THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
This article shows you how to create a security realm using Geronimo Eclipse Plugin(GEP) during development. GEP provides an easy-using wizard for different types of security realm configuration such as properties file realm, SQL realm and LDAP realm.
In this article, we use a sample Dynamic Web Project and SQL realm for demonstration. You can of course choose the project or realm type as you needed.
Creating a SQL realm
- Double-click the
geronimo-web.xmlfile under /META-INF directory of your application to open it in Geronimo Deployment Plan Editor, you will see general information page of the application. - Select Security tab, and then open Security Realm section to display the security realms that are defined.
- Add - start a wizard for security realm creation.
- Remove - remove an existing security realm.
- Edit - reconfigure an existing security realm.
- Click Add to start a security realm wizard and fill in required fields. In this example, we select SQL Realm.
- Realm Name is used to specify the name of the security realm that will be used for user authentication for the application.
- Realm Type is the type of login module.
- Click Next to input SQL statements for user and group verification.
- Select SQL : input SQL statements to retrieve user and group information from database .
- Digest Configuration : specify digesting algorithm and encoding configuration for the user's password.
- Input a database pool name or JDBC URL to connect to the database where the credentials are stored.
- Click Finish to complete the wizard, and you will see that the realm and corresponding LoginModule class are listed in the Security Realm section.
- In the tool-bar, click Finish to save the changes.
Now you have created a new security realm for a simple Web application. You can click the Source tab to review the sample deployment plan.
geronimo-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web:web-app xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0" xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2" xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0"
xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2" xmlns:pers="http://java.sun.com/xml/ns/persistence" xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1">
<dep:environment>
<dep:moduleId>
<dep:groupId>default</dep:groupId>
<dep:artifactId>TestWAR</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>car</dep:type>
</dep:moduleId>
<dep:dependencies>
<dep:dependency>
<dep:groupId>org.apache.geronimo.framework</dep:groupId>
<dep:artifactId>j2ee-security</dep:artifactId>
<dep:type>car</dep:type>
</dep:dependency>
</dep:dependencies>
</dep:environment>
<web:context-root>/TestWAR</web:context-root>
<dep:gbean class="org.apache.geronimo.security.realm.GenericSecurityRealm" name="testSQLRealm">
<dep:attribute name="realmName">testSQLRealm</dep:attribute>
<dep:reference name="ServerInfo">
<dep:name>ServerInfo</dep:name>
</dep:reference>
<dep:xml-reference name="LoginModuleConfiguration">
<log:loginConfig>
<log:login-module control-flag="REQUIRED" wrap-principals="false">
<log:login-domain-name>testSQLRealm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="dataSourceName">SecurityDatabasePool</log:option>
<log:option name="userSelect">select username, password from users where username=?</log:option>
<log:option name="groupSelect">select username, groupname from groups where username=?</log:option>
<log:option name="digest"/>
<log:option name="encoding"/>
</log:login-module>
</log:loginConfig>
</dep:xml-reference>
</dep:gbean>
</web:web-app>