________________________
Hotmail® is up to 70% faster. Now good news travels really fast.
http://windowslive.com/online/hotmail?ocid=PID23391::T:WLMTAGL:ON:WL:en-US:WM_HYGN_faster:082009