Currently in Geronimo, we could not use JVM's JAAS configuration, for it is replaced with Geronimo's security realm.

2008/11/8 Markku Saarela <>
Here is configuration documentation:

After read this documentation i thought that i do not need to use jaas, but now i realize that there is jaas available and in geronimo-ra.xml i found element <container-managed-security /> so i'm actually using container managed security.

So how to configure that (geronimo documentation is little bit confusing)?

- markku

David Jencks wrote:
Could you point to some documentation on the JCARepositoryHandle  and the ra.xml for this connector?

For container managed security you need to use something like the plugins/connector/geronimo-connector/src/main/java/org/apache/geronimo/connector/outbound/security/ which you can deploy in a JAAS configuration using the

Since you are trying to supply the credentials in what appears to be a "get connection" call I wonder if you actually want container managed security?

david jencks

On Nov 7, 2008, at 11:17 PM, Markku Saarela wrote:


Jackrabbit 1.4 (1.4.1 core)  JCA deployed to Geronimo 2.1.1. Web application or ejb session bean  failed with repository login. InitialContext lookup find Repository but calling repository.login( new SimpleCredentials( "system", "manager".toCharArray() ) ); method results exception:

Caused by: javax.resource.ResourceException: No subject for container managed security
    at org.apache.geronimo.connector.outbound.SubjectInterceptor.getConnection(SubjectIntercepto
    at org.apache.geronimo.connector.outbound.ConnectionHandleInterceptor.getConnection(Connecti
    at org.apache.geronimo.connector.outbound.TCCLInterceptor.getConnection(
    at org.apache.geronimo.connector.outbound.ConnectionTrackingInterceptor.getConnection(Connec
    at org.apache.geronimo.connector.outbound.AbstractConnectionManager.allocateConnection(Abstr
    at org.apache.jackrabbit.jca.JCARepositoryHandle.login(

So how to configure Geronimo to provide subject to connector?