geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "johnxmas" <johnx...@free.fr>
Subject Re: Re: Geronimo security question
Date Fri, 31 Oct 2008 09:59:14 GMT
Hi David,


>Anyway I think what you need to do is:
>
>1. define a properties file login module based security realm, perhaps  
>by using the admin console.  Lets say you call it my-realm
>2. translate the data into property files:
>
>my-users.properties:
>scort=scort
>
>my-groups.properties:
>spadmin=scort
>
>3. put the properties files in the correct location, I'd suggest var/ 
>security
>
>4. specify the my-realm security realm in the geronimo web app plan   
><security-realm>my-realm</security-realm>
>
>5. Include the desired principal-role mapping that maps the spadmin  
>group to the app-specific spadmin role.  There are some instructions  
>on this at the end of http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
>
>hope this helps,
>david jencks

Thanks for your answer. So I did create a realm (BTW, the console is very nice for this item)
and the corresponding properties files. I validated that realm. It
was ok for
scort  	org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
spadmin 	org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal

and added to geronmo-web.xml the following

  <security-realm-name>
    smartpack-realm
  </security-realm-name>
  
  <security>
    <role-mappings>
      <role role-name="spadim">
        <principal name="scort" designated-run-as="true" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
      </role>
    </role-mappings>
  </security>

But when calling the app, I still get a 403 error: Access to the specified resource () has
been forbidden.

What I'm doing wrong ?

Jean-Noël
Mime
View raw message