Yeah! :-D
Thanks for getting notifies fixed David Blevins!
Heh. And thanks for the doc David Jencks! ;-)
--kevan
On May 20, 2008, at 12:14 AM, [EMAIL PROTECTED] wrote:
Page Created : GMOxDOC21 : Basic Hints on Security Configuration
Basic Hints on Security Configuration has been created by David
Jencks (May 19, 2008).
Content:
Where is the security configuration?
In a normal geronimo server the basic security configuration is
divided into two plugins, j2ee-security and server-security-config.
The stuff you are not too likely to want to change such as the jacc
provider and keystore manager are in j2ee-security. The stuff that
you are almost certain to want to change is in server-security
config. For instance the toy properties file security realm for the
admin console is in server-security-config.
So I have an enterprise wide authentication system.... how do I set
it up for all my apps?
You want to replace server-security-config with your own geronimo
plugin (see plugin-infrastructure) that contains a security realm
customized for your security setup (e.g. ldap), and includes
whatever keystores you need. To make your plugin replace all uses of
server-security-config, you need to include an artifact-alias
element in your geronimo-plugin.xml file.
<artifact-alias key="org.apache.geronimo.framework/server-security-
config/2.2-SNAPSHOT/car">com.myco/myco-security-config/1.0/car</
artifact-alias>
<artifact-alias key="org.apache.geronimo.framework/server-security-
config//car">com.myco/myco-security-config/1.0/car</artifact-alias>
or if you save time and effort and use maven with the car-maven-
plugin you'd include this in your car-maven-plugin configuration in
your pom.xml.
Note that if you want the admin console and MEJB to continue working
without redeployment you have to include a security realm named
geronimo-admin that supplies appropriate users with principals of
class
org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
and names (as appropriate) admin (for console and MEJB read access)
and mejbadmin (for MEJB write access).
As with any geronimo plugin, you can include any jars in the
plugin's classloader by installing the jars in the geronimo
repository and listing them as dependencies in the geronimo plan.
The car-maven-plugin can be used to make the geronimo dependencies
the same as the maven dependencies and to have plugin installation
also install all the needed jars.
Who needs enterprise-wide? I want my app to include its own security
setup!
You can also include security realm configuration, keystores, and
credential stores in your geronimo plan for your application. Just
put the gbean configurations at the end after the javaee specific
configuration. In this case you may not want to remove the standard
server-security-config as removing it would prevent the admin
console or mejb from starting.
Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07,
2006) - Bug/feature request
Unsubscribe or edit your notifications preferences
