geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: security gbean.....
Date Fri, 23 Jun 2006 17:06:43 GMT

On Jun 23, 2006, at 6:55 PM, EricCho@kryos.com wrote:

>
>
>
>
> Hi all,
>
> I'm having a problem configuring my security gbean and could use a  
> bit of help.
>
> I have the following jaas.config file:
>
> magnolia {
>   info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
>   info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
> };
> Jackrabbit {
>   org.apache.jackrabbit.core.security.SimpleLoginModule required;
> };
>
> And I've translated it into the following gbeans:
>
>     <gbean name="magnolia"  
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>         <attribute name="realmName">magnolia</attribute>
>         <reference name="ServerInfo">
>             <gbean- 
> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee- 
> system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</ 
> gbean-name>
>         </reference>
>         <reference name="LoginService">
>             <gbean- 
> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee- 
> security/1.0/ 
> car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginServic 
> e</gbean-name>
>         </reference>
>         <xml-reference name="LoginModuleConfiguration">
>             <log:login-config xmlns:log="http://geronimo.apache.org/ 
> xml/ns/loginconfig-1.0">
>                 <log:login-module control-flag="REQUISITE" server- 
> side="true" wrap-principals="false">
>                     <log:login-domain-name>magnolia</log:login- 
> domain-name>
>                     <log:login-module- 
> class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModule</log:login- 
> module-class>
>                 </log:login-module>
>                 <log:login-module control-flag="REQUIRED" server- 
> side="true" wrap-principals="false">
>                     <log:login-domain-name>magnolia</log:login- 
> domain-name>
>                     <log:login-module- 
> class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule</log:login- 
> module-class>
>                 </log:login-module>
>             </log:login-config>
>         </xml-reference>
>     </gbean>
>
>
>       <gbean name="Jackrabbit"  
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>             <attribute name="realmName">Jackrabbit</attribute>
>             <reference name="ServerInfo">
>                   <gbean- 
> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee- 
> system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</ 
> gbean-name>
>             </reference>
>             <reference name="LoginService">
>                   <gbean- 
> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee- 
> security/1.0/ 
> car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginServic 
> e</gbean-name>
>             </reference>
>
>             <xml-reference name="LoginModuleConfiguration">
>                   <log:login-config xmlns:log="http:// 
> geronimo.apache.org/xml/ns/loginconfig-1.0">
>                         <log:login-module control-flag="REQUIRED"  
> server-side="true" wrap-principals="false">
>                               <log:login-domain-name>Jackrabbit</ 
> log:login-domain-name>
>                               <log:login-module- 
> class>org.apache.jackrabbit.core.security.SimpleLoginModule</ 
> log:login-module-class>
>                         </log:login-module>
>                   </log:login-config>
>             </xml-reference>
>       </gbean>
>
>
>
> The problem I'm currently having is that it's complaining that my  
> login-domain-name for both the Authenitciation and Authorization  
> modules are the same (magnolia).... but it seems as though it has  
> to be according the the jaas.config.  Or am I wrong?
> How do I fix this?
> Also, if you see something else wrong with this, I'd appreciate any  
> pointers.

The "magnolia" in the jaas.config file corresponds to the realm-name  
in the GenericSecurityRealmGBean.  The login-domain-name is there so  
that if needed you can later on figure out which login module  
actually added a particular principal.  We (optionally) can wrap the  
principals from the login module with wrappers that contain the realm  
name and login-domain name so you know exactly where each principal  
comes from.  You probably don't need to take advantage of this :-)

After a quick glance I don't see anything else wrong, but I emphasize  
quick :-)

thanks
david jencks

>
> Regards,
> Eric
>


Mime
View raw message