Author: rmannibucau
Date: Mon Dec 12 07:48:00 2016
New Revision: 1773746
URL: http://svn.apache.org/viewvc?rev=1773746&view=rev
Log:
adding auth doc for remote jndi client
Removed:
tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/documentation.adoc
Modified:
tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc
Modified:
tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc
URL:
http://svn.apache.org/viewvc/tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc?rev=1773746&r1=1773745&r2=1773746&view=diff
==============================================================================
---
tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc
(original)
+++
tomee/site/trunk/generators/site-tomee-ng/src/main/jbake/content/advanced/client/jndi.adoc
Mon Dec 12 07:48:00 2016
@@ -74,3 +74,43 @@ ctx.lookup("java:....");
Contrarly to local one, the remote factory supports `Context.SECURITY_*`
options in a thread safe manner and you can do lookups at runtime using them.
See link:../../admin/cluster/index.html[Cluster] page for more details on the
options.
+
+=== Security
+
+The context configuration can take additional configuration to handle EJB
security:
+
+[source]
+----
+p.put("openejb.authentication.realmName", "my-realm"); // optional
+p.put(Context.SECURITY_PRINCIPAL, "alfred");
+p.put(Context.SECURITY_CREDENTIALS, "bat");
+----
+
+The realm will be used by JAAS to get the right LoginModules and
principal/credentials to
+do the actual authentication.
+
+==== HTTP case
+
+Often HTTP layer is secured and in this case you need to authenticate before
the EJBd (remote EJB TomEE protocol) layer.
+Thanks to TomEE/Tomcat integration login there will propagate to the EJBd
context.
+
+This can be done passing the token you need to set as `Authorization` header
in the `PROVIDER_URL`:
+
+[source]
+----
+// tomee/openejb principal/credentials
+p.put(Context.PROVIDER_URL,
"http://localhost:8080/tomee/ejb?authorization=Basic%20dG9tZWU6b3BlbmVqYg==";);
+----
+
+The token passed as `authorization` query parameter is the header value URL
encoded. It can
+be any token like a basic one, a custom one, an OAuth2 one (in this case you
need to renew it programmatically
+and change your client instance when renewing) etc...
+
+TIP: basic being very common there is a shortcut with two alternate query
parameter replacing `authorization` one: `basic.password` and `basic.username`.
+
+Finally if you don't use `Authorization` header you can change the used header
setting `authorizationHeader` query parameter.
+
+NOTE: `authorization`, `authorizationHeader`, `basic.username`, and
`basic.password` are removed
+from the URL before opening the connection and therefore not logged in the
remote server access log since version 7.0.3.
+
+
