Return-Path: 
 <user-return-7722-apmail-geronimo-user-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-user-archive@www.apache.org
Received: (qmail 3262 invoked from network); 24 Sep 2007 16:20:49 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 24 Sep 2007 16:20:49 -0000
Received: (qmail 70913 invoked by uid 500); 24 Sep 2007 16:20:33 -0000
Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org
Received: (qmail 70893 invoked by uid 500); 24 Sep 2007 16:20:33 -0000
Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:user-help@geronimo.apache.org>
list-unsubscribe: <mailto:user-unsubscribe@geronimo.apache.org>
List-Post: <mailto:user@geronimo.apache.org>
Reply-To: user@geronimo.apache.org
List-Id: <user.geronimo.apache.org>
Delivered-To: mailing list user@geronimo.apache.org
Received: (qmail 70882 invoked by uid 99); 24 Sep 2007 16:20:33 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Sep 2007 09:20:33 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [69.147.102.68] (HELO smtp105.plus.mail.re1.yahoo.com)
 (69.147.102.68)
    by apache.org (qpsmtpd/0.29) with SMTP; Mon, 24 Sep 2007 16:20:34 +0000
Received: (qmail 66072 invoked from network); 24 Sep 2007 16:20:13 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Received:X-YMail-OSG:Mime-Version:In-Reply-To:References:Content-Type:Message-Id:Content-Transfer-Encoding:From:Subject:Date:To:X-Mailer;
  b=eQMZm8MFDS0EVM1v0qa0eCvcGVC4/fTPp9Xw0n160xTKCQMpSqy+A3rvfvVO5ZdQGLw6wE8pHmmyKgpqDjqSYha/N9FyUeZ0BoVbKTTC8c7Xn2xG9uwR9/I1J/HpHM6bM2HZJohC6C90zEb2etL31wn0JX2SauyM8T8Zxd64jP4=
  ;
Received: from unknown (HELO ?192.168.1.100?) (david_jencks@68.166.239.104
 with plain)
  by smtp105.plus.mail.re1.yahoo.com with SMTP; 24 Sep 2007 16:20:12 -0000
X-YMail-OSG: 
 l4FC1WMVM1k6eRbcmivwX.vn_K5Sy1yuKazPzoua8.ggRnTI95iqc1_sq5a7MWOXGUtrxdlJkA--
Mime-Version: 1.0 (Apple Message framework v752.3)
In-Reply-To: 
 <20070924090052.181451e9c2a7ebbcd6ae28cea81146c8.8d9047390c.wbe@email.secureserver.net>
References: 
 <20070924090052.181451e9c2a7ebbcd6ae28cea81146c8.8d9047390c.wbe@email.secureserver.net>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <99870357-E7C6-4A39-907E-642AFC306580@yahoo.com>
Content-Transfer-Encoding: 7bit
From: David Jencks <david_jencks@yahoo.com>
Subject: Re: EAR Security Realm Configuration
Date: Mon, 24 Sep 2007 12:20:09 -0400
To: user@geronimo.apache.org
X-Mailer: Apple Mail (2.752.3)
X-Virus-Checked: Checked by ClamAV on apache.org


On Sep 24, 2007, at 12:00 PM, Mark Aufdencamp wrote:

> Thanks for the quick reply David.
>
> If I understand you, I need to have a <security-realm-name> section
> defined in each webapps geronimo-web.xml without a <security> section
> defined, and then have a <security> section defined in the EAR.  This
> would mean no changes to the web.xml for either app.  Where does  
> this go
> in the EAR?  The geronimo-application.xml? I'll check on the syntax:)

yes, the geronimo-application.xml.  You can put the <security>  
element in any place it's allowed, but you can only have one of  
them.  I suggested the ear for symmetry among the wars, but picking  
one war will also work fine.
>
> For future reference, do all the EAR's webapps need to utilize the  
> same
> realm, or can each webapp have its own relm?

Each webapp can use its own realm.

thanks
david jencks

>
>> -------- Original Message --------
>> Subject: Re: EAR Security Realm Configuration
>> From: David Jencks <david_jencks@yahoo.com>
>> Date: Mon, September 24, 2007 11:31 am
>> To: user@geronimo.apache.org
>>
>> you only specify the security configuration itself once per ear.  For
>> each web-app you specify the security-realm that comes right before
>> the security configuration.  You might put the security element at
>> the top level of the ear plan rather than in one or the other web app
>> plan.
>>
>> hope this helps
>> david jencks
>>
>> On Sep 24, 2007, at 11:02 AM, Mark Aufdencamp wrote:
>>
>>> Hi All,
>>>
>>> I'm having a slight problem with a security realm in an EAR.  I
>>> have two
>>> webapps that I would like to authenticate via a container managed  
>>> FORM
>>> Auth, webapp and webappadmin.  I have the webapp realm functioning
>>> without any issues.  Of course, I cut and pasted from webapp to
>>> webappadmin and attempted to deploy.  This resulted in a commom
>>> deployment exception - "Only one security configuration allowed per
>>> application".
>>>
>>> What's the proper approach to resolving this?
>>>
>>> Can I use/Do I need a second realm for the second web  
>>> application?  As
>>> in a 1-1 correspondence between the app and the realm.
>>>
>>> If not how do I properly configuring the second app to utilize the
>>> realm?  Is there someway to define it in the EAR for both web apps?
>>>
>>> TIA
>>>
>>> Mark Aufdencamp
>>> Mark@Aufdencamp.com
>>>
>