This article is about how to replace default properties realm geronimo-admin with SQL or LDAP realms.
By default, Geronimo is using a properties realm for authentication named geronimo-admin, which is used by JMX server, Admin Console, Online-deploy and MEJB application. However, you may not want to use it for production use. Alternatively, you can use database(SQL) or LDAP realms in a production environment. To replace the default realm, you must do the following:
- Deploy a new realm with real-name geronimo-admin either from the Admin console or using command line. Refer to Administering security realms for how to create a SQL or LDAP realm using the Admin Console. When it's done, a new realm is created with plugin id console.realm/geronimo-admin/1.0/car. At the mean time, a new line is added into var/config/config.xml under Geronimo installation directory like
- Locate org.apache.geronimo.framework/server-security-config/2.2/car in config.xml when the server is stopped and disable the default realm. The updated config.xml will be looked like this
<gbean name="geronimo-admin" load="false"/>
- Restart the server and test with new userid and password instead of default system and manager. You can successfully log into the Admin console.