...
DirectConfigurationEntry
exposes login module directly to JAAS clients. You have to specify Login Module here directly. To be able to login into Geronimo specify JaasLoginCoordinator
login module.
DirectConfigurationEntry
GBean declares following metadata:
- applicationConfigName - attribute; application configuration name; this is a key by which configuration entry is found.
- controlFlag - attribute; login module control flag according to the JAAS semantics; the only value that makes sense here is REQUIRED.
- wrapPrincipals - attribute; possible values are true and false. If set to true, all Principals generated by the login module (Login Domain) will be wrapped into the
DomainPrincipal
and everyDomainPrincipal
will be wrapped into theRealmPrincipal
. This enables J2EE role mappings intoDomainPrincipals
andRealmPrincipals
. - Module - reference; This is object name specification for the
LoginModuleGBean
.
The following example shows how DirectConfigurationEntry
is configured to use ServerLoginCoordinator
login module GBean.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
parentId="org/apache/geronimo/Client"
configId="org/apache/geronimo/ClientSecurity"
>
<GBean name="ServerLoginStubDCE" class="org.apache.geronimo.security.jaas.DirectConfigurationEntry">
<attribute name="applicationConfigName">server-login</attribute>
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="Module"> <!-- reference to the login module GBean: name=ServerLoginCoordinator -->
<name>ServerLoginCoordinator</name>
</reference>
</GBean>
<GBean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasLoginCoordinator</attribute>
<attribute name="serverSide">false</attribute>
<attribute name="options">
host=localhost <!-- Geronimo login service endpoint -->
port=4242
realm=geronimo-properties-realm <!-- Security realm name -->
</attribute>
<attribute name="loginDomainName">geronimo-properties-realm</attribute>
</GBean>
</configuration> |
Configuring ServerRealmConfigurationEntry
ServerRealmConfigurationEntry
connects server side component (such as a Servlet) to the Security Realm. It allows decoupling of configuration name and Security Realm name.
ServerRealmConfigurationEntry
declares following metadata:
- applicationConfigName - attribute; application configuration name; this is a key by which configuration entry is found.
- realmName - attribute; security realm name.
- LoginService - reference; object name for the JAAS Login Service GBean.
- wrapPrincipals - attribute; possible values are true and false. If set to true, all Principals generated by the login module (Login Domain) will be wrapped into the DomainPrincipal and every DomainPrincipal will be wrapped into the RealmPrincipal. This enables J2EE role mappings into DomainPrincipals and RealmPrincipals.
Example: Here we setup ServerRealmConfigurationEntry with the name of JMX. The security realm name is geronimo-properties-realm.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0"
configId="org/apache/geronimo/Security"
parentId="org/apache/geronimo/RMINaming"
>
<GBean name="JMX" class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
<attribute name="applicationConfigName">JMX</attribute>
<attribute name="realmName">geronimo-properties-realm</attribute> <!--name of the security realm -->
<reference name="LoginService"> <!--reference to the login service GBean -->
<name>JaasLoginService</name>
</reference>
</GBean>
</configuration> |