THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
To administer security realms via the Geronimo Administration Console the Security Realms portlet is available on the Console Navigation menu on the left hand side. This portlet allows you to add a new security realm or edit an existing one. To remove realms you would normally use the command line option with the Deployer tool.
Listed in this portlet you will find all the available security realms. By default, the security realm used by Geronimo to authenticate users via properties file is geronimo-properties-realm.
...
For this example we created a new database called SecurityDatabase using the built-in Derby database. The following steps summarize the procedure followed to create the database and tables, load some sample data and create the connection pool. Detailed instructions on how to define database connection pools are described in the #Configuring database pools section.
Create database and load sample data
- In the Console Navigation menu on the left click on Database Manager.
- Enter SecurityDatabase in the Create DB: field and click Create.
- Select the SecurityDatabase database from the Use DB: pull-down menu, enter the following SQL command and click Run SQL.
create table users
(username varchar(15),
password varchar(15));
create table groups
(username varchar(15),groupname varchar(15));Select the SecurityDatabase database from the Use DB: pull-down menu, enter the following SQL command and click Run SQL.
insert into users values('userone','p1');
insert into users values('usertwo','p2');
insert into users values('userthree','p3');
insert into groups values('userone','admin');
insert into groups values('usertwo','admin');
insert into groups values('userthree','user');
...
- In the Console Navigation menu on the left click on Database Pools.
- Click on Using the Geronimo database pool wizard.
- Enter SecurityDatabase as the database pool name. Select Derby embedded from the database pool type pull-down menu and click Next.
- Verify the JDBC driver class is org.apache.derby.jdbc.EmbeddedDriver.
- From the Driver Jar pull-down menu select org.apache.derby/derby/10.1.1.0/jar.
- Enter userone and p1 as Leave blank the connection user name and password.
- Enter SecurityDatabase as the database name and click Next.
- Click Test Connection.
- Click Deploy.
...
To create a new security realm click on Add new security realm from the Security Realms portlet.
Enter new-geronimo-derby_security_realm in the Name of Security Realm: field and select Database (SQL) Realm from the Realm type: pull-down menu and click Next.
select username, password from users where username=?
select username, groupname from groups where username=?
Security realm for using with database authentication.
The following screen configures the login module. The first two field you need to fill will potentially vary from one database type to another. In this case we are using the embedded Derby database so the User and Group select SQL should read as follows:
User SELECT SQL: select username, password from APP. users where username=?
Group SELECT SQL: select username, password from APP. groups where username=?
select username, password from users where username=?
select username, groupname from groups where username=?
Security realm for using with database authentication.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<configuration configId="SecurityRealm-derby_realm" xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0">
<import>
<uri>user/database-pool-derby_pool/1/car</uri>
</import>
<gbean name="derby_realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">derby_realm</attribute>
<reference name="ServerInfo">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,
j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginService">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,
j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
<log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
<log:login-domain-name>derby_realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="userSelect">select username, password from APP.users where username=?</log:option>
<log:option name="dataSourceApplication">null</log:option>
<log:option name="groupSelect">select username, groupname from APP.groups where username=?</log:option>
<log:option name="dataSourceName">derby_pool</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL" server-side="true" wrap-principals="false">
<log:login-domain-name>derby_realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
<log:option name="file">var/log/login-attempts.log</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</configuration> |
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<configuration configId="SecurityRealm-db2_security_realm" xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0">
<import>
<uri>user/database-pool-DB2_Test/1/car</uri>
</import>
<gbean name="db2_security_realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">db2_security_realm</attribute>
<reference name="ServerInfo">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,
j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginService">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,
j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
<log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
<log:login-domain-name>db2_security_realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="userSelect">select username, password from users where username=?</log:option>
<log:option name="dataSourceApplication">null</log:option>
<log:option name="groupSelect">select username, groupname from groups where username=?</log:option>
<log:option name="dataSourceName">SecurityDatabase</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL" server-side="true" wrap-principals="false">
<log:login-domain-name>db2_security_realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
<log:option name="file">var/log/login-attempts.log</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</configuration> |
...