users@glassfish.java.net

RE: ORB authentication

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Tue, 24 May 2011 08:14:07 -0400

<!-- here is a MEJBBean ejb bean which will authenticate to admin-realm -->
    <ejb>
      <ejb-name>MEJBBean</ejb-name>
      <jndi-name>ejb/mgmt/MEJB</jndi-name>
      <pass-by-reference>false</pass-by-reference>
      <ior-security-config>
        <as-context>
          <auth-method>USERNAME_PASSWORD</auth-method>
          <realm>admin-realm</realm>
          <required>true</required>
        </as-context>
      </ior-security-config>
      <is-read-only-bean>false</is-read-only-bean>
      <refresh-period-in-seconds>-1</refresh-period-in-seconds>
      <cmt-timeout-in-seconds>0</cmt-timeout-in-seconds>
      <gen-classes/>
    </ejb>

<!--- the admin-realm jmx-connector implements the rmi_jrmp protocol and is ssl3 enabled as defined here -->
<admin-service system-jmx-connector-name="system" type="das-and-server">
  <!-- The JSR 160 "system-jmx-connector" authenticates to admin-realm -->
  <jmx-connector accept-all="false" address="0.0.0.0" auth-realm-name="admin-realm" enabled="true" name="system" port="9686" protocol="rmi_jrmp" security-enabled="false">
     <ssl cert-nickname="s1as" client-auth-enabled="false" ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true" tls-rollback-enabled="true"/>
  </jmx-connector>
...
</admin-service>

<!-- file-realm is the jaas-context attribute of FileRealm class assigned to file or admin-realm realms as defined here-->
      <security-service activate-default-principal-to-role-mapping="false" anonymous-role="AttributeDeprecated" audit-enabled="false" audit-modules="default" default-realm="file" jacc="default">
        <!-- All administrative users use this realm by default. -->
        <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
          <property name="file" value="${com.sun.aas.instanceRoot}/config/admin-keyfile"/>
          <property name="jaas-context" value="fileRealm"/>
        </auth-realm>
        <!-- All administrative users use this realm by default. -->
        <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
          <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"/>
          <property name="jaas-context" value="fileRealm"/>
        </auth-realm>
        <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
    </auth-realm>

Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.




> Subject: Re: ORB authentication
> From: v.b.kumar.jayanti_at_oracle.com
> Date: Tue, 24 May 2011 15:55:40 +0530
> To: users_at_glassfish.java.net
>
>
> On 24-May-2011, at 2:51 PM, forums_at_java.net wrote:
>
> > I finally managed to get authentication working...
> >
> > First of all, make sure you provide the server's JARs in your classpath. As a
> > maven freak I included "glassfish-embedded-all" and it would NOT work. Make
> > sure you point to gf-client.jar. If anymone knows which is the maven artifact
> > to add, I would be more than glad.
> >
> gfclient.jar is correct.
> > make sure to include this in your *sun-ejb-jar.xml* (or
> > *glassfish-ejb-jar.xml*) :
> >
> > <ejb>
> > <ejb-name>BatchServiceBean</ejb-name>
> > <ior-security-config>
> > <as-context>
> > <auth-method>USERNAME_PASSWORD</auth-method>
> > <realm>default</realm>
> > <required>true</required>
> > </as-context>
> > </ior-security-config>
> > </ejb>
> > I didn't see this information in the different articles I've read. I guess it
> > wouldn't be a bad idea to point this out. Note that for some reason, if I put
> > "fileRealm" as the realm value, it does not work. Even though fileRealm is
> > the default realm... God knows why.
> the name of the default realm is just "file" not "fileRealm"
>
> > Now, is there anyway to "bullk activate" the athentication for all my beans?
> > Because with this, it looks like I'll have to copy the "ior-security-config"
> > for all my EJBs.
> >
> Are all your ejb's in a single EAR ?.
>
> >
> > --
> >
> > [Message sent by forum member 'Roinou']
> >
> > View Post: http://forums.java.net/node/805069
> >
> >
>