THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Not Required for CLIENT-CERT</realm-name>
</login-config>
|
where
<auth-method>CLIENT-CERT</auth-method>: suggests that the auth-method is set toCLIENT-CERTand thus, the certificate properties file realm is used for client authentication.
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?> |
...
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1"> |
...
<context-root>/Sample_CertificatePropsRealm</context-root> |
...
... |
...
<security-realm-name>CertificatePropsRealm</security-realm-name> |
...
<security> <principal class="org.apache.geronimo.security.realm.providers. |
...
GeronimoUserPrincipal" |
...
name="client1"/> |
...
<!-- name should match the entries from cert-users.properties of the realm --> |
...
</default-principal> |
...
<role-mappings> |
...
<role role-name="content-administrator"> |
...
<realm realm-name="CertificatePropsRealm"> |
...
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" |
...
name="admin" designated-run-as="true"/> |
...
<!-- name should match the entries from cert-groups.properties of the realm --> |
...
<principal class="org.apache.geronimo.security.realm.providers. |
...
GeronimoUserPrincipal" name="client1"/> |
...
... |
...
</realm> |
...
</role> |
...
</role-mappings> |
...
</security> |
...
</web-app> |
where
*<security-realm-name>CertificatePropsRealm</security-realm-name>:CertificatePropsRealm is the properties file security realm used for client authentication.
You can install a client certificate into the web browser to authenticate against Web servers. The client certificate should be based on the information provided in the group and user properties files.
...