THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Note that the order in which all these elements are defined does not matter. If you look at the deployment plans, you will find that login-module GBeans are defined first (as they represent elements of reuse by the GenericSecurityRealm GBeans). GenericSecurityRealm GBeans and JaasLoginModuleUse GBeans are normally close to each other.
Configuring GenericSecurityRealm using xml-reference
| Anchor | ||||
|---|---|---|---|---|
|
The reason for the introduction of the xml-reference element in GBean syntax was explained earlier. But just to repeat: it is a syntactic sugar that allows problem friendly xml syntax in GBean definition.
Problem-friendly xml syntax for the login module configuration is defined by the "http://geronimo.apache.org/xml/ns/loginconfig-1.0" xml namespace.
The following example briefly shows how the LoginConfig schema is used.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<GBean name="geronimo-properties-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<!-- security-realm name; this name is reused by the
-- configuration-entry-factory interface implementation by the
-- generic-security-realm; you may use this name as application
-- configuration name parameter passed to the LoginContext constructor -->
<attribute name="realmName">geronimo-properties-realm</attribute>
<!-- xml reference, better than before? -->
<xml-reference name="LoginModuleConfiguration">
<lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig">
<lc:login-module control-flag="REQUIRED" server-side="true">
<lc:login-domain-name>client-properties-realm</lc:login-domain-name>
<lc:login-module-class>
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</lc:login-module-class>
<lc:option name="usersURI">
var/security/users.properties
</lc:option>
<lc:option name="groupsURI">
var/security/groups.properties
</lc:option>
</lc:login-module>
</lc:login-config>
</xml-reference>
<!-- server-info reference is passed to most GBeans -->
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module><name>ServerInfo</name>
</reference>
<!-- reference to the login-service GBean -->
<reference name="LoginService"><name>JaasLoginService</name></reference>
</GBean> |
Configuring Login module
Login module is configured with org.apache.geronimo.security.jaas.LoginModuleGBean. It takes loginModuleClass attribute that specifies the login module implementation class. Other interesting parameters are options and loginDomainName.
The following is an example of a login module that uses property files as authentication database. Values of property files are passed as options attribute.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<GBean name="properties-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
usersURI=var/security/users.properties
groupsURI=var/security/groups.properties
</attribute>
<attribute name="loginDomainName">geronimo-properties-realm</attribute>
</GBean> |