THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
DirectConfigurationEntry exposes login module directly to JAAS clients. You have to specify Login Module here directly. To be able to login into Geronimo specify JaasLoginCoordinator login module.
DirectConfigurationEntry GBean declares following metadata:
- applicationConfigName - attribute; application configuration name; this is a key by which configuration entry is found.
- controlFlag - attribute; login module control flag according to the JAAS semantics; the only value that makes sense here is REQUIRED.
- wrapPrincipals - attribute; possible values are true and false. If set to true, all Principals generated by the login module (Login Domain) will be wrapped into the
DomainPrincipaland everyDomainPrincipalwill be wrapped into theRealmPrincipal. This enables J2EE role mappings intoDomainPrincipalsandRealmPrincipals. - Module - reference; This is object name specification for the
LoginModuleGBean.
The following example shows how DirectConfigurationEntry is configured to use ServerLoginCoordinator login module GBean.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
parentId="org/apache/geronimo/Client"
configId="org/apache/geronimo/ClientSecurity"
>
<GBean name="ServerLoginStubDCE" class="org.apache.geronimo.security.jaas.DirectConfigurationEntry">
<attribute name="applicationConfigName">server-login</attribute>
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="Module"> <!-- reference to the login module GBean: name=ServerLoginCoordinator -->
<name>ServerLoginCoordinator</name>
</reference>
</GBean>
<GBean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasLoginCoordinator</attribute>
<attribute name="serverSide">false</attribute>
<attribute name="options">
host=localhost <!-- Geronimo login service endpoint -->
port=4242
realm=geronimo-properties-realm <!-- Security realm name -->
</attribute>
<attribute name="loginDomainName">geronimo-properties-realm</attribute>
</GBean>
</configuration> |
Configuring ServerRealmConfigurationEntry
ServerRealmConfigurationEntry connects server side component (such as a Servlet) to the Security Realm. It allows decoupling of configuration name and Security Realm name.
ServerRealmConfigurationEntry declares following metadata:
- applicationConfigName - attribute; application configuration name; this is a key by which configuration entry is found.
- realmName - attribute; security realm name.
- LoginService - reference; object name for the JAAS Login Service GBean.
- wrapPrincipals - attribute; possible values are true and false. If set to true, all Principals generated by the login module (Login Domain) will be wrapped into the DomainPrincipal and every DomainPrincipal will be wrapped into the RealmPrincipal. This enables J2EE role mappings into DomainPrincipals and RealmPrincipals.
Example: Here we setup ServerRealmConfigurationEntry with the name of JMX. The security realm name is geronimo-properties-realm.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0"
configId="org/apache/geronimo/Security"
parentId="org/apache/geronimo/RMINaming"
>
<GBean name="JMX" class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
<attribute name="applicationConfigName">JMX</attribute>
<attribute name="realmName">geronimo-properties-realm</attribute> <!--name of the security realm -->
<reference name="LoginService"> <!--reference to the login service GBean -->
<name>JaasLoginService</name>
</reference>
</GBean>
</configuration> |