geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: SQLLoginModule configuration (was re: retrieving the datasource)
Date Thu, 10 Nov 2005 17:29:22 GMT
Something similar to this should work:

     public final static String USER_SELECT = "userSelect";
     public final static String GROUP_SELECT = "groupSelect";
     public final static String CONNECTION_URL = "jdbcURL";
     public final static String USER = "jdbcUser";
     public final static String PASSWORD = "jdbcPassword";
     public final static String DRIVER = "jdbcDriver";


     <gbean name="roller-realm"
         class="org.apache.geronimo.security.realm.GenericSecurityRealm">
         <attribute name="realmName">roller-realm</attribute>
         <xml-reference name="LoginModuleConfiguration">
             <lc:login-config  
xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig">
                 <lc:login-module control-flag="REQUIRED"  
server-side="true">
                      
<lc:login-domain-name>roller-sql-realm</lc:login-domain-name>
                      
<lc:login-module- 
class>org.apache.geronimo.security.realm.providers.SQLLoginModule</lc: 
login-module-class>
                     <lc:option  
name="jdbcDriver">com.mysql.jdbc.Driver</lc:option>
                     <lc:option  
name="jdbcURL">jdbc:mysql://localhost:3306/roller? 
autoReconnect=true&amp;useUnicode=true&amp;characterEncoding=utf-8&amp; 
mysqlEncoding=utf8</lc:option>
                     <lc:option name="jdbcUser">roller</lc:option>
                     <lc:option name="jdbcPassword">roller</lc:option>
                     <lc:option name="userSelect">SELECT username,  
passphrase FROM rolleruser where username = ?</lc:option>
                     <lc:option name="groupSelect">SELECT rolename,  
username FROM userrole where username = ?</lc:option>
                 </lc:login-module>
             </lc:login-config>
         </xml-reference>
         <reference name="ServerInfo">
             <module>org/apache/geronimo/System</module>
             <name>ServerInfo</name>
         </reference>
         <reference name="LoginService">
             <module>org/apache/geronimo/Security</module>
             <name>JaasLoginService</name>
         </reference>
     </gbean>

You should definitely check the sql I invented for you.

You will still need to map the group principals to the roles your app  
uses.  My guess from the name of the table is that the group and role  
name will be identical.

Your mapping might look something like this

    <sec:security default-role="UNASSIGNED" doas-current-caller="true">
         <sec:default-principal>
             <sec:principal  
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipa 
l" name="guest"/>
         </sec:default-principal>

         <sec:role-mappings>
             <sec:role role-name="UNASSIGNED">
                 <sec:principal  
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipa 
l" name="guest" designated-run-as="true"/>
             </sec:role>

             <sec:role role-name="USER">
                 <sec:principal  
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincip 
al" name="USER"/>
             </sec:role>

             <sec:role role-name="ADMIN">
                 <sec:principal  
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincip 
al" name="ADMIN" designated-run-as="true"/>
             </sec:role>
         </sec:role-mappings>
     </sec:security>

Hope this helps
david jencks

On Nov 10, 2005, at 6:17 AM, Miguel A Paraz wrote:

> On 10/20/05, tbot55@yahoo.com <tbot55@yahoo.com> wrote:
>> OK, I can verify users against the database using the
>> SQLLoginModule. I've created a servlet (my first one
>> ever!) that takes in the user information and stores
>> it into the same table of the database, and adds an
>> entry to the groups table, too. They can then go to
>> the login page, login and they even verify!
>
> Hi,
> Sorry but I couldn't figure out how to write a SQLLoginModule
> configuration. I'm trying to deploy Roller on Geronimo. The Tomcat
> realm configuration, under the specific context, is as follows. What's
> the equivalent Geronimo configuration?
>
> <Realm className="org.apache.catalina.realm.JDBCRealm"
>     driverName="com.mysql.jdbc.Driver"
> connectionURL="jdbc:mysql://localhost:3306/roller? 
> autoReconnect=true&amp;useUnicode=true&amp;characterEncoding=utf 
> -8&amp;mysqlEncoding=utf8"
>     connectionName="roller"
>     connectionPassword="roller"
>     userTable="rolleruser"
>     userNameCol="username"
>     userCredCol="passphrase"
>     userRoleTable="userrole"
>     roleNameCol="rolename" debug="0" />
>


Mime
View raw message