geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v2.1: Configuring run-as and Default Subjects, and principal-role mapping (page edited)
Date Wed, 05 Mar 2008 13:28:01 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence" />
    <style type="text/css">
    <!--
    body, p, td, table, tr, .bodytext, .stepfield {
	font-family: Verdana, arial, sans-serif;
	font-size: 11px;
	line-height: 16px;
	color: #000000;
	font-weight: normal;
}
#PageContent {
	text-align: left;
	background-color: #fff;
	padding: 0px;
	margin: 0px;
    padding-bottom:20px;
}
/*
** when this stylesheet is used for the Tiny MCE Wysiwyg editor's edit area, we can't
** use an id=PageContent or class=wiki-content, so we must
** set the body style to that used for PageContent, and p to that used for wiki-content.
*/

body {
	margin: 0px;
	padding: 0px;
	text-align: center;
    background-color: #f0f0f0;
}

@media print {

body {
    background-color: #fff;
}

}

.monospaceInput {
    font:12px monospace
}

.wiki-content p, .commentblock p {
    margin: 16px 0px 16px 0px;
    padding: 0px;
}

.wiki-content-preview {
    padding: 5px;
    border-left: 1px solid #3c78b5;
    border-right: 1px solid #3c78b5;
}

ul, ol {
    margin-top: 2px;
    margin-bottom: 2px;
    padding-top: 0px;
    padding-bottom: 0px;
}

pre {
    padding: 0px;
    margin-top: 5px;
    margin-left: 15px;
    margin-bottom: 5px;
    margin-right: 5px;
    text-align: left;
}

.helpheading {
    font-weight: bold;
    background-color: #D0D9BD;
        border-bottom: 1px solid #3c78b5;
        padding: 4px 4px 4px 4px;
        margin: 0px;
        margin-top: 10px;
}
.helpcontent {
        padding: 4px 4px 20px 4px;
    background-color: #f5f7f1;
}

.code {
 	border: 1px dashed #3c78b5;
    font-size: 11px;
	font-family: Courier;
    margin: 10px;
	line-height: 13px;
}

.focusedComment {
    background: #ffffce;
}

.commentBox, .focusedComment {
    padding: 10px;
    margin: 5px 0 5px 0;
    border: 1px #bbb solid;
}

.codeHeader {
    background-color: #f0f0f0;
 	border-bottom: 1px dashed #3c78b5;
    padding: 3px;
	text-align: center;
}

.codeContent {
    text-align: left;
    background-color: #f0f0f0;
    padding: 3px;
}

.preformatted {
 	border: 1px dashed #3c78b5;
    font-size: 11px;
	font-family: Courier;
    margin: 10px;
	line-height: 13px;
}

.preformattedHeader {
    background-color: #f0f0f0;
 	border-bottom: 1px dashed #3c78b5;
    padding: 3px;
	text-align: center;
}

.preformattedContent {
    background-color: #f0f0f0;
    padding: 3px;
}

.panel {
 	border: 1px dashed #3c78b5;
    margin: 10px;
    margin-top: 0px;
}

.panelHeader {
    background-color: #f0f0f0;
 	border-bottom: 1px dashed #3c78b5;
    padding: 3px;
	text-align: center;
}

.panelContent {
    background-color: #f0f0f0;
    padding: 5px;
}

.anonymousAlert {
    background-color: #f0f0f0;
 	border: 1px dashed red;
    font-size: 11px;
    padding: 10px 5px 10px 5px;
    margin: 4px;
	line-height: 13px;
}

.lockAlert {
    background-color: #f0f0f0;
    width: 50%;
 	border: 1px dashed red;
    font-size: 11px;
    padding: 10px 5px 10px 5px;
    margin: 4px;
	line-height: 13px;
}


.code-keyword {
  color: #000091;
  background-color: inherit;
}

.code-object {
  color: #910091;
  background-color: inherit;
}

.code-quote {
  color: #009100;
  background-color: inherit;
}

.code-comment {
  color: #808080;
  background-color: inherit;
}


.code-xml .code-keyword {
  color: inherit;
  font-weight: bold;
}

.code-tag {
  color: #000091;
  background-color: inherit;
}

.breadcrumbs {
    background-color: #f0f0f0;
 	border-color: #3c78b5;
	border-width: 1px 0px 1px 0px;
	border-style: solid;
    font-size: 11px;
    padding: 3px 0px 3px 0px;
}

.navmenu {
    border: 1px solid #ccc;
}

.menuheading {
    font-weight: bold;
    background-color: #f0f0f0;
 	border-bottom: 1px solid #3c78b5;
	padding: 4px 4px 2px 4px;
}

.menuitems {
	padding: 4px 4px 20px 4px;
}

.rightpanel {
    border-left: 1px solid #ccc;
    border-bottom: 1px solid #ccc;
}

#helpheading {
    text-align: left;
    font-weight: bold;
    background-color: #D0D9BD;
 	border-bottom: 1px solid #3c78b5;
	padding: 4px 4px 4px 4px;
	margin: 0px;
}
#helpcontent {
	padding: 4px 4px 4px 4px;
    background-color: #f5f7f1;
}
.helptab-unselected {
    font-weight: bold;
	padding: 5px;
    background-color: #f5f7f1;
}
.helptab-selected {
    font-weight: bold;
    background-color: #D0D9BD;
	padding: 5px;
}
.helptabs {
    margin: 0px;
    background-color: #f5f7f1;
	padding: 5px;
}
.infopanel-heading {
    font-weight: bold;
	padding: 4px 0px 2px 0px;
}

.pagebody {
}

.pageheader {
	padding: 5px 5px 5px 0px;
 	border-bottom: 1px solid #3c78b5;
}

.pagetitle {
	font-size: 22px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: #003366;
}

.newpagetitle {
    color: #ccc !important;
}

.steptitle {
	font-size: 18px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: #003366;
	margin-bottom: 7px;
}

.substeptitle {
    font-size: 12px;
    font-weight: bold;
    font-family: Arial, sans-serif;
    color: #003366;
    margin: 2px 4px 4px 4px;
    padding: 2px 4px 1px 4px;
}

.stepdesc {
    font-family: Verdana, arial, sans-serif;
	font-size: 11px;
	line-height: 16px;
	font-weight: normal;
    color: #666666;
    margin-top: 7px;
    margin-bottom: 7px;
}

.steplabel {
    font-weight: bold;
    margin-right: 4px;
    color: black;
    float: left;
    width: 15%;
    text-align: right;
}

.stepfield {
    background: #f0f0f0;
    padding: 5px;
}

.submitButtons{
    margin-top:5px;
    text-align:right;
}

.formtitle {
	font-size: 12px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: #003366;
}

.sectionbottom {
    border-bottom: 1px solid #3c78b5;
}

.topRow {
    border-top: 2px solid #3c78b5;
}

.tabletitle {
	font-size: 14px;
	font-weight: bold;
	font-family: Arial, sans-serif;
    padding: 3px 0px 2px 0px;
    margin: 8px 4px 2px 0px;
	color: #003366;
	border-bottom: 2px solid #3c78b5;
}
.pagesubheading {
    color: #666666;
    font-size: 10px;
    padding: 0px 0px 5px 0px;
}

HR {
	color: 3c78b5;
	height: 1;
}

A:link, A:visited, A:active, A:hover {
	color: #003366;
}

h1 A:link, h1 A:visited, h1 A:active {
	text-decoration: none;
}

h1 A:hover {
    border-bottom: 1px dotted #003366;
}

.wiki-content > :first-child, .commentblock > :first-child {
    margin-top: 3px;
}

.logocell {
    padding: 10px;
}

input {
	font-family: verdana, geneva, arial, sans-serif;
	font-size: 11px;
	color: #000000;
}

textarea, textarea.editor {
	font-family: verdana, geneva, arial, sans-serif;
	font-size: 11px;
	color: #333333;
}

/* use logoSpaceLink instead.
.spacenametitle {
	font: 21px/31px Impact, Arial, Helvetica;
    font-weight: 100;
    color: #999999;
	margin: 0px;
}
.spacenametitle img {
  margin: 0 0 -4px 0;
}
.spacenametitle a {
    text-decoration: none;
    color: #999999;
}
.spacenametitle a:visited {
    text-decoration: none;
    color: #999999;
}*/

.spacenametitle-printable {
	font: 20px/25px Impact, Arial, Helvetica;
    font-weight: 100;
    color: #999999;
	margin: 0px;
}
.spacenametitle-printable a {
    text-decoration: none;
    color: #999999;
}
.spacenametitle-printable a:visited {
    text-decoration: none;
    color: #999999;
}

.blogDate {
	font-weight: bold;
	text-decoration: none;
	color: black;
}

.blogSurtitle {
    background: #f0f0f0;
 	border: 1px solid #ddd;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.blogHeading {
    font-size: 20px;
    line-height: normal;
    font-weight: bold;
    padding: 0px;
    margin: 0px;
}

.blogHeading a {
   text-decoration: none;
   color: black;
}

.endsection {
	align: right;
	color: #666666;
	margin-top: 10px;
}
.endsectionleftnav {
	align: right;
	color: #666666;
	margin-top: 10px;
}

h1 {
	font-size: 24px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	color: #003366;
 	border-bottom: 1px solid #3c78b5;
	padding: 2px;
	margin: 36px 0px 4px 0px;
}

h2 {
	font-size: 18px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
 	border-bottom: 1px solid #3c78b5;
	padding: 2px;
	margin: 27px 0px 4px 0px;
}

h3 {
	font-size: 14px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 21px 0px 4px 0px;
}

h4 {
	font-size: 12px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 18px 0px 4px 0px;
}

h4.search {
	font-size: 12px;
	line-height: normal;
	font-weight: normal;
	background-color: #f0f0f0;
	padding: 4px;
	margin: 18px 0px 4px 0px;
}

h5 {
	font-size: 10px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 14px 0px 4px 0px;
}

h6 {
	font-size: 8px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 14px 0px 4px 0px;
}

.smallfont {
    font-size: 10px;
}
.descfont {
    font-size: 10px;
    color: #666666;
}
.smallerfont {
    font-size: 9px;
}
.smalltext {
    color: #666666;
    font-size: 10px;
}
.smalltext a {
    color: #666666;
}
.smalltext-blue {
    color: #3c78b5;
    font-size: 10px;
}
.surtitle {
    margin-left: 1px;
    margin-bottom: 5px;
    font-size: 14px;
    color: #666666;
}

/* css hack found here:  http://www.fo3nix.pwp.blueyonder.co.uk/tutorials/css/hacks/ */
.navItemOver { font-size: 10px; font-weight: bold; color: #ffffff; background-color: #003366; cursor: hand; voice-family: '\'}\''; voice-family:inherit; cursor: pointer;}
.navItemOver a { color: #ffffff; background-color:#003366; text-decoration: none; }
.navItemOver a:visited { color: #ffffff; background-color:#003366; text-decoration: none; }
.navItemOver a:hover { color: #ffffff; background-color:#003366; text-decoration: none; }
.navItem { font-size: 10px; font-weight: bold; color: #ffffff; background-color: #3c78b5; }
.navItem a { color: #ffffff; text-decoration: none; }
.navItem a:hover { color: #ffffff; text-decoration: none; }
.navItem a:visited { color: #ffffff; text-decoration: none; }

div.padded { padding: 4px; }
div.thickPadded { padding: 10px; }
h3.macrolibrariestitle {
    margin: 0px 0px 0px 0px;
}

div.centered { text-align: center; margin: 10px; }
div.centered table {margin: 0px auto; text-align: left; }

.tableview table {
    margin: 0;
}

.tableview th {
    text-align: left;
    color: #003366;
    font-size: 12px;
    padding: 5px 0px 0px 5px;
    border-bottom: 2px solid #3c78b5;
}
.tableview td {
    text-align: left;
    border-color: #ccc;
    border-width: 0px 0px 1px 0px;
    border-style: solid;
    margin: 0;
    padding: 4px 10px 4px 5px;
}

.grid {
    margin: 2px 0px 5px 0px;
    border-collapse: collapse;
}
.grid th  {
    border: 1px solid #ccc;
    padding: 2px 4px 2px 4px;
    background: #f0f0f0;
    text-align: center;
}
.grid td  {
    border: 1px solid #ccc;
    padding: 3px 4px 3px 4px;
}
.gridHover {
	background-color: #f9f9f9;
}

td.infocell {
    background-color: #f0f0f0;
}
.label {
	font-weight: bold;
	color: #003366;
}

label {
	font-weight: bold;
	color: #003366;
}

.error {
	background-color: #fcc;
}

.errorBox {
	background-color: #fcc;
    border: 1px solid #c00;
    padding: 5px;
    margin: 5px;
}

.errorMessage {
	color: #c00;
}

.success {
	background-color: #dfd;
}

.successBox {
	background-color: #dfd;
    border: 1px solid #090;
    padding: 5px;
    margin-top:5px;
    margin-bottom:5px;
}

blockquote {
	padding-left: 10px;
	padding-right: 10px;
	margin-left: 5px;
	margin-right: 0px;
	border-left: 1px solid #3c78b5;
}

table.confluenceTable
{
    margin: 5px;
    border-collapse: collapse;
}

/* Added as a temporary fix for CONF-4223. The table elements appear to be inheriting the border: none attribute from the sectionMacro class */
table.confluenceTable td.confluenceTd
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
}

/* Added as a temporary fix for CONF-4223. The table elements appear to be inheriting the border: none attribute from the sectionMacro class */
table.confluenceTable th.confluenceTh
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
    background-color: #f0f0f0;
    text-align: center;
}

td.confluenceTd
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
}

th.confluenceTh
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
    background-color: #f0f0f0;
    text-align: center;
}

DIV.small {
	font-size: 9px;
}

H1.pagename {
	margin-top: 0px;
}

IMG.inline  {}

.loginform {
    margin: 5px;
    border: 1px solid #ccc;
}

/* The text how the "This is a preview" comment should be shown. */
.previewnote { text-align: center;
                font-size: 11px;
                    color: red; }

/* How the preview content should be shown */
.previewcontent { background: #E0E0E0; }

/* How the system messages should be shown (DisplayMessage.jsp) */
.messagecontent { background: #E0E0E0; }

/* How the "This page has been modified..." -comment should be shown. */
.conflictnote { }

.createlink {
    color: maroon;
}
a.createlink {
    color: maroon;
}
.templateparameter {
    font-size: 9px;
    color: darkblue;
}

.diffadded {
    background: #ddffdd;
    padding: 1px 1px 1px 4px;
	border-left: 4px solid darkgreen;
}
.diffdeleted {
    color: #999;
    background: #ffdddd;
    padding: 1px 1px 1px 4px;
	border-left: 4px solid darkred;
}
.diffnochange {
    padding: 1px 1px 1px 4px;
	border-left: 4px solid lightgrey;
}
.differror {
    background: brown;
}
.diff {
    font-family: lucida console, courier new, fixed-width;
	font-size: 12px;
	line-height: 14px;
}
.diffaddedchars {
    background-color:#99ff99;
    font-weight:bolder;
}
.diffremovedchars {
    background-color:#ff9999;
    text-decoration: line-through;
    font-weight:bolder;
}

.greybackground {
    background: #f0f0f0
}

.greybox {
 	border: 1px solid #ddd;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.borderedGreyBox {
    border: 1px solid #cccccc;
    background-color: #f0f0f0;
    padding: 10px;
}

.greyboxfilled {
 	border: 1px solid #ddd;
    background: #f0f0f0;
    padding: 3px;
	margin: 1px 1px 10px 1px;
}

.navBackgroundBox {
    padding: 5px 5px 5px 5px;
    font-size: 22px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: white;
    background: #3c78b5;
    text-decoration: none;
}

.previewBoxTop {
	background-color: #f0f0f0;
    border-width: 1px 1px 0px 1px;
    border-style: solid;
    border-color: #3c78b5;
    padding: 5px;
    margin: 5px 0px 0px 0px;
    text-align: center;
}
.previewContent {
    background-color: #fff;
 	border-color: #3c78b5;
	border-width: 0px 1px 0px 1px;
	border-style: solid;
	padding: 10px;
	margin: 0px;
}
.previewBoxBottom {
	background-color: #f0f0f0;
    border-width: 0px 1px 1px 1px;
    border-style: solid;
    border-color: #3c78b5;
    padding: 5px;
    margin: 0px 0px 5px 0px;
    text-align: center;
}

.functionbox {
    background-color: #f0f0f0;
 	border: 1px solid #3c78b5;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.functionbox-greyborder {
    background-color: #f0f0f0;
 	border: 1px solid #ddd;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.search-highlight {
    background-color: #ffffcc;
}

/* normal (white) background */
.rowNormal {
    background-color: #ffffff;
 }

/* alternate (pale yellow) background */
.rowAlternate {
    background-color: #f7f7f7;
}

/* used in the list attachments table */
.rowAlternateNoBottomColor {
    background-color: #f7f7f7;
}

.rowAlternateNoBottomNoColor {
}

.rowAlternateNoBottomColor td {
    border-bottom: 0px;
}

.rowAlternateNoBottomNoColor td {
    border-bottom: 0px;
}

/* row highlight (grey) background */
.rowHighlight {
    background-color: #f0f0f0;

}

TD.greenbar {FONT-SIZE: 2px; BACKGROUND: #00df00; BORDER: 1px solid #9c9c9c; PADDING: 0px; }
TD.redbar {FONT-SIZE: 2px; BACKGROUND: #df0000; BORDER: 1px solid #9c9c9c; PADDING: 0px; }
TD.darkredbar {FONT-SIZE: 2px; BACKGROUND: #af0000; BORDER: 1px solid #9c9c9c; PADDING: 0px; }

TR.testpassed {FONT-SIZE: 2px; BACKGROUND: #ddffdd; PADDING: 0px; }
TR.testfailed {FONT-SIZE: 2px; BACKGROUND: #ffdddd; PADDING: 0px; }

.toolbar  {
    margin: 0px;
    border-collapse: collapse;
}

.toolbar td  {
    border: 1px solid #ccc;
    padding: 2px 2px 2px 2px;
    color: #ccc;
}

td.noformatting {
    border-width: 0px;
    border-style: none;
    text-align: center;
	padding: 0px;
}

.commentblock {
    margin: 12px 0 12px 0;
}

/*
 * Divs displaying the license information, if necessary.
 */
.license-eval, .license-none, .license-nonprofit {
    border-top: 1px solid #bbbbbb;
    text-align: center;
    font-size: 10px;
    font-family: Verdana, Arial, Helvetica, sans-serif;
}

.license-eval, .license-none {
    background-color: #ffcccc;
}

.license-eval b, .license-none b {
    color: #990000
}

.license-nonprofit {
    background-color: #ffffff;
}

/*
 * The shadow at the bottom of the page between the main content and the
 * "powered by" section.
 */
.bottomshadow {
    height: 12px;
    background-image: url("$req.contextPath/images/border/border_bottom.gif");
    background-repeat: repeat-x;
}

/*
 * Styling of the operations box
 */
.navmenu .operations li, .navmenu .operations ul {
    list-style: none;
    margin-left: 0;
    padding-left: 0;
}

.navmenu .operations ul {
    margin-bottom: 9px;
}

.navmenu .label {
    font-weight: inherit;
}

/*
 * Styling of ops as a toolbar
 */
.toolbar div {
    display: none;
}

.toolbar .label {
    display: none;
}

.toolbar .operations {
    display: block;
}

.toolbar .operations ul {
    display: inline;
    list-style: none;
    margin-left: 10px;
    padding-left: 0;
}

.toolbar .operations li {
    list-style: none;
    display: inline;
}

/* list page navigational tabs */
#foldertab {
padding: 3px 0px 3px 8px;
margin-left: 0;
border-bottom: 1px solid #3c78b5;
font: bold 11px Verdana, sans-serif;
}

#foldertab li {
list-style: none;
margin: 0;
display: inline;
}

#foldertab li a {
padding: 3px 0.5em;
margin-left: 3px;
border: 1px solid #3c78b5;
border-bottom: none;
background: #3c78b5;
text-decoration: none;
}

#foldertab li a:link { color: #ffffff; }
#foldertab li a:visited { color: #ffffff; }

#foldertab li a:hover {
color: #ffffff;
background: #003366;
border-color: #003366;
}

#foldertab li a.current {
background: white;
border-bottom: 1px solid white;
color: black;
}

#foldertab li a.current:link { color: black; }
#foldertab li a.current:visited { color: black; }
#foldertab li a.current:hover {
background: white;
border-bottom: 1px solid white;
color: black;
}

/* alphabet list */
ul#squaretab {
margin-left: 0;
padding-left: 0;
white-space: nowrap;
font: bold 8px Verdana, sans-serif;
}

#squaretab li {
display: inline;
list-style-type: none;
}

#squaretab a {
padding: 2px 6px;
border: 1px solid #3c78b5;
}

#squaretab a:link, #squaretab a:visited {
color: #fff;
background-color: #3c78b5;
text-decoration: none;
}

#squaretab a:hover {
color: #ffffff;
background-color: #003366;
border-color: #003366;
text-decoration: none;
}

#squaretab li a#current {
background: white;
color: black;
}

.blogcalendar * {
    font-family:verdana, arial, sans-serif;
    font-size:x-small;
    font-weight:normal;
    line-height:140%;
    padding:2px;
}


table.blogcalendar {
    border: 1px solid #3c78b5;
}

.blogcalendar th.calendarhead, a.calendarhead {
    font-size:x-small;
    font-weight:bold;
    padding:2px;
    text-transform:uppercase;
    background-color: #3c78b5;
    color: #ffffff;
    letter-spacing: .3em;
    text-transform: uppercase;
}

.calendarhead:visited {color: white;}
.calendarhead:active {color: white;}
.calendarhead:hover {color: white;}

.blogcalendar th {
    font-size:x-small;
    font-weight:bold;
    padding:2px;
    background-color:#f0f0f0;
}

.blogcalendar td {
    font-size:x-small;
    font-weight:normal;
}

.searchGroup { padding: 0 0 10px 0; background: #f0f0f0; }
.searchGroupHeading { font-size: 10px; font-weight: bold; color: #ffffff; background-color: #3c78b5; padding: 2px 4px 1px 4px; }
.searchItem { padding: 1px 4px 1px 4px; }
.searchItemSelected { padding: 1px 4px 1px 4px; font-weight: bold; background: #ddd; }

/* permissions page styles */
.permissionHeading {
    border-bottom: #bbb; border-width: 0 0 1px 0; border-style: solid; font-size: 16px; text-align: left;
}
.permissionTab {
    border-width: 0 0 0 1px; border-style: solid; background: #3c78b5; color: #ffffff; font-size: 10px;
}
.permissionSuperTab {
    border-width: 0 0 0 1px; border-style: solid; background: #003366; color: #ffffff;
}
.permissionCell {
    border-left: #bbb; border-width: 0 0 0 1px; border-style: solid;
}

/* warning panel */
.warningPanel { background: #FFFFCE; border:#F0C000 1px solid; padding: 8px; margin: 10px; }
/* alert panel */
.alertPanel { background: #FFCCCC; border:#C00 1px solid; padding: 8px; margin: 10px; }
/* info panel */
.infoPanel { background: #D8E4F1; border:#3c78b5 1px solid; padding: 8px; margin: 10px; }

/* side menu highlighting (e.g. space content screen) */
.optionPadded { padding: 2px; }
.optionSelected { background-color: #ffffcc; padding: 2px; border: 1px solid #ddd; margin: -1px; }
.optionSelected a { font-weight: bold; text-decoration: none; color: black; }

/* information macros */
.noteMacro { border-style: solid; border-width: 1px; border-color: #F0C000; background-color: #FFFFCE; text-align:left; margin-top: 5px; margin-bottom: 5px}
.warningMacro { border-style: solid; border-width: 1px; border-color: #c00; background-color: #fcc; text-align:left; margin-top: 5px; margin-bottom: 5px}
.infoMacro { border-style: solid; border-width: 1px; border-color: #3c78b5; background-color: #D8E4F1; text-align:left; margin-top: 5px; margin-bottom: 5px}
.tipMacro { border-style: solid; border-width: 1px; border-color: #090; background-color: #dfd; text-align:left; margin-top: 5px; margin-bottom: 5px}
.informationMacroPadding { padding: 5px 0 0 5px; }

table.infoMacro td, table.warningMacro td, table.tipMacro td, table.noteMacro td, table.sectionMacro td {
    border: none;
}

table.sectionMacroWithBorder td.columnMacro { border-style: dashed; border-width: 1px; border-color: #cccccc;}

.pagecontent
{
    padding: 10px;
    text-align: left;
}

/* styles for links in the top bar */
.topBarDiv a:link {color: #ffffff;}
.topBarDiv a:visited {color: #ffffff;}
.topBarDiv a:active {color: #ffffff;}
.topBarDiv a:hover {color: #ffffff;}
.topBarDiv {color: #ffffff;}

.topBar {
    background-color: #003366;
}


/* styles for extended operations */
.greyLinks a:link {color: #666666; text-decoration:underline;}
.greyLinks a:visited {color: #666666; text-decoration:underline;}
.greyLinks a:active {color: #666666; text-decoration:underline;}
.greyLinks a:hover {color: #666666; text-decoration:underline;}
.greyLinks {color: #666666; display:block; padding: 10px}

.logoSpaceLink {color: #999999; text-decoration: none}
.logoSpaceLink a:link {color: #999999; text-decoration: none}
.logoSpaceLink a:visited {color: #999999; text-decoration: none}
.logoSpaceLink a:active {color: #999999; text-decoration: none}
.logoSpaceLink a:hover {color: #003366; text-decoration: none}

/* basic panel (basicpanel.vmd) style */
.basicPanelContainer {border: 1px solid #3c78b5; margin-top: 2px; margin-bottom: 8px; width: 100%}
.basicPanelTitle {padding: 5px; margin: 0px; background-color: #f0f0f0; color: black; font-weight: bold;}
.basicPanelBody {padding: 5px; margin: 0px}

.separatorLinks a:link {color: white}
.separatorLinks a:visited {color: white}
.separatorLinks a:active {color: white}

.greynavbar {background-color: #f0f0f0; border-top: 1px solid #3c78b5; margin-top: 2px}

div.headerField {
    float: left;
    width: auto;
    height: 100%;
}

.headerFloat {
    margin-left: auto;
    width: 50%;
}

.headerFloatLeft {
    float: left;
    margin-right: 20px;
    margin-bottom: 10px;
}

#headerRow {
    padding: 10px;
}

div.license-personal {
   background-color: #003366;
   color: #ffffff;
}

div.license-personal a {
   color: #ffffff;
}

.greyFormBox {
    border: 1px solid #cccccc;
    padding: 5px;
}

/* IE automatically adds a margin before and after form tags. Use this style to remove that */
.marginlessForm {
    margin: 0px;
}

.openPageHighlight {
    background-color: #ffffcc;
    padding: 2px;
    border: 1px solid #ddd;
}

.editPageInsertLinks, .editPageInsertLinks a
{
    color: #666666;
    font-weight: bold;
    font-size: 10px;
}

/* Style for label heatmap. */
.top10 a {
    font-weight: bold;
    font-size: 2em;
    color: #003366;
}
.top25 a {
    font-weight: bold;
    font-size: 1.6em;
    color: #003366;
}
.top50 a {
    font-size: 1.4em;
    color: #003366;
}
.top100 a {
    font-size: 1.2em;
    color: #003366;
}

.heatmap {
    list-style:none;
    width: 95%;
    margin: 0px auto;
}

.heatmap a {
    text-decoration:none;
}

.heatmap a:hover {
    text-decoration:underline;
}

.heatmap li {
    display: inline;
}

.minitab {
padding: 3px 0px 3px 8px;
margin-left: 0;
margin-top: 1px;
margin-bottom: 0px;
border-bottom: 1px solid #3c78b5;
font: bold 9px Verdana, sans-serif;
text-decoration: none;
float:none;
}
.selectedminitab {
padding: 3px 0.5em;
margin-left: 3px;
margin-top: 1px;
border: 1px solid #3c78b5;
background: white;
border-bottom: 1px solid white;
color: #000000;
text-decoration: none;
}
.unselectedminitab {
padding: 3px 0.5em;
margin-left: 3px;
margin-top: 1px;
border: 1px solid #3c78b5;
border-bottom: none;
background: #3c78b5;
color: #ffffff;
text-decoration: none;
}

a.unselectedminitab:hover {
color: #ffffff;
background: #003366;
border-color: #003366;
}

a.unselectedminitab:link { color: white; }
a.unselectedminitab:visited { color: white; }

a.selectedminitab:link { color: black; }
a.selectedminitab:visited { color: black; }

.linkerror { background-color: #fcc;}

a.labelOperationLink:link {text-decoration: underline}
a.labelOperationLink:active {text-decoration: underline}
a.labelOperationLink:visited {text-decoration: underline}
a.labelOperationLink:hover {text-decoration: underline}

a.newLabel:link {background-color: #ddffdd}
a.newLabel:active {background-color: #ddffdd}
a.newLabel:visited {background-color: #ddffdd}
a.newLabel:hover {background-color: #ddffdd}

ul.square {list-style-type: square}

.inline-control-link {
    background: #ffc;
    font-size: 9px;
    color: #666;
    padding: 2px;
    text-transform: uppercase;
    text-decoration: none;
}


.inline-control-link a:link {text-decoration: none}
.inline-control-link a:active {text-decoration: none}
.inline-control-link a:visited {text-decoration: none}
.inline-control-link a:hover {text-decoration: none}

.inline-control-link {
    background: #ffc;
    font-size: 9px;
    color: #666;
    padding: 2px;
    text-transform: uppercase;
    text-decoration: none;
    cursor: pointer;
}

div.auto_complete {
    width: 350px;
    background: #fff;
}
div.auto_complete ul {
    border: 1px solid #888;
    margin: 0;
    padding: 0;
    width: 100%;
    list-style-type: none;
}
div.auto_complete ul li {
    margin: 0;
    padding: 3px;
}
div.auto_complete ul li.selected {
    background-color: #ffb;
}
div.auto_complete ul strong.highlight {
    color: #800;
    margin: 0;
    padding: 0;
}

/******* Edit Page Styles *******/
.toogleFormDiv{
    border:1px solid #A7A6AA;
    background-color:white;
    padding:5px;
    margin-top: 5px;
}

.toogleInfoDiv{
    border:1px solid #A7A6AA;
    background-color:white;
    display:none;
    padding:5px;
    margin-top: 10px;
}

.inputSection{
    margin-bottom:20px;
}

#editBox{
   border:1px solid lightgray;
   background-color:#F0F0F0;
}

/******* Left Navigation Theme Styles ********/
.leftnav li a {
    text-decoration:none;
    color:white;
    margin:0px;
    display:block;
    padding:2px;
    padding-left:5px;
    background-color: #3c78b5;
    border-top:1px solid #3c78b5;
}

.leftnav li a:active {color:white;}
.leftnav li a:visited {color:white;}
.leftnav li a:hover {background-color: #003366; color:white;}

/* Added by Shaun during i18n */
.replaced
{
    background-color: #33CC66;
}

.topPadding
{
    margin-top: 20px;
}

/* new form style */
.form-block {
    padding: 6px;
}
.form-error-block {
    padding: 6px;
    background: #fcc;
    border-top: #f0f0f0 1px solid;
    border-bottom: #f0f0f0 1px solid;
    margin-bottom: 6px;
    padding: 0 12px 0 12px;
}
.form-element-large {
    font-size: 16px;
    font-weight: bold;
    font-family: Arial, sans-serif;
    color: #003366;
}

.form-element-small {
    font-size: 12px;
    font-weight: bold;
    font-family: Arial, sans-serif;
    color: #003366;
}

.form-header {
    background: lightyellow;
    border-top: #f0f0f0 1px solid;
    border-bottom: #f0f0f0 1px solid;
    margin-bottom: 6px;
    padding: 0 12px 0 12px;
}
.form-header p, .form-block p, .form-error-block p {
    line-height: normal;
    margin: 12px 0 12px 0;
}
.form-example {
    color: #888;
    font-size: 11px;
}
.form-divider {
    border-bottom: #ccc 1px solid;
    margin-bottom: 6px;
}
.form-buttons {
    margin-top: 6px;
    border-top: #ccc 1px solid;
    border-bottom: #ccc 1px solid;
    background: #f0f0f0;
    padding: 10px;
    text-align: center;
}
.form-buttons input {
    width: 100px;
}
.form-block .error {
    padding: 6px;
    margin-bottom: 6px;
}
    -->
    </style>
</head>
<body>

<div id="PageContent">
<table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%"><tr>
<td valign="top" class="pagebody">

    <div class="pageheader">
        <span class="pagetitle">
            Page Edited :
            <a href="http://cwiki.apache.org/confluence/display/GMOxDOC21">GMOxDOC21</a> :
            <a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configuring+run-as+and+Default+Subjects%2C+and+principal-role+mapping">Configuring run-as and Default Subjects, and principal-role mapping</a>
        </span>
    </div>

     <p>
        <a href="http://cwiki.apache.org/confluence/display/GMOxDOC21/Configuring+run-as+and+Default+Subjects%2C+and+principal-role+mapping">Configuring run-as and Default Subjects, and principal-role mapping</a>
        has been edited by             <a href="http://cwiki.apache.org/confluence/display/~djencks">David Jencks</a>
            <span class="smallfont">(Feb 23, 2008)</span>.
     </p>
    <p>
      Change summary:
      <div class="greybox wiki-content"><p>use tags not branches in snippet</p></div>
    </p>
     <p>
                 <a href="http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=75859&originalVersion=3&revisedVersion=4">(View changes)</a>
     </p>

    <span class="label">Content:</span><br/>
    <div class="greybox wiki-content"><h1><a name="Configuringrun-asandDefaultSubjects%2Candprincipal-rolemapping-Introduction"></a>Introduction</h1>

<p>Starting in Geronimo 2.0.1 we have adopted the basic principle that all security flows from Subjects that result from logging in to a security realm.  In previous geronimo releases security information for run-as and default subjects was constructed entirely outside any security realm.  As a result of following the new principle run-as and default identities can now participate fully in security using such features as named credentials to access such external systems as connectors and web services, and the JACC system is now more fully pluggable.</p>

<p>However, since run-as and default subjects now result from logging into a security realm, to use such a subject you need to supply the login information for each such subject.  This information is encapsulated in a CredentialStore.  We supply a simple CredentialStore implementation using xml in your geronimo plan.  Note that this includes plaintext passwords for the run-as and default subjects.  This may not be a suitable implementation for many environments.</p>

<p>Each application can choose to use a default, global, credential store or specify a specific store, perhaps specific to that application.</p>

<h1><a name="Configuringrun-asandDefaultSubjects%2Candprincipal-rolemapping-ConfiguringaSimpleCredentialStoreImpl"></a>Configuring a SimpleCredentialStoreImpl</h1>

<p>For each Subject accessible through a credential store you need to specify an id, the realm to log in to, and credentials, which depend on the security realm requirements but are typically the name and password.  The schema is as follows:</p>

<div class="code"><div class="codeContent">
<pre class="code-xml"><span class="code-tag">&lt;?xml version=<span class="code-quote">"1.0"</span> encoding=<span class="code-quote">"UTF-8"</span>?&gt;</span>
&lt;!--
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
    this work for additional information regarding copyright ownership.
    The ASF licenses this file to You under the Apache License, Version 2.0
    (the <span class="code-quote">"License"</span>); you may not use this file except in compliance with
    the License.  You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an <span class="code-quote">"AS IS"</span> BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
--&gt;

<span class="code-tag"><span class="code-comment">&lt;!-- $Rev$ $Date$ --&gt;</span></span>

&lt;xsd:schema <span class="code-keyword">xmlns:xsd</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema"</span>
            <span class="code-keyword">xmlns:cs</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/credentialstore-1.0"</span>
            targetNamespace=<span class="code-quote">"http://geronimo.apache.org/xml/ns/credentialstore-1.0"</span>
            elementFormDefault=<span class="code-quote">"qualified"</span> attributeFormDefault=<span class="code-quote">"unqualified"</span>
            version=<span class="code-quote">"1.0"</span>&gt;

    <span class="code-tag">&lt;xsd:annotation&gt;</span>
        <span class="code-tag">&lt;xsd:documentation&gt;</span>
            This is an XML Schema Definition for credential store configuration.
            CredentialStore configuration is
            specified by the element credential-store with namespace
            specified as xmlns =
            <span class="code-quote">"http://geronimo.apache.org/xml/ns/credentialstore-1.0"</span>.
        <span class="code-tag">&lt;/xsd:documentation&gt;</span>
    <span class="code-tag">&lt;/xsd:annotation&gt;</span>

    <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"credential-store"</span> type=<span class="code-quote">"cs:credential-storeType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:annotation&gt;</span>
            <span class="code-tag">&lt;xsd:documentation&gt;</span>
                The root element for Geronimo credential store configuration. This
                is a tree structure of realm, id, and sets of credentials such as name and password
            <span class="code-tag">&lt;/xsd:documentation&gt;</span>
        <span class="code-tag">&lt;/xsd:annotation&gt;</span>
    <span class="code-tag">&lt;/xsd:element&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"credential-storeType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:annotation&gt;</span>
            <span class="code-tag">&lt;xsd:documentation&gt;</span>
                Defines the list of realms
            <span class="code-tag">&lt;/xsd:documentation&gt;</span>
        <span class="code-tag">&lt;/xsd:annotation&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"realm"</span> type=<span class="code-quote">"cs:realmType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>&gt;</span>
                <span class="code-tag">&lt;xsd:annotation&gt;</span>
                    <span class="code-tag">&lt;xsd:documentation&gt;</span>
                        The realm element contains the credentials for subjects in that realm.
                    <span class="code-tag">&lt;/xsd:documentation&gt;</span>
                <span class="code-tag">&lt;/xsd:annotation&gt;</span>
            <span class="code-tag">&lt;/xsd:element&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"realmType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"subject"</span> type=<span class="code-quote">"cs:subjectType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
        <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"name"</span> type=<span class="code-quote">"xsd:string"</span> use=<span class="code-quote">"required"</span>&gt;</span>
            <span class="code-tag">&lt;xsd:annotation&gt;</span>
                <span class="code-tag">&lt;xsd:documentation&gt;</span>
                    The name attribute specifies the login realm name
                <span class="code-tag">&lt;/xsd:documentation&gt;</span>
            <span class="code-tag">&lt;/xsd:annotation&gt;</span>
        <span class="code-tag">&lt;/xsd:attribute&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"subjectType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"id"</span> type=<span class="code-quote">"xsd:string"</span>&gt;</span>
                <span class="code-tag">&lt;xsd:annotation&gt;</span>
                    <span class="code-tag">&lt;xsd:documentation&gt;</span>
                        The id element serves to identify the subject externally. For subjects with meaningful
                        names it might be convenient to use the name as id.
                    <span class="code-tag">&lt;/xsd:documentation&gt;</span>
                <span class="code-tag">&lt;/xsd:annotation&gt;</span>
            <span class="code-tag">&lt;/xsd:element&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"credential"</span> type=<span class="code-quote">"cs:credentialType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"credentialType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"type"</span> type=<span class="code-quote">"xsd:string"</span>&gt;</span>
                <span class="code-tag">&lt;xsd:annotation&gt;</span>
                    <span class="code-tag">&lt;xsd:documentation&gt;</span>
                        Class name or alias of the callback handler that will accept this credential
                    <span class="code-tag">&lt;/xsd:documentation&gt;</span>
                <span class="code-tag">&lt;/xsd:annotation&gt;</span>
            <span class="code-tag">&lt;/xsd:element&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"value"</span> type=<span class="code-quote">"xsd:string"</span>&gt;</span>
                <span class="code-tag">&lt;xsd:annotation&gt;</span>
                    <span class="code-tag">&lt;xsd:documentation&gt;</span>
                        credential value as a string.
                    <span class="code-tag">&lt;/xsd:documentation&gt;</span>
                <span class="code-tag">&lt;/xsd:annotation&gt;</span>
            <span class="code-tag">&lt;/xsd:element&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>


<span class="code-tag">&lt;/xsd:schema&gt;</span></pre>
</div></div>


<p>At the moment Geronimo supplies callback handlers for name and password.  For other security realm requirements (e.g. certificates) you will have to write a callback handler.</p>

<p>A simple example of credential store configuration would look like this:</p>

<div class="code" style="border-style: solid; "><div class="codeHeader" style="border-bottom-style: solid; "><b>Credential Store Example</b></div><div class="codeContent">
<pre class="code-xml"><span class="code-tag">&lt;gbean name=<span class="code-quote">"CredentialStore"</span> class=<span class="code-quote">"org.apache.geronimo.security.credentialstore.SimpleCredentialStoreImpl"</span>&gt;</span>
        <span class="code-tag">&lt;xml-attribute name=<span class="code-quote">"credentialStore"</span>&gt;</span>
            <span class="code-tag">&lt;credential-store xmlns=<span class="code-quote">"http://geronimo.apache.org/xml/ns/credentialstore-1.0"</span>&gt;</span>
                <span class="code-tag">&lt;realm name=<span class="code-quote">"my-properties-realm"</span>&gt;</span>
                    <span class="code-tag">&lt;subject&gt;</span>
                        <span class="code-tag">&lt;id&gt;</span>admin-run-as<span class="code-tag">&lt;/id&gt;</span>
                        <span class="code-tag">&lt;credential&gt;</span>
                            <span class="code-tag">&lt;type&gt;</span>org.apache.geronimo.security.credentialstore.NameCallbackHandler<span class="code-tag">&lt;/type&gt;</span>
                            <span class="code-tag">&lt;value&gt;</span>system<span class="code-tag">&lt;/value&gt;</span>
                        <span class="code-tag">&lt;/credential&gt;</span>
                        <span class="code-tag">&lt;credential&gt;</span>
                            <span class="code-tag">&lt;type&gt;</span>org.apache.geronimo.security.credentialstore.PasswordCallbackHandler<span class="code-tag">&lt;/type&gt;</span>
                            <span class="code-tag">&lt;value&gt;</span>manager<span class="code-tag">&lt;/value&gt;</span>
                        <span class="code-tag">&lt;/credential&gt;</span>
                    <span class="code-tag">&lt;/subject&gt;</span>
                    <span class="code-tag">&lt;subject&gt;</span>
                        <span class="code-tag">&lt;id&gt;</span>user-run-as<span class="code-tag">&lt;/id&gt;</span>
                        <span class="code-tag">&lt;credential&gt;</span>
                            <span class="code-tag">&lt;type&gt;</span>org.apache.geronimo.security.credentialstore.NameCallbackHandler<span class="code-tag">&lt;/type&gt;</span>
                            <span class="code-tag">&lt;value&gt;</span>user<span class="code-tag">&lt;/value&gt;</span>
                        <span class="code-tag">&lt;/credential&gt;</span>
                        <span class="code-tag">&lt;credential&gt;</span>
                            <span class="code-tag">&lt;type&gt;</span>org.apache.geronimo.security.credentialstore.PasswordCallbackHandler<span class="code-tag">&lt;/type&gt;</span>
                            <span class="code-tag">&lt;value&gt;</span>user-password<span class="code-tag">&lt;/value&gt;</span>
                        <span class="code-tag">&lt;/credential&gt;</span>
                    <span class="code-tag">&lt;/subject&gt;</span>
                    <span class="code-tag">&lt;subject&gt;</span>
                        <span class="code-tag">&lt;id&gt;</span>default<span class="code-tag">&lt;/id&gt;</span>
                        <span class="code-tag">&lt;credential&gt;</span>
                            <span class="code-tag">&lt;type&gt;</span>org.apache.geronimo.security.credentialstore.NameCallbackHandler<span class="code-tag">&lt;/type&gt;</span>
                            <span class="code-tag">&lt;value&gt;</span>default<span class="code-tag">&lt;/value&gt;</span>
                        <span class="code-tag">&lt;/credential&gt;</span>
                        <span class="code-tag">&lt;credential&gt;</span>
                            <span class="code-tag">&lt;type&gt;</span>org.apache.geronimo.security.credentialstore.PasswordCallbackHandler<span class="code-tag">&lt;/type&gt;</span>
                            <span class="code-tag">&lt;value&gt;</span>default<span class="code-tag">&lt;/value&gt;</span>
                        <span class="code-tag">&lt;/credential&gt;</span>
                    <span class="code-tag">&lt;/subject&gt;</span>
                <span class="code-tag">&lt;/realm&gt;</span>
            <span class="code-tag">&lt;/credential-store&gt;</span>
        <span class="code-tag">&lt;/xml-attribute&gt;</span>
    <span class="code-tag">&lt;/gbean&gt;</span></pre>
</div></div>

<p>Again, note that the PasswordCallbackHandler value element contains a plaintext password for the user.</p>

<h1><a name="Configuringrun-asandDefaultSubjects%2Candprincipal-rolemapping-ConfiguringyourapplicationtouseaparticularCredentialStore"></a>Configuring your application to use a particular CredentialStore</h1>

<p>Note that this aspect of geronimo security is completely pluggable and only the default implementation is described here.</p>

<p>Geronimo security for JavaEE applications requires including a &lt;security&gt; element in (one of) the geronimo plans for your application.  This describes the principal-role mappings to connect the Subjects from your security realm to the roles used in the spec deployment descriptors (and annotations).  It also describes how to interpret run-as roles as subjects through specifying a credential store and the id and realm for each role used as a run-as.  Similarly a default subject can be specified in the credential store.</p>

<p>The schema for security configuration is as follows:</p>

<div class="code"><div class="codeContent">
<pre class="code-xml"><span class="code-tag">&lt;?xml version=<span class="code-quote">"1.0"</span> encoding=<span class="code-quote">"UTF-8"</span>?&gt;</span>
&lt;!--

    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
    this work for additional information regarding copyright ownership.
    The ASF licenses this file to You under the Apache License, Version 2.0
    (the <span class="code-quote">"License"</span>); you may not use this file except in compliance with
    the License.  You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an <span class="code-quote">"AS IS"</span> BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
--&gt;

<span class="code-tag"><span class="code-comment">&lt;!-- $Rev$ $Date$ --&gt;</span></span>

&lt;xsd:schema
        <span class="code-keyword">xmlns:xsd</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema"</span>
        <span class="code-keyword">xmlns:j2ee</span>=<span class="code-quote">"http://java.sun.com/xml/ns/j2ee"</span>
        <span class="code-keyword">xmlns:geronimo</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/security-2.0"</span>
        targetNamespace=<span class="code-quote">"http://geronimo.apache.org/xml/ns/security-2.0"</span>
        <span class="code-keyword">xmlns:app</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/j2ee/application-2.0"</span>
        <span class="code-keyword">xmlns:sys</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
        elementFormDefault=<span class="code-quote">"qualified"</span>
        attributeFormDefault=<span class="code-quote">"unqualified"</span>
        version=<span class="code-quote">"2.0"</span>&gt;

    <span class="code-tag">&lt;xsd:import namespace=<span class="code-quote">"http://www.w3.org/XML/1998/namespace"</span> schemaLocation=<span class="code-quote">"http://www.w3.org/2001/xml.xsd"</span>/&gt;</span>
    <span class="code-tag">&lt;xsd:import namespace=<span class="code-quote">"http://geronimo.apache.org/xml/ns/j2ee/application-2.0"</span> schemaLocation=<span class="code-quote">"geronimo-application-2.0.xsd"</span>/&gt;</span>
    <span class="code-tag">&lt;xsd:import namespace=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>  schemaLocation=<span class="code-quote">"geronimo-module-1.2.xsd"</span>/&gt;</span>

    <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"security"</span> type=<span class="code-quote">"geronimo:securityType"</span> substitutionGroup=<span class="code-quote">"app:security"</span>/&gt;</span>
    <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"credential-store"</span> type=<span class="code-quote">"sys:patternType"</span>/&gt;</span>
    <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"default-subject"</span> type=<span class="code-quote">"geronimo:subject-infoType"</span>/&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"securityType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:annotation&gt;</span>
            <span class="code-tag">&lt;xsd:documentation&gt;</span>
                Security entries

                If this element is present, all web and EJB modules MUST make the
                appropriate access checks as outlined in the JACC spec.
            <span class="code-tag">&lt;/xsd:documentation&gt;</span>
        <span class="code-tag">&lt;/xsd:annotation&gt;</span>
        <span class="code-tag">&lt;xsd:complexContent&gt;</span>
            <span class="code-tag">&lt;xsd:extension base=<span class="code-quote">"app:abstract-securityType"</span>&gt;</span>

                <span class="code-tag">&lt;xsd:sequence&gt;</span>
                    &lt;xsd:element name=<span class="code-quote">"description"</span> type=<span class="code-quote">"geronimo:descriptionType"</span> minOccurs=<span class="code-quote">"0"</span>
                                 maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;
                    <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"credential-store-ref"</span> type=<span class="code-quote">"sys:patternType"</span> minOccurs=<span class="code-quote">"0"</span>/&gt;</span>
                    <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"default-subject"</span> type=<span class="code-quote">"geronimo:subject-infoType"</span> minOccurs=<span class="code-quote">"0"</span>/&gt;</span>
                    <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"role-mappings"</span> type=<span class="code-quote">"geronimo:role-mappingsType"</span> minOccurs=<span class="code-quote">"0"</span>/&gt;</span>
                <span class="code-tag">&lt;/xsd:sequence&gt;</span>
                <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"doas-current-caller"</span> type=<span class="code-quote">"xsd:boolean"</span> default=<span class="code-quote">"false"</span>&gt;</span>
                    <span class="code-tag">&lt;xsd:annotation&gt;</span>
                        <span class="code-tag">&lt;xsd:documentation&gt;</span>
                            Set this attribute to <span class="code-quote">"true"</span> if the work is to be performed
                            as the calling Subject.
                        <span class="code-tag">&lt;/xsd:documentation&gt;</span>
                    <span class="code-tag">&lt;/xsd:annotation&gt;</span>
                <span class="code-tag">&lt;/xsd:attribute&gt;</span>
                <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"use-context-handler"</span> type=<span class="code-quote">"xsd:boolean"</span> default=<span class="code-quote">"false"</span>&gt;</span>
                    <span class="code-tag">&lt;xsd:annotation&gt;</span>
                        <span class="code-tag">&lt;xsd:documentation&gt;</span>
                            Set this attribute to <span class="code-quote">"true"</span> if the installed JACC policy
                            contexts will use PolicyContextHandlers.
                        <span class="code-tag">&lt;/xsd:documentation&gt;</span>
                    <span class="code-tag">&lt;/xsd:annotation&gt;</span>
                <span class="code-tag">&lt;/xsd:attribute&gt;</span>
                <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"default-role"</span> type=<span class="code-quote">"xsd:string"</span>&gt;</span>
                    <span class="code-tag">&lt;xsd:annotation&gt;</span>
                        <span class="code-tag">&lt;xsd:documentation&gt;</span>
                            Used by the the Deployer to assign method permissions for
                            all of the unspecified methods, either by assigning them
                            to security roles, or by marking them as unchecked. If
                            the value of default-role is empty, then the unspecified
                            methods are marked unchecked
                        <span class="code-tag">&lt;/xsd:documentation&gt;</span>
                    <span class="code-tag">&lt;/xsd:annotation&gt;</span>
                <span class="code-tag">&lt;/xsd:attribute&gt;</span>
            <span class="code-tag">&lt;/xsd:extension&gt;</span>
        <span class="code-tag">&lt;/xsd:complexContent&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"descriptionType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:simpleContent&gt;</span>
            <span class="code-tag">&lt;xsd:extension base=<span class="code-quote">"xsd:string"</span>&gt;</span>
                <span class="code-tag">&lt;xsd:attribute ref=<span class="code-quote">"xml:lang"</span>/&gt;</span>
            <span class="code-tag">&lt;/xsd:extension&gt;</span>
        <span class="code-tag">&lt;/xsd:simpleContent&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"named-username-password-credentialType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"name"</span> type=<span class="code-quote">"xsd:string"</span>/&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"username"</span> type=<span class="code-quote">"xsd:string"</span>/&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"password"</span> type=<span class="code-quote">"xsd:string"</span>/&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"role-mappingsType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"role"</span> type=<span class="code-quote">"geronimo:roleType"</span> minOccurs=<span class="code-quote">"1"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"roleType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"description"</span> type=<span class="code-quote">"geronimo:descriptionType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"run-as-subject"</span> type=<span class="code-quote">"geronimo:subject-infoType"</span> minOccurs=<span class="code-quote">"0"</span>/&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"realm-principal"</span> type=<span class="code-quote">"geronimo:realmPrincipalType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
            &lt;xsd:element name=<span class="code-quote">"login-domain-principal"</span> type=<span class="code-quote">"geronimo:loginDomainPrincipalType"</span> minOccurs=<span class="code-quote">"0"</span>
                         maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"principal"</span> type=<span class="code-quote">"geronimo:principalType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
            &lt;xsd:element name=<span class="code-quote">"distinguished-name"</span> type=<span class="code-quote">"geronimo:distinguishedNameType"</span> minOccurs=<span class="code-quote">"0"</span>
                         maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
        <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"role-name"</span> type=<span class="code-quote">"xsd:string"</span> use=<span class="code-quote">"required"</span>/&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"realmPrincipalType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:complexContent&gt;</span>
            <span class="code-tag">&lt;xsd:extension base=<span class="code-quote">"geronimo:loginDomainPrincipalType"</span>&gt;</span>
                <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"realm-name"</span> type=<span class="code-quote">"xsd:string"</span> use=<span class="code-quote">"required"</span>/&gt;</span>
            <span class="code-tag">&lt;/xsd:extension&gt;</span>
        <span class="code-tag">&lt;/xsd:complexContent&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"loginDomainPrincipalType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:complexContent&gt;</span>
            <span class="code-tag">&lt;xsd:extension base=<span class="code-quote">"geronimo:principalType"</span>&gt;</span>
                <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"domain-name"</span> type=<span class="code-quote">"xsd:string"</span> use=<span class="code-quote">"required"</span>/&gt;</span>
            <span class="code-tag">&lt;/xsd:extension&gt;</span>
        <span class="code-tag">&lt;/xsd:complexContent&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"principalType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"description"</span> type=<span class="code-quote">"geronimo:descriptionType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
        <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"class"</span> type=<span class="code-quote">"xsd:string"</span> use=<span class="code-quote">"required"</span>/&gt;</span>
        <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"name"</span> type=<span class="code-quote">"xsd:string"</span> use=<span class="code-quote">"required"</span>/&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"distinguishedNameType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"description"</span> type=<span class="code-quote">"geronimo:descriptionType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
        <span class="code-tag">&lt;xsd:attribute name=<span class="code-quote">"name"</span> type=<span class="code-quote">"xsd:string"</span> use=<span class="code-quote">"required"</span>/&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag">&lt;xsd:complexType name=<span class="code-quote">"subject-infoType"</span>&gt;</span>
        <span class="code-tag">&lt;xsd:sequence&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"description"</span> type=<span class="code-quote">"geronimo:descriptionType"</span> minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>/&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"realm"</span> type=<span class="code-quote">"xsd:string"</span>/&gt;</span>
            <span class="code-tag">&lt;xsd:element name=<span class="code-quote">"id"</span> type=<span class="code-quote">"xsd:string"</span>/&gt;</span>
        <span class="code-tag">&lt;/xsd:sequence&gt;</span>
    <span class="code-tag">&lt;/xsd:complexType&gt;</span>

    <span class="code-tag"><span class="code-comment">&lt;!--&lt;xsd:complexType name=<span class="code-quote">"credential-storeType"</span>&gt;</span>--&gt;</span>
        <span class="code-tag"><span class="code-comment">&lt;!--&lt;xsd:sequence&gt;</span>--&gt;</span>
            <span class="code-tag"><span class="code-comment">&lt;!--&lt;xsd:element name=<span class="code-quote">"pattern"</span> type=<span class="code-quote">"sys:patternType"</span>&gt;</span>--&gt;</span>
                <span class="code-tag"><span class="code-comment">&lt;!--&lt;xsd:annotation&gt;</span>--&gt;</span>
                    <span class="code-tag"><span class="code-comment">&lt;!--&lt;xsd:documentation&gt;</span>--&gt;</span>
                        <span class="code-tag"><span class="code-comment">&lt;!--The pattern element defines a components of the--&gt;</span></span>
                        <span class="code-tag"><span class="code-comment">&lt;!--abstract name of GBean referred. It (optionally) includes--&gt;</span></span>
                        <span class="code-tag"><span class="code-comment">&lt;!--the groupId, artifactId, version,--&gt;</span></span>
                        <span class="code-tag"><span class="code-comment">&lt;!--module, type, and name of the GBean module.--&gt;</span></span>
                    <span class="code-tag"><span class="code-comment">&lt;!--&lt;/xsd:documentation&gt;</span>--&gt;</span>
                <span class="code-tag"><span class="code-comment">&lt;!--&lt;/xsd:annotation&gt;</span>--&gt;</span>
            <span class="code-tag"><span class="code-comment">&lt;!--&lt;/xsd:element&gt;</span>--&gt;</span>
        <span class="code-tag"><span class="code-comment">&lt;!--&lt;/xsd:sequence&gt;</span>--&gt;</span>
    <span class="code-tag"><span class="code-comment">&lt;!--&lt;/xsd:complexType&gt;</span>--&gt;</span>

<span class="code-tag">&lt;/xsd:schema&gt;</span></pre>
</div></div>


<p>The credential store to use is specified in the credential-store-ref.  Normally you only need only supply the name component of the credential store name: for most purposes you are likely to include an app specific credential store in the app plan, but otherwise you need to assure that the credential store gbean is in the ancestor configurations of the application.</p>

<p>A default subject or each run-as role specifies the information needed to get the subject using a subject-infoType element.</p>

<div class="code" style="border-style: solid; "><div class="codeHeader" style="border-bottom-style: solid; "><b>Example Security Configuration</b></div><div class="codeContent">
<pre class="code-xml"><span class="code-tag">&lt;security use-context-handler=<span class="code-quote">"false"</span> xmlns=<span class="code-quote">"http://geronimo.apache.org/xml/ns/security-2.0"</span>&gt;</span>
        <span class="code-tag">&lt;default-subject&gt;</span>
          <span class="code-tag">&lt;realm&gt;</span>my-properties-realm<span class="code-tag">&lt;/realm&gt;</span>
          <span class="code-tag">&lt;id&gt;</span>default<span class="code-tag">&lt;/id&gt;</span>
        <span class="code-tag">&lt;/default-subject&gt;</span>
        <span class="code-tag">&lt;role-mappings&gt;</span>
          <span class="code-tag">&lt;role role-name=<span class="code-quote">"Administrator"</span>&gt;</span>
            <span class="code-tag">&lt;principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"</span> name=<span class="code-quote">"system"</span>/&gt;</span>
          <span class="code-tag">&lt;/role&gt;</span>
          <span class="code-tag">&lt;role role-name=<span class="code-quote">"User"</span>&gt;</span>
            <span class="code-tag">&lt;run-as-subject&gt;</span>
                <span class="code-tag">&lt;realm&gt;</span>my-properties-realm<span class="code-tag">&lt;/realm&gt;</span>
                <span class="code-tag">&lt;id&gt;</span>user-run-as<span class="code-tag">&lt;/id&gt;</span>
            <span class="code-tag">&lt;/run-as-subject&gt;</span>the loi
            <span class="code-tag">&lt;principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"</span> name=<span class="code-quote">"user"</span>/&gt;</span>
          <span class="code-tag">&lt;/role&gt;</span>
        <span class="code-tag">&lt;/role-mappings&gt;</span>
      <span class="code-tag">&lt;/security&gt;</span></pre>
</div></div>

<p>The sample above shows the simplest principal-role mapping: you specify the principal class and name for each principal that maps to a certain role.  Normally this will be entirely sufficient to distinguish principals.  However, you might have several login modules or security realms that can produce the same principal but with different meanings.  In this case you can include the login domain name or realm name to distinguish the principals.</p>

<div class="code" style="border-style: solid; "><div class="codeHeader" style="border-bottom-style: solid; "><b>Additional principal specifications</b></div><div class="codeContent">
<pre class="code-xml"><span class="code-tag"><span class="code-comment">&lt;!-- normal, no domain or realm info --&gt;</span></span>
<span class="code-tag">&lt;principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"</span> name=<span class="code-quote">"user"</span>/&gt;</span>

<span class="code-tag"><span class="code-comment">&lt;!-- login domain name specified --&gt;</span></span>
<span class="code-tag">&lt;login-domain-principal domain-name=<span class="code-quote">"mydomain"</span> class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"</span> name=<span class="code-quote">"user"</span>/&gt;</span>

<span class="code-tag">&lt;~-- realm name and login domain name specified&gt;</span>
<span class="code-tag">&lt;realm-principal realm-name=<span class="code-quote">"my-properties-realm"</span> domain-name=<span class="code-quote">"mydomain"</span> class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"</span> name=<span class="code-quote">"user"</span>/&gt;</span></pre>
</div></div></div>


</td></tr></table></div>
<p>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
    <tr>
        <td height="12" background="http://cwiki.apache.org/confluence/images/border/border_bottom.gif"><img src="http://cwiki.apache.org/confluence/images/border/spacer.gif" width="1" height="1" border="0"/></td>
    </tr>
</table>

<div class="smalltext">
    Powered by
    <a href="http://www.atlassian.com/software/confluence/default.jsp?clicked=footer" class="smalltext">Atlassian Confluence</a>
    (Version: 2.2.9 Build:#527 Sep 07, 2006)
    -
    <a href="http://jira.atlassian.com/secure/BrowseProject.jspa?id=10470" class="smalltext">Bug/feature request</a><br/>
    <br>
    <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action">Unsubscribe or edit your notifications preferences</a>

</div>

</body>
</html>


Mime
View raw message