geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From govinda <baskar.govi...@gmail.com>
Subject Re: Admin Console Access and Security Realm
Date Fri, 27 Mar 2009 14:25:15 GMT

Hi All,

I was able to replace default realm(geronimo-admin) with ldap
realm(geronimo-admin) as David described, my ldap realm has user name
"admin" instead of system. I can shutdown application server with ldap user
admin/password without an issue but I could not access console url
http://hostname:8080/console, I get 403 error access forbidden and I think
that Principal user name "admin" or Role name is not set for console
application. How I do make it work?

Thanks
Baskar Govinda



djencks wrote:
> 
> Hi Michael2,
> 
> I tried out a couple of things this morning and got distracted before  
> replying.
> 
> First of all I expect you got a stack trace in the console when you  
> started your new security realm from the admin console.... for some  
> reason this error is not showing up in the admin console.  See
> https://issues.apache.org/jira/browse/GERONIMO-4553
> 
> As long as you know the admin console is not reflecting reality here  
> you should be able to work around this bug.
> 
> Anyway, you have to assure that there is only one security realm named  
> geronimo-admin trying to start at any one time.  So for yours to  
> start, you need to shut off the built-in one.  However there are  
> several essential services configured in the security-config plugin so  
> unless you actually copy the security-config project and build a  
> plugin you should keep the security-config plugin running and just  
> turn off the security-realm gbean.
> 
> I did this by editing the var/config/config.xml file so it looked like:
> 
>      <module name="org.apache.geronimo.framework/server-security- 
> config/2.2-SNAPSHOT/car">
> <gbean name="geronimo-admin" load="false"/>
>      </module>
> 
> (you will have to use the correct version, IIRC 2.1.2 rather than 2.2- 
> SNAPSHOT)
> 
> The last module in config.xml is
> 
>      <module name="console.realm/geronimo-admin/1.0/car"/>
> 
> since the admin console tried to start the module.
> 
> For quick testing I set up a new properties file realm using the admin  
> console with a new "admin" user rather than "system" and verified that  
> "admin" could log in but "system" could not, so I think it is working  
> OK.
> 
> I do recommend that for production use you set up a maven project to  
> build a complete replacement security-config plugin with your security  
> realm in it.
> 
> Hope this helps and that I haven't left out too many steps this time :-)
> david jencks
> 
> 
> 
> 
> On Feb 24, 2009, at 6:45 AM, Michael2 wrote:
> 
>>
>> Hello David:
>>
>> Yes, I still have problems.
>>
>> First of all, I appreciate your help very much. Please bear with me.  
>> I just
>> want to learn from the Geronimo experts like you to see how to  
>> replace the
>> default Properties File Realm with the Database (SQL) Realm.  
>> Following your
>> suggestions, I created a Derby SQL Realm with the same name as the  
>> default
>> Realm “geronimo-admin”, I tested it successfully and deployed it.  
>> Now I can
>> see two “geronimo-admin” Realms listed on the Security Realms list.  
>> Then I
>> stopped the Geronimo server and modified the  
>> “artifact_aliases.properties”
>> file on the Geronimo \var\config directory as:
>> ……
>> org.apache.geronimo.framework/server-security-config// 
>> car=console.realm/geronimo-admin/1.0/car
>> ……
>> org.apache.geronimo.framework/server-security-config/2.1.2/ 
>> car=console.realm/geronimo-admin/1.0/car
>> ……
>> org.apache.geronimo.framework/server-security-config/2.1/ 
>> car=console.realm/geronimo-admin/1.0/car
>> ……
>> org.apache.geronimo.framework/server-security-config/2.1.1/ 
>> car=console.realm/geronimo-admin/1.0/car
>> ……
>> After that, I re-started Geronimo server and tried to log into the  
>> admin
>> console with the user name/password I had tested in the SQL Realm, I  
>> got a
>> “Invalided Username and/or Password!” error. The system default user  
>> name
>> and password is still working.
>>
>> I am using Geronimo 2.1.3, is it an issue or is there something else  
>> I need
>> to do to make it work?
>>
>> Thanks.
>>
>> Michael
>>
>>
>> djencks wrote:
>>>
>>> Hi Michael,
>>>
>>> I guess the documentation wasn't too clear about what to do if you
>>> aren't building your security realm as a plugin.  Generally you never
>>> want to update an installed plugin in place (in repository).  I've
>>> updated the docs here
>>>
>>> http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration
>>>
>>> (should get to
>>> http://cwiki.apache.org/GMOxDOC22/basic-hints-on-security-configuration.html
>>> soon)
>>>
>>> Please let us know if this is still not clear or you still have  
>>> problems
>>>
>>> thanks!
>>> david jencks
>>>
>>>
>>> On Feb 23, 2009, at 3:44 PM, Michael2 wrote:
>>>
>>>>
>>>> Hi David:
>>>>
>>>> I followed your suggestion and created a new SQL security realm  
>>>> named
>>>> "geronimo-admin". I also updated the geronimo-plugin.xml under the
>>>> C:\Geronimo-2.1.3\repository\org\apache\geronimo\framework\server-
>>>> security-config\2.1.3\server-security-config-2.1.3.car\META-INF
>>>> directory from
>>>>
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config//
>>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>>> car</
>>>> artifact-alias>
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config/2.1.2/
>>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>>> car</
>>>> artifact-alias>
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config/2.1.1/
>>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>>> car</
>>>> artifact-alias>
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config/2.1/
>>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ 
>>>> car</
>>>> artifact-alias>
>>>>
>>>> to:
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config//
>>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config/2.1.2/
>>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config/2.1.1/
>>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>>       <artifact-alias
>>>> key="org.apache.geronimo.framework/server-security-config/2.1/
>>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias>
>>>>
>>>>
>>>> When I re-start the Geronimo server, I still cannot log into the  
>>>> Admin
>>>> console with the new user id and password I created in the database
>>>> and have
>>>> to use the default system/manager to get in. Do I miss anything?
>>>>
>>>> Thanks.
>>>>
>>>> Michael
>>>> -- 
>>>> View this message in context:
>>>> http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22172803.html
>>>> Sent from the Apache Geronimo - Users mailing list archive at
>>>> Nabble.com.
>>>>
>>>
>>>
>>>
>>
>> -- 
>> View this message in context:
>> http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22181064.html
>> Sent from the Apache Geronimo - Users mailing list archive at  
>> Nabble.com.
>>
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22742725.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.


Mime
View raw message