geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan D. Cabrera" <l...@toolazydogs.com>
Subject Re: security gbean.....
Date Mon, 26 Jun 2006 04:02:32 GMT
Aaron Mulder wrote:
> A) that's horrible that we turn 3 lines into like 5000 lines.  We have
> got to do better!
We used to be able to read JAAS login configuration files directly w/out 
using XML.  What happened to that?

Regards,
Alan
>
> B) in case it wasn't clear from David's response, the "realm-name" is
> what's normally used to refer to this security realm; your login
> domain names can be arbitrary, but they must be unique.  I suggest
> magnolia-authentication and magnolia-authorization.  (If you enable
> certain advanced features you can use the login domain names in your
> J2EE role mapping, but it's a bit unusual that you'd want to, and if
> you did want to, they'd have to have unique names for you to
> distinguish them.)
>
> Thanks,
>     Aaron
>
> On 6/23/06, EricCho@kryos.com <EricCho@kryos.com> wrote:
>>
>>
>>
>>
>> Hi all,
>>
>> I'm having a problem configuring my security gbean and could use a 
>> bit of help.
>>
>> I have the following jaas.config file:
>>
>> magnolia {
>>   info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
>>   info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
>> };
>> Jackrabbit {
>>   org.apache.jackrabbit.core.security.SimpleLoginModule required;
>> };
>>
>> And I've translated it into the following gbeans:
>>
>>     <gbean name="magnolia" 
>> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>>         <attribute name="realmName">magnolia</attribute>
>>         <reference name="ServerInfo">
>>             
>> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>

>>
>>         </reference>
>>         <reference name="LoginService">
>>             
>> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>

>>
>>         </reference>
>>         <xml-reference name="LoginModuleConfiguration">
>>             <log:login-config 
>> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
>>                 <log:login-module control-flag="REQUISITE" 
>> server-side="true" wrap-principals="false">
>>                     
>> <log:login-domain-name>magnolia</log:login-domain-name>
>>                     
>> <log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModule</log:login-module-class>

>>
>>                 </log:login-module>
>>                 <log:login-module control-flag="REQUIRED" 
>> server-side="true" wrap-principals="false">
>>                     
>> <log:login-domain-name>magnolia</log:login-domain-name>
>>                     
>> <log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule</log:login-module-class>

>>
>>                 </log:login-module>
>>             </log:login-config>
>>         </xml-reference>
>>     </gbean>
>>
>>
>>       <gbean name="Jackrabbit" 
>> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>>             <attribute name="realmName">Jackrabbit</attribute>
>>             <reference name="ServerInfo">
>>                   
>> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>

>>
>>             </reference>
>>             <reference name="LoginService">
>>                   
>> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>

>>
>>             </reference>
>>
>>             <xml-reference name="LoginModuleConfiguration">
>>                   <log:login-config 
>> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0">
>>                         <log:login-module control-flag="REQUIRED" 
>> server-side="true" wrap-principals="false">
>>                               
>> <log:login-domain-name>Jackrabbit</log:login-domain-name>
>>                               
>> <log:login-module-class>org.apache.jackrabbit.core.security.SimpleLoginModule</log:login-module-class>

>>
>>                         </log:login-module>
>>                   </log:login-config>
>>             </xml-reference>
>>       </gbean>
>>
>>
>>
>> The problem I'm currently having is that it's complaining that my 
>> login-domain-name for both the Authenitciation and Authorization 
>> modules are the same (magnolia).... but it seems as though it has to 
>> be according the the jaas.config.  Or am I wrong?
>> How do I fix this?
>> Also, if you see something else wrong with this, I'd appreciate any 
>> pointers.
>>
>> Regards,
>> Eric
>>
>>


Mime
View raw message