If you're getting paid by the line, turning 3 lines into 5000 is sheer genius. If you were to fail to document them, so that no one could understand your code, you might get a Presidential Medal of Freedom.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Mulder Sent: Saturday, June 24, 2006 4:22 AM To: [email protected] Subject: Re: security gbean..... A) that's horrible that we turn 3 lines into like 5000 lines. We have got to do better! B) in case it wasn't clear from David's response, the "realm-name" is what's normally used to refer to this security realm; your login domain names can be arbitrary, but they must be unique. I suggest magnolia-authentication and magnolia-authorization. (If you enable certain advanced features you can use the login domain names in your J2EE role mapping, but it's a bit unusual that you'd want to, and if you did want to, they'd have to have unique names for you to distinguish them.) Thanks, Aaron On 6/23/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > > Hi all, > > I'm having a problem configuring my security gbean and could use a bit of help. > > I have the following jaas.config file: > > magnolia { > info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite; > info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; }; > Jackrabbit { > org.apache.jackrabbit.core.security.SimpleLoginModule required; }; > > And I've translated it into the following gbeans: > > <gbean name="magnolia" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> > <attribute name="realmName">magnolia</attribute> > <reference name="ServerInfo"> > <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e e-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbe an-name> > </reference> > <reference name="LoginService"> > <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e e-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=Ja asLoginService</gbean-name> > </reference> > <xml-reference name="LoginModuleConfiguration"> > <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0";> > <log:login-module control-flag="REQUISITE" server-side="true" wrap-principals="false"> > <log:login-domain-name>magnolia</log:login-domain-name> > <log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModul e</log:login-module-class> > </log:login-module> > <log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false"> > <log:login-domain-name>magnolia</log:login-domain-name> > <log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule </log:login-module-class> > </log:login-module> > </log:login-config> > </xml-reference> > </gbean> > > > <gbean name="Jackrabbit" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> > <attribute name="realmName">Jackrabbit</attribute> > <reference name="ServerInfo"> > <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e e-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbe an-name> > </reference> > <reference name="LoginService"> > <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2e e-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=Ja asLoginService</gbean-name> > </reference> > > <xml-reference name="LoginModuleConfiguration"> > <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0";> > <log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false"> > <log:login-domain-name>Jackrabbit</log:login-domain-name> > <log:login-module-class>org.apache.jackrabbit.core.security.SimpleLoginM odule</log:login-module-class> > </log:login-module> > </log:login-config> > </xml-reference> > </gbean> > > > > The problem I'm currently having is that it's complaining that my login-domain-name for both the Authenitciation and Authorization modules are the same (magnolia).... but it seems as though it has to be according the the jaas.config. Or am I wrong? > How do I fix this? > Also, if you see something else wrong with this, I'd appreciate any pointers. > > Regards, > Eric > >
