0

I'm using Payara 5.194 and created a web app (war). This webapp contains a singleton which has a @Schedule which runs some method periodically. It uses @RunAs() to specify a role to use.

@Singleton
@RunAs("system")
public class MySingleton {
  @EJB
  MyEjb myEjb;

  @Schedule(hour = "*", minute = "*", second = "*", persistent = false)
  public void go()
  {
    myEjb.doSomething(strings);
  }
}

I'm using the default file based realm that is provided by payara. I added a user there with the system role and it which works fine.

Now I needed to created a project specific file based realm for my project:

asadmin \
    create-auth-realm \
    --classname com.sun.enterprise.security.auth.realm.file.FileRealm \
    --property "file=/opt/payara/appserver/glassfish/config/project_keyfile:jaas-context=fileRealm" \
    ProjectRealm

I added a user

asadmin \
    --passwordfile passwordfile.txt \
    create-file-user \
    --authrealmname ProjectRealm \
    --groups group1:system \
    test

When I remove the user from the default realm things stop working which is logical.

I want the system to start using the new realm. I tried setting it in the web.xml without luck:

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ProjectRealm</realm-name>
</login-config>

I know it's possible to tell payara that my new realm is the default but I don't want to do that. Btw this can be done like this

set configs.config.server-config.security-service.default-realm=ProjectRealm

After further investigation I found that if I wrap this war into an ear and provide the following in the glassfish-application.xml then it works ok.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-application PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Java EE Application 6.0//EN" "http://glassfish.org/dtds/glassfish-application_6_0-1.dtd">
<glassfish-application>
  <realm>ProjectRealm</realm>
</glassfish-application>

So using an ear its clearly possible to specify the default realm to use. And the @RunAs will honour that. But this is application/ear wide and is not what I want.

But my question is: if I don't use an ear, is there a way to specify the realm to use?

thehpi
  • 5,683
  • 4
  • 17
  • 24

1 Answers1

1

I'm pretty sure that you hit a bug in Payara Server which is fixed here: https://github.com/payara/Payara/pull/4597. The fix will be released in the next version soon.

If you want to test the fix, you can build Payara Server from the master branch. Or just build the dol module and replace the dol.jar in modules directory with the newly built module.

OndroMih
  • 7,280
  • 1
  • 26
  • 44