We have basic authentication and access control with Hessian working.
Auth in Hessian is done with BASIC auth, therefore there must be a
BasicLogin - our custom Login must extend that class.

The configuration of this is, unfortunately, tricky to figure out.
Our custom Login is picked up out of the classpath, so if you declare
it (or anything else) in resin-web.xml the appserver will throw
ambiguity errors.

There still seem to be a lot of problems - for instance, the <IfRole>,
<IfNetwork> etc stuff described in the documentation doesn't exist.
But that isn't holding us up.

Our blocking problem now is that there doesn't seem to be any way to
get the caller Principal in an EJB.  Injection of the SessionContext
doesn't work:

@Resource SessionContext ctx;  (standard ejb3 approach)
@Current SessionContext ctx;   (expected CanDI approach)

both fail.  ScottH found a workaround, calling
SecurityContext.getUserPrincipal(), but this only works in the webapp
and doesn't work from a Hessian call.

We have the opensource SubEtha mailing list server deployed on Resin4,
and it seems to work, but we can't run the unit tests without hessian.
 Obviously we can't release the server without running unit tests :-(

Any ideas?


On Fri, May 8, 2009 at 8:03 PM, Jeff Schnitzer <j...@infohazard.org> wrote:
> Hessian auth doesn't seem to work.  I have a small test project here:
> http://scratchmonkey.googlecode.com/svn/resin4/programmatic_auth
> The client code is very simple:
>        public static void main(String[] args) throws Exception
>        {
>                HessianProxyFactory fact = new HessianProxyFactory();
>                fact.setUser("harry");
>                fact.setPassword("potter");
>                String url = "http://localhost:8080/ct/api/Echo";;
>                Echo ech = (Echo)fact.create(Echo.class, url);
>                ech.echo("greetings, program");
>        }
> Yet even with a simple XmlAuthenticator on the backend, it always
> gives me permission denied.  I've tried putting my own authenticator
> on the backend and it never seems to get called.
> Is this a bug or am I doing something wrong?  Has anyone successfully
> performed remote authentication using hessian?
> This is using the 4.0.0 release.
> Thanks,
> Jeff

resin-interest mailing list

Reply via email to