Versions Compared

Old Version 10

changes.mady.by.user Runhua Chi

Saved on

compared with

New Version Current

changes.mady.by.user Runhua Chi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

You can add users and groups via the Geronimo Administration Console or by modifying some configuration files. We will start simple by using the realm provided by Geronimo by default. Then, as we explore the different realms and security configurations, we will come back and revisit some of the topics as needed.

...

users.properties uses the <user_name>=<password> format, groups.properties uses the <group_name>=<user_name> format. See the following examples for additional details.

...

...

As we are using the basic, by default, security configuration you will see the user IDs and passwords are stored in plain text. You can add, remove and change passwords from this file.

...

...

Just like with the users, with the groups.properties you can add and remove groups and users to those groups.

The files mentioned in this sections along with the all the security configuration in addition to user names and passwords are defined in the geronimo-properties-realm security realm covered in the Adminstering Administering security realms section.

Changing password for derby Admin Anchorchangingpasswordforderbyadminchangingpasswordforderbyadmin

Starting from G217, a new user dbadmin is defined to manage all connections to the embedded Derby server. By default, the user and its group are defined in the /var/security/groups.properties file, which you should NOT update. But you can update the default password manager to any other combinations you like. While doing so, you must follow the steps below to make sure the whole server and relevant database pools work well after you updated the password.

...

Controlling Derby authentication Anchorcontrolingderbyauthenticationcontrolingderbyauthentication

Starting from 2.1.7, a system property derby.connection.requireAuthentication is supported to control the switch of Derby authentication on a Geronimo server. You can set the property to true to enable derby authentication by passing the property and its value to GERONIMO_OPTS as followed before the server is started, and set to false to disable. By default, the value is true.

...

Accessing user-defined Derby databases Anchoraccessinguserdefinedderbydatabasesaccessinguserdefinedderbydatabases

When you're using the Apache Derby database, a table is always in a schema. If you don't specify a schema explicitly, Derby implicitly uses the built-in apps schema. A second built-in schema called sys which is used to isolate system tables. If you specify a user name A when creating the database, thinking about the scenario you are deploying a datasource and set the create database parameter as true, then you create a table T, the fully qualified name of the table T will be A.T.

...

If you turn the derby authentication on and you still want to access the databases you created, make sure that the user name is defined in derbyadmin group within the groups.properties file, and the user's password defined in users.properties files as followed.

...

...

admin=system,
derbyadmin=dbadmin,app,user1

...

system=manager
dbadmin=manager
app=app
user1=password

...

where

  • dbadmin is the default derby system user.
  • app is the user name to access a table with the default APP schema.
  • user1 is name of the user who creates the database.
  • password is the plain text password of user user1.

...