Re: [Resin-interest] Authentication using hessian

2009-05-12 Thread Jeff Schnitzer 
We have basic authentication and access control with Hessian working.
Auth in Hessian is done with BASIC auth, therefore there must be a
BasicLogin - our custom Login must extend that class.

The configuration of this is, unfortunately, tricky to figure out.
Our custom Login is picked up out of the classpath, so if you declare
it (or anything else) in resin-web.xml the appserver will throw
ambiguity errors.

There still seem to be a lot of problems - for instance, the IfRole,
IfNetwork etc stuff described in the documentation doesn't exist.
But that isn't holding us up.

Our blocking problem now is that there doesn't seem to be any way to
get the caller Principal in an EJB.  Injection of the SessionContext
doesn't work:

@Resource SessionContext ctx;  (standard ejb3 approach)
@Current SessionContext ctx;   (expected CanDI approach)

both fail.  ScottH found a workaround, calling
SecurityContext.getUserPrincipal(), but this only works in the webapp
and doesn't work from a Hessian call.

We have the opensource SubEtha mailing list server deployed on Resin4,
and it seems to work, but we can't run the unit tests without hessian.
 Obviously we can't release the server without running unit tests :-(

Any ideas?

Thanks,
Jeff

On Fri, May 8, 2009 at 8:03 PM, Jeff Schnitzer j...@infohazard.org wrote:
 Hessian auth doesn't seem to work.  I have a small test project here:

 http://scratchmonkey.googlecode.com/svn/resin4/programmatic_auth

 The client code is very simple:

        public static void main(String[] args) throws Exception
        {
                HessianProxyFactory fact = new HessianProxyFactory();
                fact.setUser(harry);
                fact.setPassword(potter);

                String url = http://localhost:8080/ct/api/Echo;;

                Echo ech = (Echo)fact.create(Echo.class, url);

                ech.echo(greetings, program);
        }

 Yet even with a simple XmlAuthenticator on the backend, it always
 gives me permission denied.  I've tried putting my own authenticator
 on the backend and it never seems to get called.

 Is this a bug or am I doing something wrong?  Has anyone successfully
 performed remote authentication using hessian?

 This is using the 4.0.0 release.

 Thanks,
 Jeff



___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

[Resin-interest] Authentication using hessian

2009-05-08 Thread Jeff Schnitzer 
Hessian auth doesn't seem to work.  I have a small test project here:

http://scratchmonkey.googlecode.com/svn/resin4/programmatic_auth

The client code is very simple:

public static void main(String[] args) throws Exception
{
HessianProxyFactory fact = new HessianProxyFactory();
fact.setUser(harry);
fact.setPassword(potter);

String url = http://localhost:8080/ct/api/Echo;;

Echo ech = (Echo)fact.create(Echo.class, url);

ech.echo(greetings, program);
}

Yet even with a simple XmlAuthenticator on the backend, it always
gives me permission denied.  I've tried putting my own authenticator
on the backend and it never seems to get called.

Is this a bug or am I doing something wrong?  Has anyone successfully
performed remote authentication using hessian?

This is using the 4.0.0 release.

Thanks,
Jeff


___
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest