geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: security gbean.....
Date Mon, 26 Jun 2006 15:34:24 GMT

On Jun 25, 2006, at 9:02 PM, Alan D. Cabrera wrote:

> Aaron Mulder wrote:
>> A) that's horrible that we turn 3 lines into like 5000 lines.  We  
>> have
>> got to do better!
> We used to be able to read JAAS login configuration files directly  
> w/out using XML.  What happened to that?

I don't remember that capability ever existing.... how did it relate  
to principal wrapping, cient login etc?  Do you have a date in mind  
to excavate code from?

thanks
david jencks

>
> Regards,
> Alan
>>
>> B) in case it wasn't clear from David's response, the "realm-name" is
>> what's normally used to refer to this security realm; your login
>> domain names can be arbitrary, but they must be unique.  I suggest
>> magnolia-authentication and magnolia-authorization.  (If you enable
>> certain advanced features you can use the login domain names in your
>> J2EE role mapping, but it's a bit unusual that you'd want to, and if
>> you did want to, they'd have to have unique names for you to
>> distinguish them.)
>>
>> Thanks,
>>     Aaron
>>
>> On 6/23/06, EricCho@kryos.com <EricCho@kryos.com> wrote:
>>>
>>>
>>>
>>>
>>> Hi all,
>>>
>>> I'm having a problem configuring my security gbean and could use  
>>> a bit of help.
>>>
>>> I have the following jaas.config file:
>>>
>>> magnolia {
>>>   info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
>>>   info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
>>> };
>>> Jackrabbit {
>>>   org.apache.jackrabbit.core.security.SimpleLoginModule required;
>>> };
>>>
>>> And I've translated it into the following gbeans:
>>>
>>>     <gbean name="magnolia"  
>>> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>>>         <attribute name="realmName">magnolia</attribute>
>>>         <reference name="ServerInfo">
>>>             <gbean- 
>>> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/ 
>>> j2ee-system/1.0/ 
>>> car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
>>>         </reference>
>>>         <reference name="LoginService">
>>>             <gbean- 
>>> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/ 
>>> j2ee-security/1.0/ 
>>> car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginServ 
>>> ice</gbean-name>
>>>         </reference>
>>>         <xml-reference name="LoginModuleConfiguration">
>>>             <log:login-config xmlns:log="http:// 
>>> geronimo.apache.org/xml/ns/loginconfig-1.0">
>>>                 <log:login-module control-flag="REQUISITE" server- 
>>> side="true" wrap-principals="false">
>>>                     <log:login-domain-name>magnolia</log:login- 
>>> domain-name>
>>>                     <log:login-module- 
>>> class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModule</ 
>>> log:login-module-class>
>>>                 </log:login-module>
>>>                 <log:login-module control-flag="REQUIRED" server- 
>>> side="true" wrap-principals="false">
>>>                     <log:login-domain-name>magnolia</log:login- 
>>> domain-name>
>>>                     <log:login-module- 
>>> class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule</log:login- 
>>> module-class>
>>>                 </log:login-module>
>>>             </log:login-config>
>>>         </xml-reference>
>>>     </gbean>
>>>
>>>
>>>       <gbean name="Jackrabbit"  
>>> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>>>             <attribute name="realmName">Jackrabbit</attribute>
>>>             <reference name="ServerInfo">
>>>                   <gbean- 
>>> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/ 
>>> j2ee-system/1.0/ 
>>> car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
>>>             </reference>
>>>             <reference name="LoginService">
>>>                   <gbean- 
>>> name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/ 
>>> j2ee-security/1.0/ 
>>> car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginServ 
>>> ice</gbean-name>
>>>             </reference>
>>>
>>>             <xml-reference name="LoginModuleConfiguration">
>>>                   <log:login-config xmlns:log="http:// 
>>> geronimo.apache.org/xml/ns/loginconfig-1.0">
>>>                         <log:login-module control-flag="REQUIRED"  
>>> server-side="true" wrap-principals="false">
>>>                               <log:login-domain-name>Jackrabbit</ 
>>> log:login-domain-name>
>>>                               <log:login-module- 
>>> class>org.apache.jackrabbit.core.security.SimpleLoginModule</ 
>>> log:login-module-class>
>>>                         </log:login-module>
>>>                   </log:login-config>
>>>             </xml-reference>
>>>       </gbean>
>>>
>>>
>>>
>>> The problem I'm currently having is that it's complaining that my  
>>> login-domain-name for both the Authenitciation and Authorization  
>>> modules are the same (magnolia).... but it seems as though it has  
>>> to be according the the jaas.config.  Or am I wrong?
>>> How do I fix this?
>>> Also, if you see something else wrong with this, I'd appreciate  
>>> any pointers.
>>>
>>> Regards,
>>> Eric
>>>
>>>
>


Mime
View raw message