The security schema namespace for the Apache Geronimo M5 is "http://geronimo.apache.org/xml/ns/security-1.0"
Geronimo M5 and earlier versions do not support concepts of the DomainPrincipal
and RealmPrincipal
. When wrapping J2EE roles to Principals, Principal
elements are wrapped by the Realm
elements.
Code Block |
---|
|
<xsd:complexType name="roleType">
<xsd:sequence>
<xsd:element name="description" type="security-1.0:descriptionType"
minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="realm" type="security-1.0:realmType" minOccurs="0"
maxOccurs="unbounded"/>
<xsd:element name="distinguished-name"
type="security-1.0:distinguishedNameType" minOccurs="0"
maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="role-name" type="xsd:string" use="required"/>
</xsd:complexType> |
Code Block |
---|
|
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.0"
configId="org/apache/geronimo/tools/JMXConsole"
parentId="org/apache/geronimo/Server">
<context-root>/example</context-root>
<context-priority-classloader>false</context-priority-classloader>
<security-realm-name>geronimo-properties-realm</security-realm-name>
<sec:security>
<sec:default-principal realm-name="geronimo-properties-realm">
<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
</sec:default-principal>
<sec:role-mappings>
<sec:role role-name="admin">
<sec:realm realm-name="geronimo-properties-realm">
<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin" designated-run-as="true"/>
</sec:realm>
</sec:role>
</sec:role-mappings>
</sec:security>
</web-app> |