On Jun 25, 2006, at 9:02 PM, Alan D. Cabrera wrote:
Aaron Mulder wrote:
A) that's horrible that we turn 3 lines into like 5000 lines. We
have
got to do better!
We used to be able to read JAAS login configuration files directly
w/out using XML. What happened to that?
I don't remember that capability ever existing.... how did it relate
to principal wrapping, cient login etc? Do you have a date in mind
to excavate code from?
thanks
david jencks
Regards,
Alan
B) in case it wasn't clear from David's response, the "realm-name" is
what's normally used to refer to this security realm; your login
domain names can be arbitrary, but they must be unique. I suggest
magnolia-authentication and magnolia-authorization. (If you enable
certain advanced features you can use the login domain names in your
J2EE role mapping, but it's a bit unusual that you'd want to, and if
you did want to, they'd have to have unique names for you to
distinguish them.)
Thanks,
Aaron
On 6/23/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi all,
I'm having a problem configuring my security gbean and could use
a bit of help.
I have the following jaas.config file:
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
Jackrabbit {
org.apache.jackrabbit.core.security.SimpleLoginModule required;
};
And I've translated it into the following gbeans:
<gbean name="magnolia"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">magnolia</attribute>
<reference name="ServerInfo">
<gbean-
name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/
j2ee-system/1.0/
car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginService">
<gbean-
name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/
j2ee-security/1.0/
car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginServ
ice</gbean-name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://
geronimo.apache.org/xml/ns/loginconfig-1.0">
<log:login-module control-flag="REQUISITE" server-
side="true" wrap-principals="false">
<log:login-domain-name>magnolia</log:login-
domain-name>
<log:login-module-
class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModule</
log:login-module-class>
</log:login-module>
<log:login-module control-flag="REQUIRED" server-
side="true" wrap-principals="false">
<log:login-domain-name>magnolia</log:login-
domain-name>
<log:login-module-
class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule</log:login-
module-class>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
<gbean name="Jackrabbit"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">Jackrabbit</attribute>
<reference name="ServerInfo">
<gbean-
name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/
j2ee-system/1.0/
car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
</reference>
<reference name="LoginService">
<gbean-
name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/
j2ee-security/1.0/
car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginServ
ice</gbean-name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://
geronimo.apache.org/xml/ns/loginconfig-1.0">
<log:login-module control-flag="REQUIRED"
server-side="true" wrap-principals="false">
<log:login-domain-name>Jackrabbit</
log:login-domain-name>
<log:login-module-
class>org.apache.jackrabbit.core.security.SimpleLoginModule</
log:login-module-class>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
The problem I'm currently having is that it's complaining that my
login-domain-name for both the Authenitciation and Authorization
modules are the same (magnolia).... but it seems as though it has
to be according the the jaas.config. Or am I wrong?
How do I fix this?
Also, if you see something else wrong with this, I'd appreciate
any pointers.
Regards,
Eric
