THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
To use an artifact in an application, add a dependency element into it's deployment plan. For example, to use Castor XML add the following XML to the plan:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<dependency>
<uri>castor/jars/castor-0.9.5.3.jar</uri>
</dependency>
|
...
The following example illustrates the deployment plan generated by this portlet.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<configuration configId="SecurityRealm-geronimo-properties-realm" xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0">
<gbean name="geronimo-properties-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">geronimo-properties-realm</attribute>
<reference name="ServerInfo">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,
j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginService">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,
j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
<log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
<log:login-domain-name>geronimo-properties-realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
<log:option name="usersURI">var/security/users.properties</log:option>
<log:option name="groupsURI">var/security/groups.properties</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</configuration> |
...
<geronimo_home>\bin\deploy --user system --password manager deploy <realm_path>\derby_security_realm.xml
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<configuration configId="SecurityRealm-derby_security_realm" xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0">
<import>
<uri>user/database-pool-SecurityDatabase/1/car</uri>
</import>
<gbean name="derby_security_realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">derby_security_realm</attribute>
<reference name="ServerInfo">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,
j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginService">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,
j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
<log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
<log:login-domain-name>derby_security_realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="userSelect">select username, password from APP.users where username=?</log:option>
<log:option name="dataSourceApplication">null</log:option>
<log:option name="groupSelect">select username, groupname from APP.groups where username=?</log:option>
<log:option name="dataSourceName">SecurityDatabase</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL" server-side="true" wrap-principals="false">
<log:login-domain-name>derby_security_realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
<log:option name="file">var/log/derby_security_realm.log</log:option>
</log:login-module>
<log:login-module control-flag="REQUISITE" server-side="true" wrap-principals="false">
<log:login-domain-name>derby_security_realm-Lockout</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule</log:login-module-class>
<log:option name="lockoutDurationSecs">60</log:option>
<log:option name="failurePeriodSecs">10</log:option>
<log:option name="failureCount">3</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</configuration> |
...
Note that we only changed from the original plan the realm name from ldap-realm to derby_security_realm.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://geronimo.apache.org/xml/ns/web"
xmlns:sec="http://geronimo.apache.org/xml/ns/security"
configId="org/apache/geronimo/ldap-secure-demo">
<context-root>/ldap-demo</context-root>
<context-priority-classloader>false</context-priority-classloader>
<!-- <security-realm-name>ldap-realm</security-realm-name> -->
<security-realm-name>derby_security_realm</security-realm-name>
<security>
<default-principal realm-name="derby_security_realm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
</default-principal>
<role-mappings>
<role role-name="content-administrator">
<realm realm-name="derby_security_realm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
</realm>
</role>
<role role-name="guest">
<realm realm-name="derby_security_realm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/>
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/>
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user2"/>
</realm>
</role>
</role-mappings>
</security>
</web-app> |
...