...
Note that the order in which all these elements are defined does not matter. If you look at the deployment plans, you will find that login-module GBeans are defined first (as they represent elements of reuse by the GenericSecurityRealm
GBeans). GenericSecurityRealm
GBeans and JaasLoginModuleUse
GBeans are normally close to each other.
Configuring GenericSecurityRealm using xml-reference
Anchor | ||||
---|---|---|---|---|
|
The reason for the introduction of the xml-reference element in GBean syntax was explained earlier. But just to repeat: it is a syntactic sugar that allows problem friendly xml syntax in GBean definition.
Problem-friendly xml syntax for the login module configuration is defined by the "http://geronimo.apache.org/xml/ns/loginconfig-1.0" xml namespace.
The following example briefly shows how the LoginConfig
schema is used.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<GBean name="geronimo-properties-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<!-- security-realm name; this name is reused by the
-- configuration-entry-factory interface implementation by the
-- generic-security-realm; you may use this name as application
-- configuration name parameter passed to the LoginContext constructor -->
<attribute name="realmName">geronimo-properties-realm</attribute>
<!-- xml reference, better than before? -->
<xml-reference name="LoginModuleConfiguration">
<lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig">
<lc:login-module control-flag="REQUIRED" server-side="true">
<lc:login-domain-name>client-properties-realm</lc:login-domain-name>
<lc:login-module-class>
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</lc:login-module-class>
<lc:option name="usersURI">
var/security/users.properties
</lc:option>
<lc:option name="groupsURI">
var/security/groups.properties
</lc:option>
</lc:login-module>
</lc:login-config>
</xml-reference>
<!-- server-info reference is passed to most GBeans -->
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module><name>ServerInfo</name>
</reference>
<!-- reference to the login-service GBean -->
<reference name="LoginService"><name>JaasLoginService</name></reference>
</GBean> |
Configuring Login module
Login module is configured with org.apache.geronimo.security.jaas.LoginModuleGBean
. It takes loginModuleClass
attribute that specifies the login module implementation class. Other interesting parameters are options and loginDomainName
.
The following is an example of a login module that uses property files as authentication database. Values of property files are passed as options attribute.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<GBean name="properties-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
usersURI=var/security/users.properties
groupsURI=var/security/groups.properties
</attribute>
<attribute name="loginDomainName">geronimo-properties-realm</attribute>
</GBean> |