...
The following example shows how DirectConfigurationEntry
is configured to use the ServerLoginCoordinator
login module GBean.
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
<configuration xmlns="http://geronimo.apache.org/xml/ns/deployment" parentId="org/apache/geronimo/Client" configId="org/apache/geronimo/ClientSecurity" > <GBean name="ServerLoginStubDCE" class="org.apache.geronimo.security.jaas.DirectConfigurationEntry"> <attribute name="applicationConfigName">server-login</attribute> <attribute name="controlFlag">REQUIRED</attribute> <reference name="Module"> <!-- reference to the login module GBean: name=ServerLoginCoordinator --> <name>ServerLoginCoordinator</name> </reference> </GBean> <GBean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.LoginModuleGBean"> <attribute name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasLoginCoordinator</attribute> <attribute name="serverSide">false</attribute> <attribute name="options"> host=localhost <!-- Geronimo login service endpoint --> port=4242 realm=geronimo-properties-realm <!-- Security realm name --> </attribute> <attribute name="loginDomainName">geronimo-properties-realm</attribute> </GBean> </configuration> |
...
The following example shows how to setup the ServerRealmConfigurationEntry
with the name of JMX. The security realm name is geronimo-properties-realm
.
Code Block | |||||||
---|---|---|---|---|---|---|---|
| |||||||
<configuration xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0" configId="org/apache/geronimo/Security" parentId="org/apache/geronimo/RMINaming" > <GBean name="JMX" class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry"> <attribute name="applicationConfigName">JMX</attribute> <attribute name="realmName">geronimo-properties-realm</attribute> <!-- Security Realm name --> <reference name="LoginService"> <!--reference to the login service GBean --> <name>JaasLoginService</name> </reference> </GBean> </configuration> |
...
Here is an example of generic-security-realm setup, we want to wire the GenericSecurityRealm
named geronimo-properties-realm with the login module
named properties-login that authenticates against a property file. Our Security Realm authentication policy requires properties-login module authentication to succeed.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<GBean name="geronimo-properties-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> <!-- security-realm name; this is a name of the Security Realm as well as the name of -- the configuration entry used by the application --> <attribute name="realmName">geronimo-properties-realm</attribute> <!-- reference to the head of the login module use list --> <reference name="LoginModuleConfiguration"> <name>properties-login</name> </reference> <!-- server-info reference is passed to most GBeans --> <reference name="ServerInfo"> <module>org/apache/geronimo/System</module><name>ServerInfo</name> </reference> <!-- reference to the login-service GBean --> <reference name="LoginService"><name>JaasLoginService</name></reference> </GBean> <!-- this is the head of the login-module-use list --> <GBean name="properties-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse"> <!-- login module must succeed --> <attribute name="controlFlag">REQUIRED</attribute> <!-- reference to the login module --> <reference name="LoginModule"> <name>properties-login</name> </reference> </GBean> <!-- this is login module GBean --> <GBean name="properties-login" class="org.apache.geronimo.security.jaas.LoginModuleGBean"> <attribute name="loginModuleClass"> org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule </attribute> <attribute name="serverSide">true</attribute> <!-- login module specific options --> <attribute name="options"> usersURI=var/security/users.properties <!-- user database --> groupsURI=var/security/groups.properties <!-- group database --> </attribute> <attribute name="loginDomainName">geronimo-properties</attribute> </GBean> |
...
The following example briefly shows how the LoginConfig
schema is used.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<GBean name="geronimo-properties-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> <!-- security-realm name; this name is reused by the -- configuration-entry-factory interface implementation by the -- generic-security-realm; you may use this name as application -- configuration name parameter passed to the LoginContext constructor --> <attribute name="realmName">geronimo-properties-realm</attribute> <!-- xml reference, better than before? --> <xml-reference name="LoginModuleConfiguration"> <lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig"> <lc:login-module control-flag="REQUIRED" server-side="true"> <lc:login-domain-name>client-properties-realm</lc:login-domain-name> <lc:login-module-class> org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule </lc:login-module-class> <lc:option name="usersURI"> var/security/users.properties </lc:option> <lc:option name="groupsURI"> var/security/groups.properties </lc:option> </lc:login-module> </lc:login-config> </xml-reference> <!-- server-info reference is passed to most GBeans --> <reference name="ServerInfo"> <module>org/apache/geronimo/System</module><name>ServerInfo</name> </reference> <!-- reference to the login-service GBean --> <reference name="LoginService"><name>JaasLoginService</name></reference> </GBean> |
...
The following is an example of a login module that uses property files as authentication database. Values of property files are passed as options attribute.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<GBean name="properties-login" class="org.apache.geronimo.security.jaas.LoginModuleGBean"> <attribute name="loginModuleClass"> org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule </attribute> <attribute name="serverSide">true</attribute> <attribute name="options"> usersURI=var/security/users.properties groupsURI=var/security/groups.properties </attribute> <attribute name="loginDomainName">geronimo-properties-realm</attribute> </GBean> |
...