Subject
Re: Geronimo role security
Please respond to
[EMAIL PROTECTED
As you can probably tell from my actions re GERONIMO-3357, I can't
reproduce this problem, and I even wrote a test app to look into it.
Can you compare what you are doing and the results you are getting to
the testsuite/enterprise-testsuite/sec-test app now present in g. 2.0
and trunk?
On Jul 19, 2007, at 9:06 AM, Aman Nanner/MxI Technologies wrote:
The fake EAR did start ok.
I can try deploying the realm as a plain GBean plan, but I'm not
sure how
to go about doing this as I've only been deploying J2EE modules to
this
point (EAR, WAR, etc.). Is there some good
run-as handling is completely different in 2.0. Instead of
constructing a subject out of xml, the run-as subject comes from
logging into a login module just like any other subject. You have to
do several things:
-- set up a security realm so the desired subject can in fact be
created
I tried out the solution, but I'm still having problems in that the JSP is
not running under the desired run-as role. I cannot see in the
TomcatGeronimoRealm where this run-as role is being set, or if it is
accessing the credential store to get the run-as subject.
The actual configuration of the
Urrk, I'm trying to do too many things at once today :-(
Could you try putting the security realm in a separate configuration
and putting that in as a dependency for the ear? If we can see if
that eliminates the hiccup and whether that helps find the run-as
subject it would be very
I declared the security realm in a separate EAR, and then put a dependency
on that EAR from my real EAR, but it didn't solve the problem. In fact,
the realm lookup failed both the first time and the second time (instead of
succeeding the second time). Can an EAR access a Realm declared within
it should be able to, but maybe I'm missing something. The fake
ear started ok?
I was thinking you could just deploy a plain gbean plan with
dependencies on the jars that have the security classes, similar to
the built in server-security-config.
If you can get on IRC we might be able to
Hi,
I'm using the latest Geronimo 2.0 snapshot from the codebase. I understand
that security has changed somewhat from Geronimo 1.2. I'm running into an
issue where I have a JSP with a specific run-as role calling a secured
EJB. This JSP has its run-as role defined in the web.xml as follows:
I have unsubscribed. Please make sure I am removed from this list.
It would appear that the TomcatGeronimoRealm.hasResourcePermission(...)
method does not apply the run-as role if one is defined. If this indeed
the case, then I believe this is a bug
Aman Nanner/MxI Technologies [EMAIL PROTECTED] wrote on 07-17-2007
10:55:23 PM:
Hi,
I'm using the latest
11 matches
Mail list logo