geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maliba <mimi_greb...@yahoo.fr>
Subject security Realm problem
Date Tue, 15 May 2007 13:31:52 GMT

Hi,
I just started to use Geronimo. 
I use geronimo 1.1.1 
I created a new connection pool to my database wich is not in the Geronimo
server, this is the code:

<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.1">
    <dep:environment
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1">
        <dep:moduleId>
            <dep:groupId>console.dbpool</dep:groupId>
            <dep:artifactId>SB2_ds</dep:artifactId>
            <dep:version>1.0</dep:version>
            <dep:type>rar</dep:type>
        </dep:moduleId>
        <dep:dependencies>
            <dep:dependency>
                <dep:groupId>postgresql</dep:groupId>
                <dep:artifactId>postgresql-8.1</dep:artifactId>
                <dep:version>404.jdbc3</dep:version>
                <dep:type>jar</dep:type>
            </dep:dependency>
        </dep:dependencies>
    </dep:environment>
    <resourceadapter>
        <outbound-resourceadapter>
            <connection-definition>
               
<connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
                <connectiondefinition-instance>
                    <name>SB2_ds</name>
                    <config-property-setting
name="Password">myPass</config-property-setting>
                    <config-property-setting
name="Driver">org.postgresql.Driver</config-property-setting>
                    <config-property-setting
name="UserName">myUser</config-property-setting>
                    <config-property-setting
name="ConnectionURL">jdbc:postgresql://distant_server/MyDB</config-property-setting>
                    <connectionmanager>
                        <local-transaction/>
                        <single-pool>
                            <max-size>10</max-size>
                            <min-size>0</min-size>
                            <match-one/>
                        </single-pool>
                    </connectionmanager>
                </connectiondefinition-instance>
            </connection-definition>
        </outbound-resourceadapter>
    </resourceadapter>
</connector>



after that I created my_security_realm using the created data source. this
is the code:


 <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
    <environment>
        <moduleId>
            <groupId>console</groupId>
            <artifactId>realm-my_security_realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>geronimo</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
            <dependency>
                <groupId>org.apache.derby</groupId>
                <artifactId>derby</artifactId>
                <version>10.1.1.0</version>
                <type>jar</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="derby_security_realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
        <attribute name="realmName">my_security_realm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <reference name="LoginService">
            <name>JaasLoginService</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
                <log:login-module control-flag="REQUIRED" server-side="true"
wrap-principals="false">
                   
<log:login-domain-name>my_security_realm</log:login-domain-name>
                   
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
                    <log:option name="userSelect">select login, passwd from
actor where login=? </log:option>
                    <log:option
name="jdbcDriver">org.postgresql.Driver</log:option>
                    <log:option name="groupSelect">select login, role from
actor_role where login=? </log:option>
                    <log:option
name="jdbcURL">jdbc:derby:SB2_ds</log:option>
                </log:login-module>
                <log:login-module control-flag="OPTIONAL" server-side="true"
wrap-principals="false">
                   
<log:login-domain-name>my_security_realm-Audit</log:login-domain-name>
                   
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
                    <log:option
name="file">var/log/derby_security_realm.log</log:option>
                </log:login-module>
                <log:login-module control-flag="REQUISITE"
server-side="true" wrap-principals="false">
                   
<log:login-domain-name>my_security_realm-Lockout</log:login-domain-name>
                   
<log:login-module-class>org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule</log:login-module-class>
                    <log:option name="lockoutDurationSecs">10</log:option>
                    <log:option name="failurePeriodSecs">10</log:option>
                    <log:option name="failureCount">3</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>



and I wanted to use the realm for my application security, this is the code
of geronimo-web.xml:


<?xml version="1.0" encoding="UTF-8"?>
<web-app
    xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1"
    xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.1"
    xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.1"
    xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1"
  >
    <environment>
        <moduleId>
            <artifactId>myAppli</artifactId>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>console.dbpool</groupId>
                <artifactId>SB2_ds</artifactId>
            </dependency>
        </dependencies>
    </environment>

    <context-root>/myAppli</context-root>

    <resource-ref>
        <ref-name>jdbc/myAppli</ref-name>
        <resource-link>SB2_ds</resource-link>
    </resource-ref>
    
    
    <!--  SECURITY -->
    <security-realm-name>my_security_realm</security-realm-name>
	

	<sec:security>
		<sec:default-principal realm-name="my_security_realm">
			<sec:principal name="anonymous"
				  
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
				   />
		</sec:default-principal>
		<sec:role-mappings>			
			<sec:role role-name="Administrateur">
				<sec:realm realm-name="my_security_realm" >
				   	<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin"/>
				</sec:realm>
			</sec:role>
			<sec:role role-name="Utilisateur">
				<sec:realm realm-name="my_security_realm">
					<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="user"/>
				</sec:realm>								
			</sec:role>
		</sec:role-mappings>
    </sec:security>
    
</web-app>


the roles are defined in the web.xml file:

<!-- SECURITY -->

	<security-role>
		<role-name>Utilisateur</role-name>
	</security-role>
	<security-role>
		<role-name>Administrateur</role-name>
	</security-role>

	<security-constraint>		
		<web-resource-collection>
			<web-resource-name>myAppli</web-resource-name>
			<url-pattern>/myAppli/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>*</role-name>
		</auth-constraint>
	</security-constraint>
	<security-constraint>		
		<web-resource-collection>
			<web-resource-name>Pims</web-resource-name>
			<url-pattern>/myAppli/pat/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
		</auth-constraint>
	</security-constraint>
    <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      	<form-login-page>/login.jsf</form-login-page>
      	<form-error-page>/errorlogin.jsf</form-error-page>
      </form-login-config>
    </login-config>



but it does not work !!! this is the displayed error message in geronimo.log
file:

12:07:59,552 WARN  [TomcatGeronimoRealm] Login exception authenticating
username "myLogin"
javax.security.auth.login.LoginException: Error filling callback list


what is the mistac with my code?!!

 is it possible to create a security realm connected to an external DB?

is somethink missed to the configuration to make it work?

-- 
View this message in context: http://www.nabble.com/security-Realm-problem-tf3758381s134.html#a10622493
Sent from the Apache Geronimo - Dev mailing list archive at Nabble.com.


Mime
View raw message