On Dec 18, 2008, at 7:44 AM, Luis Fernando Planella Gonzalez wrote:
Luis Fernando Planella Gonzalez escreveu:
HI.
I'm using openejb under tomcat (with openejb.war).
I implemented a custom Tomcat Realm, and everything was going fine,
but I found one problem:
I need to use a role name ("public") as the unauthenticated user,
but I didn't find out how to do this...
After some deep debugging, I found out that I could, at some point,
call SystemInstance.get().setComponent(RoleResolver.class, new
Something()), being something a class that returns the "public"
role when no roles are available. But it just don't smell well to me.
There must be a better way.
Any thoughts?
Why anybody has answers to more complicated questions? ;)
More like slipped through the cracks :)
I'll leave it with
SystemInstance.get().setComponent(RoleResolver.class,
...) for now, but I'm sure there's a better way...
I've found that some web pages states about a security namespace,
which
has a default-principal tag, but that's for geronimo.
Right, not applicable here.
How to configure it in the tomcat integration? I'm sure there's a
way to
do it...
Right now in the AbstractSecurityService, the default (or
unauthenticated) principle name is hardcoded to "guest". We could
easily make that configurable if you wanted to supply a patch for it.
We'd be happy to commit it so everyone could get the improvement in
the next release.
Your other security related patch was pretty good, this fix should be
pretty easy. You'd just need to add a getter and setter for
defaultUser in AbstractSecurityService.java, then update each of the
service-jar.xml files from this:
<ServiceProvider
id="Default Security Service"
service="SecurityService"
types="SecurityService"
class-
name="org.apache.openejb.core.security.SecurityServiceImpl"/>
to this:
<ServiceProvider
id="Default Security Service"
service="SecurityService"
types="SecurityService"
class-
name="org.apache.openejb.core.security.SecurityServiceImpl">
DefaultUser = "guest"
</ServiceProvider>
Then people would be able to configure the default user name.
Let us know if you're up to implementing the feature.
-David
