...
The plan configures a security realm hudson-realm as well as /hudson as a context for hudson.war
.
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
<?xml version="1.0" encoding="UTF-8"?> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2"> <environment> <moduleId> <groupId>console.realm</groupId> <artifactId>hudson-realm</artifactId> <version>1.0</version> <type>car</type> </moduleId> <dependencies> <dependency> <groupId>org.apache.geronimo.framework</groupId> <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> </dependencies> </environment> <gbean name="hudson-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <attribute name="realmName">hudson-realm</attribute> <attribute name="global">false</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0"> <log:login-module control-flag="REQUIRED" wrap-principals="false"> <log:login-domain-name>hudson-realm</log:login-domain-name> <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule </log:login-module-class> <log:option name="usersURI">var/security/users.properties </log:option> <log:option name="groupsURI">var/security/groups.properties </log:option> </log:login-module> </log:login-config> </xml-reference> </gbean> </module> |
It appears that Hudson uses a customized version of Apache JEXL made specifically for itself, so filtering the package from the web classloader is required. Note that <hidden-classes/> tag is not supported in Geronimo 3.0 any more, you can use <import-package>!org.apache.commons.lang.*</import-package> to keep org.apache.common.lang.* package in Geronimo server repository from loading into the classloader.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0"> <environment xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2"> <moduleId> <groupId>hudson</groupId> <artifactId>hudson</artifactId> <version>2.0.0</version> <type>war</type> </moduleId> <dependencies> <dependency> <groupId>org.apache.geronimo.framework</groupId> <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> <dependency> <groupId>console.realm</groupId> <artifactId>hudson-realm</artifactId> <version>1.0</version> <type>car</type> </dependency> </dependencies> <import-package>!org.apache.commons.*</import-package> <import-package>!com.thoughtworks.*</import-package> <import-package>!org.dom4j.*</import-package> <!-- <hidden-classes> <filter>org.apache.commons.lang.</filter> <filter>org.apache.commons.jexl.</filter> <filter>com.thoughtworks.xstream.</filter> </hidden-classes> --> </environment> <context-root>/hudson</context-root> <security-realm-name>hudson-realm</security-realm-name> <security> <default-principal realm-name="hudson-realm"> <principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" /> </default-principal> <role-mappings> <role role-name="admin"> <realm realm-name="hudson-realm"> <principal name="AdminGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" /> </realm> <principal name="system" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" /> </role> </role-mappings> </security> </web-app> |
...