geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Geronimo security question
Date Fri, 31 Oct 2008 15:36:25 GMT
shouldn't

        <principal name="scort" designated-run-as="true"  
class 
="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>


be

        <principal name="spadmin" designated-run-as="true"  
class 
="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>

?

I'd leave out designated-run-as="true"

thanks
david jencks

On Oct 31, 2008, at 2:59 AM, johnxmas wrote:

> Hi David,
>
>
>> Anyway I think what you need to do is:
>>
>> 1. define a properties file login module based security realm,  
>> perhaps
>> by using the admin console.  Lets say you call it my-realm
>> 2. translate the data into property files:
>>
>> my-users.properties:
>> scort=scort
>>
>> my-groups.properties:
>> spadmin=scort
>>
>> 3. put the properties files in the correct location, I'd suggest var/
>> security
>>
>> 4. specify the my-realm security realm in the geronimo web app plan
>> <security-realm>my-realm</security-realm>
>>
>> 5. Include the desired principal-role mapping that maps the spadmin
>> group to the app-specific spadmin role.  There are some instructions
>> on this at the end of http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
>>
>> hope this helps,
>> david jencks
>
> Thanks for your answer. So I did create a realm (BTW, the console is  
> very nice for this item) and the corresponding properties files. I  
> validated that realm. It
> was ok for
> scort  	 
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
> spadmin 	 
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>
> and added to geronmo-web.xml the following
>
>  <security-realm-name>
>    smartpack-realm
>  </security-realm-name>
>
>  <security>
>    <role-mappings>
>      <role role-name="spadim">
>        <principal name="scort" designated-run-as="true"  
> class 
> = 
> "org 
> .apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>      </role>
>    </role-mappings>
>  </security>
>
> But when calling the app, I still get a 403 error: Access to the  
> specified resource () has been forbidden.
>
> What I'm doing wrong ?
>
> Jean-Noël


Mime
View raw message