Versions Compared

Old Version 19

changes.mady.by.user maojia

Saved on

compared with

New Version 20

changes.mady.by.user maojia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • <moduleId> .. </moduleId>: is the tag that defines the module ID of the security realm. This attribute is included Applications which use this security realm for authentication should include this attribute as a dependency in the deployment plan of any application that uses this security realm to authenticate clients.
  • <attribute name="realmName">CertificatePropsRealm</attribute>:CertificatePropsRealm is the name of the security realm.

Configure the deployment descriptor and deployment plan of your web application to use the Certificate Properties File Realm for client authentication. For example, applications which use the CertificatePropsRealm security realm must configure their The deployment descriptor is configured as follows:

Code Block
xml
xml
borderStylesolid
titleExcerpt from web.xml
 <login-config>
      <auth-method>CLIENT-CERT</auth-method>
      <realm-name>Not Required for CLIENT-CERT</realm-name>
</login-config>

...

  • <auth-method>CLIENT-CERT</auth-method>: suggests that the auth-method is set to CLIENT-CERT and thus, uses client certificate for authentication. CLIENT-CERT is often used for SSL mutual authentication. In Geronimo, such configuration suggests that a Certificate Properties File Realm is used for authentication with a client certificate.

The deployment plan is configured Web applications which use the CertificatePropsRealm security realm, for example, must configure their deployment plans as follows:

Code Block
xml
xml
borderStylesolid
titleExcerpt from geronimo-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1" 
         xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2" 
         xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" 
         xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <sys:environment>
        <sys:moduleId>
            <sys:groupId>org.apache.geronimo</sys:groupId>
            <sys:artifactId>sampleapplication</sys:artifactId>
            <sys:version>1.0</sys:version>
            <sys:type>car</sys:type>
        </sys:moduleId>
       <sys:dependencies>
            <sys:dependency>
            <sys:groupId>console.realm</sys:groupId>
            <sys:artifactId>cert-prop-file-realm</sys:artifactId>
            <sys:version>1.0</sys:version>
            <sys:type>car</sys:type>
            </sys:dependency>
        </sys:dependencies>
   </sys:environment>
  <context-root>/cert-realm-sample</context-root>
  <security-realm-name>CertificatePropsRealm</security-realm-name>
  <security>
    <default-principal realm-name="CertificatePropsRealm">
      <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client1"/>
         <!-- name should match the entries from cert-users.properties of the realm -->
    </default-principal>
    <role-mappings>
      <role role-name="content-administrator">
        <realm realm-name="CertificatePropsRealm">
          <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
             <!-- name should match the entries from cert-groups.properties of the realm -->
          <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client1"/>
          <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client2"/>
        </realm>
      </role>
    </role-mappings>
  </security>
</web-app>

...