...
| Code Block |
|---|
<gbean name="remote-openejb-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">remote-openejb-realm</attribute>
<xml-reference name="LoginModuleConfiguration">
<lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-1.2">
<lc:login-module control-flag="REQUIRED">
<lc:login-domain-name>remote-openejb-realm</lc:login-domain-name>
<lc:login-module-class>org.apache.geronimo.openejb.OpenejbRemoteLoginModule</lc:login-module-class>
<lc:option name="RemoteSecurityRealm">test-realm</lc:option>
<lc:option name="ServerURI">ejbd://localhost:4201</lc:option>
<lc:option name="global">true</lc:option>
</lc:login-module>
</lc:login-config>
</xml-reference>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
</gbean>
|
Note that there are two options: the server side security realm name to log into server-side, and the URI for the openejb listener. Therefore, both server-side and client-side realm should be specified in the client application's deployment plan as dependencies.
By providing an appropriate CallbackHandler and security realm such as this on the client, when the client is started the callback handler will obtain the required user name and password and this login module will log in to Geronimo over the openejb ejbd protocol. The resulting token is stored in the client side Subject for use in subsequent ejb related calls to openejb.