Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.0-M3
-
None
Description
If you make a web service out of a Session Bean, the openejb-jar.xml web-service-security settings include:
security realm name
realm name
transport guarantee
auth method
The "realm name" appears to be used in the challenge for HTTP Basic authentication, as in "Please provide username and password for 'foo'" where 'foo' is the realm name. Of course this is all automatic in web services, so the realm name is most likely irrelevant – the client computer will probably submit the same username and password to the server no matter what realm is used in the challenge. However, when configuring the web container for HTTP Basic auth, we need to provide a realm name.
So the point of this issue is, let's default the realm name to "Geronimo Web Service" or some such, and make this element optional. Since it's likely useless, it would be ideal if the user only had to provide it if for some reason it was necessary in their scenario.