Hi Default realm is as you say the sefault but Ejbs use jaas so using jaasrealm you ll merge both world. In other world rely on a database login module and not a database realm but the jaasrealm. Le 1 mai 2014 22:44, "aptem" <[email protected]> a écrit :
> Hi. > I am trying to build secured application including remote EJBs and embed as > much as possible configuration into application. > > I created hsqldb datasource in WEB-INF/resources.xml > <resources> > <Resource id="myDatasource" type="DataSource"> > JdbcUrl jdbc:hsqldb:file:data/mydb > ... > </Resource> > </resources> > > And datasource realm in META-INF/context.xml > <Context reloadable="true" antiJARLocking="true"> > <Realm className="org.apache.catalina.realm.DataSourceRealm" > localDataSource="true" dataSourceName="myDatasource" ... /> > </Context> > > And protected my web application in WEB-INF/web.xml > <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns="http://java.sun.com/xml/ns/javaee"; > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="srm" version="3.0"> > <welcome-file-list> > <welcome-file>index.jsp</welcome-file> > </welcome-file-list> > <servlet> > <servlet-name>ServerServlet</servlet-name> > > > <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class> > </servlet> > <servlet-mapping> > <servlet-name>ServerServlet</servlet-name> > <url-pattern>/ejb/*</url-pattern> > </servlet-mapping> > <security-constraint> > <web-resource-collection> > <web-resource-name>srm</web-resource-name> > <url-pattern>/*</url-pattern> > <http-method>GET</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Authentication required</realm-name> > </login-config> > <security-role> > <role-name>admin</role-name> > </security-role> > </web-app> > > Everything works fine for regular HTTP requests, but when trying to look up > protected EJB (annotated with @DeclareRoles, @RolesAllowed) - default Realm > from server.xml is used (I am able to call ejb with users defined in > tomcat-users.xml, but not with users defined in my database). > Properties p = new Properties(); > p.put("java.naming.factory.initial", > "org.apache.openejb.client.RemoteInitialContextFactory"); > p.put("java.naming.provider.url", "http://localhost:8080/srm/ejb";); > p.put("java.naming.security.principal", "tomee"); > p.put("java.naming.security.credentials", "tomee"); > InitialContext ctx = new InitialContext(p); > SecuredBeanRemote myBean = > (SecuredBeanRemote)ctx.lookup("SecuredBeanRemote"); > > Am I doing something wrong with configuration? > > > > > -- > View this message in context: > http://openejb.979440.n4.nabble.com/Securing-EJB-with-webapp-Realm-tp4669071.html > Sent from the OpenEJB User mailing list archive at Nabble.com. >
