geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <>
Subject Web App Security Questions
Date Mon, 18 Oct 2004 00:06:03 GMT
	Boy, I didn't realize how little of this I really understand until 
I started reading the deployment plan schemas carefully.

	I'm looking at the "default-principal" element in the
geronimo-security schema.  This is used in turn by the various deployment
plans, and I'm not exactly sure when it would kick in.  Looking at a web
app in particular, in which of these cases would the "default-principal"
be used?

1) user not logged in, interacting with unsecured URL

2) user not logged in, interacting with secured URL
    (I assume this only redirects to login page)

3) user logged in, interacting with unsecured URL

4) user logged in, interacting with secured URL
    (I assume the user's actual principal would apply here)

	What is the purpose of the default principal?  Is it to provide
some valid credentials in case an unauthenticated user tried to invoke a
secured resource such as an EJB?  If that's the case, what's the
difference between a default-principal for the web app and a run-as for a

Security Realms
In the web app deployment plan, you can map any role specified in the 
web.xml to one or more principals in one or more realms (using security/

How do you specify which realm should be used to authenticate a user who 
logs in to the web app?  Or is it the case that if you list multiple 
realms across your role definitions, they will all get a chance to 
authenticate the user?  If so, in which order?

Principal Types
What are the valid values for the principal:class attribute?  I assume 
something like "user" or "group", but is there a specific set?  Or is it 
free because it just has to be a value that makes sense to the particular 
realm in question (one might say "group" while another says "role" or 

Designated Run-As
What does it mean for a particular principal to be the run-as principal 
for a role?  Does that mean that if a servlet specifies this role as a 
run-as role, then the server will behave as if the run-as principal is 
logged in for that servlet?


View raw message