geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v2.1 > Administering users and groups
Date Wed, 10 Nov 2010 04:49:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1810/9/1/_/styles/combined.css?spaceKey=GMOxDOC21&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/GMOxDOC21/Administering+users+and+groups">Administering
users and groups</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~chirunhua@gmail.com">Runhua
Chi</a>
    </h4>
        <br/>
                         <h4>Changes (1)</h4>
                                 
    
<div id="page-diffs">
            <table class="diff" cellpadding="0" cellspacing="0">
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" > <br>The files mentioned in
this sections along with the all the security configuration in addition to user names and
passwords are defined in the *geronimo-properties-realm* security realm covered in the [Adminstering
security realms] section. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">
<br>h1. Changing the password for derby Admin <br>Starting from G217, a new user
group *derbyadmin* is defined to manage all connections to the embedded Derby server. By default,
the user name is _dbadmin_ and defined in the {{/var/security/users.properties}} file. You
can easily update the default password _manager_ to any other combinations you like. However,
you must follow the steps below to make sure the whole server and relevant database pools
work well even after you updated the password. <br># Start Geronimo server <br>#
Update the password of *dbadmin* via *console &gt;security &gt; Users and Groups*
portlet <br># Edit the user password in existing datasources via *console &gt; Services
&gt; Database pools* portlet <br># Shutdown Geronimo server <br># Update the
*userPassword* attribute of {{DerbyNetwork}} GBean in {{var\config\config.xml}} with the new
password <br># Restart Geronimo server  <br></td></tr>
        </table>
</div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color:
#f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td
class='ScrollbarPrevIcon'><a href="/confluence/display/GMOxDOC21/Administering+certificates"><img
border='0' align='middle' src='/confluence/images/icons/back_16.gif' width='16' height='16'></a></td><td
width='33%' class='ScrollbarPrevName'><a href="/confluence/display/GMOxDOC21/Administering+certificates">Administering
certificates</a>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a
href="/confluence/display/GMOxDOC21/Configuring+security"><img border='0' align='middle'
src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a
href="/confluence/display/GMOxDOC21/Configuring+security">Configuring security</a></td><td
width='33%' class='ScrollbarNextName'>&nbsp;<a href="/confluence/display/GMOxDOC21/Adminstering+security+realms">Adminstering
security realms</a></td><td class='ScrollbarNextIcon'><a href="/confluence/display/GMOxDOC21/Adminstering+security+realms"><img
border='0' align='middle' src='/confluence/images/icons/forwd_16.gif' width='16' height='16'></a></td></tr></table></div>

<p>You can add users and groups via the Geronimo Administration Console or by modifying
some configuration files. We will start simple by using the realm provided by Geronimo by
default. Then, as we explore the different realms and security configurations, we will come
back and revisit some of the topics as needed.</p>

<p>To manage users and groups via the Geronimo Administration Console the <b>Users
and Groups</b> portlet is available on the <b>Console Navigation</b> menu
on the left hand side. Here you will find two portlets, one for administering users and another
for administering user groups, both are illustrated in the following figures.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/77413/consoleRealms.png?version=1&amp;modificationDate=1203611628000"
style="border: 0px solid black" /></span></p>

<p>To change a user's password click on (<b>Details</b> next to the user
you want to update in the <b>Console Realm Users</b> portlet, it will bring up
the UserID and Password so you can update that profile.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/77413/consoleRealmUserEdit.png?version=1&amp;modificationDate=1203611628000"
style="border: 0px solid black" /></span></p>

<p>To remove a user click on the corresponding <b>Delete</b>, you will be
prompted to confirm deletion of that user, click <b>OK</b>.</p>

<p>To add a new user click on <b>Create New User</b>, you will be prompted
for a UserID and Password (twice), enter those values and click <b>Add</b>.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/77413/consoleRealmUserAdd.png?version=1&amp;modificationDate=1203611628000"
style="border: 0px solid black" /></span></p>

<p>Once you created new users you can add them to group. By default, the group <b>admin</b>
is available and the user <b>system</b> is in that group. If you click on the
<b>Details</b> next to the <b>admin</b> group you will see the user
<b>system</b> in the window on the right and any other available user will be
listed in the window on the left.</p>

<p>To add a new user to this group select the user first, then click <b>Add &gt;&gt;</b>
and then click <b>Update</b>.</p>

<p><span class="image-wrap" style=""><img src="/confluence/download/attachments/77413/consoleRealmGroupEdit.png?version=1&amp;modificationDate=1203611628000"
style="border: 0px solid black" /></span></p>

<p>To create a new group click on <b>Create New Group</b>, this step is
very similar to the one mentioned before for the users. In addition to be prompted for adding
users to this group you will also have to provide a group name. Once you entered the new group
name and added the users click on <b>Add</b> to finish.</p>

<p>The changes you made via the <b>Console Realm Users</b> and <b>Console
Realm Groups</b> portlets are reflected in two different files, these files are <b>users.properties</b>
and <b>groups.properties</b> respectively and they are located in the &lt;geronimo_home&gt;\var\security
directory.</p>



<p>You can equally administer users and groups by modifying directly these files:</p>

<ul>
	<li><tt>users.properties</tt></li>
	<li><tt>groups.properties</tt></li>
</ul>


<p><b><tt>users.properties</tt></b> uses the <b>&lt;user_name&gt;=&lt;password&gt;</b>
format, groups.properties uses the <b>&lt;group_name&gt;=&lt;user_name&gt;</b>
format. See the following examples for additional details.</p>

<div class="preformatted panel" style="border-style: solid;border-width: 1px;"><div
class="preformattedHeader panelHeader" style="border-bottom-width: 1px;border-bottom-style:
solid;"><b>users.properties</b></div><div class="preformattedContent
panelContent">
<pre>system=manager
user2=password
user1=password
</pre>
</div></div>

<p>As we are using the basic, by default, security configuration you will see the user
IDs and passwords are stored in plain text. You can add, remove and change passwords from
this file.</p>

<div class="preformatted panel" style="border-style: solid;border-width: 1px;"><div
class="preformattedHeader panelHeader" style="border-bottom-width: 1px;border-bottom-style:
solid;"><b>groups.properties</b></div><div class="preformattedContent
panelContent">
<pre>admin=system,user1
users=user2</pre>
</div></div>

<p>Just like with the users, with the <b><tt>groups.properties</tt></b>
you can add and remove groups and users to those groups.</p>

<p>The files mentioned in this sections along with the all the security configuration
in addition to user names and passwords are defined in the <b>geronimo-properties-realm</b>
security realm covered in the <a href="/confluence/display/GMOxDOC21/Adminstering+security+realms"
title="Adminstering security realms">Adminstering security realms</a> section.</p>

<h1><a name="Administeringusersandgroups-ChangingthepasswordforderbyAdmin"></a>Changing
the password for derby Admin</h1>
<p>Starting from G217, a new user group <b>derbyadmin</b> is defined to
manage all connections to the embedded Derby server. By default, the user name is <em>dbadmin</em>
and defined in the <tt>/var/security/users.properties</tt> file. You can easily
update the default password <em>manager</em> to any other combinations you like.
However, you must follow the steps below to make sure the whole server and relevant database
pools work well even after you updated the password.</p>
<ol>
	<li>Start Geronimo server</li>
	<li>Update the password of <b>dbadmin</b> via <b>console &gt;security
&gt; Users and Groups</b> portlet</li>
	<li>Edit the user password in existing datasources via <b>console &gt; Services
&gt; Database pools</b> portlet</li>
	<li>Shutdown Geronimo server</li>
	<li>Update the <b>userPassword</b> attribute of <tt>DerbyNetwork</tt>
GBean in <tt>var\config\config.xml</tt> with the new password</li>
	<li>Restart Geronimo server</li>
</ol>

    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC21/Administering+users+and+groups">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=77413&revisedVersion=4&originalVersion=3">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC21/Administering+users+and+groups?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message