geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bohn <joe.b...@earthlink.net>
Subject Re: Geronimo security question
Date Mon, 03 Nov 2008 14:55:45 GMT
Is the "spadim" (rather than "spadmin") a typo in this email only or is 
it also reflected in your xml?

Joe


johnxmas wrote:
>> shouldn't
>>
>>        <principal name="scort" designated-run-as="true"  
>> class 
>> ="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>
>>
>> be
>>
>>        <principal name="spadmin" designated-run-as="true"  
>> class 
>> ="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>
>> ?
>>
>> I'd leave out designated-run-as="true"
>>
>> thanks
>> david jencks
>>
> 
> 
> I tried with 
> 
>   <security>
>     <role-mappings>
>       <role role-name="spadim">
>         <principal name="spadim" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>       </role>
>     </role-mappings>
>   </security>
> 
>   <security>
>     <role-mappings>
>       <role role-name="spadim">
>         <principal name="scort" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>       </role>
>     </role-mappings>
>   </security>
> 
> 
> 
> None works !
> 
> Jean-Noël
> 
> 
>> On Oct 31, 2008, at 2:59 AM, johnxmas wrote:
>>
>>> Hi David,
>>>
>>>
>>>> Anyway I think what you need to do is:
>>>>
>>>> 1. define a properties file login module based security realm,  
>>>> perhaps
>>>> by using the admin console.  Lets say you call it my-realm
>>>> 2. translate the data into property files:
>>>>
>>>> my-users.properties:
>>>> scort=scort
>>>>
>>>> my-groups.properties:
>>>> spadmin=scort
>>>>
>>>> 3. put the properties files in the correct location, I'd suggest var/
>>>> security
>>>>
>>>> 4. specify the my-realm security realm in the geronimo web app plan
>>>> <security-realm>my-realm</security-realm>
>>>>
>>>> 5. Include the desired principal-role mapping that maps the spadmin
>>>> group to the app-specific spadmin role.  There are some instructions
>>>> on this at the end of http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
>>>>
>>>> hope this helps,
>>>> david jencks
>>> Thanks for your answer. So I did create a realm (BTW, the console is  
>>> very nice for this item) and the corresponding properties files. I  
>>> validated that realm. It
>>> was ok for
>>> scort  	 
>>> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
>>> spadmin 	 
>>> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>>>
>>> and added to geronmo-web.xml the following
>>>
>>>  <security-realm-name>
>>>    smartpack-realm
>>>  </security-realm-name>
>>>
>>>  <security>
>>>    <role-mappings>
>>>      <role role-name="spadim">
>>>        <principal name="scort" designated-run-as="true"  
>>> class 
>>> = 
>>> "org 
>>> .apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>>      </role>
>>>    </role-mappings>
>>>  </security>
>>>
>>> But when calling the app, I still get a 403 error: Access to the  
>>> specified resource () has been forbidden.
>>>
>>> What I'm doing wrong ?
>>>
>>> Jean-Noël


Mime
View raw message