THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
In this example, we will use an embedded Derby database as the security provider.
- Create a database named
SecurityDatabaseusing DB manager on the administration console; - Create two tables
UsersandGroupsto store user credential and group information;Code Block SQL SQL create table users(username varchar(15),password varchar(15)); create table groups(username varchar(15),groupname varchar(15)); insert into users values('userone','p1'); insert into users values('usertwo','p2'); insert into users values('userthree','p3'); insert into groups values('userone','admin'); insert into groups values('usertwo','admin'); insert into groups values('userthree','user'); - Create an Derby XA database pool named
SecurityDatabasePoolusing Database Pools on the console; - Update Stop the server and update module
org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/carin the {{<Geronimo_Home/var/config/config.xml}} file to enable the SQL realm
WhereCode Block xml xml <module name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car"> <gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModule,name=security-realm" gbeanInfo="org.apache.geronimo.security.jaas.LoginModuleGBean"> <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.SQLLoginModule</attribute> <attribute name="options">dataSourceName=SecurityDatabasePool dataSourceApplication=null databasesourceApplication=null groupSelect=select username, groupname from groups where username=? userSelect=select username, password from users where username=?</attribute> <attribute name="loginDomainName">derby_security_realm</attribute> </gbean> <gbean name="geronimo-admin"> <reference name="LoginModuleConfiguration"> <pattern> <name>realm-login-use</name> </pattern> </reference> </gbean> <gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModuleUse,name=realm-login-use" gbeanInfo="org.apache.geronimo.security.jaas.JaasLoginModuleUse"> <attribute name="controlFlag">REQUIRED</attribute> <reference name="LoginModule"> <pattern> <name>security-realm</name> </pattern> </reference> </gbean> </module>
_derby_security_realm__ is the realm name for global authenticaiton.
- Restart the server and try to login with user name "userone" and password "p1"
With a LDAP ream
- Deploy a new realm with real-name geronimo-admin either from the Admin console or using command line. Refer to Administering security realms for how to create a SQL or LDAP realm using the Admin Console. When it's done, a new realm is created with plugin id
console.realm/geronimo-admin/1.0/car. At the mean time, a new line is added intovar/config/config.xmlunder Geronimo installation directory likeCode Block <module name="console.realm/geronimo-admin/1.0/car"/> - Locate
org.apache.geronimo.framework/server-security-config/2.2/carinconfig.xmlwhen the server is stopped and disable the default realm. The updatedconfig.xmlwill be looked like thisCode Block ... <module name="org.apache.geronimo.framework/server-security-config/2.2/car"> <gbean name="geronimo-admin" load="false"/> </modoule> ... - Restart the server and test with new userid and password instead of default system and manager. You can successfully log into the Admin console.