geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carver <carver...@gmail.com>
Subject Re: JOSSO with Geronimo
Date Tue, 18 Sep 2007 14:59:28 GMT

Yes, I can configure the josso login module in a geronimo security realm with
no problems. such as following deployment plan:
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
    <environment>
        <moduleId>
            <groupId>console</groupId>
            <artifactId>josso-realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>geronimo</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
            <dependency>
                <groupId>geronimo</groupId>
                <artifactId>tomcat</artifactId>
                <type>car</type>
            </dependency>
            <dependency>
                <groupId>josso</groupId>
                <artifactId>josso-core</artifactId>
                <version>1.5</version>
            </dependency>
            <dependency>
                <groupId>josso</groupId>
                <artifactId>josso-plugin</artifactId>
                <version>1.5</version>
            </dependency>
            <dependency>
                <groupId>tomcat</groupId>
                <artifactId>catalina</artifactId>
                <version>5.5.15</version>
            </dependency>
            <dependency>
                <groupId>tomcat</groupId>
                <artifactId>catalina-optional</artifactId>
                <version>5.5.15</version>
            </dependency>
            <dependency>
                <groupId>geronimo</groupId>
                <artifactId>geronimo-tomcat</artifactId>
                <version>1.1.1</version>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="josso"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
        <attribute name="realmName">josso</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <reference name="LoginService">
            <name>JaasLoginService</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
                <log:login-module control-flag="REQUIRED" server-side="true"
wrap-principals="false">
                    <log:login-domain-name>josso</log:login-domain-name>
                   
<log:login-module-class>org.josso.tc55.agent.jaas.SSOGatewayLoginModule</log:login-module-class>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>

It can be deployed successfully, but I don't think it can works. Also, I am
not quite clear how the generic security realm works with the custom login
module. I look into the GenericSecurityRealm source code, I didn't see any
code related the the authentication (only a getDefaultPrincipal method).

Over all, I would like to use the Tomcat Relam so that I can reuse the
Tomcat Agent code provided by JOSSO.

Here is the JOSSO developer suggestion for implementing the plugin:
http://sourceforge.net/forum/message.php?msg_id=2786451

Any suggestions?


djencks wrote:
> 
> I looked at the JOSSO documentation really quickly and think that  
> there won't be an advantage to using the tomcat realm rather than the  
> default jacc based realm.  I think you can configure the josso login  
> module in a geronimo security realm with no problems.  The only  
> possible tricky parts  are installing the JOSSO valve and running the  
> josso agent.  There are instructions available somewhere on how to  
> install a valve in geronimo-tomcat.  I don't understand from the docs  
> if you are supposed to run a separate agent: if so you will probably  
> have to write a gbean to start/stop it.
> 
> hope this overly brief comment is of some help...
> 
> david jencks
> 

-- 
View this message in context: http://www.nabble.com/JOSSO-with-Geronimo-tf4430200s134.html#a12758822
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.


Mime
View raw message