Wiki Markup |
---|
{scrollbar} |
Excerpt |
---|
To administer security realms via the Geronimo Administration Console the Security Realms portlet is available on the Console Navigation menu on the left hand side. |
Listed in this portlet you will find all the available security realms. By default, the security realm used by Geronimo to authenticate users via properties file is geronimo-admin.
When you edit an existing realm (in this case geronimo-admin) you will be presented with the following screen, note that you will not be able to change the realm name nor the login domain name.
The following example illustrates the deployment plan generated by this realm.
...
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
<environment>
<moduleId>
<groupId>console.realm</groupId>
<artifactId>geronimo-admin</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
<dependencies>
<dependency>
<groupId>org.apache.geronimo.configs</groupId>
<artifactId>j2ee-security</artifactId>
<type>car</type>
</dependency>
</dependencies>
</environment>
<gbean name="geronimo-admin" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType"
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<attribute name="realmName">geronimo-admin</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
<log:login-module control-flag="REQUIRED" wrap-principals="false">
<log:login-domain-name>geronimo-admin</log:login-domain-name>
<log:login-module-class>
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</log:login-module-class>
<log:option name="usersURI">var/security/users.properties</log:option>
<log:option name="groupsURI">var/security/groups.properties</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
As we mentioned before, this plan is for the default, properties file based, security realm. When you create a new realm you will have to choose from the following realm types available:
- Certificate Properties File Realmrealm
- Database (SQL) Realmrealm
- LDAP Realmrealm
- Properties File Realmrealm
- Kerberos realm
Other
...
The last available option lets you than the four available options which you can choose from Administration Console, you can also create your custom realm type when none of the above fits your environment needs.
Having the Properties File Realm covered by default we will now focus on the other alternatives.
...
business needs. This requires creating your own implementation of class org.apache.geronimo.security.realm.providers
, which implements the javax.security.auth.spi.LoginModule
interface.
If you defined your own security realm and plan to use it within your application, you must define a dependency to the security realm in the deployment plan file.