...
The deployment plan is configured as follows:
...
<?xml
...
version="1.0"
...
encoding="UTF-8"?>
...
<web-app
...
xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"
xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
...
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"
xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2">
<sys:environment>
<sys:moduleId>
<sys:groupId>org.apache.geronimo</sys:groupId>
<sys:artifactId>sampleapplication</sys:artifactId>
<sys:version>1.0</sys:version>
<sys:type>car</sys:type>
</sys:moduleId>
<sys:dependencies>
<sys:dependency>
<sys:groupId>console.realm</sys:groupId>
<sys:artifactId>CertificatePropsRealm</sys:artifactId>
<sys:version>1.0</sys:version>
<sys:type>car</sys:type>
</sys:dependency>
</sys:dependencies>
</sys:environment>
<context-root>/cert-realm-sample</context-root>
<security-realm-name>CertificatePropsRealm</security-realm-name>
...
<security>
<default-principal realm-name="CertificatePropsRealm">
<principal class="org.apache.geronimo.security.realm.providers.
...
GeronimoUserPrincipal"
...
name="client1"/>
...
<!--
...
name
...
should
...
match
...
the
...
entries
...
from
...
cert-users.properties
...
of
...
the
...
realm
...
-->
...
</default-principal>
...
<role-mappings>
...
<role role-name="content-administrator">
...
<realm realm-name="CertificatePropsRealm">
...
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
...
name="admin"
...
designated-run-as="true"/>
...
<!--
...
name
...
should
...
match
...
the
...
entries
...
from
...
cert-groups.properties
...
of
...
the
...
realm
...
-->
...
<principal class="org.apache.geronimo.security.realm.providers.
...
GeronimoUserPrincipal"
...
name="client1"/>
...
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client2"/>
</realm>
</role>
</role-mappings>
...
</security>
...
</web-app>
Code Block |
---|
where
<security-realm-name>CertificatePropsRealm</security-realm-name>
:CertificatePropsRealm
is the Certificate Properties File Realm used for client authentication.
...