...

For example, Geronimo uses "geronimo-admin" security realm to authenticate users when they login to admin console. The deployment plan of the security realm is follows.

<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">

...

 
    <environment> 
        <moduleId> 
            <groupId>console.realm</groupId>

...

 
            <artifactId>geronimo-admin</artifactId> 
            <version>1.0</version>

...

 
            <type>car</type>

...

 
        </moduleId>

...

 
        <dependencies> 
            <dependency> 
                <groupId>org.apache.geronimo.framework</groupId>

...

 
                <artifactId>j2ee-security</artifactId>

...

 
                <type>car</type> 
            </dependency> 
        </dependencies> 
    </environment> 
    <gbean name="geronimo-admin" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

...

> 
        <attribute name="realmName">geronimo-admin</attribute>

...

 
        <reference name="ServerInfo">

...

 
            <name>ServerInfo</name>

...

 
        </reference>

...

 
        <xml-reference name="LoginModuleConfiguration">

...

 
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">

...

 
                <log:login-module control-flag="REQUIRED"

...

 wrap-principals="false"> 
                    <log:login-domain-name>geronimo-admin</log:login-domain-name>

...

 
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log

...

:login-module-class> 
                    <log:option name="groupsURI">var/security/groups.properties</log:option>

...

 
                    <log:option name="usersURI">var/security/users.properties</log:option>

...

 
                </log:login-module>

...

 
            </log:login-config>

...

 
        </xml-reference>

...

 
    </gbean>

...

 
</module>

The above security realm is deployed over two property files var/security/users.properties and var/security/groups.properties that contain user/group information using "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule". The admin console is a web application that uses the above security realm for user authentication.

...

Depending on the type of the login module, the options for configuration changes.  Admin Admin console enables users to create and deploy security realms using all the above mentioned login modules.

Once a security realm is deployed, it's available for any JEE5 application deployed in Apache Geronimo to map  map declared roles to actual users/groups through a Geronimo deployment plan.
 

Resources

Applications

An enterprise application archive (EAR) can consist of several application modules. The application modules can be Web Application Archives (WAR) , EJB modules (JAR), application client modules (JAR) or Resource Archive modules (RAR). User can either deploy these modules individually or bundle them into a single EAR file and deploy the EAR file.

When deployed individually, each application module should accompany a Geronimo deployment plan to map declared resources names, ejb names, security roles, JMS roles to roles to corresponding actual entities deployed in deployed in the server. The Geronimo deployment plans also contain any Geronimo specific settings and configurations. When deployed as a single bundle (EAR), user can create a single Geronimo deployment plan to accomplish to accomplish all the mappings, settings and configurations.

...

...