I've been doing some research into using Geronimo 2.0.1 to host some EJB3 session beans, interacting with a stand-alone client. I can connect to the server and call methods fine, but I've encountered some difficulties with security. Specifically I've tried using Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS when creating the InitialContext, but this seems to be broken. After some tracing it seems that org.apache.geronimo.openejb.GeronimoSecurityService.login( ) tries to create a LoginContext with a null security realm, which throws an exception and prevents authentication. I noticed that the latest version of OpenEJB has added the key openejb.authentication.realmName, but this is not available in 2.0.1 (and it seems a bit backward having to have the client specify the security realm.)
I have been able to use org.apache.openejb.client.ClientSecurity.directAuthentication( ) to successfully authenticate, but it seems a bit hacky and is very OpenEJB specific (and also requires the client to provide the realm name.) Is there something I'm missing or doing wrong? I'm fairly new to EE stuff so hopefully it's just some newbie mistake. BTW, a couple other things I noticed: - EJB security is disabled if the geronimo-application.xml doesn't at least have an empty <security/> entry. This means any security annotations are completely ignored, which surprised me. - EJB3 EAR's will not deploy using the Eclipse plugin unless they contain an application.xml file. Renaming the ZIP file to an EAR and manually deploying works fine. - When creating new EJB3 projects in Eclipse, all geronimo-*.xml files reference the old schemas. If the schemas are changed to the 2.0.1 versions, then the editors fail (I'm assuming this is due to the EMF JIRA entry?) - When starting Eclipse, there are 3 warnings in the log compaining about 'org.apache.geronimo.deployment.model' and 'org.apache.geronimo.v11.deployment.model'. I tried to disable the 1.0 and 1.1 features to get rid of the warnings (since I didn't need those versions,) but then Geronimo 2.0 wouldn't be listed as an option when creating new projects. The feature wasn't flagged as being broken however. ________________________________ Kory Markevich Tech Lead ACL Services Ltd. 1550 Alberni Street | Vancouver | BC | V6G 1A5 Tel: 604 669 4225 Email: [EMAIL PROTECTED] | Web: www.acl.com ________________________________ The contents of this email are confidential and are for the intended recipient(s) named above only. If you are not the intended recipient, any copying, distribution or use of this email is prohibited. If you have received this email in error, please notify the sender and delete the email.
