On 06-Apr-2010, at 12:31 PM, Sarah kho wrote:
> hi Sudarsan,
> Thank you for replying me.
>
> Do you mean that the ejb container performs the authentication? I think I read in the spec and in another post in the forum which indicate that application client container performs the authentication. You can see the discussion at http://forums.java.net/jive/thread.jspa?messageID=393725
The application client just creates a client Subject and sends it to the server, then the authentication/authorization is done by the server.
> Also, I was not able to find anyway to specify the security realm for the ejb application using it deployment descriptrs: ejb-jar.xml and sun-ejb-jar.xml
The security realm is specified in sun-ejb-jar.xml as follows:
<ejb>
....
<ior-security-context>
...
<as-context>
<realm>myrealm</realm>
</as-context>
...
</ior-security-context>
...
</ejb>
This element is not handled by netbeans. You will have to add it manually.
Regards,
Sudarsan
>
> thanks
>
> On Tue, Apr 6, 2010 at 10:43 AM, Sudarsan Sridhar <Sudarsan.Sridhar_at_sun.com> wrote:
>
> On 06-Apr-2010, at 3:55 AM, Sarah kho wrote:
>
> > hi
> > if using a client application to access secure EJBs, where i should specify the security realm which should be used for the authentication and authorization?
> >
> The authentication is done on the server side, so the security realm must be specified in the EJB module descriptor.
>
> Regards,
> Sudarsan
> > thanks.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>