geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v2.1 > Properties file security realms
Date Mon, 01 Nov 2010 09:04:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1810/9/1/_/styles/combined.css?spaceKey=GMOxDOC21&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/GMOxDOC21/Properties+file+security+realms">Properties
file security realms</a></h2>
    <h4>Page  <b>added</b> by             <a href="https://cwiki.apache.org/confluence/display/~maojia508">maojia</a>
    </h4>
         <br/>
    <div class="notificationGreySide">
         <h1><a name="Propertiesfilesecurityrealms-Propertiesfilesecurityrealms"></a>Properties
file security realms</h1>

<p>This realm type allows you to configure Web applications to authenticate users against
it.</p>

<p>To create a new security realm, click <b>Add new security realm</b> from
the <b>Security Realms</b> portlet.</p>

<p>Enter the name of security realm and select <b>Properties File Realm</b>
from the <b>Realm type:</b> dropdown menu. Click <b>Next</b> and follow
the instructions.</p>

<p><b>Note</b>: the <b>PropertiesFileLoginModule</b> supports
<b>digest</b> and <b>encoding</b> options.</p>
<ul>
	<li><b>digest</b> option: The value specified for <b>digest</b>
is the Message Digest algorithm to be used on the user supplied password before comparing
it to the stored password.<br/>
Examples of <b>digest</b> values are MD5 and SHA1. If <b>digest</b>
is not specified, the passwords are treated as clear-text.</li>
	<li><b>encoding</b> option:It is used only when <b>digest</b>
option is specified. The <b>encoding</b> option might be either <b>hex</b>
or <b>base64</b> (case insensitive). If <b>encoding</b> is not specified,
<b>hex</b> encoding will be used.</li>
</ul>


<p>When you create a new properties file realm through the administrative console, the
key values you supply are in the configuration options field, which is the location and filenames
of the user and group property files, such as:</p>
<div class="panel" style="border-style: solid;border-width: 1px;"><div class="panelContent">
<p>usersURI=var/security/<em>vhost1_users</em>.properties<br/>
groupsURI=var/security/<em>vhost1_groups</em>.properties</p>
</div></div>

<p>By default, the security realm used by the server to authenticate administrative
users for console and deployer access, is the <b>geronimo-admin</b> properties
file realm.</p>

<p>The following example illustrates a deployment plan for this default <b>geronimo-admin</b>
realm.</p>
<div class="code panel" style="border-style: solid;border-width: 1px;"><div class="codeContent
panelContent">
<pre class="code-xml">
<span class="code-tag">&lt;module xmlns=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>&gt;</span>
    <span class="code-tag">&lt;environment&gt;</span>
        <span class="code-tag">&lt;moduleId&gt;</span>
            <span class="code-tag">&lt;groupId&gt;</span>console.realm<span
class="code-tag">&lt;/groupId&gt;</span>
            <span class="code-tag">&lt;artifactId&gt;</span>geronimo-admin<span
class="code-tag">&lt;/artifactId&gt;</span>
            <span class="code-tag">&lt;version&gt;</span>1.0<span class="code-tag">&lt;/version&gt;</span>
            <span class="code-tag">&lt;type&gt;</span>car<span class="code-tag">&lt;/type&gt;</span>
        <span class="code-tag">&lt;/moduleId&gt;</span>
        <span class="code-tag">&lt;dependencies&gt;</span>
            <span class="code-tag">&lt;dependency&gt;</span>
                <span class="code-tag">&lt;groupId&gt;</span>org.apache.geronimo.framework<span
class="code-tag">&lt;/groupId&gt;</span>
                <span class="code-tag">&lt;artifactId&gt;</span>j2ee-security<span
class="code-tag">&lt;/artifactId&gt;</span>
                <span class="code-tag">&lt;type&gt;</span>car<span
class="code-tag">&lt;/type&gt;</span>
            <span class="code-tag">&lt;/dependency&gt;</span>
        <span class="code-tag">&lt;/dependencies&gt;</span>
    <span class="code-tag">&lt;/environment&gt;</span>
    &lt;gbean name=<span class="code-quote">"geronimo-admin"</span> class=<span
class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span>
                 xsi:type=<span class="code-quote">"dep:gbeanType"</span> <span
class="code-keyword">xmlns:dep</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.2"</span>
                 <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>&gt;
        <span class="code-tag">&lt;attribute name=<span class="code-quote">"realmName"</span>&gt;</span>geronimo-admin<span
class="code-tag">&lt;/attribute&gt;</span>
        <span class="code-tag">&lt;reference name=<span class="code-quote">"ServerInfo"</span>&gt;</span>
            <span class="code-tag">&lt;name&gt;</span>ServerInfo<span
class="code-tag">&lt;/name&gt;</span>
        <span class="code-tag">&lt;/reference&gt;</span>
        <span class="code-tag">&lt;reference name=<span class="code-quote">"LoginService"</span>&gt;</span>
            <span class="code-tag">&lt;name&gt;</span>JaasLoginService<span
class="code-tag">&lt;/name&gt;</span>
        <span class="code-tag">&lt;/reference&gt;</span>
        <span class="code-tag">&lt;xml-reference name=<span class="code-quote">"LoginModuleConfiguration"</span>&gt;</span>
            <span class="code-tag">&lt;log:login-config <span class="code-keyword">xmlns:log</span>=<span
class="code-quote">"http://geronimo.apache.org/xml/ns/loginconfig-2.0"</span>&gt;</span>
                <span class="code-tag">&lt;log:login-module control-flag=<span
class="code-quote">"REQUIRED"</span> server-side=<span class="code-quote">"true"</span>
wrap-principals=<span class="code-quote">"false"</span>&gt;</span>
                    <span class="code-tag">&lt;log:login-domain-name&gt;</span>geronimo-admin<span
class="code-tag">&lt;/log:login-domain-name&gt;</span>
                    <span class="code-tag">&lt;log:login-module-class&gt;</span>
                         org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
                    <span class="code-tag">&lt;/log:login-module-class&gt;</span>
                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"usersURI"</span>&gt;</span>var/security/users.properties<span
class="code-tag">&lt;/log:option&gt;</span>
                    <span class="code-tag">&lt;log:option name=<span class="code-quote">"groupsURI"</span>&gt;</span>var/security/groups.properties<span
class="code-tag">&lt;/log:option&gt;</span>
                <span class="code-tag">&lt;/log:login-module&gt;</span>
            <span class="code-tag">&lt;/log:login-config&gt;</span>
        <span class="code-tag">&lt;/xml-reference&gt;</span>
    <span class="code-tag">&lt;/gbean&gt;</span>
<span class="code-tag">&lt;/module&gt;</span>
</pre>
</div></div>

<p>Once the security realm has been created, you can click the <b>usage</b>
link to view samples of how to use the new realm in your applications.</p>
    </div>
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>
       <a href="https://cwiki.apache.org/confluence/display/GMOxDOC21/Properties+file+security+realms">View
Online</a>
              |
       <a href="https://cwiki.apache.org/confluence/display/GMOxDOC21/Properties+file+security+realms?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
           </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message