Hi All, I was able to replace default realm(geronimo-admin) with ldap realm(geronimo-admin) as David described, my ldap realm has user name "admin" instead of system. I can shutdown application server with ldap user admin/password without an issue but I could not access console url http://hostname:8080/console, I get 403 error access forbidden and I think that Principal user name "admin" or Role name is not set for console application. How I do make it work?
Thanks Baskar Govinda djencks wrote: > > Hi Michael2, > > I tried out a couple of things this morning and got distracted before > replying. > > First of all I expect you got a stack trace in the console when you > started your new security realm from the admin console.... for some > reason this error is not showing up in the admin console. See > https://issues.apache.org/jira/browse/GERONIMO-4553 > > As long as you know the admin console is not reflecting reality here > you should be able to work around this bug. > > Anyway, you have to assure that there is only one security realm named > geronimo-admin trying to start at any one time. So for yours to > start, you need to shut off the built-in one. However there are > several essential services configured in the security-config plugin so > unless you actually copy the security-config project and build a > plugin you should keep the security-config plugin running and just > turn off the security-realm gbean. > > I did this by editing the var/config/config.xml file so it looked like: > > <module name="org.apache.geronimo.framework/server-security- > config/2.2-SNAPSHOT/car"> > <gbean name="geronimo-admin" load="false"/> > </module> > > (you will have to use the correct version, IIRC 2.1.2 rather than 2.2- > SNAPSHOT) > > The last module in config.xml is > > <module name="console.realm/geronimo-admin/1.0/car"/> > > since the admin console tried to start the module. > > For quick testing I set up a new properties file realm using the admin > console with a new "admin" user rather than "system" and verified that > "admin" could log in but "system" could not, so I think it is working > OK. > > I do recommend that for production use you set up a maven project to > build a complete replacement security-config plugin with your security > realm in it. > > Hope this helps and that I haven't left out too many steps this time :-) > david jencks > > > > > On Feb 24, 2009, at 6:45 AM, Michael2 wrote: > >> >> Hello David: >> >> Yes, I still have problems. >> >> First of all, I appreciate your help very much. Please bear with me. >> I just >> want to learn from the Geronimo experts like you to see how to >> replace the >> default Properties File Realm with the Database (SQL) Realm. >> Following your >> suggestions, I created a Derby SQL Realm with the same name as the >> default >> Realm “geronimo-admin”, I tested it successfully and deployed it. >> Now I can >> see two “geronimo-admin” Realms listed on the Security Realms list. >> Then I >> stopped the Geronimo server and modified the >> “artifact_aliases.properties” >> file on the Geronimo \var\config directory as: >> …… >> org.apache.geronimo.framework/server-security-config// >> car=console.realm/geronimo-admin/1.0/car >> …… >> org.apache.geronimo.framework/server-security-config/2.1.2/ >> car=console.realm/geronimo-admin/1.0/car >> …… >> org.apache.geronimo.framework/server-security-config/2.1/ >> car=console.realm/geronimo-admin/1.0/car >> …… >> org.apache.geronimo.framework/server-security-config/2.1.1/ >> car=console.realm/geronimo-admin/1.0/car >> …… >> After that, I re-started Geronimo server and tried to log into the >> admin >> console with the user name/password I had tested in the SQL Realm, I >> got a >> “Invalided Username and/or Password!” error. The system default user >> name >> and password is still working. >> >> I am using Geronimo 2.1.3, is it an issue or is there something else >> I need >> to do to make it work? >> >> Thanks. >> >> Michael >> >> >> djencks wrote: >>> >>> Hi Michael, >>> >>> I guess the documentation wasn't too clear about what to do if you >>> aren't building your security realm as a plugin. Generally you never >>> want to update an installed plugin in place (in repository). I've >>> updated the docs here >>> >>> http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration >>> >>> (should get to >>> http://cwiki.apache.org/GMOxDOC22/basic-hints-on-security-configuration.html >>> soon) >>> >>> Please let us know if this is still not clear or you still have >>> problems >>> >>> thanks! >>> david jencks >>> >>> >>> On Feb 23, 2009, at 3:44 PM, Michael2 wrote: >>> >>>> >>>> Hi David: >>>> >>>> I followed your suggestion and created a new SQL security realm >>>> named >>>> "geronimo-admin". I also updated the geronimo-plugin.xml under the >>>> C:\Geronimo-2.1.3\repository\org\apache\geronimo\framework\server- >>>> security-config\2.1.3\server-security-config-2.1.3.car\META-INF >>>> directory from >>>> >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config// >>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ >>>> car</ >>>> artifact-alias> >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config/2.1.2/ >>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ >>>> car</ >>>> artifact-alias> >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config/2.1.1/ >>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ >>>> car</ >>>> artifact-alias> >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config/2.1/ >>>> car">org.apache.geronimo.framework/server-security-config/2.1.3/ >>>> car</ >>>> artifact-alias> >>>> >>>> to: >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config// >>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias> >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config/2.1.2/ >>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias> >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config/2.1.1/ >>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias> >>>> <artifact-alias >>>> key="org.apache.geronimo.framework/server-security-config/2.1/ >>>> car">console.realm/geronimo-admin/1.0/car</artifact-alias> >>>> >>>> >>>> When I re-start the Geronimo server, I still cannot log into the >>>> Admin >>>> console with the new user id and password I created in the database >>>> and have >>>> to use the default system/manager to get in. Do I miss anything? >>>> >>>> Thanks. >>>> >>>> Michael >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22172803.html >>>> Sent from the Apache Geronimo - Users mailing list archive at >>>> Nabble.com. >>>> >>> >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22181064.html >> Sent from the Apache Geronimo - Users mailing list archive at >> Nabble.com. >> > > > -- View this message in context: http://www.nabble.com/Admin-Console-Access-and-Security-Realm-tp22093927s134p22742725.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
