users@glassfish.java.net

Re: do i need to specify security realm in client application container deployment descriptor?

From: Sudarsan Sridhar <Sudarsan.Sridhar_at_Sun.COM>
Date: Tue, 06 Apr 2010 15:23:25 +0530

On 06-Apr-2010, at 2:53 PM, Sarah kho wrote:

> Thank you very much.
Glad to help :)
>
> So the EJB container performs the authentication and not the application client container.
>
> thanks.
>
> On Tue, Apr 6, 2010 at 12:41 PM, Sudarsan Sridhar <Sudarsan.Sridhar_at_sun.com> wrote:
>
> On 06-Apr-2010, at 12:31 PM, Sarah kho wrote:
>
>> hi Sudarsan,
>> Thank you for replying me.
>>
>> Do you mean that the ejb container performs the authentication? I think I read in the spec and in another post in the forum which indicate that application client container performs the authentication. You can see the discussion at http://forums.java.net/jive/thread.jspa?messageID=393725
> The application client just creates a client Subject and sends it to the server, then the authentication/authorization is done by the server.
>
>> Also, I was not able to find anyway to specify the security realm for the ejb application using it deployment descriptrs: ejb-jar.xml and sun-ejb-jar.xml
> The security realm is specified in sun-ejb-jar.xml as follows:
>
> <ejb>
> ....
> <ior-security-context>
> ...
> <as-context>
> <realm>myrealm</realm>
> </as-context>
> ...
> </ior-security-context>
> ...
> </ejb>
>
> This element is not handled by netbeans. You will have to add it manually.
>
> Regards,
> Sudarsan
>
>>
>> thanks
>>
>> On Tue, Apr 6, 2010 at 10:43 AM, Sudarsan Sridhar <Sudarsan.Sridhar_at_sun.com> wrote:
>>
>> On 06-Apr-2010, at 3:55 AM, Sarah kho wrote:
>>
>> > hi
>> > if using a client application to access secure EJBs, where i should specify the security realm which should be used for the authentication and authorization?
>> >
>> The authentication is done on the server side, so the security realm must be specified in the EJB module descriptor.
>>
>> Regards,
>> Sudarsan
>> > thanks.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>
>