geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Admin Console Access and Security Realm
Date Thu, 19 Feb 2009 20:28:59 GMT

On Feb 19, 2009, at 11:27 AM, Michael2 wrote:

>
> Hi David:
>
> Good suggestions. Thanks.
> I also want confirm that the SQL database security realm is used to
> authenticate application users (not the admin console users) using the
> username and password stored in the Derby or other databases (SQL  
> Server,
> DB2, etc..), Is that right?

When you deploy a security realm you specify a name for it.  These  
form a single flat global namespace.

When you deploy a web app you specify the security realm you want to  
use with the security-ream-name element in your geronimo plan.

The admin console is deployed specifying the security realm name  
"geronimo-admin".  We supply a security realm of that name.  So, if  
you want to use your realm for the admin console, you need to name  
your realm "geronimo-admin" and make sure it is running instead of the  
one we supply.

For your app to use your security realm you just need to make sure the  
names match -- the security realm doesn't need to be "geronimo-admin"  
unless you want to use your realm for the admin console.

Hope this clarifies things :-)
david jencks


>
>
> Thanks again.
>
> Michael
>
>
>
> djencks wrote:
>>
>>
>> On Feb 19, 2009, at 5:31 AM, Michael2 wrote:
>>
>>>
>>> Hello Ying:
>>>
>>> Thank you for the information.
>>>
>>> I am not clear what you said about the SQL database security realm:
>>> "the SQL
>>> database security realm is used to authenticate username and
>>> password from
>>> the built-in Derby database".  Could you explain more?
>>> If we cannot use the realm to authenticate Admin Console users, can
>>> we use
>>> it the authenticate application users?
>>
>> While what Ying said is correct, I don't think it answered your
>> question.  IIUC what you want to do is covered by the instructions
>> here:
>> http://cwiki.apache.org/GMOxDOC22/basic-hints-on-security-configuration.html
>>
>> Note that the admin console is set up to use a security realm named
>> "geronimo-admin" so you have to set up your SQL security realm with
>> that name and disable the realm of that name supplied with geronimo
>> (which will happen when you include the artifact aliases as
>> recommended in the article).
>>
>> hope this helps
>> david jencks
>>
>>>
>>>
>>> Thanks.
>>>
>>> Michael
>>>
>>>
>>> Sophia Tang wrote:
>>>>
>>>> Hi Michael,
>>>>
>>>> As far as I can tell, the SQL database security realm is used to
>>>> authenticate username and password from the built-in Derby
>>>> database, not
>>>> for
>>>> Geronimo admin console.
>>>>
>>>> For changing the username and password for the Administration
>>>> Console,
>>>> you
>>>> can use the *Users and Groups* portlet  in the console.
>>>>
>>>> Please see this page for more details:
>>>> http://cwiki.apache.org/GMOxDOC22/changing-the-username-and-password.html
>>>>
>>>> Hope this helps.
>>>>
>>>>
>>>> Best Regards,
>>>>
>>>> Ying Tang
>>>>
>>>> 2009/2/19 Michael2 <wtistang@yahoo.com>
>>>>
>>>>>
>>>>> I created a new SQL Security Realm, tested and deployed to
>>>>> Geronimo 2.1.3
>>>>> server, but when I reboot the server and try to use the new user
>>>>> name and
>>>>> password defined in the new SQL Security Realm to log into the  
>>>>> admin
>>>>> console, it does not work. I have to use the default user name and
>>>>> password
>>>>> to get in.
>>>>>
>>>>> My question is: can I use the SQL Security Realm for the Admin
>>>>> Console
>>>>> user
>>>>> authentication?
>>>>>
>>>>> Thanks for your help.
>>>>>
>>>>> Michael.
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22093927.html
>>>>> Sent from the Apache Geronimo - Users mailing list archive at
>>>>> Nabble.com.
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> -- 
>>> View this message in context:
>>> http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22100434.html
>>> Sent from the Apache Geronimo - Users mailing list archive at
>>> Nabble.com.
>>>
>>
>>
>>
>
> -- 
> View this message in context: http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22107931.html
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>


Mime
View raw message