Versions Compared

Old Version 104

changes.mady.by.user Unknown User (hcunico@gmail.com)

Saved on

compared with

New Version 105

changes.mady.by.user Unknown User (hcunico@gmail.com)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
borderStylesolid
titlederby_security_realm
<configuration configId="SecurityRealm-derby_security_realm" xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0">
    <import>
        <uri>user/database-pool-SecurityDatabase/1/car</uri>
    </import>
    <gbean name="derby_security_realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
        <attribute name="realmName">derby_security_realm</attribute>
        <reference name="ServerInfo">
            <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,
	                j2eeType=GBean,name=ServerInfo</gbean-name>
        </reference>
        <reference name="LoginService">
            <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,
	                j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
                <log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
                    <log:login-domain-name>derby_security_realm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
                    <log:option name="userSelect">select username, password from APP.users where username=?</log:option>
                    <log:option name="dataSourceApplication">null</log:option>
                    <log:option name="groupSelect">select username, groupname from APP.groups where username=?</log:option>
                    <log:option name="dataSourceName">SecurityDatabase</log:option>
                </log:login-module>
                <log:login-module control-flag="OPTIONAL" server-side="true" wrap-principals="false">
                    <log:login-domain-name>derby_security_realm-Audit</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
                    <log:option name="file">var/log/derby_security_realm.log</log:option>
                </log:login-module>
                <log:login-module control-flag="REQUISITE" server-side="true" wrap-principals="false">
                    <log:login-domain-name>derby_security_realm-Lockout</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule</log:login-module-class>
                    <log:option name="lockoutDurationSecs">60</log:option>
                    <log:option name="failurePeriodSecs">10</log:option>
                    <log:option name="failureCount">3</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</configuration>

Testing the security realm

If you want to quickly test this realm you can use the LDAP sample application covered in the Configuring LDAP section. You will just need to change the deployment descriptor geronimo-web.xml to the one shown in the following example, repackage the application and deploy it.

Note that we only changed from the original plan the realm name from ldap-realm to derby_security_realm.

Code Block
xml
xml
borderStylesolid
titlegeronimo-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app
    xmlns="http://geronimo.apache.org/xml/ns/web"
    xmlns:sec="http://geronimo.apache.org/xml/ns/security"
    configId="org/apache/geronimo/ldap-secure-demo">
    <context-root>/ldap-demo</context-root>
    <context-priority-classloader>false</context-priority-classloader>
<!--    <security-realm-name>ldap-realm</security-realm-name> -->
	<security-realm-name>derby_security_realm</security-realm-name>
    <security>
        <default-principal realm-name="derby_security_realm">
            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
        </default-principal>
        <role-mappings>
            <role role-name="content-administrator">
                <realm realm-name="derby_security_realm">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
                </realm>
            </role>
            <role role-name="guest">
                <realm realm-name="derby_security_realm">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/>
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/>
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user2"/>
                </realm>
            </role>
        </role-mappings>
    </security>
</web-app>

Follow the instructions in the Configuring LDAP section to repackage and deploy the application. When you test it you will using the database SQL realm. Give it a try a few times, you should see the successful login attempts recorded in the log file you specified when created this security realm (in this example var\log\derby_security_realm.log)

No Format
borderStylesolid

03/01/2006 15:56:33 - Authentication attempt - userone
03/01/2006 15:56:33 - Authentication succeeded - userone
03/01/2006 16:10:05 - Authentication attempt - usertwo
03/01/2006 16:10:05 - Authentication succeeded - usertwo

Back to Top

Administering certificates

...