I have not tried this yet, but it just occurred to me that the
naming.principal is just establishing the jndi security context - it does
not do a login.
If you want to login, you have to first establish the context with an
account in principals.xml, and then use RoleManager.login(...) to login your
user. The role manager gets information about the usermanager you
registered, the InitialContext has nothing to do with your usermanager.
(This is just a Gedankenexperiment - if you try it, let me know whether it
actually works)
--peter
-----Original Message-----
From: Jeff Schnitzer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 02, 2001 5:15 PM
To: Orion-Interest
Subject: RE: Problem implementing Custom User Management using
SimpleUserManager
I am also experiencing this - no matter what I try (and I'm pretty sure
I've tried everything), I cannot get an application client user to log
in using a custom user manager (either SimpleUserManager-derived or
DataSourceUserManager).
Note that the application client logs in just fine using "admin" or any
of the principals.xml users. But I get the "Invalid username/password"
exception when trying users produced by the custom user manager.
This is with Orion 1.5.2. Does anyone have application clients working
with a custom user manager?
Jeff
> -----Original Message-----
> From: Adam Maliborski [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, September 29, 2001 7:09 AM
> To: Orion-Interest
> Subject: Problem implementing Custom User Management using
> SimpleUserManager
>
> Hi,
>
> I am trying to validate users of my ejb server via a database using
the
> SimpleUserManager.
>
> I have extended SimpleUserManager and overridden the three methods and
> confirmed that they are being called and returning true.
>
> I have made the following changes to the descriptors.
>
> ORION-APPLICATION.XML
> <orion-application deployment-version="1.5.2">
>
> <ejb-module remote="false" path="ejb.jar" />
> <web-module id="web" path="web.war" />
>
> <security-role-mapping name="administration">
> <group name="administration" />
> </security-role-mapping>
> <security-role-mapping name="productbuilder">
> <group name="productbuilder" />
> </security-role-mapping>
> <security-role-mapping name="enduser">
> <group name="enduser" />
> </security-role-mapping>
> <persistence path="persistence" />
> <library path="c:\test\ejb.jar" />
> <principals path="principals.xml" />
> <user-manager class="com.test.rms.user.orion.UCIServerUserManager"
/>
> <log>
> <file path="application.log" />
> </log>
>
> <namespace-access>
> <read-access>
> <namespace-resource root="">
> <security-role-mapping name="<jndi-user-role>">
> <group name="administration" />
> <group name="productbuilder" />
> <group name="enduser" />
> </security-role-mapping>
> </namespace-resource>
> </read-access>
> <write-access>
> <namespace-resource root="">
> <security-role-mapping name="<jndi-user-role>">
> <group name="administration" />
> <group name="productbuilder" />
> <group name="enduser" />
> </security-role-mapping>
> </namespace-resource>
> </write-access>
> </namespace-access>
> </orion-application>
>
> PRINCIPALS.XML
> <principals>
> <groups>
> <group name="administration">
> <permission name="administration" />
> <permission name="rmi:login" />
> <permission name="com.evermind.server.rmi.RMIPermission" />
> </group>
> <group name="productbuilder">
> <permission name="rmi:login" />
> <permission name="com.evermind.server.rmi.RMIPermission" />
> </group>
> <group name="enduser">
> <permission name="rmi:login" />
> <permission name="com.evermind.server.rmi.RMIPermission" />
> </group>
> </groups>
> <users>
> </users>
> </principals>
>
> ORION-EJB-JAR.XML
> <orion-ejb-jar deployment-version="1.5.2"
deployment-time="e93e1950d0">
> <enterprise-beans>
> ..
> .. (EJB DECLARATION)
> ..
> <assembly-descriptor>
> <security-role-mapping name="administration">
> </security-role-mapping>
> <security-role-mapping name="productbuilder">
> </security-role-mapping>
> <security-role-mapping name="enduser">
> </security-role-mapping>
> <default-method-access>
> <security-role-mapping name="<default-ejb-caller-
> role>" impliesAll="true" />
> </default-method-access>
> </assembly-descriptor>
> </orion-ejb-jar>
>
> When I try to access the ejb server through an external java client
> using the following code :
>
> Properties prop = new Properties();
> prop.put
> ("java.naming.factory.initial",
"com.evermind.server.ApplicationClientIn
> itialContextFactory");
>
> prop.put("java.naming.provider.url", "ormi://localhost/UCIServer");
> prop.put("java.naming.security.principal", "adammal");
> prop.put("java.naming.security.credentials", "adammal");
>
> Context initial = new InitialContext(prop);
>
> I get the following error :
>
> java.lang.SecurityException: Invalid username/password for UCIServer
> (adammal)
> at com.evermind._cd._mu(Unknown Source)
> at com.evermind._cd._mu(Unknown Source)
> at com.evermind._cd._np(Unknown Source)
> at com.evermind._ce._np(Unknown Source)
> at com.evermind.server.rmi.RMIContext.lookup(Unknown Source)
> at com.evermind.server.administration.LazyResourceFinder._np
> (Unknown Source)
> at
> com.evermind.server.administration.LazyResourceFinder.getEJBHome
> (Unknown Source)
> at com.evermind._ck._ho(Unknown Source)
> at
>
com.evermind.server.ApplicationClientInitialContextFactory.getInitialCon
> text(Unknown Source)
> at javax.naming.spi.NamingManager.getInitialContext
> (NamingManager.java:668)
> at javax.naming.InitialContext.getDefaultInitCtx
> (InitialContext.java:246)
> at javax.naming.InitialContext.init(InitialContext.java:222)
> at javax.naming.InitialContext.<init>(InitialContext.java:198)
> at com.temp.rms.uciserver.client.ListValueTypesTest.main
> (ListValueTypesTest.java:28)
>
> Can anyone shed any light on this for me?
>
> Thanks, Adam
>
> ---------------------------------------------------------------------
> mBox makes you work Smarter, not Harder, from only $0.58 per WEEK!
> Visit http://www.mbox.com.au
