Hello *,
first in short my problem:
I'm trying to get various EJB-JARs and WARs together. First, I deployed only one EJB-JAR (together with some library and data model JARs) in one EAR. After getting this running, I added my WAR, which now causes the following error:
SEVERE: Linked policy contexts have different roleToSubjectMaps [MyEAR/mypackage_some_ejb_jar] [MyEAR/mypackage_some_war_internal].
Now the details:
I use my own security realm and it took me already quite a while to find out how to configure the EJBs to use it. The documentation online is really scarce and it's IMHO pretty complicated compared to JBoss - but maybe I'm doing sth. wrong already here (even though it works), thus here's my configuration and please correct me if this is wrong or not optimal:
My ejb-jar.xml is basically empty (everything is declared using annotations).
My sun-ejb-jar.xml looks like this:
<sun-ejb-jar>
<enterprise-beans>
<ejb>
<ejb-name>SecurityManagerBean</ejb-name>
<ior-security-config>
<as-context>
<auth-method>USERNAME_PASSWORD</auth-method>
<realm>NightLabsRealm</realm>
<required>true</required>
</as-context>
</ior-security-config>
</ejb>
</enterprise-beans>
</sun-ejb-jar>
Is there an easier way, btw. to configure this by default? I want this setting for *ALL* EJBs of a JAR - I really don't want to write this hundreds of times (individually for every EJB).
I created my "NightLabsRealm" via this command (packages+names shortened):
./asadmin create-auth-realm --classname mypackage.NightLabsRealm --property jaas-context=NightLabs NightLabsRealm
And I added the following to the login.conf (packages+names shortened):
NightLabs {
mypackage.loginmodule.NightLabsLoginModule required;
};
While browsing for information, I only found documents telling me about role-principal-mappings with examples about how role "admin" is mapped to user "xyz" in some XML file. IMHO that's complete nonsense - I mean why should my application's XML files reference a user??? The place for users is the database and fortunately, I found the setting "Default Principal To Role Mapping" in
http://localhost:4848/ => "Security", which I enabled. This setting did the job and now the EJB alone works perfectly fine with my own realm.
Then I added the WAR which has the following setting in its web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>NightLabsRealm</realm-name>
</login-config>
Of course, the realm is exactly the same as for the EJBs, but I get this error:
SEVERE: Linked policy contexts have different roleToSubjectMaps [MyEAR/mypackage_some_ejb_jar] [MyEAR/mypackage_some_war_internal].
Any idea what's wrong?
Please note, that I do not want to use any setting in the EAR (if possible), because I want to get rid of the EAR and use OSGi bundles instead as soon as this is fixed:
http://forums.java.net/jive/thread.jspa?threadID=79976
Best regards, Marco :-)
[Message sent by forum member 'nlmarco']
http://forums.java.net/jive/thread.jspa?messageID=473322