On Jul 20, 2011, at 10:55 PM, rnieto wrote: > > Romain Manni-Bucau wrote: >> >> Yep that what i said, webservices are deployed into a context created >> called >> "" so you can't modify it if it is not a global config. All configuration >> managed are the one you can put into openejb-jar.xml. >> >> I think jon suggessted to enhance OpenEJB. >> >> @Jon: Am i wrong? >> > > This is just a clarification, as it was initially indicated that it would > run filters. Should anyone else be reading this thread, they'd have a > confirmation that indeed it doesn't do it. The explanation about it > deploying on a different, non-configurable (outside OpenEJB) context was > brought to light during the discussion. > > And my problem still persists, which Jon has indicated that this would need > to be either: > 1.) added to OpenEJB as an additional feature > 2.) add it to the OpenEJB core and cxf library (which would be a guaranteed > pain for someone who isn't a regular developer for OpenEJB).
We'll definitely need to fix this. The web services should be added to the webapp itself. > Too bad I'm restricted by time and probably can't wait for option 1, hope > that I could move to another EE framework (but even that seems not doable > with my timeframe). I had a look at the SpnegoHttpFilter source and it seems the primary thing they're doing is wrapping the HttpServletRequest with a SpnegoHttpServletRequest -- I'm guessing to alter the behavior of the getUserPrincipal() method. I did some digging into Tomcat on the various ways you can redirect and it looks like RequestDispatcher.forward() will preserve the original http request and response. So setting up the SpnegoHttpFilter against a servlet (or another filter) that uses a RequestDispatcher.forward() to forward to the webservice should do the trick. That should get you the same service you would get in any other EE impl. I think it could be better. Wrapping the servlet request and overriding that one method isn't going to get that totally unified "feel" as when you travel into EJB land which also has a getCallerPrincipal method as well as method based security via @RolesAllowed, the "wrap the servletrequest" trick isn't going to have any effect. I hacked you up a little Spnego security service for OpenEJB based on our Tomcat security service. No reason to have OpenEJB setup to use the Tomcat security Realm APIs when Spnego doesn't use them. Better to have OpenEJB just use the work the SpnegoFilter did. Not tested but should work https://gist.github.com/1096823 Primary thing is to make sure the SpnegoSecurityServiceFilter is run after the SpnegoFilter. Then move this jar and the spnego jars into either the tomcat/lib/ dir or the tomcat/webapps/openejb/lib/ dir. Hope this helps! -David
