>shouldn't
>
> <principal name="scort" designated-run-as="true"
>class
>="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>
>
>be
>
> <principal name="spadmin" designated-run-as="true"
>class
>="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>
>?
>
>I'd leave out designated-run-as="true"
>
>thanks
>david jencks
>
I tried with
<security>
<role-mappings>
<role role-name="spadim">
<principal name="spadim"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
</role>
</role-mappings>
</security>
<security>
<role-mappings>
<role role-name="spadim">
<principal name="scort"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
</role>
</role-mappings>
</security>
None works !
Jean-Noël
>On Oct 31, 2008, at 2:59 AM, johnxmas wrote:
>
>> Hi David,
>>
>>
>>> Anyway I think what you need to do is:
>>>
>>> 1. define a properties file login module based security realm,
>>> perhaps
>>> by using the admin console. Lets say you call it my-realm
>>> 2. translate the data into property files:
>>>
>>> my-users.properties:
>>> scort=scort
>>>
>>> my-groups.properties:
>>> spadmin=scort
>>>
>>> 3. put the properties files in the correct location, I'd suggest var/
>>> security
>>>
>>> 4. specify the my-realm security realm in the geronimo web app plan
>>> <security-realm>my-realm</security-realm>
>>>
>>> 5. Include the desired principal-role mapping that maps the spadmin
>>> group to the app-specific spadmin role. There are some instructions
>>> on this at the end of
>>> http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
>>>
>>> hope this helps,
>>> david jencks
>>
>> Thanks for your answer. So I did create a realm (BTW, the console is
>> very nice for this item) and the corresponding properties files. I
>> validated that realm. It
>> was ok for
>> scort
>> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
>> spadmin
>> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>>
>> and added to geronmo-web.xml the following
>>
>> <security-realm-name>
>> smartpack-realm
>> </security-realm-name>
>>
>> <security>
>> <role-mappings>
>> <role role-name="spadim">
>> <principal name="scort" designated-run-as="true"
>> class
>> =
>> "org
>> .apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>> </role>
>> </role-mappings>
>> </security>
>>
>> But when calling the app, I still get a 403 error: Access to the
>> specified resource () has been forbidden.
>>
>> What I'm doing wrong ?
>>
>> Jean-Noël
