geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: Web Console authentication realm
Date Mon, 09 Jan 2006 16:28:54 GMT
Do you mean, when the deploy tool prompts you for a username and
password to connect to the server, what security realm is that?  It's
called geronimo-properties-realm and it reads the users and groups
from var/security/users.properties and var/security/groups.properties.

I think you could change this to use a different realm like this:
0) Deploy your LDAP realm
1) add an entry to config.xml for the JMXService GBean in the
geronimo/j2ee-security/1.0/car configuration
2) For that GBean, set the property applicationConfigName to MyJMX or
something other than the default value of "JMX"
3) Add a new GBean to that Geronimo configuration mapping the MyJMX
JAAS configuration to your LDAP realm name like this:

<gbean name="MyJMXMapping"
class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
  <attribute name="applicationConfigName">MyJMX</attribute>
  <attribute name="realmName">ldap-realm-name</attribute>
  <reference name="LoginService"><name>JaasLoginService</name></reference>
</gbean>

That last step is the trick -- I'm not 100% sure how to add GBeans to
existing configurations by hand, but I believe it can be done in
config.xml (though, looking at the schema, I don't see how).  Dain or
David J, any insight?

Thanks,
    Aaron

On 1/9/06, Cristian Roldan <roldancer@yahoo.com.ar> wrote:
> Any idea ?
>
>
> Cristian Roldan <roldancer@yahoo.com.ar> escribió:
>
>
> Hi All,
>
>     I could change the Web Console's authentication realm to use a ldap
> realm, i'm using the Geronimo's ldap (1389) , every thing works ok. But I
> saw that de deploy.bat script is using another realm, could someone tell me
> which security realm is using the deploy.bat script and the configuration
> associated with it ?

Mime
View raw message