Versions Compared

Old Version 7

changes.mady.by.user maojia

Saved on

compared with

New Version 8

changes.mady.by.user maojia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
borderStylesolid
titleExcerpt from geronimo-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app   xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
<context-root>/Sample_CertificatePropsRealm</context-root>
  ...
    <security-realm-name>CertificatePropsRealm</security-realm-name>
    <security>
      <principal class="org.apache.geronimo.security.realm.providers.
	GeronimoUserPrincipal" 
	name="client1"/>
	<!-- name should match the entries from cert-users.properties of the realm -->
    </default-principal>
    <role-mappings>
      <role role-name="content-administrator">
        <realm realm-name="CertificatePropsRealm">
          <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" 
		name="admin" designated-run-as="true"/>  
		<!-- name should match the entries from cert-groups.properties of the realm -->

          <principal class="org.apache.geronimo.security.realm.providers.
		GeronimoUserPrincipal" name="client1"/>
 ...
               </realm>
            </role>
        </role-mappings>
    </security>
</web-app>

where *

  • <security-realm-name>CertificatePropsRealm</security-realm-name>:CertificatePropsRealm is the properties file security realm used for client authentication.

You can install a client certificate into the web browser to authenticate against Web servers. The client certificate should be based on the information provided in the group and user properties files.

properties file 2个 例子 字段和key中字段的关系

web servers. For the sample application described above which use the CertificatePropsRealm security realm, install the My_Private_key certificate into your web browser to verify your identity, in this case client1, during authentication. The installation process is provided in the Install certificate on client section below.

Install certificate on client

To use a client certificate to authenticate against web server, you should first install the the CA certificate and the client certificate into your web browser. Most browsers provide such installation function.

Install the CA certificate to designate this CA as trusted and thus, grant access to any web sites certified by this CA. If not installed, accessing web sites certified by this CA leads to a warning message suggesting the "Web Site Certified by an Unknown Authority".

In Mozilla Firefox, certificates can be installed with the Import option in the Certificate Manager.创建 security realm deployment descriptor deployment plan