THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Create a database named
SecurityDatabase
using DB manager on the administration console; - Create two tables
Users
andGroups
to store user credential and group information;Code Block SQL SQL create table users(username varchar(15),password varchar(15)); create table groups(username varchar(15),groupname varchar(15)); insert into users values('userone','p1'); insert into users values('usertwo','p2'); insert into users values('userthree','p3'); insert into groups values('userone','admin'); insert into groups values('usertwo','admin'); insert into groups values('userthree','user');
- Create an Derby XA database pool named
SecurityDatabasePool
using Database Pools on the console; - Stop the server and update module
org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car
in the<Geronimo_HomeHome>/var/config/config.xml
file to enable the SQL realm.
Where derby_security_realm is the realm name for global authenticaiton, you may use the realm for other applications to be deployed on the server.Code Block xml xml <module name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car"> <gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModule,name=security-realm" gbeanInfo="org.apache.geronimo.security.jaas.LoginModuleGBean"> <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.SQLLoginModule</attribute> <attribute name="options">dataSourceName=SecurityDatabasePool databasesourceApplication=null groupSelect=select username, groupname from groups where username=? userSelect=select username, password from users where username=?</attribute> <attribute name="loginDomainName">derby_security_realm</attribute> </gbean> <gbean name="geronimo-admin"> <reference name="LoginModuleConfiguration"> <pattern> <name>realm-login-use</name> </pattern> </reference> </gbean> <gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModuleUse,name=realm-login-use" gbeanInfo="org.apache.geronimo.security.jaas.JaasLoginModuleUse"> <attribute name="controlFlag">REQUIRED</attribute> <reference name="LoginModule"> <pattern> <name>security-realm</name> </pattern> </reference> </gbean> </module>
- Restart Then,restart the server and try to login with user name "userone" and password "p1" p1. You will see the newly created SQL realm working.
With a LDAP ream
In this example, we will use Apache Directory Server as the LDAP security provider.
- Deploy a new realm with real-name geronimo-admin either from the Admin console or using command line. Refer to Administering security realms for how to create a SQL or LDAP realm using the Admin Console. When it's done, a new realm is created with plugin id
console.realm/geronimo-admin/1.0/car
. At the mean time, a new line is added intovar/config/config.xml
under Geronimo installation directory likeCode Block <module name="console.realm/geronimo-admin/1.0/car"/>
- Locate
org.apache.geronimo.framework/server-security-config/2.2/car
inconfig.xml
when the server is stopped and disable the default realm. The updatedconfig.xml
will be looked like thisCode Block ... <module name="org.apache.geronimo.framework/server-security-config/2.2/car"> <gbean name="geronimo-admin" load="false"/> </modoule> ...
- Restart the server and test with new userid and password instead of default system and manager. You can successfully log into the Admin console.