Versions Compared

Old Version 5

changes.mady.by.user Runhua Chi

Saved on

compared with

New Version 6

changes.mady.by.user Runhua Chi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Wiki Markup
{scrollbar}
Center

Excerpt

This article is about how to replace default properties realm geronimo-admin with SQL or LDAP realms.

...

  1. Create a database named SecurityDatabase using DB manager on the administration console;
  2. Create two tables Users and Groups to store user credential and group information;
    Code Block
    SQL
    SQL
    create table users(username varchar(15),password varchar(15));
create table groups(username varchar(15),groupname varchar(15));
insert into users values('userone','p1');
insert into users values('usertwo','p2');
insert into users values('userthree','p3');
insert into groups values('userone','admin');
insert into groups values('usertwo','admin');
insert into groups values('userthree','user');
  3. Create an Derby XA database pool named SecurityDatabasePool using Database Pools on the console;
  4. Stop the server and update module org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car in the <Geronimo_Home>/var/config/config.xml file to enable the SQL realm.
    Code Block
    xml
    xml
    <module name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car">
        <gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModule,name=security-realm" gbeanInfo="org.apache.geronimo.security.jaas.LoginModuleGBean">
            <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.SQLLoginModule</attribute>
            <attribute name="options">dataSourceName=SecurityDatabasePool
                                                           databasesourceApplication=null                    							
                                                           groupSelect=select username, groupname from groups where username=?                    							
                                                           userSelect=select username, password from users where username=?</attribute>
            <attribute name="loginDomainName">derby_security_realm</attribute>
        </gbean>
        <gbean name="geronimo-admin">
            <reference name="LoginModuleConfiguration">
                <pattern>
                    <name>realm-login-use</name>
                </pattern>
            </reference>
        </gbean>
        <gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModuleUse,name=realm-login-use" gbeanInfo="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
            <attribute name="controlFlag">REQUIRED</attribute>
            <reference name="LoginModule">
                <pattern>
                    <name>security-realm</name>
                </pattern>
            </reference>
        </gbean>
    </module>
    Where derby_security_realm is the realm name for global authenticaiton, you may use the realm for other applications to be deployed on the server.
  5. Then,restart the server and try to login with user name userone and password p1. You will see the newly created SQL realm working.

...

In this example, we will use Apache Directory Server as the LDAP security provider.

...

Code Block

     <module name="console.realm/geronimo-admin/1.0/car"/>

...

Code Block

     ...
     <module name="org.apache.geronimo.framework/server-security-config/2.2/car">
           <gbean name="geronimo-admin" load="false"/>
     </modoule>
     ...

...

(To be updated later)