I would change that statement to:
In Geronimo, we don't have use a JAAS conf file. You could instead
declare and deploy security realms using a Geronimo deployment plan,
like many other components.
Regards,
Alan
Aaron Mulder wrote:
> In Geronimo, we don't use a JAAS conf file, but instead let you
> declare and deploy security realms using a Geronimo deployment plan,
> like many other components. There is some special syntax for security
> realms, though.
>
> Basically, to create a realm called DatabaseRealm using the JAAS login
> module DBLoginModule and the flag required, you could use a plan like
> the one below. Either you can deploy this plan with a JAR containing
> the DBLoginModule class, or you could put the login module class in a
> JAR in the Geronimo repository and then add a dependency on that JAR
> to the environment element in the plan and deploy the plan on its own.
>
> Another option is to add your security realm (the "gbean" element in
> the plan below) directly to the Geronimo plan for a WAR or EAR or
> something, and add the login module classes to that component (in
> WEB-INF/lib or in an EJB JAR, etc.). That way the realm would always
> be deployed and undeployed with that module.
>
> Thanks,
> Aaron
>
> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
> <environment>
> <moduleId>
> <artifactId>DatabaseRealm</artifactId>
> </moduleId>
> <dependencies>
> <dependency>
> <groupId>geronimo</groupId>
> <artifactId>j2ee-security</artifactId>
> <type>car</type>
> </dependency>
> </dependencies>
> </environment>
> <gbean name="DatabaseRealm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> <attribute name="realmName">DatabaseRealm</attribute>
> <reference name="ServerInfo">
> <name>ServerInfo</name>
> </reference>
> <reference name="LoginService">
> <name>JaasLoginService</name>
> </reference>
> <xml-reference name="LoginModuleConfiguration">
> <login-config
> xmlns="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
> <login-module control-flag="REQUIRED"
> server-side="true" wrap-principals="false">
> <login-domain-name>DatabaseRealm</login-domain-name>
>
> <login-module-class>com.test.DBLoginModule</login-module-class>
> <option name="...">..</option>
> <option name="...">...</option>
> </login-module>
> </login-config>
> </xml-reference>
> </gbean>
> </module>
>
> On 6/10/06, Sunny Saxena <Sunny_Saxena@infosys.com> wrote:
>>
>>
>> My application deployed under gerenimo, uses JAAS for authentication.
>> The
>> login modules are picked up from a config file, example.conf.
>> Generally in other app servers, I just add the system property,
>>
>> -Djava.security.auth.login.config=etc\example.conf
>>
>> in the java execution path, and it works. But in gerenimo, it is
>> unable to
>> locate any login modules.
>>
>> The Error:
>> javax.security.auth.login.LoginException: No LoginModules
>> configured for example
>>
>> File:
>> example.conf:::
>>
>> example {
>> com.test.DBLoginModule required;
>> }
>>
>> Thanks
>> **************** CAUTION - Disclaimer *****************
>> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
>> solely for the use of the addressee(s). If you are not the intended
>> recipient, please notify the sender by e-mail and delete the original
>> message. Further, you are not to copy, disclose, or distribute this
>> e-mail
>> or its contents to any other person and any such actions are
>> unlawful. This
>> e-mail may contain viruses. Infosys has taken every reasonable
>> precaution to
>> minimize this risk, but is not liable for any damage you may sustain
>> as a
>> result of any virus in this e-mail. You should carry out your own virus
>> checks before opening the e-mail or attachment. Infosys reserves the
>> right
>> to monitor and review the content of all messages sent to or from this
>> e-mail address. Messages sent to or from this e-mail address may be
>> stored
>> on the Infosys e-mail system.
>> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>>
|