geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject Re: security Realm problem
Date Tue, 15 May 2007 14:03:27 GMT
Hi,

You security realm plan should have a dependency on the database pool
you have created instead of derby that you currently have.  The gbean
name and realm name for your security realm should be the same.  Use
my_security_realm instead of derby_security_realm.  The login module
options you should have are userSelect, groupSelect, dataSourceName
and dataSourceApplication.  See attcahed plan files.  Note that
moduleId from my-db-ds-plan.xml is added as a dependency in
sample-db-ds-realm.xml.  You may also want to qualify the table names
with schema names in your select SQLs.  Please retry with these
changes.  In your reply, please post a stackTrace of any exceptions
thrown.

Vamsi

On 5/15/07, maliba <mimi_grebici@yahoo.fr> wrote:
>
> Hi,
> I just started to use Geronimo.
> I use geronimo 1.1.1
> I created a new connection pool to my database wich is not in the Geronimo
> server, this is the code:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.1">
>     <dep:environment
> xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.1">
>         <dep:moduleId>
>             <dep:groupId>console.dbpool</dep:groupId>
>             <dep:artifactId>SB2_ds</dep:artifactId>
>             <dep:version>1.0</dep:version>
>             <dep:type>rar</dep:type>
>         </dep:moduleId>
>         <dep:dependencies>
>             <dep:dependency>
>                 <dep:groupId>postgresql</dep:groupId>
>                 <dep:artifactId>postgresql-8.1</dep:artifactId>
>                 <dep:version>404.jdbc3</dep:version>
>                 <dep:type>jar</dep:type>
>             </dep:dependency>
>         </dep:dependencies>
>     </dep:environment>
>     <resourceadapter>
>         <outbound-resourceadapter>
>             <connection-definition>
>
> <connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
>                 <connectiondefinition-instance>
>                     <name>SB2_ds</name>
>                     <config-property-setting
> name="Password">myPass</config-property-setting>
>                     <config-property-setting
> name="Driver">org.postgresql.Driver</config-property-setting>
>                     <config-property-setting
> name="UserName">myUser</config-property-setting>
>                     <config-property-setting
> name="ConnectionURL">jdbc:postgresql://distant_server/MyDB</config-property-setting>
>                     <connectionmanager>
>                         <local-transaction/>
>                         <single-pool>
>                             <max-size>10</max-size>
>                             <min-size>0</min-size>
>                             <match-one/>
>                         </single-pool>
>                     </connectionmanager>
>                 </connectiondefinition-instance>
>             </connection-definition>
>         </outbound-resourceadapter>
>     </resourceadapter>
> </connector>
>
>
>
> after that I created my_security_realm using the created data source. this
> is the code:
>
>
>  <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
>     <environment>
>         <moduleId>
>             <groupId>console</groupId>
>             <artifactId>realm-my_security_realm</artifactId>
>             <version>1.0</version>
>             <type>car</type>
>         </moduleId>
>         <dependencies>
>             <dependency>
>                 <groupId>geronimo</groupId>
>                 <artifactId>j2ee-security</artifactId>
>                 <type>car</type>
>             </dependency>
>             <dependency>
>                 <groupId>org.apache.derby</groupId>
>                 <artifactId>derby</artifactId>
>                 <version>10.1.1.0</version>
>                 <type>jar</type>
>             </dependency>
>         </dependencies>
>     </environment>
>     <gbean name="derby_security_realm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>         <attribute name="realmName">my_security_realm</attribute>
>         <reference name="ServerInfo">
>             <name>ServerInfo</name>
>         </reference>
>         <reference name="LoginService">
>             <name>JaasLoginService</name>
>         </reference>
>         <xml-reference name="LoginModuleConfiguration">
>             <log:login-config
> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
>                 <log:login-module control-flag="REQUIRED" server-side="true"
> wrap-principals="false">
>
> <log:login-domain-name>my_security_realm</log:login-domain-name>
>
> <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
>                     <log:option name="userSelect">select login, passwd from
> actor where login=? </log:option>
>                     <log:option
> name="jdbcDriver">org.postgresql.Driver</log:option>
>                     <log:option name="groupSelect">select login, role from
> actor_role where login=? </log:option>
>                     <log:option
> name="jdbcURL">jdbc:derby:SB2_ds</log:option>
>                 </log:login-module>
>                 <log:login-module control-flag="OPTIONAL" server-side="true"
> wrap-principals="false">
>
> <log:login-domain-name>my_security_realm-Audit</log:login-domain-name>
>
> <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
>                     <log:option
> name="file">var/log/derby_security_realm.log</log:option>
>                 </log:login-module>
>                 <log:login-module control-flag="REQUISITE"
> server-side="true" wrap-principals="false">
>
> <log:login-domain-name>my_security_realm-Lockout</log:login-domain-name>
>
> <log:login-module-class>org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule</log:login-module-class>
>                     <log:option name="lockoutDurationSecs">10</log:option>
>                     <log:option name="failurePeriodSecs">10</log:option>
>                     <log:option name="failureCount">3</log:option>
>                 </log:login-module>
>             </log:login-config>
>         </xml-reference>
>     </gbean>
> </module>
>
>
>
> and I wanted to use the realm for my application security, this is the code
> of geronimo-web.xml:
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <web-app
>     xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1"
>     xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.1"
>     xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.1"
>     xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1"
>   >
>     <environment>
>         <moduleId>
>             <artifactId>myAppli</artifactId>
>         </moduleId>
>         <dependencies>
>             <dependency>
>                 <groupId>console.dbpool</groupId>
>                 <artifactId>SB2_ds</artifactId>
>             </dependency>
>         </dependencies>
>     </environment>
>
>     <context-root>/myAppli</context-root>
>
>     <resource-ref>
>         <ref-name>jdbc/myAppli</ref-name>
>         <resource-link>SB2_ds</resource-link>
>     </resource-ref>
>
>
>     <!--  SECURITY -->
>     <security-realm-name>my_security_realm</security-realm-name>
>
>
>         <sec:security>
>                 <sec:default-principal realm-name="my_security_realm">
>                         <sec:principal name="anonymous"
>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>                                    />
>                 </sec:default-principal>
>                 <sec:role-mappings>
>                         <sec:role role-name="Administrateur">
>                                 <sec:realm realm-name="my_security_realm" >
>                                         <sec:principal
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> name="admin"/>
>                                 </sec:realm>
>                         </sec:role>
>                         <sec:role role-name="Utilisateur">
>                                 <sec:realm realm-name="my_security_realm">
>                                         <sec:principal
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> name="user"/>
>                                 </sec:realm>
>                         </sec:role>
>                 </sec:role-mappings>
>     </sec:security>
>
> </web-app>
>
>
> the roles are defined in the web.xml file:
>
> <!-- SECURITY -->
>
>         <security-role>
>                 <role-name>Utilisateur</role-name>
>         </security-role>
>         <security-role>
>                 <role-name>Administrateur</role-name>
>         </security-role>
>
>         <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>myAppli</web-resource-name>
>                         <url-pattern>/myAppli/*</url-pattern>
>                 </web-resource-collection>
>                 <auth-constraint>
>                         <role-name>*</role-name>
>                 </auth-constraint>
>         </security-constraint>
>         <security-constraint>
>                 <web-resource-collection>
>                         <web-resource-name>Pims</web-resource-name>
>                         <url-pattern>/myAppli/pat/*</url-pattern>
>                 </web-resource-collection>
>                 <auth-constraint>
>                         <role-name>admin</role-name>
>                 </auth-constraint>
>         </security-constraint>
>     <login-config>
>       <auth-method>FORM</auth-method>
>       <form-login-config>
>         <form-login-page>/login.jsf</form-login-page>
>         <form-error-page>/errorlogin.jsf</form-error-page>
>       </form-login-config>
>     </login-config>
>
>
>
> but it does not work !!! this is the displayed error message in geronimo.log
> file:
>
> 12:07:59,552 WARN  [TomcatGeronimoRealm] Login exception authenticating
> username "myLogin"
> javax.security.auth.login.LoginException: Error filling callback list
>
>
> what is the mistac with my code?!!
>
>  is it possible to create a security realm connected to an external DB?
>
> is somethink missed to the configuration to make it work?
>
> --
> View this message in context: http://www.nabble.com/security-Realm-problem-tf3758381s134.html#a10622493
> Sent from the Apache Geronimo - Dev mailing list archive at Nabble.com.
>
>

Mime
View raw message