THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The following example shows how DirectConfigurationEntry is configured to use the ServerLoginCoordinator login module GBean.
| Code Block | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
parentId="org/apache/geronimo/Client"
configId="org/apache/geronimo/ClientSecurity"
>
<GBean name="ServerLoginStubDCE" class="org.apache.geronimo.security.jaas.DirectConfigurationEntry">
<attribute name="applicationConfigName">server-login</attribute>
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="Module"> <!-- reference to the login module GBean: name=ServerLoginCoordinator -->
<name>ServerLoginCoordinator</name>
</reference>
</GBean>
<GBean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">org.apache.geronimo.security.jaas.client.JaasLoginCoordinator</attribute>
<attribute name="serverSide">false</attribute>
<attribute name="options">
host=localhost <!-- Geronimo login service endpoint -->
port=4242
realm=geronimo-properties-realm <!-- Security realm name -->
</attribute>
<attribute name="loginDomainName">geronimo-properties-realm</attribute>
</GBean>
</configuration> |
...
The following example shows how to setup the ServerRealmConfigurationEntry with the name of JMX. The security realm name is geronimo-properties-realm.
| Code Block | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment-1.0"
configId="org/apache/geronimo/Security"
parentId="org/apache/geronimo/RMINaming"
>
<GBean name="JMX" class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
<attribute name="applicationConfigName">JMX</attribute>
<attribute name="realmName">geronimo-properties-realm</attribute> <!-- Security Realm name -->
<reference name="LoginService"> <!--reference to the login service GBean -->
<name>JaasLoginService</name>
</reference>
</GBean>
</configuration> |
...
Here is an example of generic-security-realm setup, we want to wire the GenericSecurityRealm named geronimo-properties-realm with the login module
named properties-login that authenticates against a property file. Our Security Realm authentication policy requires properties-login module authentication to succeed.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<GBean name="geronimo-properties-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<!-- security-realm name; this is a name of the Security Realm as well as the name of
-- the configuration entry used by the application -->
<attribute name="realmName">geronimo-properties-realm</attribute>
<!-- reference to the head of the login module use list -->
<reference name="LoginModuleConfiguration">
<name>properties-login</name>
</reference>
<!-- server-info reference is passed to most GBeans -->
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module><name>ServerInfo</name>
</reference>
<!-- reference to the login-service GBean -->
<reference name="LoginService"><name>JaasLoginService</name></reference>
</GBean>
<!-- this is the head of the login-module-use list -->
<GBean name="properties-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<!-- login module must succeed -->
<attribute name="controlFlag">REQUIRED</attribute>
<!-- reference to the login module -->
<reference name="LoginModule">
<name>properties-login</name>
</reference>
</GBean>
<!-- this is login module GBean -->
<GBean name="properties-login" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</attribute>
<attribute name="serverSide">true</attribute>
<!-- login module specific options -->
<attribute name="options">
usersURI=var/security/users.properties <!-- user database -->
groupsURI=var/security/groups.properties <!-- group database -->
</attribute>
<attribute name="loginDomainName">geronimo-properties</attribute>
</GBean> |
...
The following example briefly shows how the LoginConfig schema is used.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<GBean name="geronimo-properties-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<!-- security-realm name; this name is reused by the
-- configuration-entry-factory interface implementation by the
-- generic-security-realm; you may use this name as application
-- configuration name parameter passed to the LoginContext constructor -->
<attribute name="realmName">geronimo-properties-realm</attribute>
<!-- xml reference, better than before? -->
<xml-reference name="LoginModuleConfiguration">
<lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig">
<lc:login-module control-flag="REQUIRED" server-side="true">
<lc:login-domain-name>client-properties-realm</lc:login-domain-name>
<lc:login-module-class>
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</lc:login-module-class>
<lc:option name="usersURI">
var/security/users.properties
</lc:option>
<lc:option name="groupsURI">
var/security/groups.properties
</lc:option>
</lc:login-module>
</lc:login-config>
</xml-reference>
<!-- server-info reference is passed to most GBeans -->
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module><name>ServerInfo</name>
</reference>
<!-- reference to the login-service GBean -->
<reference name="LoginService"><name>JaasLoginService</name></reference>
</GBean> |
...
The following is an example of a login module that uses property files as authentication database. Values of property files are passed as options attribute.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<GBean name="properties-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">
org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
usersURI=var/security/users.properties
groupsURI=var/security/groups.properties
</attribute>
<attribute name="loginDomainName">geronimo-properties-realm</attribute>
</GBean> |
...