geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Clough, Ray C PWR" <Ray.Clo...@pwr.utc.com>
Subject RE: security gbean.....
Date Sat, 24 Jun 2006 18:49:02 GMT
If you're getting paid by the line, turning 3 lines into 5000 is sheer
genius.  If you were to fail to document them, so that no one could
understand your code, you might get a Presidential Medal of Freedom.

 

-----Original Message-----
From: ammulder@gmail.com [mailto:ammulder@gmail.com] On Behalf Of Aaron
Mulder
Sent: Saturday, June 24, 2006 4:22 AM
To: user@geronimo.apache.org
Subject: Re: security gbean.....

A) that's horrible that we turn 3 lines into like 5000 lines.  We have
got to do better!

B) in case it wasn't clear from David's response, the "realm-name" is
what's normally used to refer to this security realm; your login domain
names can be arbitrary, but they must be unique.  I suggest
magnolia-authentication and magnolia-authorization.  (If you enable
certain advanced features you can use the login domain names in your
J2EE role mapping, but it's a bit unusual that you'd want to, and if you
did want to, they'd have to have unique names for you to distinguish
them.)

Thanks,
     Aaron

On 6/23/06, EricCho@kryos.com <EricCho@kryos.com> wrote:
>
>
>
>
> Hi all,
>
> I'm having a problem configuring my security gbean and could use a bit
of help.
>
> I have the following jaas.config file:
>
> magnolia {
>   info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
>   info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; }; 
> Jackrabbit {
>   org.apache.jackrabbit.core.security.SimpleLoginModule required; };
>
> And I've translated it into the following gbeans:
>
>     <gbean name="magnolia"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>         <attribute name="realmName">magnolia</attribute>
>         <reference name="ServerInfo">
>
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e
e-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbe
an-name>
>         </reference>
>         <reference name="LoginService">
>
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e
e-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=Ja
asLoginService</gbean-name>
>         </reference>
>         <xml-reference name="LoginModuleConfiguration">
>             <log:login-config
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
>                 <log:login-module control-flag="REQUISITE"
server-side="true" wrap-principals="false">
>
<log:login-domain-name>magnolia</log:login-domain-name>
>
<log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModul
e</log:login-module-class>
>                 </log:login-module>
>                 <log:login-module control-flag="REQUIRED"
server-side="true" wrap-principals="false">
>
<log:login-domain-name>magnolia</log:login-domain-name>
>
<log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule
</log:login-module-class>
>                 </log:login-module>
>             </log:login-config>
>         </xml-reference>
>     </gbean>
>
>
>       <gbean name="Jackrabbit"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>             <attribute name="realmName">Jackrabbit</attribute>
>             <reference name="ServerInfo">
>
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e
e-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbe
an-name>
>             </reference>
>             <reference name="LoginService">
>
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e
e-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=Ja
asLoginService</gbean-name>
>             </reference>
>
>             <xml-reference name="LoginModuleConfiguration">
>                   <log:login-config
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
>                         <log:login-module control-flag="REQUIRED"
server-side="true" wrap-principals="false">
>
<log:login-domain-name>Jackrabbit</log:login-domain-name>
>
<log:login-module-class>org.apache.jackrabbit.core.security.SimpleLoginM
odule</log:login-module-class>
>                         </log:login-module>
>                   </log:login-config>
>             </xml-reference>
>       </gbean>
>
>
>
> The problem I'm currently having is that it's complaining that my
login-domain-name for both the Authenitciation and Authorization modules
are the same (magnolia).... but it seems as though it has to be
according the the jaas.config.  Or am I wrong?
> How do I fix this?
> Also, if you see something else wrong with this, I'd appreciate any
pointers.
>
> Regards,
> Eric
>
>

Mime
View raw message