Something similar to this should work:
public final static String USER_SELECT = "userSelect";
public final static String GROUP_SELECT = "groupSelect";
public final static String CONNECTION_URL = "jdbcURL";
public final static String USER = "jdbcUser";
public final static String PASSWORD = "jdbcPassword";
public final static String DRIVER = "jdbcDriver";
<gbean name="roller-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">roller-realm</attribute>
<xml-reference name="LoginModuleConfiguration">
<lc:login-config
xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig";>
<lc:login-module control-flag="REQUIRED"
server-side="true">
<lc:login-domain-name>roller-sql-realm</lc:login-domain-name>
<lc:login-module-
class>org.apache.geronimo.security.realm.providers.SQLLoginModule</lc:
login-module-class>
<lc:option
name="jdbcDriver">com.mysql.jdbc.Driver</lc:option>
<lc:option
name="jdbcURL">jdbc:mysql://localhost:3306/roller?
autoReconnect=true&useUnicode=true&characterEncoding=utf-8&
mysqlEncoding=utf8</lc:option>
<lc:option name="jdbcUser">roller</lc:option>
<lc:option name="jdbcPassword">roller</lc:option>
<lc:option name="userSelect">SELECT username,
passphrase FROM rolleruser where username = ?</lc:option>
<lc:option name="groupSelect">SELECT rolename,
username FROM userrole where username = ?</lc:option>
</lc:login-module>
</lc:login-config>
</xml-reference>
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module>
<name>ServerInfo</name>
</reference>
<reference name="LoginService">
<module>org/apache/geronimo/Security</module>
<name>JaasLoginService</name>
</reference>
</gbean>
You should definitely check the sql I invented for you.
You will still need to map the group principals to the roles your app
uses. My guess from the name of the table is that the group and role
name will be identical.
Your mapping might look something like this
<sec:security default-role="UNASSIGNED" doas-current-caller="true">
<sec:default-principal>
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipa
l" name="guest"/>
</sec:default-principal>
<sec:role-mappings>
<sec:role role-name="UNASSIGNED">
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipa
l" name="guest" designated-run-as="true"/>
</sec:role>
<sec:role role-name="USER">
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincip
al" name="USER"/>
</sec:role>
<sec:role role-name="ADMIN">
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincip
al" name="ADMIN" designated-run-as="true"/>
</sec:role>
</sec:role-mappings>
</sec:security>
Hope this helps
david jencks
On Nov 10, 2005, at 6:17 AM, Miguel A Paraz wrote:
On 10/20/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
OK, I can verify users against the database using the
SQLLoginModule. I've created a servlet (my first one
ever!) that takes in the user information and stores
it into the same table of the database, and adds an
entry to the groups table, too. They can then go to
the login page, login and they even verify!
Hi,
Sorry but I couldn't figure out how to write a SQLLoginModule
configuration. I'm trying to deploy Roller on Geronimo. The Tomcat
realm configuration, under the specific context, is as follows. What's
the equivalent Geronimo configuration?
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="com.mysql.jdbc.Driver"
connectionURL="jdbc:mysql://localhost:3306/roller?
autoReconnect=true&useUnicode=true&characterEncoding=utf
-8&mysqlEncoding=utf8"
connectionName="roller"
connectionPassword="roller"
userTable="rolleruser"
userNameCol="username"
userCredCol="passphrase"
userRoleTable="userrole"
roleNameCol="rolename" debug="0" />
