geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "johnxmas" <johnx...@free.fr>
Subject Re: Re: Geronimo security question
Date Mon, 03 Nov 2008 08:19:15 GMT
>shouldn't
>
>        <principal name="scort" designated-run-as="true"  
>class 
>="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>
>
>be
>
>        <principal name="spadmin" designated-run-as="true"  
>class 
>="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>
>?
>
>I'd leave out designated-run-as="true"
>
>thanks
>david jencks
>


I tried with 

  <security>
    <role-mappings>
      <role role-name="spadim">
        <principal name="spadim" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
      </role>
    </role-mappings>
  </security>

  <security>
    <role-mappings>
      <role role-name="spadim">
        <principal name="scort" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
      </role>
    </role-mappings>
  </security>



None works !

Jean-Noël


>On Oct 31, 2008, at 2:59 AM, johnxmas wrote:
>
>> Hi David,
>>
>>
>>> Anyway I think what you need to do is:
>>>
>>> 1. define a properties file login module based security realm,  
>>> perhaps
>>> by using the admin console.  Lets say you call it my-realm
>>> 2. translate the data into property files:
>>>
>>> my-users.properties:
>>> scort=scort
>>>
>>> my-groups.properties:
>>> spadmin=scort
>>>
>>> 3. put the properties files in the correct location, I'd suggest var/
>>> security
>>>
>>> 4. specify the my-realm security realm in the geronimo web app plan
>>> <security-realm>my-realm</security-realm>
>>>
>>> 5. Include the desired principal-role mapping that maps the spadmin
>>> group to the app-specific spadmin role.  There are some instructions
>>> on this at the end of http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
>>>
>>> hope this helps,
>>> david jencks
>>
>> Thanks for your answer. So I did create a realm (BTW, the console is  
>> very nice for this item) and the corresponding properties files. I  
>> validated that realm. It
>> was ok for
>> scort  	 
>> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
>> spadmin 	 
>> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>>
>> and added to geronmo-web.xml the following
>>
>>  <security-realm-name>
>>    smartpack-realm
>>  </security-realm-name>
>>
>>  <security>
>>    <role-mappings>
>>      <role role-name="spadim">
>>        <principal name="scort" designated-run-as="true"  
>> class 
>> = 
>> "org 
>> .apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>      </role>
>>    </role-mappings>
>>  </security>
>>
>> But when calling the app, I still get a 403 error: Access to the  
>> specified resource () has been forbidden.
>>
>> What I'm doing wrong ?
>>
>> Jean-Noël
Mime
View raw message