Versions Compared

Old Version 37

changes.mady.by.user Phani Balaji Madgula

Saved on

compared with

New Version 38

changes.mady.by.user Phani Balaji Madgula

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Depending on the selected authenticating system, a JAAS login module is selected and configured in a Security Realm. JAAS login modules connect to corresponding user/group repositories and perform authentication and retrieve authorization information. Geronimo provides login modules that connect to different types of user/group repositories. These are PropertiesFileLoginModule, LDAPLoginModule, SQLLoginModule and CertificatePropertiesFileLoginModule.

For example, Geronimo uses "geronimo-admin" security realm to authenticate users when they login to the Geronimo Administration Console. The deployment plan of the security realm is follows.

geronimo-admin security realm

Code Block
xml
xml
borderStylesolid
titlegeronimo-admin security realm

<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
     <environment>

         <moduleId>
             <groupId>console.realm</groupId>
             <artifactId>geronimo-admin</artifactId>
             <version>1.0</version>
             <type>car</type>
         </moduleId>

         <dependencies>

             <dependency>
                 <groupId>org.apache.geronimo.framework</groupId>
                 <artifactId>j2ee-security</artifactId>
                 <type>car</type>
             </dependency>

         </dependencies>

     </environment>

     <gbean name="geronimo-admin"
       class="org.apache.geronimo.security.realm.GenericSecurityRealm"
       xsi:type="dep:gbeanType"
      xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

         <attribute name="realmName">geronimo-admin</attribute>
         <reference name="ServerInfo">
             <name>ServerInfo</name>
         </reference>

         <xml-reference name="LoginModuleConfiguration">

             <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                 <log:login-module control-flag="REQUIRED" wrap-principals="false">
                     <log:login-domain-name>geronimo-admin</log:login-domain-name>
                     <log:login-module-class>
  org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
                     </log:login-module-class>
                     <log:option name="groupsURI">var/security/groups.properties</log:option>
                     <log:option name="usersURI">var/security/users.properties</log:option>
                 </log:login-module>
             </log:login-config>

         </xml-reference>
     </gbean>

 </module>

The above security realm is deployed over two property files <geronimo_home>/var/security/users.properties and var/security/groups.properties that contain user/group information using "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule". The admin console is a web application that uses the above security realm for user authentication.

Security realm deployment plan is an XML file that uses "http://geronimo.apache.org/xml/ns/deployment-1.2" Geronimo schema for ModuleIdmoduleid, dependency and Security Realm security realm GBean configurations. The XML file uses "[http://geronimo.apache.org/xml/ns/loginconfig-2.0|http://geronimo.apache.org/xml/ns/loginconfig-2.0" Geronimo schema for login module configuration. All the XML schema files (.xsd files) are located at <GERONIMO<geronimo_HOME>home>/schema directory. Where <GERONIMO_HOME> is the directory where Geronimo is installed.

The following table provides the summary of user/group repositories and corresponding login modules in Apache Geronimo

...