Hi all,
>Is the "spadim" (rather than "spadmin") a typo in this email only or is
>it also reflected in your xml?
>
>Joe
>
>
Shame on me ! Yes, there was a typo. Once corrected, it worked with (as David
had suggested) :
<security>
<role-mappings>
<role role-name="spadmin">
<principal name="spadmin"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
</role>
</role-mappings>
</security>
Thanks a lot for your help
Jean-Noël
>johnxmas wrote:
>>> shouldn't
>>>
>>> <principal name="scort" designated-run-as="true"
>>> class
>>> ="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>>
>>>
>>> be
>>>
>>> <principal name="spadmin" designated-run-as="true"
>>> class
>>> ="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>>
>>> ?
>>>
>>> I'd leave out designated-run-as="true"
>>>
>>> thanks
>>> david jencks
>>>
>>
>>
>> I tried with
>>
>> <security>
>> <role-mappings>
>> <role role-name="spadim">
>> <principal name="spadim"
>> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>> </role>
>> </role-mappings>
>> </security>
>>
>> <security>
>> <role-mappings>
>> <role role-name="spadim">
>> <principal name="scort"
>> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>> </role>
>> </role-mappings>
>> </security>
>>
>>
>>
>> None works !
>>
>> Jean-Noël
>>
>>
>>> On Oct 31, 2008, at 2:59 AM, johnxmas wrote:
>>>
>>>> Hi David,
>>>>
>>>>
>>>>> Anyway I think what you need to do is:
>>>>>
>>>>> 1. define a properties file login module based security realm,
>>>>> perhaps
>>>>> by using the admin console. Lets say you call it my-realm
>>>>> 2. translate the data into property files:
>>>>>
>>>>> my-users.properties:
>>>>> scort=scort
>>>>>
>>>>> my-groups.properties:
>>>>> spadmin=scort
>>>>>
>>>>> 3. put the properties files in the correct location, I'd suggest var/
>>>>> security
>>>>>
>>>>> 4. specify the my-realm security realm in the geronimo web app plan
>>>>> <security-realm>my-realm</security-realm>
>>>>>
>>>>> 5. Include the desired principal-role mapping that maps the spadmin
>>>>> group to the app-specific spadmin role. There are some instructions
>>>>> on this at the end of
>>>>> http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
>>>>>
>>>>> hope this helps,
>>>>> david jencks
>>>> Thanks for your answer. So I did create a realm (BTW, the console is
>>>> very nice for this item) and the corresponding properties files. I
>>>> validated that realm. It
>>>> was ok for
>>>> scort
>>>> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
>>>> spadmin
>>>> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>>>>
>>>> and added to geronmo-web.xml the following
>>>>
>>>> <security-realm-name>
>>>> smartpack-realm
>>>> </security-realm-name>
>>>>
>>>> <security>
>>>> <role-mappings>
>>>> <role role-name="spadim">
>>>> <principal name="scort" designated-run-as="true"
>>>> class
>>>> =
>>>> "org
>>>> .apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
>>>> </role>
>>>> </role-mappings>
>>>> </security>
>>>>
>>>> But when calling the app, I still get a 403 error: Access to the
>>>> specified resource () has been forbidden.
>>>>
>>>> What I'm doing wrong ?
>>>>
>>>> Jean-Noël
>
>
>
