Versions Compared

Old Version 18

changes.mady.by.user maojia

Saved on

compared with

New Version 19

changes.mady.by.user maojia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
xml
xml
borderStylesolid
titleExcerpt from the deployment plan of CertificatePropsRealm
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>cert-prop-file-realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.framework</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="cert-prop-file-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep=
"http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">CertificatePropsRealm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>CertificatePropsRealm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
                    <log:option name="usersURI">var/security/user_sample.properties</log:option>
                    <log:option name="groupsURI">var/security/group_sample.properties</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>

where

  • <moduleId> .. </moduleId>: is the tag that defines the module ID of the security realm. This attribute is included as a dependency in the deployment plan of any application that uses this security realm to authenticate clients.
  • <attribute name="realmName">CertificatePropsRealm</attribute>:CertificatePropsRealm is the name of the security realm.

Configure the deployment descriptor and deployment plan of your web application to use the Certificate Properties File Realm for client authentication. For example, applications which use the CertificatePropsRealm security realm must configure their deployment descriptor as follows:

...

  • <security-realm-name>CertificatePropsRealm</security-realm-name>:CertificatePropsRealm is the Certificate Properties File Realm used for client authentication.
  • <sys:dependency> .. </sys:dependency>:elements in this tag identify the module ID of the Certificate Properties File Realm used for authentication.

You can install a client certificate into the web browser to authenticate against web servers. For the sample application described above which use the CertificatePropsRealm security realm, install the My_Private_key certificate into your web browser to verify your identity, in this case client1, during authentication. The installation process is provided in the Install certificate on client section below.