Hi,
Thank you for reply. and I am sorry for being naeive and asking many
questions.
Any further comment or guidlines:
I do not understand why we need to specify the realm both in the sun-acc.xml
and the sun-ejb-jar.xml. Are both of them required? What is the role of
realm we specified in sun-acc.xml if the authentication is going to happen
based on what we defined in sun-ejb-jar.xml?
Thanks again.
On Mon, Aug 31, 2009 at 6:25 PM, Sarah kho <sarah.kho_at_gmail.com> wrote:
> "The realm against which authentication needs to happen is configured in
> sun-ejb-jar <as-context> element. The realm referenced here should be a
> realm that was defined in domain.xml."
>
> Thank you for reply. and I am sorry for being naeive and asking many
> questions.
> I do not understand why we need to specify the realm both in the
> sun-acc.xml and the sun-ejb-jar.xml. Are both of them required? What is the
> role of realm we specified in sun-acc.xml if the authentication is going to
> happen based on what we defined in sun-ejb-jar.xml?
> Thanks again.
>
> On Mon, Aug 31, 2009 at 4:41 PM, Kumar Jayanti <Vbkumar.Jayanti_at_sun.com>wrote:
>>
>> Sarah kho wrote:
>>
>> Hi Tim,
>> Have you recieved any reply from security team on this subject?
>> I just need to know what is use of elements like:
>> <auth-realm name="simRealm"
>> classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
>> <property name="file" value="/home/sarah/simRealm.txt"/> <property
>> name="jaas-context" value="fileRealm"/> </auth-realm>
>>
>> The realms are defined in Domain.xml, with syntax like above.
>>
>> and
>> <security ....> </security>
>> elements. We have similar elements in the sun-ejb-jar.xml. I can not
>> understand what is use of these configurations compared to what we have in
>> sun-ejb-jar.xml.
>>
>> The realm against which authentication needs to happen is configured in
>> sun-ejb-jar <as-context> element. The realm referenced here should be a
>> realm that was defined in domain.xml. Thanks.
>>
>> Thanks,
>> Sarah.
>> On Mon, Aug 24, 2009 at 8:05 PM, Tim Quinn <Timothy.Quinn_at_sun.com>wrote:
>>
>> Hi, Sarah. The sun-acc.xml is indeed used by the ACC. Your question
>> about the realm, though, is a little complicated. I have copied the
>> security team on this so they can weigh in, but my understanding is that the
>> server knows the realm within which access to the guarded EJB must be
>> authorized. The username and password returned from the client is then
>> authenticated within that realm. As a result the client program or user
>> does not really choose or specify what realm to use for authentication. [Ron,
>> I know we've talked about this extensively in the past. Do I have this
>> right?] - Tim Sarah kho wrote:
>>
>> Hi I am trying to use sun-acc.xml to confugure the authentication of my
>> client application. I changed the sun-acc.xml as follow to enforce the
>> authentication to happen with simRealm but it does not work ot I think it is
>> ignored by the appclient script. here is my sun-acc.xml <?xml
>> version="1.0" encoding="UTF-8"?> <!DOCTYPE client-container PUBLIC
>> "-//Sun Microsystems Inc.//DTD Application Server 8.0 Application Client
>> Container//EN" "
>> http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd
>> "> <client-container> <target-server name="127.0.0.1"
>> address="127.0.0.1" port="3700"/> <auth-realm name="simRealm"
>> classname="com.sun.enterprise.security.auth.realm.file.FileRealm"> <property name="file" value="/home/sarah/simRealm.txt"/> <property name="jaas-context" value="fileRealm"/></auth-realm> <log-service file="" level="WARNING"/></client-containe and here is how I execute the application client:./appclient -client /home/sarah/app-client.jar -xml /home/sarah/sun-acc.xmlCan you please let me know whether I am using the file correctly or there is
>> something else that I have ignored or miss understood? The EJBs I am
>> trying to access are secured and only few roles and groups has access to
>> them. I defined all f those groups and users in that file realm. Thanks.
>>
>>
>> --------------------------------------------------------------------- To
>> unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net For
>> additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>>
>>
>>
>
>