As was explained before, Geronimo login configuration schema was devised as a user-friendly syntax for configuring Security Realm GBeans. It is included with xml-reference
element into the host GBean and processed by the syntax-aware deployer.
Geronimo login configuration namespace is http://geronimo.apache.org/xml/ns/loginconfig-1.0 and the schema file is geronimo-login-config-1.0.xsd. All types are defined in this namespace.
Type Login-configType
Element login-config
of the login-configType
type is the top-level element in the login configuration schema.
It defines login module configurations for the enclosing Security Realm GBean. Currently the only GBean that implements the SecuritRealm
interface is GenericSecurityRealm
.
<xsd:complexType name="login-configType"> <xsd:annotation> <xsd:documentation> Defines the list of login modules for a login configuration represented by a GenericSecurityRealm </xsd:documentation> </xsd:annotation> <xsd:sequence> <xsd:choice minOccurs="0" maxOccurs="unbounded"> <xsd:element name="login-module-ref" type="geronimo:login-module-refType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="login-module" type="geronimo:login-moduleType" minOccurs="0" maxOccurs="unbounded"/> </xsd:choice> </xsd:sequence> </xsd:complexType>
login-module-ref
- optinal element in the sequence of choices. Defines reference to a login module.
login-module
- optional element in the sequence of choices. Defines login module.
Type abstract-login-moduleType
This is an abstract base type from which all other login module types are derived.
<xsd:complexType name="abstract-login-moduleType" abstract="true"> <xsd:attribute name="control-flag" type="geronimo:control-flagType" use="required"/> </xsd:complexType>
@control-flag
- login module control flag of the geronimo:control-flagType
. Defines how authentication outcome from the login module must be combined with authentication outcomes from other login modules.
Type control-flagType
This type constrains the values of the module control flag. Values of this type emulate JAAS module combination semantics.
<xsd:simpleType name="control-flagType"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="REQUIRED"/> <xsd:enumeration value="REQUISITE"/> <xsd:enumeration value="SUFFICIENT"/> <xsd:enumeration value="OPTIONAL"/> </xsd:restriction> </xsd:simpleType>
Type login-module-refType
This type allows reference to the login module by the object name. Object name is split into components, so you do not have to write an extensive object name by hand, just a extensive object-name enclosed in pointy brackets.
Login-module-refType
extends from abstract-login-moduleType
.
<xsd:complexType name="login-module-refType"> <xsd:complexContent> <xsd:extension base="geronimo:abstract-login-moduleType"> <xsd:sequence> <xsd:element name="domain" type="xsd:string" minOccurs="0"/> <xsd:element name="server" type="xsd:string" minOccurs="0"/> <xsd:element name="application" type="xsd:string" minOccurs="0"/> <xsd:element name="module" type="xsd:string" minOccurs="0"/> <xsd:element name="type" type="xsd:string" minOccurs="0"/> <xsd:element name="name" type="xsd:string"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType>
@control-flag
- required attribute of the control-flagType
type. It is inherited from the abstract base class. Defines how referenced login module authentication outcome must be combined with authentication outcome of other modules.
domain
- optional element of the xs:string
type that defines domain
component of the login module object name.
server
- optional element of the xs:string
type that defines server
component of the login module object name.
application
- optional element of the xs:string
type that defines application
component of the login module object name.
module
- optional element of the xs:string
type that defines module
component of the login module object name
type
- optional element of the xs:string
type that defines j2eeType
component of the login module object name.
name
- required element of the xs:string
type that defines name
component of the login module object name.
Type login-moduleType
The login-moduleType
describes configuration for one login module within the enclosing GenericSecurityRealm
GBean.
<xsd:complexType name="login-moduleType"> <xsd:complexContent> <xsd:extension base="geronimo:abstract-login-moduleType"> <xsd:sequence> <xsd:element name="login-domain-name" type="xsd:string"/> <xsd:element name="login-module-class" type="xsd:string"/> <xsd:element name="option" type="geronimo:optionType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="server-side" type="xsd:boolean" use="required"/> </xsd:extension> </xsd:complexContent> </xsd:complexType>
@control-flag
- required attribute of the control-flagType
type. It is inherited from the abstract base class. Defines how login module authentication outcome must be combined with authentication outcome of other modules.
@server-side
- required attribute of the xs:boolean
type. If set to true login module is server-side login module.
login-domain-name
- required element of the xs:string
type. This is Login Domain name.
login-module-class
- required element of the xs:string
type. This is a name of the class that implements this login module.
option
- optional sequence of options of type optionType
from 0 to many. Options are specific to the login module.
Type optionType
This type defines login module specific option, like location of the authentication database, etc.
<xsd:complexType name="optionType"> <xsd:simpleContent> <xsd:extension base="xsd:string"> <xsd:attribute name="name" type="xsd:string" use="required"/> </xsd:extension> </xsd:simpleContent> </xsd:complexType>
@name
- required attribute of type xs:string
. This is login module option name.