glassfish_at_javadesktop.org wrote:
> Hello *,
>
> first in short my problem:
>
> I'm trying to get various EJB-JARs and WARs together. First, I deployed only one EJB-JAR (together with some library and data model JARs) in one EAR. After getting this running, I added my WAR, which now causes the following error:
>
> SEVERE: Linked policy contexts have different roleToSubjectMaps [MyEAR/mypackage_some_ejb_jar] [MyEAR/mypackage_some_war_internal].
>
>
> Now the details:
>
> I use my own security realm and it took me already quite a while to find out how to configure the EJBs to use it. The documentation online is really scarce and it's IMHO pretty complicated compared to JBoss - but maybe I'm doing sth. wrong already here (even though it works), thus here's my configuration and please correct me if this is wrong or not optimal:
>
> My ejb-jar.xml is basically empty (everything is declared using annotations).
>
> My sun-ejb-jar.xml looks like this:
>
> <sun-ejb-jar>
> <enterprise-beans>
> <ejb>
> <ejb-name>SecurityManagerBean</ejb-name>
> <ior-security-config>
> <as-context>
> <auth-method>USERNAME_PASSWORD</auth-method>
> <realm>NightLabsRealm</realm>
> <required>true</required>
> </as-context>
> </ior-security-config>
> </ejb>
> </enterprise-beans>
> </sun-ejb-jar>
>
> Is there an easier way, btw. to configure this by default? I want this setting for *ALL* EJBs of a JAR - I really don't want to write this hundreds of times (individually for every EJB).
>
> I created my "NightLabsRealm" via this command (packages+names shortened):
>
> ./asadmin create-auth-realm --classname mypackage.NightLabsRealm --property jaas-context=NightLabs NightLabsRealm
>
> And I added the following to the login.conf (packages+names shortened):
>
> NightLabs {
> mypackage.loginmodule.NightLabsLoginModule required;
> };
>
> While browsing for information, I only found documents telling me about role-principal-mappings with examples about how role "admin" is mapped to user "xyz" in some XML file. IMHO that's complete nonsense - I mean why should my application's XML files reference a user??? The place for users is the database and fortunately, I found the setting "Default Principal To Role Mapping" in http://localhost:4848/ => "Security", which I enabled. This setting did the job and now the EJB alone works perfectly fine with my own realm.
>
> Then I added the WAR which has the following setting in its web.xml:
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>NightLabsRealm</realm-name>
> </login-config>
>
> Of course, the realm is exactly the same as for the EJBs, but I get this error:
>
> SEVERE: Linked policy contexts have different roleToSubjectMaps [MyEAR/mypackage_some_ejb_jar] [MyEAR/mypackage_some_war_internal].
>
> Any idea what's wrong?
>
> Please note, that I do not want to use any setting in the EAR (if possible), because I want to get rid of the EAR and use OSGi bundles instead as soon as this is fixed:
>
>
Send us the EAR. Can you do a clean deploy after removing any
directories of the form... domains/domainx/generated/policy/MyEAR directory
By any chance do you have any roleToSubjectMappings in sun-web.xml ?.
From your desc it appears there isn't any. And is there a chance that
the set-of roles in WAR and EJB-JAR are different ?.
> http://forums.java.net/jive/thread.jspa?threadID=79976
>
> Best regards, Marco :-)
> [Message sent by forum member 'nlmarco']
>
> http://forums.java.net/jive/thread.jspa?messageID=473322
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>