Hi Michael2,

I tried out a couple of things this morning and got distracted before replying.

First of all I expect you got a stack trace in the console when you started your new security realm from the admin console.... for some reason this error is not showing up in the admin console.  See https://issues.apache.org/jira/browse/GERONIMO-4553

As long as you know the admin console is not reflecting reality here you should be able to work around this bug.

Anyway, you have to assure that there is only one security realm named geronimo-admin trying to start at any one time.  So for yours to start, you need to shut off the built-in one.  However there are several essential services configured in the security-config plugin so unless you actually copy the security-config project and build a plugin you should keep the security-config plugin running and just turn off the security-realm gbean.

I did this by editing the var/config/config.xml file so it looked like:

    <module name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car">
<gbean name="geronimo-admin" load="false"/>
    </module>

(you will have to use the correct version, IIRC 2.1.2 rather than 2.2-SNAPSHOT)

The last module in config.xml is 

    <module name="console.realm/geronimo-admin/1.0/car"/>

since the admin console tried to start the module.

For quick testing I set up a new properties file realm using the admin console with a new "admin" user rather than "system" and verified that "admin" could log in but "system" could not, so I think it is working OK.

I do recommend that for production use you set up a maven project to build a complete replacement security-config plugin with your security realm in it.

Hope this helps and that I haven't left out too many steps this time :-)
david jencks




On Feb 24, 2009, at 6:45 AM, Michael2 wrote:


Hello David:

Yes, I still have problems.

First of all, I appreciate your help very much. Please bear with me. I just
want to learn from the Geronimo experts like you to see how to replace the
default Properties File Realm with the Database (SQL) Realm. Following your
suggestions, I created a Derby SQL Realm with the same name as the default
Realm “geronimo-admin”, I tested it successfully and deployed it. Now I can
see two “geronimo-admin” Realms listed on the Security Realms list. Then I
stopped the Geronimo server and modified the “artifact_aliases.properties”
file on the Geronimo \var\config directory as:
……
org.apache.geronimo.framework/server-security-config//car=console.realm/geronimo-admin/1.0/car
……
org.apache.geronimo.framework/server-security-config/2.1.2/car=console.realm/geronimo-admin/1.0/car
……
org.apache.geronimo.framework/server-security-config/2.1/car=console.realm/geronimo-admin/1.0/car
……
org.apache.geronimo.framework/server-security-config/2.1.1/car=console.realm/geronimo-admin/1.0/car
……
After that, I re-started Geronimo server and tried to log into the admin
console with the user name/password I had tested in the SQL Realm, I got a
“Invalided Username and/or Password!” error. The system default user name
and password is still working.

I am using Geronimo 2.1.3, is it an issue or is there something else I need
to do to make it work?

Thanks.

Michael


djencks wrote:

Hi Michael,

I guess the documentation wasn't too clear about what to do if you  
aren't building your security realm as a plugin.  Generally you never  
want to update an installed plugin in place (in repository).  I've  
updated the docs here

http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration

(should get to
http://cwiki.apache.org/GMOxDOC22/basic-hints-on-security-configuration.html
soon)

Please let us know if this is still not clear or you still have problems

thanks!
david jencks


On Feb 23, 2009, at 3:44 PM, Michael2 wrote:


Hi David:

I followed your suggestion and created a new SQL security realm named
"geronimo-admin". I also updated the geronimo-plugin.xml under the
C:\Geronimo-2.1.3\repository\org\apache\geronimo\framework\server-
security-config\2.1.3\server-security-config-2.1.3.car\META-INF
directory from

      <artifact-alias
key="org.apache.geronimo.framework/server-security-config//
car">org.apache.geronimo.framework/server-security-config/2.1.3/car</
artifact-alias>
      <artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.2/
car">org.apache.geronimo.framework/server-security-config/2.1.3/car</
artifact-alias>
      <artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.1/
car">org.apache.geronimo.framework/server-security-config/2.1.3/car</
artifact-alias>
      <artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1/
car">org.apache.geronimo.framework/server-security-config/2.1.3/car</
artifact-alias>

to:
      <artifact-alias
key="org.apache.geronimo.framework/server-security-config//
car">console.realm/geronimo-admin/1.0/car</artifact-alias>
      <artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.2/
car">console.realm/geronimo-admin/1.0/car</artifact-alias>
      <artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.1/
car">console.realm/geronimo-admin/1.0/car</artifact-alias>
      <artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1/
car">console.realm/geronimo-admin/1.0/car</artifact-alias>


When I re-start the Geronimo server, I still cannot log into the Admin
console with the new user id and password I created in the database  
and have
to use the default system/manager to get in. Do I miss anything?

Thanks.

Michael
--
View this message in context:
http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22172803.html
Sent from the Apache Geronimo - Users mailing list archive at  
Nabble.com.





--
View this message in context: http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22181064.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.