geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "johnxmas" <johnx...@free.fr>
Subject Re: Re: Geronimo security question
Date Tue, 04 Nov 2008 11:31:32 GMT
Hi all,

>Is the "spadim" (rather than "spadmin") a typo in this email only or is 
>it also reflected in your xml?
>
>Joe
>
>


Shame on me ! Yes, there was a typo. Once corrected, it worked with (as David had suggested)
:


   <security>
     <role-mappings>
       <role role-name="spadmin">
         <principal name="spadmin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
       </role>
     </role-mappings>
   </security>


Thanks a lot for your help

Jean-Noël







>johnxmas wrote:
>>> shouldn't
>>>
>>>        <principal name="scort" designated-run-as="true"  
>>> class 
>>> ="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>>
>>>
>>> be
>>>
>>>        <principal name="spadmin" designated-run-as="true"  
>>> class 
>>> ="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>>
>>> ?
>>>
>>> I'd leave out designated-run-as="true"
>>>
>>> thanks
>>> david jencks
>>>
>> 
>> 
>> I tried with 
>> 
>>   <security>
>>     <role-mappings>
>>       <role role-name="spadim">
>>         <principal name="spadim" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>       </role>
>>     </role-mappings>
>>   </security>
>> 
>>   <security>
>>     <role-mappings>
>>       <role role-name="spadim">
>>         <principal name="scort" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>       </role>
>>     </role-mappings>
>>   </security>
>> 
>> 
>> 
>> None works !
>> 
>> Jean-Noël
>> 
>> 
>>> On Oct 31, 2008, at 2:59 AM, johnxmas wrote:
>>>
>>>> Hi David,
>>>>
>>>>
>>>>> Anyway I think what you need to do is:
>>>>>
>>>>> 1. define a properties file login module based security realm,  
>>>>> perhaps
>>>>> by using the admin console.  Lets say you call it my-realm
>>>>> 2. translate the data into property files:
>>>>>
>>>>> my-users.properties:
>>>>> scort=scort
>>>>>
>>>>> my-groups.properties:
>>>>> spadmin=scort
>>>>>
>>>>> 3. put the properties files in the correct location, I'd suggest var/
>>>>> security
>>>>>
>>>>> 4. specify the my-realm security realm in the geronimo web app plan
>>>>> <security-realm>my-realm</security-realm>
>>>>>
>>>>> 5. Include the desired principal-role mapping that maps the spadmin
>>>>> group to the app-specific spadmin role.  There are some instructions
>>>>> on this at the end of http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
>>>>>
>>>>> hope this helps,
>>>>> david jencks
>>>> Thanks for your answer. So I did create a realm (BTW, the console is  
>>>> very nice for this item) and the corresponding properties files. I  
>>>> validated that realm. It
>>>> was ok for
>>>> scort  	 
>>>> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
>>>> spadmin 	 
>>>> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>>>>
>>>> and added to geronmo-web.xml the following
>>>>
>>>>  <security-realm-name>
>>>>    smartpack-realm
>>>>  </security-realm-name>
>>>>
>>>>  <security>
>>>>    <role-mappings>
>>>>      <role role-name="spadim">
>>>>        <principal name="scort" designated-run-as="true"  
>>>> class 
>>>> = 
>>>> "org 
>>>> .apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>>>      </role>
>>>>    </role-mappings>
>>>>  </security>
>>>>
>>>> But when calling the app, I still get a 403 error: Access to the  
>>>> specified resource () has been forbidden.
>>>>
>>>> What I'm doing wrong ?
>>>>
>>>> Jean-Noël
>
>
>
Mime
View raw message