geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Admin Console Access and Security Realm
Date Tue, 24 Feb 2009 23:56:09 GMT
Hi Michael2,

I tried out a couple of things this morning and got distracted before  
replying.

First of all I expect you got a stack trace in the console when you  
started your new security realm from the admin console.... for some  
reason this error is not showing up in the admin console.  See https://issues.apache.org/jira/browse/GERONIMO-4553

As long as you know the admin console is not reflecting reality here  
you should be able to work around this bug.

Anyway, you have to assure that there is only one security realm named  
geronimo-admin trying to start at any one time.  So for yours to  
start, you need to shut off the built-in one.  However there are  
several essential services configured in the security-config plugin so  
unless you actually copy the security-config project and build a  
plugin you should keep the security-config plugin running and just  
turn off the security-realm gbean.

I did this by editing the var/config/config.xml file so it looked like:

     <module name="org.apache.geronimo.framework/server-security- 
config/2.2-SNAPSHOT/car">
<gbean name="geronimo-admin" load="false"/>
     </module>

(you will have to use the correct version, IIRC 2.1.2 rather than 2.2- 
SNAPSHOT)

The last module in config.xml is

     <module name="console.realm/geronimo-admin/1.0/car"/>

since the admin console tried to start the module.

For quick testing I set up a new properties file realm using the admin  
console with a new "admin" user rather than "system" and verified that  
"admin" could log in but "system" could not, so I think it is working  
OK.

I do recommend that for production use you set up a maven project to  
build a complete replacement security-config plugin with your security  
realm in it.

Hope this helps and that I haven't left out too many steps this time :-)
david jencks




On Feb 24, 2009, at 6:45 AM, Michael2 wrote:

>
> Hello David:
>
> Yes, I still have problems.
>
> First of all, I appreciate your help very much. Please bear with me.  
> I just
> want to learn from the Geronimo experts like you to see how to  
> replace the
> default Properties File Realm with the Database (SQL) Realm.  
> Following your
> suggestions, I created a Derby SQL Realm with the same name as the  
> default
> Realm “geronimo-admin”, I tested it successfully and deployed it.  
> Now I can
> see two “geronimo-admin” Realms listed on the Security Realms list.  
> Then I
> stopped the Geronimo server and modified the  
> “artifact_aliases.properties”
> file on the Geronimo \var\config directory as:
> ……
> org.apache.geronimo.framework/server-security-config// 
> car=console.realm/geronimo-admin/1.0/car
> ……
> org.apache.geronimo.framework/server-security-config/2.1.2/ 
> car=console.realm/geronimo-admin/1.0/car
> ……
> org.apache.geronimo.framework/server-security-config/2.1/ 
> car=console.realm/geronimo-admin/1.0/car
> ……
> org.apache.geronimo.framework/server-security-config/2.1.1/ 
> car=console.realm/geronimo-admin/1.0/car
> ……
> After that, I re-started Geronimo server and tried to log into the  
> admin
> console with the user name/password I had tested in the SQL Realm, I  
> got a
> “Invalided Username and/or Password!” error. The system default user  
> name
> and password is still working.
>
> I am using Geronimo 2.1.3, is it an issue or is there something else  
> I need
> to do to make it work?
>
> Thanks.
>
> Michael
>
>
> djencks wrote:
>>
>> Hi Michael,
>>
>> I guess the documentation wasn't too clear about what to do if you
>> aren't building your security realm as a plugin.  Generally you never
>> want to update an installed plugin in place (in repository).  I've
>> updated the docs here
>>
>> http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration
>>
>> (should get to
>> http://cwiki.apache.org/GMOxDOC22/basic-hints-on-security-configuration.html
>> soon)
>>
>> Please let us know if this is still not clear or you still have  
>> problems
>>
>> thanks!
>> david jencks
>>
>>
>> On Feb 23, 2009, at 3:44 PM, Michael2 wrote:
>>
>>>
>>> Hi David:
>>>
>>> I followed your suggestion and created a new SQL security realm  
>>> named
>>> "geronimo-admin". I also updated the geronimo-plugin.xml under the
>>> C:\Geronimo-2.1.3\repository\org\apache\geronimo\framework\server-
>>> security-config\2.1.3\server-security-config-2.1.3.car\META-INF
>>> directory from
>>>
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config//
>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>> car</
>>> artifact-alias>
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config/2.1.2/
>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>> car</
>>> artifact-alias>
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config/2.1.1/
>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>> car</
>>> artifact-alias>
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config/2.1/
>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>> car</
>>> artifact-alias>
>>>
>>> to:
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config//
>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config/2.1.2/
>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config/2.1.1/
>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>       <artifact-alias
>>> key="org.apache.geronimo.framework/server-security-config/2.1/
>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>
>>>
>>> When I re-start the Geronimo server, I still cannot log into the  
>>> Admin
>>> console with the new user id and password I created in the database
>>> and have
>>> to use the default system/manager to get in. Do I miss anything?
>>>
>>> Thanks.
>>>
>>> Michael
>>> -- 
>>> View this message in context:
>>> http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22172803.html
>>> Sent from the Apache Geronimo - Users mailing list archive at
>>> Nabble.com.
>>>
>>
>>
>>
>
> -- 
> View this message in context: http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22181064.html
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>


Mime
View raw message