Return-Path: Delivered-To: apmail-geronimo-user-archive@www.apache.org Received: (qmail 67778 invoked from network); 23 Feb 2011 08:16:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 23 Feb 2011 08:16:37 -0000 Received: (qmail 77177 invoked by uid 500); 23 Feb 2011 08:16:36 -0000 Delivered-To: apmail-geronimo-user-archive@geronimo.apache.org Received: (qmail 76718 invoked by uid 500); 23 Feb 2011 08:16:33 -0000 Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: user@geronimo.apache.org List-Id: Delivered-To: mailing list user@geronimo.apache.org Received: (qmail 76711 invoked by uid 99); 23 Feb 2011 08:16:32 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Feb 2011 08:16:32 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [98.136.44.63] (HELO smtp108.prem.mail.sp1.yahoo.com) (98.136.44.63) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 23 Feb 2011 08:16:27 +0000 Received: (qmail 51615 invoked from network); 23 Feb 2011 08:16:06 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=DKIM-Signature:Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:From:Mime-Version:Content-Type:Subject:Date:In-Reply-To:To:References:Message-Id:X-Mailer; b=PytvQqhl78Cf/rBFI99hXEx1I1LnUegH38p5Uq4HZIW8Fe61E9zgqVggbsvLlnHJgiMIsUuRQDcTEnzg6k9zEzT8TlGCRZXUZX8P5hjJBjowJvpo2OFclhBRdsVVdKVOcW/VHEuxFj50yxaT0GFiwd6MIi5X3+8JGNOtRemYCjs= ; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1298448966; bh=wQ7ohifeIJDQDcZmP05pU6oplVkUn3cCljO1R+CIKu4=; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:From:Mime-Version:Content-Type:Subject:Date:In-Reply-To:To:References:Message-Id:X-Mailer; b=pQLqcF+E4U2GscEWsZbNi8OsrPfo/rpfdCN/wAnPZBVTYloWYQ99tLt7zgkp6j3KsM2YokPbHdnIdK1wubWa0mGMP7KRAbJUx7Zi6Qij608LfqOjPcfbsxbYa+0dQT02PN5O6xbwrnJbS02fza1Op0/GyflxEkKGxppcXHJZ2BM= Received: from [10.0.1.147] (david_jencks@76.76.148.215 with plain) by smtp108.prem.mail.sp1.yahoo.com with SMTP; 23 Feb 2011 00:16:05 -0800 PST X-Yahoo-SMTP: .9oIUzyswBANsYgUm_5uPui0skTnzGJXJQ-- X-YMail-OSG: 2LEUv5QVM1l5v7kSGzex_y2mvubx5jbi6QjPOqrkBMjgUE1 K5vbMinfUuKSGwe4eZrFm692vOYGk0PDHuwG_A8rKC_kSfqB.kKPmcfHiV1w UCsK9ssCbnsYnSUOIGTX492C52qDGzwORRJ7v6Z59Xdfizg407ZOp1Zv07Ud vbj1JAgI5wKoxZQVyhtnZ_nJrgC0LZMqMEf1cMJTVDFxwBgosdvZGD6iJHGf SxoX7YcYdP8opmyhCoRwV1wwxFQNSOU4xA27Imu8JqQCsCVd3PqxJbUC.65U t9p.ecprsZR3WzK1OVa07ozt7Whxu0Vw- X-Yahoo-Newman-Property: ymail-3 From: David Jencks Mime-Version: 1.0 (Apple Message framework v1082) Content-Type: multipart/alternative; boundary=Apple-Mail-30-166700097 Subject: Re: Any example on how to implement a programmatic login with geronimo security? Date: Wed, 23 Feb 2011 00:16:03 -0800 In-Reply-To: <4D64B3BA.7050705@weberhofer.at> To: user@geronimo.apache.org References: <4D614F41.3060000@online.de> <4D61B144.1030202@weberhofer.at> <70536C6A-1773-42C4-AD6A-22F1F75A8078@yahoo.com> <4D629F2C.3060204@weberhofer.at> <606D9D73-4E68-48AB-8286-3A253E33640C@yahoo.com> <4D64B3BA.7050705@weberhofer.at> Message-Id: <0E2F3BFD-4408-4375-B0D8-99CA0A93475D@yahoo.com> X-Mailer: Apple Mail (2.1082) --Apple-Mail-30-166700097 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Andreas, I'm not sure why getUserPrincipal() is returning null. isUserInRole(rolename) ought to work. Have you defined your roles in = web.xml and mapped them to principals in the geronimo plan? There's a lot going on behind the scenes with built in authentication. = In particular form authentication keeps track of the authenticated = subject for you by storing it in the session. If you don't want to = imitate basic login and authenticate on every request you will need to = do the same. hope this helps david jencks On Feb 22, 2011, at 11:14 PM, Andreas Bohnert wrote: > hello david, >=20 > thank you again! It's working now. kind of .. ;) > With global=3Dtrue I can login now, but in subsequent requests the = subject is not available anymore. I also can not use = request.getUserPrincipal() at anytime. >=20 > so this I do in one request: >=20 > LoginContext lc =3D = org.apache.geronimo.security.ContextManager.login("my_security_realm", = this); > = org.apache.geronimo.security.ContextManager.registerSubject(lc.getSubject(= )); > = org.apache.geronimo.security.ContextManager.setCallers(lc.getSubject(), = lc.getSubject()); >=20 > // this one is successful in the same request > Subject sub =3D = org.apache.geronimo.security.ContextManager.getCurrentCaller(); >=20 > // this one is NOT successfull, even in the same request > Principal principal =3D request.getUserPrincipal(); > =20 > in a subsequent requests both = ContextManager.getCurrentCaller/ContextManager.getCallers().getCurrentCall= er() and request.getUserPrincipal return NULL or an empty Array; >=20 > Is there something else I have to take care of? > Do I have to register the user somehow before I can use = request.getUserPrincipal?=20 >=20 > What I want to do is: > - configure the realm with geronimo administration console > - use my own login form, pass the login data to jaas api or a geronimo = implementation, verify the login data > - on each request check if the user is in role and access the users = name >=20 > regards, > Andreas >=20 > =20 >> David Jencks >> 22. Februar 2011 00:59 >>=20 >> Hi Andreas, >>=20 >> I think (but haven't checked) that if you do this kind of programatic = use of a named security realm you have to mark the realm true. IIRC the built in code does some more = lookup to find the actual login Configuration object for a non-global = realm and you probably don't want to mess with that unless you need = several realms all with the same name for different apps. >>=20 >> thanks >> david jencks >>=20 >>=20 >>=20 >>=20 >> Andreas Bohnert >> 22. Februar 2011 00:21 >>=20 >> hello david, >>=20 >> thanks for you quick response! >> the servlet 3.0 implementation seems to be a much nicer approach. but = at the moment I stuck with geronimo 2.2. >>=20 >> > LoginContext lc =3D = org.apache.geronimo.security.ContextManager.login(realm, = callbackHandler); >> > ContextManager.registerSubject(lc.getSubject()); >> > ContextManager.setCallers(lc.getSubject(), lc,getSubject()); >>=20 >> that is what I wanted to know. thanks. >> unfortunately I get an exception when I try this. the exception says = that there are no LoginModules configured for the given realm. >>=20 >> I created the realm according to this document: >> https://cwiki.apache.org/GMOxDOC22/database-sql-realm.html >> I tested the realm, it's working. >>=20 >> As far as I understand, if I create a realm with the geronimo = adminstration console, the realm is fully configured and I can reference = the realm in my war without further configuration: >>=20 >> LoginContext lc =3D = org.apache.geronimo.security.ContextManager.login("my_security_realm", = this); >>=20 >> because this was not working ( ... no LoginModules configured for the = given realm ...), I also tried to add deployment plan of this realm to = my ear (geronimo-application.xml). but still I get the exception. >>=20 >> so my deployment plan for my realm look like this: >> >> >> >> console.realm >> my_security_realm >> 1.0 >> car >> >> >> >> org.apache.geronimo.framework >> j2ee-security >> car >> >> >> console.dbpool >> SecurityDatabasePool >> 1.0 >> car >> >> >> >> >> my_security_realm >> false >> >> ServerInfo >> >> >> >> >> = eusoda_security_realm >> = org.apache.geronimo.security.realm.providers.SQLLo= ginModule >> select username, = groupname from groups where username=3D? >> null >> select username, = password from users where username=3D? >> SecurityDatabasePool >> >> >> = eusoda_security_realm-Audit= >> = org.apache.geronimo.security.realm.providers.FileA= uditLoginModule >> var/log/security_log.log >> >> >> >> >> >>=20 >> if I put this plan in my ear, the geronimo-application.xml look like = this: >>=20 >> >> >> >> >> test >> test-geronimo >> 1.0 >> ear >> >> >> >> = org.apache.geronimo.framework >> j2ee-security >> car >> >> >> console.dbpool >> SecurityDatabasePool >> 1.0 >> car >> >> >> >> >> my_security_realm >> false >> >> ServerInfo >> >> >> >> >> = my_security_realm >> = org.apache.geronimo.security.realm.providers.SQLLo= ginModule >> select username, = groupname from groups where username=3D? >> null >> select username, = password from users where username=3D? >> SecurityDatabasePool >> >> >> = eusoda_security_realm-Audit= >> = org.apache.geronimo.security.realm.providers.FileA= uditLoginModule >> var/log/eusoda_security_log.log >> >> >> >> >> =20 >> >>=20 >> for my war I added this to geronimo-web.xml : >>=20 >> = my_security_realm >> >> >> >> >> >> >> >> >>=20 >> What am I'm doing wrong? >>=20 >> regards, >> Andreas >>=20 >>=20 >>=20 >>=20 >>=20 >> David Jencks >> 21. Februar 2011 08:10 >>=20 >> It's not entirely clear what you want to do. >>=20 >> The documentation you point to is still fairly accurate but not = really relevant IIUC. >>=20 >> In servlet 3.0 (implemented in geronimo 3.0, not yet released but = this part is working), there are new methods on HttpServletRequest where = you can either force a login (e.g. form or basic) that has been = otherwise configured for the web app or login using username and = password you have collected yourself somehow. After this login all = container managed security will work just as if the user had tried to = access a protected resource and been logged in automatically. >>=20 >> Before servlet 3.0 you can always get some credentials and login but = the resulting subject won't automatically be known to the container and = container managed security won't work at all unless you do something to = register the result. >>=20 >> I think I've given some advice on how to do this on the user list in = the past. IIRC you want to do something like >>=20 >> LoginContext lc =3D = org.apache.geronimo.security.ContextManager.login(realm, = callbackHandler); >> ContextManager.registerSubject(lc.getSubject()); >> ContextManager.setCallers(lc.getSubject(), lc,getSubject()); >> //do work >>=20 >> ContextManager.clearCallers(); >> ContextManager.unregisterSubject(lc.getSubject()); >> lc.logout(); >>=20 >> hope this helps >> david jencks >>=20 >> . >>=20 >> Andreas Bohnert >> 21. Februar 2011 07:26 >>=20 >> dear list,=20 >>=20 >> there is an example (time report) on how to configure a form based = login (j_security_check) but how am I'm doing a programmatic login with = geronimo?=20 >> I can not find any references on how to do this with geronimo 2.x=20 >>=20 >> I found this, but I wonder if it is still up to date:=20 >> http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html=20 >>=20 >> If the above documentation is obsolet:=20 >> Do I need to write a login-config.xm and how does it look like?=20 >> Are there any callbackhandler implementations that I can pass to a = LoginContext?=20 >>=20 >> Any help is very much appreciated.=20 >>=20 >> Andreas=20 >>=20 >>=20 >> Andreas Bohnert >> 21. Februar 2011 00:28 >>=20 >> dear list,=20 >>=20 >> there is an example (time report) on how to configure a form based = login (j_security_check) but how am I'm doing a programmatic login with = geronimo?=20 >> I can not find any references on how to do this with geronimo 2.x=20 >>=20 >> I found this:=20 >> http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html=20 >> Is this still up to date?=20 >>=20 >> If the documentation is obsolet:=20 >> Do I need to write a login-config.xm and how does it look like?=20 >> Are there any callbackhandler implementations that I can pass to a = LoginContext?=20 >>=20 >> Any help is very much appreciated.=20 >>=20 >> Andreas=20 >>=20 >=20 --Apple-Mail-30-166700097 Content-Type: multipart/related; type="text/html"; boundary=Apple-Mail-31-166700098 --Apple-Mail-31-166700098 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii Hi Andreas,

I'm not sure why getUserPrincipal() is returning null.

isUserInRole(rolename) ought to work.  Have you defined your roles in web.xml and mapped them to principals in the geronimo plan?

There's a lot going on behind the scenes with built in authentication.  In particular form authentication keeps track of the authenticated subject for you by storing it in the session.  If you don't want to imitate basic login and authenticate on every request you will need to do the same.

hope this helps
david jencks

On Feb 22, 2011, at 11:14 PM, Andreas Bohnert wrote:

hello david,

thank you again! It's working now. kind of .. ;)
With global=true I can login now, but in subsequent requests the subject is not available anymore. I also can not use request.getUserPrincipal() at anytime.

so this I do in one request:

            LoginContext lc  = org.apache.geronimo.security.ContextManager.login("my_security_realm", this);
            org.apache.geronimo.security.ContextManager.registerSubject(lc.getSubject());
            org.apache.geronimo.security.ContextManager.setCallers(lc.getSubject(), lc.getSubject());

            // this one is successful in the same request
            Subject sub = org.apache.geronimo.security.ContextManager.getCurrentCaller();

            // this one is NOT successfull, even in the same request
            Principal principal  = request.getUserPrincipal();
           
in a subsequent requests both ContextManager.getCurrentCaller/ContextManager.getCallers().getCurrentCaller() and request.getUserPrincipal return NULL or an empty Array;

Is there something else I have to take care of?
Do I have to register the user somehow before I can use request.getUserPrincipal?

What I want to do is:
- configure the realm with geronimo administration console
- use my own login form, pass the login data to jaas api or a geronimo implementation, verify the login data
- on each request check if the user is in role and access the users name

regards,
Andreas

 
David Jencks
22. Februar 2011 00:59

Hi Andreas,

I think (but haven't checked) that if you do this kind of programatic use of a named security realm you have to mark the realm <attribute name="global">true</attribute>.  IIRC the built in code does some more lookup to find the actual login Configuration object for a non-global realm and you probably don't want to mess with that unless you need several realms all with the same name for different apps.

thanks
david jencks




Andreas Bohnert
22. Februar 2011 00:21

hello david,

thanks for you quick response!
the servlet 3.0 implementation seems to be a much nicer approach. but at the moment I stuck with geronimo 2.2.

> LoginContext lc = org.apache.geronimo.security.ContextManager.login(realm, callbackHandler);
> ContextManager.registerSubject(lc.getSubject());
> ContextManager.setCallers(lc.getSubject(), lc,getSubject());

that is what I wanted to know. thanks.
unfortunately I get an exception when I try this. the exception says that there are no LoginModules configured for the given realm.

I created the realm according to this document:
https://cwiki.apache.org/GMOxDOC22/database-sql-realm.html
I tested the realm, it's working.

As far as I understand, if I create a realm with the geronimo adminstration console, the realm is fully configured and I can reference the realm in my war without further configuration:

LoginContext lc  = org.apache.geronimo.security.ContextManager.login("my_security_realm", this);

because this was not working ( ... no LoginModules configured for the given realm ...), I also tried to add deployment plan of this realm to my ear (geronimo-application.xml). but still I get the exception.

so my deployment plan for my realm look like this:
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>my_security_realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.framework</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
            <dependency>
                <groupId>console.dbpool</groupId>
                <artifactId>SecurityDatabasePool</artifactId>
                <version>1.0</version>
                <type>car</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="my_security_realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">my_security_realm</attribute>
        <attribute name="global">false</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>eusoda_security_realm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
                    <log:option name="groupSelect">select username, groupname from groups where username=?</log:option>
                    <log:option name="dataSourceApplication">null</log:option>
                    <log:option name="userSelect">select username, password from users where username=?</log:option>
                    <log:option name="dataSourceName">SecurityDatabasePool</log:option>
                </log:login-module>
                <log:login-module control-flag="OPTIONAL" wrap-principals="false">
                    <log:login-domain-name>eusoda_security_realm-Audit</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
                    <log:option name="file">var/log/security_log.log</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>

if I put this plan in my ear, the geronimo-application.xml look like this:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<app:application xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0" xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2" xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0" xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2" xmlns:pers="http://java.sun.com/xml/ns/persistence" xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1" application-name="test-geronimo">
    <dep:environment>
        <dep:moduleId>
            <dep:groupId>test</dep:groupId>
            <dep:artifactId>test-geronimo</dep:artifactId>
            <dep:version>1.0</dep:version>
            <dep:type>ear</dep:type>
        </dep:moduleId>
        <dep:dependencies>
            <dep:dependency>
                <dep:groupId>org.apache.geronimo.framework</dep:groupId>
                <dep:artifactId>j2ee-security</dep:artifactId>
                <dep:type>car</dep:type>
            </dep:dependency>
            <dep:dependency>
                <dep:groupId>console.dbpool</dep:groupId>
                <dep:artifactId>SecurityDatabasePool</dep:artifactId>
                <dep:version>1.0</dep:version>
                <dep:type>car</dep:type>
            </dep:dependency>
     </dep:dependencies>
    </dep:environment>
    <dep:gbean name="my_security_realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <dep:attribute name="realmName">my_security_realm</dep:attribute>
        <dep:attribute name="global">false</dep:attribute>
        <dep:reference name="ServerInfo">
            <dep:name>ServerInfo</dep:name>
        </dep:reference>
        <dep:xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>my_security_realm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
                    <log:option name="groupSelect">select username, groupname from groups where username=?</log:option>
                    <log:option name="dataSourceApplication">null</log:option>
                    <log:option name="userSelect">select username, password from users where username=?</log:option>
                    <log:option name="dataSourceName">SecurityDatabasePool</log:option>
                </log:login-module>
                <log:login-module control-flag="OPTIONAL" wrap-principals="false">
                    <log:login-domain-name>eusoda_security_realm-Audit</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
                    <log:option name="file">var/log/eusoda_security_log.log</log:option>
                </log:login-module>
            </log:login-config>
        </dep:xml-reference>
    </dep:gbean>
   
</app:application>

for my war I added this to geronimo-web.xml :

    <web:security-realm-name>my_security_realm</web:security-realm-name>
     <sec:security>
        <sec:role-mappings>
            <sec:role role-name="admin">
                <sec:principal name="administrators"  class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" />
                <sec:principal name="root" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
            </sec:role>
        </sec:role-mappings>
    </sec:security>

What am I'm doing wrong?

regards,
Andreas





David Jencks
21. Februar 2011 08:10

It's not entirely clear what you want to do.

The documentation you point to is still fairly accurate but not really relevant IIUC.

In servlet 3.0 (implemented in geronimo 3.0, not yet released but this part is working), there are new methods on HttpServletRequest where you can either force a login (e.g. form or basic) that has been otherwise configured for the web app or login using username and password you have collected yourself somehow. After this login all container managed security will work just as if the user had tried to access a protected resource and been logged in automatically.

Before servlet 3.0 you can always get some credentials and login but the resulting subject won't automatically be known to the container and container managed security won't work at all unless you do something to register the result.

I think I've given some advice on how to do this on the user list in the past. IIRC you want to do something like

LoginContext lc = org.apache.geronimo.security.ContextManager.login(realm, callbackHandler);
ContextManager.registerSubject(lc.getSubject());
ContextManager.setCallers(lc.getSubject(), lc,getSubject());
//do work

ContextManager.clearCallers();
ContextManager.unregisterSubject(lc.getSubject());
lc.logout();

hope this helps
david jencks

.

Andreas Bohnert
21. Februar 2011 07:26

dear list,

there is an example (time report) on how to configure a form based login (j_security_check) but how am I'm doing a programmatic login with geronimo?
I can not find any references on how to do this with geronimo 2.x

I found this, but I wonder if it is still up to date:
http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html

If the above documentation is obsolet:
Do I need to write a login-config.xm and how does it look like?
Are there any callbackhandler implementations that I can pass to a LoginContext?

Any help is very much appreciated.

Andreas


Andreas Bohnert
21. Februar 2011 00:28

dear list,

there is an example (time report) on how to configure a form based login (j_security_check) but how am I'm doing a programmatic login with geronimo?
I can not find any references on how to do this with geronimo 2.x

I found this:
http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html
Is this still up to date?

If the documentation is obsolet:
Do I need to write a login-config.xm and how does it look like?
Are there any callbackhandler implementations that I can pass to a LoginContext?

Any help is very much appreciated.

Andreas



--Apple-Mail-31-166700098 Content-Transfer-Encoding: base64 Content-Disposition: inline; filename=compose-unknown-contact.jpg Content-Type: image/jpeg; x-apple-mail-type=stationery; name="compose-unknown-contact.jpg" Content-Id: /9j/4AAQSkZJRgABAQEARwBHAAD/4QCARXhpZgAATU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUA AAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAAbyAAAAGQAA BvIAAAAZAAKgAgAEAAAAAQAAAB2gAwAEAAAAAQAAAB0AAAAA/9sAQwABAQEBAQEBAQEBAQEBAQEB AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB/9sAQwEBAQEB AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB AQEB/8AAEQgAHQAdAwERAAIRAQMRAf/EAB8AAAEFAQEBAQEBAAAAAAAAAAABAgMEBQYHCAkKC//E ALUQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJ ChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeI iYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq 8fLz9PX29/j5+v/EAB8BAAMBAQEBAQEBAQEAAAAAAAABAgMEBQYHCAkKC//EALURAAIBAgQEAwQH BQQEAAECdwABAgMRBAUhMQYSQVEHYXETIjKBCBRCkaGxwQkjM1LwFWJy0QoWJDThJfEXGBkaJico KSo1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoKDhIWGh4iJipKTlJWWl5iZ mqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uLj5OXm5+jp6vLz9PX29/j5+v/a AAwDAQACEQMRAD8A/uY8A+AfAt54F8F3l54L8JXV3deEvDlzdXVz4c0ee4ubifR7OWe4uJ5bN5Zp ppXaSWWRmkkkZndixJIB5N8QfF/w48MapfaBoXwt8FahqWnyiC6vL7w3oy2EU+zdJEkFvZrPctGW VXPn24Dh05K5oA7z4a/8Ky+IWn3cw+G/g3TdS02SKO+sj4d0Odds6s0NxBKdOjZ4ZDHIuGTfG6FX J3IzAHi/7UXhzw94f/4Qb+wdB0bRPtf/AAk32v8AsjS7HTftXkf8I/5H2j7HBD53k+dN5XmbvL82 XZjzHyAfWXw4/wCSeeA/+xM8L/8ApjsaAPjX4jaFf6b418RR3pR5LvUrnUopVKgTW+oSvcwSEKPk co+JE/gkDKCygMQD2v8AZ60W5trfxDrMq7be6ktNPtm+U+a9sJZrog53hY/PgXJXa7s4BLRuAAcL +1z/AM0+/wC5r/8AdaoA9R0/xzceGvAfgDTrHT1ub2fwB4UukuJ3P2WFZNJhhAaKPEszhoCxXzIl wyneeRQB4tqtve61qF1qmoyefeXkplmk8oKCxAAVFHCIihURRwqqBz1oA7rwf4z1rwjaJpkVtb3+ lrPLP9nlWSGeMzHdIsFyhZUVnBfEkEwDM+MAgAA4f9pzV4td0r4Z6rDDJbpdr4wPkzFTJG8M/h+3 kUlThh5kTlG4LIVYqpJUAHPWHx70OHRvD2l6n8Of7Un0DQNJ0BL7/hL7uy+0RaVapbrN9mt9HKRe c4km8syTNH5nlmaQIGoAn/4X34T/AOiU/wDl86l/8p6AD/hffhP/AKJT/wCXzqX/AMp6APPfib8T bT4gWnhmxsfDP/CN2vhv+2fKi/tmXWPtH9sS2Ez/ADzWFnJF5Ulk7fM8/mefgeUsQDgH/9k= --Apple-Mail-31-166700098-- --Apple-Mail-30-166700097--