"The realm against which authentication needs to happen is configured in
sun-ejb-jar <as-context> element. The realm referenced here should be a
realm that was defined in domain.xml."
Thank you for reply. and I am sorry for being naeive and asking many
questions.
I do not understand why we need to specify the realm both in the sun-acc.xml
and the sun-ejb-jar.xml. Are both of them required? What is the role of
realm we specified in sun-acc.xml if the authentication is going to happen
based on what we defined in sun-ejb-jar.xml?
Thanks again.
On Mon, Aug 31, 2009 at 4:41 PM, Kumar Jayanti <Vbkumar.Jayanti_at_sun.com>wrote:
>
> Sarah kho wrote:
>
> Hi Tim,
> Have you recieved any reply from security team on this subject?
> I just need to know what is use of elements like:
> <auth-realm name="simRealm"
> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
> <property name="file" value="/home/sarah/simRealm.txt"/> <property
> name="jaas-context" value="fileRealm"/> </auth-realm>
>
> The realms are defined in Domain.xml, with syntax like above.
>
> and
> <security ....> </security>
> elements. We have similar elements in the sun-ejb-jar.xml. I can not
> understand what is use of these configurations compared to what we have in
> sun-ejb-jar.xml.
>
> The realm against which authentication needs to happen is configured in
> sun-ejb-jar <as-context> element. The realm referenced here should be a
> realm that was defined in domain.xml. Thanks.
>
> Thanks,
> Sarah.
> On Mon, Aug 24, 2009 at 8:05 PM, Tim Quinn <Timothy.Quinn_at_sun.com>wrote:
>
> Hi, Sarah. The sun-acc.xml is indeed used by the ACC. Your question
> about the realm, though, is a little complicated. I have copied the
> security team on this so they can weigh in, but my understanding is that the
> server knows the realm within which access to the guarded EJB must be
> authorized. The username and password returned from the client is then
> authenticated within that realm. As a result the client program or user
> does not really choose or specify what realm to use for authentication. [Ron,
> I know we've talked about this extensively in the past. Do I have this
> right?] - Tim Sarah kho wrote:
>
> Hi I am trying to use sun-acc.xml to confugure the authentication of my
> client application. I changed the sun-acc.xml as follow to enforce the
> authentication to happen with simRealm but it does not work ot I think it is
> ignored by the appclient script. here is my sun-acc.xml <?xml
> version="1.0" encoding="UTF-8"?> <!DOCTYPE client-container PUBLIC
> "-//Sun Microsystems Inc.//DTD Application Server 8.0 Application Client
> Container//EN" "
> http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd
> "> <client-container> <target-server name="127.0.0.1"
> address="127.0.0.1" port="3700"/> <auth-realm name="simRealm"
> classname="com.sun.enterprise.security.auth.realm.file.FileRealm"> <property name="file" value="/home/sarah/simRealm.txt"/> <property name="jaas-context" value="fileRealm"/></auth-realm> <log-service file="" level="WARNING"/></client-containe and here is how I execute the application client:./appclient -client /home/sarah/app-client.jar -xml /home/sarah/sun-acc.xmlCan you please let me know whether I am using the file correctly or there is
> something else that I have ignored or miss understood? The EJBs I am
> trying to access are secured and only few roles and groups has access to
> them. I defined all f those groups and users in that file realm. Thanks.
>
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
> additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>
>
>