Hi, Sarah.
The sun-acc.xml is indeed used by the ACC. Your question about the
realm, though, is a little complicated.
I have copied the security team on this so they can weigh in, but my
understanding is that the server knows the realm within which access to
the guarded EJB must be authorized. The username and password returned
from the client is then authenticated within that realm.
As a result the client program or user does not really choose or specify
what realm to use for authentication.
[Ron, I know we've talked about this extensively in the past. Do I have
this right?]
- Tim
Sarah kho wrote:
> Hi
> I am trying to use sun-acc.xml to confugure the authentication of my
> client application.
> I changed the sun-acc.xml as follow to enforce the authentication to
> happen with simRealm but it does not work ot I think it is ignored by
> the appclient script.
> here is my sun-acc.xml
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!DOCTYPE client-container PUBLIC "-//Sun Microsystems Inc.//DTD
> Application Server 8.0 Application Client Container//EN"
> "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd">
>
> <client-container>
> <target-server name="127.0.0.1" address="127.0.0.1" port="3700"/>
> <auth-realm name="simRealm"
> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
> <property name="file" value="/home/sarah/simRealm.txt"/>
> <property name="jaas-context" value="fileRealm"/>
> </auth-realm>
> <log-service file="" level="WARNING"/>
> </client-containe
>
> and here is how I execute the application client:
> ./appclient -client /home/sarah/app-client.jar -xml
> /home/sarah/sun-acc.xml
> Can you please let me know whether I am using the file correctly or
> there is something else that I have ignored or miss understood?
> The EJBs I am trying to access are secured and only few roles and
> groups has access to them. I defined all f those groups and users in
> that file realm.
> Thanks.