I configured my web services (stateless EJB exposed as web services) to use BASIC http authentication and choose a LDAP realm. In GF ldapRealm is configured as following:
Directory: ldap://172.168.1.1:389
BaseDN: ou=users,dc=test,dc=company,dc=com
search-bind-password: rootpwd
search-bind-dn: cn=Directory Manager
On my standalone jse application, I set credentials using:
((BindingProvider) m_proxy).getRequestContext(). put(BindingProvider.USERNAME_PROPERTY, "clientuser");
((BindingProvider) m_proxy).getRequestContext(). put(BindingProvider.PASSWORD_PROPERTY, "clientpwd");
When I run my client app for the first time, I saw ldap search using search-bind-dn, then a BIND using "clientuser". However, subsequent run from my client app, (jvm exit and restart) only result in ldap search, no BIND anymore.
I did a test, changed my clientuser password from directory server, my client application is still able to connect to GF web services using the OLD pwd. The same ldap connection is reused and I think the LdapContext is cached in Glassfish.
My question is:
How is the client session being managed by web services in this case? How are my remote JSE clients able to share the same LDAP bind? Maybe I should not use BASIC authentication in this case?
Environment:
Java 1.6.0_16
Sun GlassFish Communications Server 2.0 (v2.1 Patch06)(9.1_02 Patch12)
Sun Directory Server v6.3
EJBs deployed with
<sun-ejb-jar>
<enterprise-beans>
<ejb>
<ejb-name>MyWebServiceBean</ejb-name>
<webservice-endpoint>
<port-component-name>WSPortName</port-component-name>
<login-config>
<auth-method>BASIC</auth-method>
<realm>ldap</realm>
</login-config>
</webservice-endpoint>
</ejb>
</enterprise-beans>
</sun-ejb-jar>
[Message sent by forum member 'zhang8572' (zhang8572_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=384865