Sarah kho wrote:
> Hi,
> Thank you for reply. and I am sorry for being naeive and asking many
> questions.
> Any further comment or guidlines:
>
> I do not understand why we need to specify the realm both in the
> sun-acc.xml and the sun-ejb-jar.xml.
I don't think you will need to specify the realm in sun-acc.xml. Can you
show me what you are doing in the client code. Are you using
ProgrammaticLogin ?.
regards,
kumar
> Are both of them required? What is the role of realm we specified in
> sun-acc.xml if the authentication is going to happen based on what we
> defined in sun-ejb-jar.xml?
>
> Thanks again.
>
>
> On Mon, Aug 31, 2009 at 6:25 PM, Sarah kho <sarah.kho_at_gmail.com
> <mailto:sarah.kho_at_gmail.com>> wrote:
>
> "The realm against which authentication needs to happen is
> configured in sun-ejb-jar <as-context> element. The realm
> referenced here should be a realm that was defined in domain.xml."
>
> Thank you for reply. and I am sorry for being naeive and asking
> many questions.
> I do not understand why we need to specify the realm both in the
> sun-acc.xml and the sun-ejb-jar.xml. Are both of them required?
> What is the role of realm we specified in sun-acc.xml if the
> authentication is going to happen based on what we defined in
> sun-ejb-jar.xml?
> Thanks again.
>
>
> On Mon, Aug 31, 2009 at 4:41 PM, Kumar Jayanti
> <Vbkumar.Jayanti_at_sun.com <mailto:Vbkumar.Jayanti_at_sun.com>> wrote:
>
>
> Sarah kho wrote:
>> Hi Tim,
>>
>> Have you recieved any reply from security team on this subject?
>> I just need to know what is use of elements like:
>> <auth-realm name="simRealm"
>> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
>>
>> <property name="file" value="/home/sarah/simRealm.txt"/>
>> <property name="jaas-context" value="fileRealm"/>
>> </auth-realm>
>>
>>
> The realms are defined in Domain.xml, with syntax like above.
>
>> and
>> <security ....> </security>
>> elements. We have similar elements in the sun-ejb-jar.xml. I
>> can not understand what is use of these configurations
>> compared to what we have in sun-ejb-jar.xml.
> The realm against which authentication needs to happen is
> configured in sun-ejb-jar <as-context> element. The realm
> referenced here should be a realm that was defined in domain.xml.
>
> Thanks.
>
>> Thanks,
>> Sarah.
>>
>> On Mon, Aug 24, 2009 at 8:05 PM, Tim Quinn
>> <Timothy.Quinn_at_sun.com <mailto:Timothy.Quinn_at_sun.com>> wrote:
>>
>>
>> Hi, Sarah.
>>
>> The sun-acc.xml is indeed used by the ACC. Your question
>> about the realm, though, is a little complicated.
>>
>> I have copied the security team on this so they can weigh
>> in, but my understanding is that the server knows the
>> realm within which access to the guarded EJB must be
>> authorized. The username and password returned from the
>> client is then authenticated within that realm.
>> As a result the client program or user does not really
>> choose or specify what realm to use for authentication.
>> [Ron, I know we've talked about this extensively in the
>> past. Do I have this right?]
>>
>> - Tim
>>
>>
>> Sarah kho wrote:
>>
>>
>> Hi
>> I am trying to use sun-acc.xml to confugure the
>> authentication of my client application.
>> I changed the sun-acc.xml as follow to enforce the
>> authentication to happen with simRealm but it does
>> not work ot I think it is ignored by the appclient
>> script.
>> here is my sun-acc.xml
>> <?xml version="1.0" encoding="UTF-8"?>
>>
>> <!DOCTYPE client-container PUBLIC "-//Sun
>> Microsystems Inc.//DTD Application Server 8.0
>> Application Client Container//EN"
>> "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd">
>>
>>
>> <client-container>
>> <target-server name="127.0.0.1" address="127.0.0.1"
>> port="3700"/>
>> <auth-realm name="simRealm"
>> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
>>
>> <property name="file"
>> value="/home/sarah/simRealm.txt"/>
>> <property name="jaas-context" value="fileRealm"/>
>> </auth-realm> <log-service file="" level="WARNING"/>
>> </client-containe
>>
>> and here is how I execute the application client:
>> ./appclient -client /home/sarah/app-client.jar -xml
>> /home/sarah/sun-acc.xml
>> Can you please let me know whether I am using the
>> file correctly or there is something else that I have
>> ignored or miss understood?
>> The EJBs I am trying to access are secured and only
>> few roles and groups has access to them. I defined
>> all f those groups and users in that file realm.
>> Thanks.
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>>
>> To unsubscribe, e-mail:
>> users-unsubscribe_at_glassfish.dev.java.net
>> <mailto:users-unsubscribe_at_glassfish.dev.java.net>
>> For additional commands, e-mail:
>> users-help_at_glassfish.dev.java.net
>> <mailto:users-help_at_glassfish.dev.java.net>
>>
>>
>>
>>
>
>
>
>
>