Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 92003 invoked from network); 23 Nov 2010 03:12:45 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 23 Nov 2010 03:12:45 -0000 Received: (qmail 20754 invoked by uid 500); 23 Nov 2010 03:13:17 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 20626 invoked by uid 500); 23 Nov 2010 03:13:16 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 20617 invoked by uid 99); 23 Nov 2010 03:13:16 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Nov 2010 03:13:16 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Nov 2010 03:13:13 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id ACF922388903; Tue, 23 Nov 2010 03:11:40 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1037984 - in /geronimo/samples/branches/2.1: ./ repository/ samples/generic-auth/ samples/generic-auth/generic-auth-war/src/main/webapp/ samples/generic-auth/generic-auth-war/src/main/webapp/WEB-INF/ samples/generic-auth/generic-auth-war/s... Date: Tue, 23 Nov 2010 03:11:40 -0000 To: scm@geronimo.apache.org From: xiaming@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101123031140.ACF922388903@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: xiaming Date: Tue Nov 23 03:11:40 2010 New Revision: 1037984 URL: http://svn.apache.org/viewvc?rev=1037984&view=rev Log: GERONIMO-5710 remove unused repository module and update generic-auth sample Removed: geronimo/samples/branches/2.1/repository/ geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/auth/ geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/forbidden/ Modified: geronimo/samples/branches/2.1/pom.xml geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/WEB-INF/web.xml geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/index.html geronimo/samples/branches/2.1/samples/generic-auth/readme.txt Modified: geronimo/samples/branches/2.1/pom.xml URL: http://svn.apache.org/viewvc/geronimo/samples/branches/2.1/pom.xml?rev=1037984&r1=1037983&r2=1037984&view=diff ============================================================================== --- geronimo/samples/branches/2.1/pom.xml (original) +++ geronimo/samples/branches/2.1/pom.xml Tue Nov 23 03:11:40 2010 @@ -95,8 +95,7 @@ --> - buildutil - + buildutil geronimo-samples-archetype samples Modified: geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/WEB-INF/web.xml?rev=1037984&r1=1037983&r2=1037984&view=diff ============================================================================== --- geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/WEB-INF/web.xml (original) +++ geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/WEB-INF/web.xml Tue Nov 23 03:11:40 2010 @@ -16,8 +16,8 @@ + xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd" + version="2.5">

@@ -35,15 +35,7 @@

content-administrator

- - - - - No Access - /forbidden/* - - - + GENERIC Modified: geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/index.html URL: http://svn.apache.org/viewvc/geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/index.html?rev=1037984&r1=1037983&r2=1037984&view=diff ============================================================================== --- geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/index.html (original) +++ geronimo/samples/branches/2.1/samples/generic-auth/generic-auth-war/src/main/webapp/index.html Tue Nov 23 03:11:40 2010 @@ -18,16 +18,58 @@ --> -

Testing The Properties File Security Realm

The 2 properties files are located under WASCE_HOME/var/security: demo_groups.properties & demo_users.properties

- Once this sample has been installed, click on Protect to validate against the properties file. You will be shown a login screen, use the following usernames and passwords to login: -

username=alan password=starcraft

username=metro password=mouse

username=george password=bone

- - If everything works, you should see "hello world" in your browser. +

Demonstrate GENERIC authentication

This sample defines one security realm with two new login modules: +

org.apache.geronimo.security.realm.providers.GenericHttpHeaderPropertiesFileLoginModule
org.apache.geronimo.security.realm.providers.GenericHttpHeaderSqlLoginmodule

At this point you have an application that is validating username and passwords against the properties file based on the security configuration you provided earlier. Now, if you go back here and click on Forbidden you should receive a 403 - Forbidden HTTP error.

+ +

There is another new login module for LDAP authentication: org.apache.geronimo.security.realm.providers.GenericHttpHeaderLdapLoginModule. It requires some additional LDAP configuration, and not be able to demonstrate in this sample. But you can refer to comment-out section of the sample's geronimo deployment plan for details.

+ +

Follow these steps to run this sample: +

Configure Apache HTTP web server to proxy HTTP request for Geronimo server.
+
+ Add these lines to APACHE_HOME/conf/httpd.conf:
+ + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_http_module modules/mod_proxy_http.so + <IfModule mod_proxy.c> + ProxyPass /generic-auth http://localhost:8080/generic-auth + ProxyPassReverse / http://localhost:8080/ + </IfModule> + +

Mimic SiteMinder behavior via mod_headers module.
+
+ Add these lines to APACHE_HOME/conf/httpd.conf: + + LoadModule headers_module modules/mod_headers.so + <IfModule mod_headers.c> + <Location /generic-auth> + RequestHeader add SM_USER USERNAME + </Location> + </IfModule> +
+ The USERNAME could be replaced with these users one by one: izumi, tom, alan, nobody

+ izumi is a valid user defined in file property "var/security/demo_groups.properties" with manager role.
+ tom is a valid user defined in SQL login module with manager role.
+ alan is a valid user defined in SQL login module without manager role.
+ nobody is not a valid user in any security login module.
+

+ Change the username field as above, restart Apache HTTP server, then visit this link. +

izumi -- should see the hello world page with HTTP 200 status +
tom -- should see the hello world page with HTTP 200 status +
alan -- should not see the hello world page with HTTP 403 status +
nobody -- should not see the hello world page with HTTP 401 status +

Modified: geronimo/samples/branches/2.1/samples/generic-auth/readme.txt URL: http://svn.apache.org/viewvc/geronimo/samples/branches/2.1/samples/generic-auth/readme.txt?rev=1037984&r1=1037983&r2=1037984&view=diff ============================================================================== --- geronimo/samples/branches/2.1/samples/generic-auth/readme.txt (original) +++ geronimo/samples/branches/2.1/samples/generic-auth/readme.txt Tue Nov 23 03:11:40 2010 @@ -64,7 +64,7 @@ RequestHeader add SM_USER The could be replaced with these users respectively: izumi, tom, alan, nobody -3. Change the username field as above, restart Apache HTTP server, then visit this linke +3. Change the username field as above, restart Apache HTTP server, then visit this link http://localhost/generic-auth/protect/hello.html You should see these expected results: