Versions Compared

Old Version 3

changes.mady.by.user Daniel Becker

Saved on

compared with

New Version Current

changes.mady.by.user Runhua Chi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

You can add users and groups via the Geronimo Administration Console or by modifying some configuration files. We will start simple by using the realm provided by Geronimo by default. Then, as we explore the different realms and security configurations, we will come back and revisit some of the topics as needed.

...

users.properties uses the <user_name>=<password> format, groups.properties uses the <group_name>=<user_name> format. See the following examples for additional details.

...

As we are using the basic, by default, security configuration you will see the user IDs and passwords are stored in plain text. You can add, remove and change passwords from this file.

...

Just like with the users, with the groups.properties you can add and remove groups and users to those groups.

The files mentioned in this sections along with the all the security configuration in addition to user names and passwords are defined in the geronimo-properties-realm security realm covered in the Adminstering security realms section Administering security realms section.

Changing password for derby Adminchangingpasswordforderbyadmin

Starting from G217, a new user dbadmin is defined to manage all connections to the embedded Derby server. By default, the user and its group are defined in the /var/security/groups.properties file, which you should NOT update. But you can update the default password manager to any other combinations you like. While doing so, you must follow the steps below to make sure the whole server and relevant database pools work well after you updated the password.

  1. Start Geronimo server
  2. Update the password of dbadmin via console >security > Users and Groups portlet
  3. Edit the user password in existing datasources via console > Services > Database pools portlet especially for the system related datasources
  4. Shutdown Geronimo server
  5. Update the userPassword attribute of DerbyNetwork GBean in var\config\config.xml with the new password
  6. Restart Geronimo server

Controlling Derby authenticationcontrolingderbyauthentication

Starting from 2.1.7, a system property derby.connection.requireAuthentication is supported to control the switch of Derby authentication on a Geronimo server. You can set the property to true to enable derby authentication by passing the property and its value to GERONIMO_OPTS as followed before the server is started, and set to false to disable. By default, the value is true.

  • non-Windows systems export GERONIMO_OPTS=-Dderby.connection.requireAuthentication=true|false
  • Windows systems set GERONIMO_OPTS=-Dderby.connection.requireAuthentication=true|false

Accessing user-defined Derby databasesaccessinguserdefinedderbydatabases

When you're using the Apache Derby database, a table is always in a schema. If you don't specify a schema explicitly, Derby implicitly uses the built-in apps schema. A second built-in schema called sys which is used to isolate system tables. If you specify a user name A when creating the database, thinking about the scenario you are deploying a datasource and set the create database parameter as true, then you create a table T, the fully qualified name of the table T will be A.T.

When executing SQL commands upon a Derby database, always remember to specify the fully qualified name of the table. Otherwise, you might be experiencing certain SQLExceptions such as Connection authentication failure, especially when the username and the schema are not the same.

If you turn the derby authentication on and you still want to access the databases you created, make sure that the user name is defined in derbyadmin group within the groups.properties file, and the user's password defined in users.properties files as followed.

...

admin=system,
derbyadmin=dbadmin,app,user1

...

system=manager
dbadmin=manager
app=app
user1=password

...

where

  • dbadmin is the default derby system user.
  • app is the user name to access a table with the default APP schema.
  • user1 is name of the user who creates the database.
  • password is the plain text password of user user1.

Note that if a database is created via Create DB button on the DB Manager portlet, the default schema is DBADMIN and its default owner is dbadmin.