Antwort: Re: Using OpenEJB Security for JAAS LoginModule

Mon, 09 Jun 2008 05:27:37 -0700 

Hi David,

thank you very much for the link. I got it twice and I read it twice ;-) 
but it doesn't help concerning my actual problem.

To run our business code it is necessary to login into an 
'SecurityService' with user/password/realm and as result there must be a 
Secuity-Object (javax.security.auth.Subject). This Security-Object is 
nessary to invoke our business code. The magic @RunAs("Employee")won't 
work in our case.
The default implementation from the security service with the parameters 
user/password is fine, but we miss the realm-Parameter. And if we add it, 
the Security Service says 

Exception bei Login:Fr vesuv-db-sha256 sind keine Anmeldemodule 
konfiguriert.

Anmeldemodule = Login module


cu Josef





David Blevins <[EMAIL PROTECTED]> 
06.06.2008 23:06
Bitte antworten an
[email protected]


An
[email protected]
Kopie

Thema
Re: Using OpenEJB Security for JAAS LoginModule






Hi Josef,

Looks this post arrived at about the same time as my last response, so 
this might be repeat information :)

This example shows a good technique for unit testing various security 
permissions.

   http://openejb.apache.org/3.0/testing-security-example.html

The JNDI login approach isn't really optimal as there is no "logout" 
option and it tends to make a mess of things.  With the above approach 
you can wrap your calls with any security context you like and test 
accessing your bean via secured and unsecured "clients" and check that 
permissions for various roles are as they need to be.

-David


On Jun 6, 2008, at 1:24 AM, [EMAIL PROTECTED] wrote:

> Hi All,
>
> we use embedded openejb to test our JavaEE-5 (Geronimo App.server)
> Application. With the great help of David Blevins the JUNIT-Tests can
> invoke our session beans and even Transaction Handling is working 
> fine.
> At the moment I use a trick to avoid the Login-Procedure, but this 
> won't
> work on the long run.
>
> With Geronimo 2.1.1 we use the JAAS API. Our usage is described in
> http://cwiki.apache.org/GMOxDOC10/geronimo-and-jaas.html. For my
> junit-testcase I need therefore anything which can provide me a
> javax.security.auth.Subject after successful login. With the default -
> Security Service
>  <SecurityService id="Default Security Service"/>
> and the configuration in users.properties and groups.properties I 
> get the
> error:
>
> Exception bei Login:Fr vesuv-db-sha256 sind keine Anmeldemodule
> konfiguriert.
>
> (Anmeldemodule = security realm, I think...)
>
> I tried also PseudoSecurityService, but I got an exception as well.
>
> JUNIT-Testcase
>                                Properties properties = new 
> Properties();
> ....
>                // Minimum required for login
>                properties.setProperty(Context.SECURITY_PRINCIPAL,
> benutzer);
>                properties.setProperty(Context.SECURITY_CREDENTIALS,
> passwort);
>
>                // Optional param for specifying a specific Geronimo
> security realm
>                properties.put("openejb.authentication.realmName",
> "vesuv-db-sha256");
>
>                properties.put("mySecurityService",
> "new://PseudoSecurityService");
> ....
>                        loginManager = (LoginManager)
> initialContext.lookup("LoginManagerImplLocal");
>                        loginManager.loginContainer(benutzer, 
> passwort);
> ....
>
> LoginManager-Session Bean:
> ...
>                try {
>                        LoginCallback logcb = new 
> LoginCallback(benutzer,
> passwort);
>                        LoginContext lc = new
> LoginContext("vesuv-db-sha256",logcb);
>                        lc.login();
>                        subject = lc.getSubject();
>                }
> ...
>
> The realm "vesuv-db-sha256" is defined under
> Geronimo-Applicationserver-Console Security - Security Realms.
>
> I read  http://openejb.apache.org/3.0/security.html, but I don't
> understand how to configure the Security for embedded openejb.
>
> Thanx in advance for any help on this.
>
> Mit freundlichen Grüßen / Kind regards
> Josef Eisele
>
> Direkt: +49 (0) 6131 / 914-180
>
> BGS Beratungsgesellschaft
> Software Systemplanung AG         Niederlassung Rhein/Main
> Robert-Koch-Straße 41
> 55129 Mainz
> Fon: +49 (0) 6131 / 914-0
> Fax: +49 (0) 6131 / 914-400
> www.bgs-ag.de Geschäftssitz Mainz
> Registergericht
> Amtsgericht Mainz
> HRB 62 50
>  Aufsichtsratsvorsitzender
> Dr. Wolfgang Trommer
> Vorstand
> Hanspeter Gau
> Hermann Kiefer
> Nils Manegold
> Heinz-Jörg Zimmermann
>
>



BGS Beratungsgesellschaft 
Software Systemplanung AG 
  
  
  
  
Niederlassung Rhein/Main 
Robert-Koch-Straße 41 
55129 Mainz 
Fon: +49 (0) 6131 / 914-0 
Fax: +49 (0) 6131 / 914-400 
www.bgs-ag.de 
Geschäftssitz Mainz 
Registergericht 
Amtsgericht Mainz 
HRB 62 50 
  
Aufsichtsratsvorsitzender 
Dr. Wolfgang Trommer 
Vorstand 
Hanspeter Gau 
Hermann Kiefer 
Nils Manegold 
Heinz-Jörg Zimmermann

Reply via email to