Arved,
Please excuse me for calling you out on this one, but you are the only one
on the mailing list who claims to have succeeded in doing what I want. The
documentation (surprise) is meaningless, and the mailing list archive is
failing me.
I have a servlet in a web-app that is deployed alongside my ejb application
under Orion. Orion is the app server, web server, and servlet engine. Simple.
I want to handle user authentication within my servlet, so I do not want any
sort of "FORM based login page" or any other mechanism. I would like for the
InitialContex that my servlet uses to establish the principal that is accessing
my Session Beans, and then I perform finer access control within those as an
extension to the EJB permissions. In certain instances, I would like to use
RoleManager.login() to change the EJB user that is in force.
First, I can not get Orion to read jndi.properties from anywhere. So, I am
explicitly loading them myself. I now explicitly put them into the System
properties and the values are:
System.setProperty
( "java.naming.factory.initial",
"com.evermind.server.ApplicationInitialContextFactory" );
System.setProperty
( "java.naming.provider.url", "ormi://localhost/appname" );
System.setProperty
( "java.naming.security.principal", "appuser" );
System.setProperty
( "java.naming.security.credentials", "password" );
I have defined 'appuser' in principals.xml, and I have put it in the 'administrators'
group.
I have added a custom UserManager to echo out what is going on just to give me some
idea on what is happening, and all I see is a call to UserManager.getGroup( "appuser"
).
No matter what I have tried, I have these problems:
1) I am always considered a "guest". It appears that Orion ignores my principal
setting in the jndi properties. I get no error messages anywhere about it. Yet,
when a Java application uses the same settings in jndi.properties, it works.
Even if I change the principal from 'appuser' to 'random', the calls to the
UserManager still reference 'appuser', which is very confusing.
2) I can not get servlets to load any jndi.properties from anywhere on the
CLASSPATH (WEB-INF/classes does not work, nor does WEB-INF). I have listed
the ClassLoader tree, and WEB-INF/classes is the path for the servlet loader.
3) I can not get a RoleManager reference to save my life. No matter what I do
in my code (using initCtx.lookup( "java:comp/env/RoleManager" ) ad nauseum)
I get a NamingException saying RoleManager is not found. Yet, everyone talks
about using it just that way! And lookups on my other names works. Do I need
an <ejb-ref> for RoleManager?
4) I can not find any logging of any errors related to authentication...
PLEASE, could you share in detail the steps you took to get your servlets to be able
to login a user by direct login (RoleManager.login()), and how you got your jndi
properties to be accepted so that you could specify your user credentials. I am just
frustrated now.
TIA,
tim.