Why is there a dep? That's just xml
Le 23 août 2012 07:55, "Enrico Olivelli" <[email protected]> a écrit :
> Thank you
> Your impl is great!
>
> But with this LazyRealm the app needs to depend compile-time from
> tomcat-catalina "realm" interface (even if it can be created with CDI, so I
> think that in this way devs can lookup EJBs)
> I think it should be more powerful to provide a Realm that could call
> directly one business method inside the app (as the EJB example or the EL
> example)
> the EL example is very powerfull, because devs who use JSF often declare
> <commandButton action="#{usermanager.login(..**....)" >
> but I think that an EJB stub would be enough
>
> maybe it would be useful to let the app provide a implementation of JASS
> LoginModule or some other "standard" way to authenticate the user (without
> deploying it in the container, that is sometimes out of the possibilities
> of the dev, IT rules!)
>
> another idea
> you can add a wrapper to the application "realm" in LazyRealm to adapt it
> to the Realm interface, I think the only useful method is
> authenticate(username,**password) method as the example I sent, Tomcat
> wants it to return a Tomcat specific Principal impl that contains the roles
> list
>
> Thanks
> - Enrico
>
>
> Il 22/08/2012 21:39, Romain Manni-Bucau ha scritto:
>
>> PS: the realm should be able to use cdi, simply add cdi="true" to the
>> realm
>> definition (that's not the default)
>>
>> *Romain Manni-Bucau*
>> *Twitter: @rmannibucau*
>> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
>> *
>>
>>
>>
>>
>> 2012/8/22 Romain Manni-Bucau <[email protected]>
>>
>> already looked it several times and the IDE was opened ;)
>>>
>>> *Romain Manni-Bucau*
>>> *Twitter: @rmannibucau*
>>> *Blog: http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
>>> *
>>>
>>>
>>>
>>>
>>> 2012/8/22 Thiago Veronezi <[email protected]>
>>>
>>> Dude, you are incredibly fast!!! :O)
>>>>
>>>>
>>>> On Wed, Aug 22, 2012 at 2:21 PM, Romain Manni-Bucau
>>>> <[email protected]>wrote:
>>>>
>>>>
>>>> https://issues.apache.org/**jira/browse/TOMEE-400<https://issues.apache.org/jira/browse/TOMEE-400>
>>>>>
>>>>> *Romain Manni-Bucau*
>>>>> *Twitter: @rmannibucau*
>>>>> *Blog:
>>>>> http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
>>>>> *
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> 2012/8/22 Enrico Olivelli <[email protected]>
>>>>>
>>>>> Il 22/08/2012 19:29, Romain Manni-Bucau ha scritto:
>>>>>>
>>>>>> hmm, the point is you tomcat creates the realm before the app is
>>>>>>
>>>>> started
>>>>
>>>>> (== the webapp classloader is not available) so you have to put your
>>>>>>>
>>>>>> realm
>>>>>
>>>>>> in the container
>>>>>>>
>>>>>>> it is exactly the reason for I'm asking you to put this kind of
>>>>>>
>>>>> support
>>>>
>>>>> in
>>>>>
>>>>>> TomEE, because you cannot deploy a "Realm" implementation directly in
>>>>>>
>>>>> your
>>>>>
>>>>>> own application
>>>>>> My trick is just to let the developer of the app bundle in its own app
>>>>>>
>>>>> the
>>>>>
>>>>>> only "logic" that implements the real autentication, leaving the
>>>>>>
>>>>> container
>>>>>
>>>>>> to "manage" security
>>>>>>
>>>>>> in order to lookup beans you have to make a JNDI lookup only for every
>>>>>> call to "autenticate", so the realm actually doesn't need to have
>>>>>>
>>>>> access
>>>>
>>>>> to
>>>>>
>>>>>> the application context before initialization
>>>>>>
>>>>>>
>>>>>>
>>>>>> FYI you can use the tomee maven plugin:
>>>>>>>
>>>>>>> <plugin>
>>>>>>> <groupId>org.apache.openejb.****maven</groupId>
>>>>>>> <artifactId>tomee-maven-****plugin</artifactId>
>>>>>>> <version>1.0.0-SNAPSHOT</****version>
>>>>>>> <configuration>
>>>>>>> <libs>
>>>>>>> <lib>examples:EJBRealm:1.0-****SNAPSHOT</lib>
>>>>>>> </libs>
>>>>>>> </configuration>
>>>>>>> </plugin>
>>>>>>>
>>>>>>> I don't know if tomcat already have a kind of lazy realm instantiator
>>>>>>>
>>>>>> but
>>>>>
>>>>>> we could add one in tomee to manage such cases
>>>>>>>
>>>>>>> *Romain Manni-Bucau*
>>>>>>> *Twitter: @rmannibucau*
>>>>>>> *Blog: http://rmannibucau.wordpress.****com<
>>>>>>>
>>>>>> http://rmannibucau.wordpress.**com <http://rmannibucau.wordpress.com>
>>>>> >
>>>>>
>>>>>> *
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 2012/8/22 Thiago Veronezi <[email protected]>
>>>>>>>
>>>>>>> Hmmmm... I like your idea!
>>>>>>>
>>>>>>>> I will try to implement something like that now.
>>>>>>>>
>>>>>>>>
>>>>>>>> []s,
>>>>>>>> Thiago.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Aug 22, 2012 at 1:12 PM, Enrico Olivelli <
>>>>>>>>
>>>>>>> [email protected]
>>>>
>>>>> wrote:
>>>>>>>>> This is not what I meant
>>>>>>>>> I'm attaching an example
>>>>>>>>>
>>>>>>>>> EJBRealm.zip is a simple Tomcat Realm that performs a JNDI lookup
>>>>>>>>>
>>>>>>>> to
>>>>
>>>>> get
>>>>>
>>>>>> an application provided EJB and invokes a method to authenticate
>>>>>>>>>
>>>>>>>> the
>>>>
>>>>> user
>>>>>>>>> <Realm className="ejbrealm.EJBRealm"
>>>>>>>>>
>>>>>>>>> beanname="java:global/******localhost/MyAuth/AuthBean"
>>>>>>>>
>>>>>>>> realmname="MyRealm" loginMethod="loginUser" />
>>>>>>>>>
>>>>>>>>> MyAuth.zip is an example webapp which uses it
>>>>>>>>>
>>>>>>>>> - Enrico
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Il 22/08/2012 18:38, Romain Manni-Bucau ha scritto:
>>>>>>>>>
>>>>>>>>> realm are typically managed by tomcat so tomcat pacakging should
>>>>>>>>>
>>>>>>>> work
>>>>>
>>>>>> the link between realm and ejbcontext is done through a wrapper
>>>>>>>>>>
>>>>>>>>> realm
>>>>
>>>>> called tomeerealm (added automcatically on the snapshot) so simply
>>>>>>>>>>
>>>>>>>>>> define
>>>>>>>>> the jaasrealm:
>>>>>>>>>
>>>>>>>>>> http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
>>>>>>>>>> **<
>>>>>>>>>>
>>>>>>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
>>>>> >
>>>>>
>>>>>> examples/cdi-ejbcontext-jaas/******src/main/tomee/conf/server.**
>>>>>>>>>> **xml<
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
>>>>>>>>>
>>>>>>>> examples/cdi-ejbcontext-jaas/****src/main/tomee/conf/server.**xml<
>>>>>>>>
>>>>>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**
>>>> examples/cdi-ejbcontext-jaas/**src/main/tomee/conf/server.xml<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/src/main/tomee/conf/server.xml>
>>>>
>>>>> here is a sample:
>>>>>>>>>
>>>>>>>>>> http://svn.apache.org/repos/******asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**>
>>>>>>>>>> **<
>>>>>>>>>>
>>>>>>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
>>>>> >
>>>>>
>>>>>> examples/cdi-ejbcontext-jaas/<
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> http://svn.apache.org/repos/****asf/openejb/trunk/openejb/**<http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**>
>>>>>>>>>
>>>>>>>> examples/cdi-ejbcontext-jaas/<
>>>>>>>>
>>>>>>> http://svn.apache.org/repos/**asf/openejb/trunk/openejb/**
>>>> examples/cdi-ejbcontext-jaas/<http://svn.apache.org/repos/asf/openejb/trunk/openejb/examples/cdi-ejbcontext-jaas/>
>>>>
>>>>> *Romain Manni-Bucau*
>>>>>>>>>
>>>>>>>>>> *Twitter: @rmannibucau*
>>>>>>>>>> *Blog: http://rmannibucau.wordpress.******com<
>>>>>>>>>>
>>>>>>>>>> http://rmannibucau.wordpress.****com <
>>>>>>>>>
>>>>>>>> http://rmannibucau.wordpress.**com<http://rmannibucau.wordpress.com>
>>>>
>>>>> *
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2012/8/22 Enrico Olivelli <[email protected]>
>>>>>>>>>>
>>>>>>>>>> I'd like to bundle my own "realm" implementation with my app,
>>>>>>>>>> because I
>>>>>>>>>>
>>>>>>>>>> want to call an EJB method in order to authenticate users
>>>>>>>>>>>
>>>>>>>>>>> Tomcat comes with JDBCRealm which can be used to lookup
>>>>>>>>>>>
>>>>>>>>>>> username/password
>>>>>>>>>>
>>>>>>>>> directly in the app DB bypassing application code
>>>>>>>>>
>>>>>>>>>> and Tomcat does like to "bundle" a Realm implementation inside
>>>>>>>>>>>
>>>>>>>>>> the
>>>>
>>>>> app
>>>>>
>>>>>> The only "issue" I see is the security context to use to access
>>>>>>>>>>>
>>>>>>>>>> this
>>>>
>>>>> "realm-EJB"
>>>>>>>>>>>
>>>>>>>>>>> Did I miss something ?
>>>>>>>>>>>
>>>>>>>>>>> Could you bundle a built-in Tomcat Realm that does the trick ?
>>>>>>>>>>> some thing like
>>>>>>>>>>> <Realm className="xxxx.EJBRealm"
>>>>>>>>>>>
>>>>>>>>>> beanLookup="java:comp/env/****
>>>>
>>>>> MyAuthBean"
>>>>>>>>>>> authenticateMethod="********authenticateUser" runAs="superuser"
>>>>>>>>>>> />
>>>>>>>>>>>
>>>>>>>>>>> or CDI-EL based
>>>>>>>>>>> assuming the presence of a @Named("authbean")
>>>>>>>>>>> <Realm className="xxxx.CDIRealm" authenticateMethod="#{****
>>>>>>>>>>> authbean.authenticateUser}"
>>>>>>>>>>> runAs="superuser" />
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Enrico
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>
>
