Hi Michael2,
I tried out a couple of things this morning and got distracted before
replying.
First of all I expect you got a stack trace in the console when you
started your new security realm from the admin console.... for some
reason this error is not showing up in the admin console. See https://issues.apache.org/jira/browse/GERONIMO-4553
As long as you know the admin console is not reflecting reality here
you should be able to work around this bug.
Anyway, you have to assure that there is only one security realm named
geronimo-admin trying to start at any one time. So for yours to
start, you need to shut off the built-in one. However there are
several essential services configured in the security-config plugin so
unless you actually copy the security-config project and build a
plugin you should keep the security-config plugin running and just
turn off the security-realm gbean.
I did this by editing the var/config/config.xml file so it looked like:
<module name="org.apache.geronimo.framework/server-security-
config/2.2-SNAPSHOT/car">
<gbean name="geronimo-admin" load="false"/>
</module>
(you will have to use the correct version, IIRC 2.1.2 rather than 2.2-
SNAPSHOT)
The last module in config.xml is
<module name="console.realm/geronimo-admin/1.0/car"/>
since the admin console tried to start the module.
For quick testing I set up a new properties file realm using the admin
console with a new "admin" user rather than "system" and verified that
"admin" could log in but "system" could not, so I think it is working
OK.
I do recommend that for production use you set up a maven project to
build a complete replacement security-config plugin with your security
realm in it.
Hope this helps and that I haven't left out too many steps this time :-)
david jencks
On Feb 24, 2009, at 6:45 AM, Michael2 wrote:
Hello David:
Yes, I still have problems.
First of all, I appreciate your help very much. Please bear with me.
I just
want to learn from the Geronimo experts like you to see how to
replace the
default Properties File Realm with the Database (SQL) Realm.
Following your
suggestions, I created a Derby SQL Realm with the same name as the
default
Realm “geronimo-admin”, I tested it successfully and deployed it.
Now I can
see two “geronimo-admin” Realms listed on the Security Realms list.
Then I
stopped the Geronimo server and modified the
“artifact_aliases.properties”
file on the Geronimo \var\config directory as:
……
org.apache.geronimo.framework/server-security-config//
car=console.realm/geronimo-admin/1.0/car
……
org.apache.geronimo.framework/server-security-config/2.1.2/
car=console.realm/geronimo-admin/1.0/car
……
org.apache.geronimo.framework/server-security-config/2.1/
car=console.realm/geronimo-admin/1.0/car
……
org.apache.geronimo.framework/server-security-config/2.1.1/
car=console.realm/geronimo-admin/1.0/car
……
After that, I re-started Geronimo server and tried to log into the
admin
console with the user name/password I had tested in the SQL Realm, I
got a
“Invalided Username and/or Password!” error. The system default user
name
and password is still working.
I am using Geronimo 2.1.3, is it an issue or is there something else
I need
to do to make it work?
Thanks.
Michael
djencks wrote:
Hi Michael,
I guess the documentation wasn't too clear about what to do if you
aren't building your security realm as a plugin. Generally you never
want to update an installed plugin in place (in repository). I've
updated the docs here
http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration
(should get to
http://cwiki.apache.org/GMOxDOC22/basic-hints-on-security-configuration.html
soon)
Please let us know if this is still not clear or you still have
problems
thanks!
david jencks
On Feb 23, 2009, at 3:44 PM, Michael2 wrote:
Hi David:
I followed your suggestion and created a new SQL security realm
named
"geronimo-admin". I also updated the geronimo-plugin.xml under the
C:\Geronimo-2.1.3\repository\org\apache\geronimo\framework\server-
security-config\2.1.3\server-security-config-2.1.3.car\META-INF
directory from
<artifact-alias
key="org.apache.geronimo.framework/server-security-config//
car">org.apache.geronimo.framework/server-security-config/2.1.3/
car</
artifact-alias>
<artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.2/
car">org.apache.geronimo.framework/server-security-config/2.1.3/
car</
artifact-alias>
<artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.1/
car">org.apache.geronimo.framework/server-security-config/2.1.3/
car</
artifact-alias>
<artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1/
car">org.apache.geronimo.framework/server-security-config/2.1.3/
car</
artifact-alias>
to:
<artifact-alias
key="org.apache.geronimo.framework/server-security-config//
car">console.realm/geronimo-admin/1.0/car</artifact-alias>
<artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.2/
car">console.realm/geronimo-admin/1.0/car</artifact-alias>
<artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1.1/
car">console.realm/geronimo-admin/1.0/car</artifact-alias>
<artifact-alias
key="org.apache.geronimo.framework/server-security-config/2.1/
car">console.realm/geronimo-admin/1.0/car</artifact-alias>
When I re-start the Geronimo server, I still cannot log into the
Admin
console with the new user id and password I created in the database
and have
to use the default system/manager to get in. Do I miss anything?
Thanks.
Michael
--
View this message in context:
http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22172803.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
--
View this message in context:
http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22181064.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
