Return-Path: 
 <user-return-3884-apmail-geronimo-user-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-user-archive@www.apache.org
Received: (qmail 47873 invoked from network); 24 Jun 2006 18:49:33 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 24 Jun 2006 18:49:33 -0000
Received: (qmail 91707 invoked by uid 500); 24 Jun 2006 18:49:32 -0000
Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org
Received: (qmail 91668 invoked by uid 500); 24 Jun 2006 18:49:31 -0000
Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:user-help@geronimo.apache.org>
list-unsubscribe: <mailto:user-unsubscribe@geronimo.apache.org>
List-Post: <mailto:user@geronimo.apache.org>
Reply-To: user@geronimo.apache.org
List-Id: <user.geronimo.apache.org>
Delivered-To: mailing list user@geronimo.apache.org
Received: (qmail 91657 invoked by uid 99); 24 Jun 2006 18:49:31 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Jun 2006 11:49:31 -0700
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: neutral (asf.osuosl.org: local policy)
Received: from [192.249.46.191] (HELO mail2.utc.com) (192.249.46.191)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Jun 2006 11:49:30 -0700
Received: (from uucp@localhost)
	by mail2.utc.com (8.10.0/8.10.0) id k5OImhL22701
	for <user@geronimo.apache.org>; Sat, 24 Jun 2006 14:48:43 -0400 (EDT)
Received: from uusmna04.utc.com(159.82.218.169) by mail2.utc.com via csmap
 (V6.0)
	id srcAAA4ka4uS; Sat, 24 Jun 06 14:48:42 -0400
Received: from PWR-XCH-01.pwrutc.com ([172.19.128.44])
	by uusmna04.utc.com (Switch-3.1.8/Switch-3.1.0) with ESMTP id k5OIn7IZ028728
	for <user@geronimo.apache.org>; Sat, 24 Jun 2006 14:49:08 -0400 (EDT)
Received: from PWR-XCH-02.pwrutc.com ([172.19.128.42]) by
 PWR-XCH-01.pwrutc.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Sat, 24 Jun 2006 11:49:02 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: security gbean.....
Date: Sat, 24 Jun 2006 11:49:02 -0700
Message-ID: <29C45885D653D543A9B62CB419AA3C227383AE@PWR-XCH-02.pwrutc.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: security gbean.....
Thread-Index: AcaXgHaefdl5RZOaRmqpZpww2cq7GAAPiaMg
From: "Clough, Ray C             PWR" <Ray.Clough@pwr.utc.com>
To: <user@geronimo.apache.org>
X-OriginalArrivalTime: 24 Jun 2006 18:49:02.0337 (UTC)
 FILETIME=[DC5E0F10:01C697BE]
X-TM-AS-Product-Ver: SMEX-7.0.0.1345-3.52.1006-14526.000
X-TM-AS-Result: No--48.900000-8.000000-31
X-Scanned-By: MIMEDefang 2.51 on 159.82.218.169
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

If you're getting paid by the line, turning 3 lines into 5000 is sheer
genius.  If you were to fail to document them, so that no one could
understand your code, you might get a Presidential Medal of Freedom.

=20

-----Original Message-----
From: ammulder@gmail.com [mailto:ammulder@gmail.com] On Behalf Of Aaron
Mulder
Sent: Saturday, June 24, 2006 4:22 AM
To: user@geronimo.apache.org
Subject: Re: security gbean.....

A) that's horrible that we turn 3 lines into like 5000 lines.  We have
got to do better!

B) in case it wasn't clear from David's response, the "realm-name" is
what's normally used to refer to this security realm; your login domain
names can be arbitrary, but they must be unique.  I suggest
magnolia-authentication and magnolia-authorization.  (If you enable
certain advanced features you can use the login domain names in your
J2EE role mapping, but it's a bit unusual that you'd want to, and if you
did want to, they'd have to have unique names for you to distinguish
them.)

Thanks,
     Aaron

On 6/23/06, EricCho@kryos.com <EricCho@kryos.com> wrote:
>
>
>
>
> Hi all,
>
> I'm having a problem configuring my security gbean and could use a bit
of help.
>
> I have the following jaas.config file:
>
> magnolia {
>   info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
>   info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; };=20
> Jackrabbit {
>   org.apache.jackrabbit.core.security.SimpleLoginModule required; };
>
> And I've translated it into the following gbeans:
>
>     <gbean name=3D"magnolia"
class=3D"org.apache.geronimo.security.realm.GenericSecurityRealm">
>         <attribute name=3D"realmName">magnolia</attribute>
>         <reference name=3D"ServerInfo">
>
<gbean-name>geronimo.server:J2EEApplication=3Dnull,J2EEModule=3Dgeronimo/=
j2e
e-system/1.0/car,J2EEServer=3Dgeronimo,j2eeType=3DGBean,name=3DServerInfo=
</gbe
an-name>
>         </reference>
>         <reference name=3D"LoginService">
>
<gbean-name>geronimo.server:J2EEApplication=3Dnull,J2EEModule=3Dgeronimo/=
j2e
e-security/1.0/car,J2EEServer=3Dgeronimo,j2eeType=3DJaasLoginService,name=
=3DJa
asLoginService</gbean-name>
>         </reference>
>         <xml-reference name=3D"LoginModuleConfiguration">
>             <log:login-config
xmlns:log=3D"http://geronimo.apache.org/xml/ns/loginconfig-1.0">
>                 <log:login-module control-flag=3D"REQUISITE"
server-side=3D"true" wrap-principals=3D"false">
>
<log:login-domain-name>magnolia</log:login-domain-name>
>
<log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModul
e</log:login-module-class>
>                 </log:login-module>
>                 <log:login-module control-flag=3D"REQUIRED"
server-side=3D"true" wrap-principals=3D"false">
>
<log:login-domain-name>magnolia</log:login-domain-name>
>
<log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule
</log:login-module-class>
>                 </log:login-module>
>             </log:login-config>
>         </xml-reference>
>     </gbean>
>
>
>       <gbean name=3D"Jackrabbit"
class=3D"org.apache.geronimo.security.realm.GenericSecurityRealm">
>             <attribute name=3D"realmName">Jackrabbit</attribute>
>             <reference name=3D"ServerInfo">
>
<gbean-name>geronimo.server:J2EEApplication=3Dnull,J2EEModule=3Dgeronimo/=
j2e
e-system/1.0/car,J2EEServer=3Dgeronimo,j2eeType=3DGBean,name=3DServerInfo=
</gbe
an-name>
>             </reference>
>             <reference name=3D"LoginService">
>
<gbean-name>geronimo.server:J2EEApplication=3Dnull,J2EEModule=3Dgeronimo/=
j2e
e-security/1.0/car,J2EEServer=3Dgeronimo,j2eeType=3DJaasLoginService,name=
=3DJa
asLoginService</gbean-name>
>             </reference>
>
>             <xml-reference name=3D"LoginModuleConfiguration">
>                   <log:login-config
xmlns:log=3D"http://geronimo.apache.org/xml/ns/loginconfig-1.0">
>                         <log:login-module control-flag=3D"REQUIRED"
server-side=3D"true" wrap-principals=3D"false">
>
<log:login-domain-name>Jackrabbit</log:login-domain-name>
>
<log:login-module-class>org.apache.jackrabbit.core.security.SimpleLoginM
odule</log:login-module-class>
>                         </log:login-module>
>                   </log:login-config>
>             </xml-reference>
>       </gbean>
>
>
>
> The problem I'm currently having is that it's complaining that my
login-domain-name for both the Authenitciation and Authorization modules
are the same (magnolia).... but it seems as though it has to be
according the the jaas.config.  Or am I wrong?
> How do I fix this?
> Also, if you see something else wrong with this, I'd appreciate any
pointers.
>
> Regards,
> Eric
>
>