Hi Mark,
Which version of Geronimo are you using? The "digest=..." option is
supported in 1.2 and not in any previous versions.
Regarding the security constraints, you will typically define one group per
role for each the roles defined in web.xml and use a GeronimoGroupPrincipal
with the group name in the role-mapping section of geronimo-web.xml . The
role-mapping section in your geronimo-web.xml will look similar to the
following:
<security>
<role-mappings>
<role role-name="admin"> <!-- This role-name is defined in
web.xml -->
<principal class="
org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin-group"/> <!-- This value in the name attribute is from group
mapping in your JDBC realm, i.e., from the entries in groups table. -->
</role>
</role-mappings>
</security>
Let me know if this helps or if you need more details.
Vamsi
On 12/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi All. A relatively novice geronimo user here. i'm woking on using a
security realm to define access in a web application. I've successfully
installed geronimo (tomcat web container), configured a database pool to
a MySQL database, and configured a JDBC Realm to the databse pool that
succesfully authenticated at the completion of the security realm
wizard.
I have my Security Roles and Constraints along with the Login-Config
defined in my web.xml. I'm kind of lost on how the app roles defined
in the web.xml and the roles defined in the user role table get tied
together in the geronimo-web.xml. Can someone point me to a
tutorial/documentation on this? I've looked in the geronimo
docmentation without success. Also, I've been following the IBM
DeveloperWorks articles on this, but they don't cover this aspect.
Additionally, what's the appropriate method to turn on password digest
hashing when using the JDBC Realm wizard? I presume that a
configuration option property like digest=MD5 might work?
Thanks to all! I'm really enjoying working with Geronimo.
Mark Aufdencamp
[EMAIL PROTECTED]
