[
https://issues.apache.org/jira/browse/OPENEJB-901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12625114#action_12625114
]
Dain Sundstrom commented on OPENEJB-901:
----------------------------------------
I modified the OpenEJB ejb-examples for Tomcat to use a custom realm and it is
working for me. Attached is the ejb-examples.war file and realm.jar. Place
the war in the Tomcat webapps director and realm.jar in the Tomcat lib
directory, and then visit http://localhost:8080/ejb-examples URL. Click the
secure link and enter the user name manager with password manager.
Here is the code for my CustomRealm:
package org.superbiz.servlet;
import java.security.Principal;
import java.util.Arrays;
import org.apache.catalina.realm.RealmBase;
import org.apache.catalina.realm.GenericPrincipal;
public class CustomRealm extends RealmBase {
protected String getName() {
return "CustomRealm";
}
protected String getPassword(String user) {
System.out.println("CustomRealm.getPassword(" + user + ")=" + user);
return user;
}
protected Principal getPrincipal(String user) {
GenericPrincipal principal = new GenericPrincipal(this, user, user,
Arrays.asList(user, "user"));
System.out.println("CustomRealm.getPrincipal(" + user + ")=" +
principal);
return principal;
}
}
Basically, any user is allowed and the password is the same as the user name.
The user is granted the role "user" and a role that has the same name as the
user name.
The only modification I made to the ejb-example code was to add <Realm
className="org.superbiz.servlet.CustomRealm"/> to the context.xml file. You
can find the code for ejb-examples at
https://svn.apache.org/repos/asf/openejb/trunk/openejb3/examples/webapps/ejb-examples
If you are still having problems, I will need your CustomRealm class.
> TomcatSecurityService should use the context-specific Realm
> -----------------------------------------------------------
>
> Key: OPENEJB-901
> URL: https://issues.apache.org/jira/browse/OPENEJB-901
> Project: OpenEJB
> Issue Type: Bug
> Components: tomcat
> Affects Versions: 3.0
> Environment: Ubuntu Linux 8.04, i386
> Reporter: Luis Fernando Planella Gonzalez
> Attachments: ejb-examples.war, jaas.conf, realm.jar, test.war
>
>
> TomcatSecurityService currently uses only the default container Realm to
> authenticate users, ignoring a context-defined Realm.
> So, an user is correctly authenticated on the web application (for example,
> through j_security_check), but is not correctly authenticated in EJBs.
> Attached, is a war file and a jaas configuration file, which should have the
> system property java.security.auth.login.config set to it.
> To test, first authenticate by visiting
> http://localhost:8080/test/protected.jsp. Any username / password is
> validated, and the "user" role is granted. Then browse to
> http://localhost:8080/test/test, and a permission denied exception is thrown,
> because the role "user" is not granted.
> Another test is comment the @RolesAllowed("user") in
> TestServiceBean.sayHello() method. In this case, the isCallerInRole("user")
> is alwais false.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
