Thanks. That helps. I'll see what I can do. Q
On Sat, Sep 12, 2009 at 12:49 AM, David Jencks <[email protected]> wrote: > > On Sep 11, 2009, at 3:16 PM, Quintin Beukes wrote: > >> OK. So I found the reference. It's like so: >> <gbean name="PropertiesLoginManager" >> class >> = >> "org >> .apache.geronimo.console.core.security.PropertiesLoginModuleManager"> >> <reference name="ServerInfo"> >> <name>ServerInfo</name> >> </reference> >> <reference name="LoginModule"> >> <name>properties-login</name> >> </reference> >> </gbean> >> >> And it's in console-tomcat's plan. >> >> 1. How would I make it multivalued and wrap it in SingleElementCollection? > > You need to find the java code for PropertiesLoginModuleManager. It should > have a reference to a login module.... you need to turn the reference into a > Collection<LoginModuleGBean>. Hopefully it's a constructor arg. Instead of > dealing with the Collection itself you can immediately wrap it in a > SingleElementCollection and use that instead. Then you'll have to look at > the code in PropertiesLoginModuleManager and make sure it doesn't do > anything unfortunate if there is no login module in the collection. >> >> >> 2. How would I redeploy it? > > you'll need to have checked out geronimo to get this far.... the simplest is > to just build all of geronimo. If you've built at least once, you can just > build the plugins/console and then assemblies. (I'm assuming that my > recollection that this code is in plugins/console is correct). > > hope this helps > david jencks > > >> >> Q >> >> On Fri, Sep 11, 2009 at 11:15 PM, Joe Dente <[email protected]> >> wrote: >>> >>> I'm going to be busy for the rest of the day, but here's the deployment >>> plan I use in my replacement server-security-config plugin: >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2";> >>> <environment> >>> <moduleId> >>> <groupId>com.mycode.geronimo</groupId> >>> <artifactId>delegating-login-module</artifactId> >>> <version>1.0</version> >>> <type>car</type> >>> </moduleId> >>> <dependencies> >>> <dependency> >>> <groupId>org.apache.geronimo.framework</groupId> >>> <artifactId>j2ee-security</artifactId> >>> <version>2.1.4</version> >>> <type>car</type> >>> </dependency> >>> </dependencies> >>> <hidden-classes/> >>> <non-overridable-classes/> >>> </environment> >>> >>> <gbean name="CredentialStore" >>> class="org.apache.geronimo.security.credentialstore.SimpleCredentialStoreImpl"/> >>> >>> <!-- Default Security Realm Using Delegate Login Module --> >>> <gbean name="admin-login" >>> class="org.apache.geronimo.security.jaas.LoginModuleGBean"> >>> <attribute >>> name="loginModuleClass">com.mycode.geronimo.authorization.login.DelegatingLoginModule</attribute> >>> <attribute name="options">delegateRealm=delegate-realm >>> groupName=delegate-admin</attribute> >>> <attribute name="loginDomainName">geronimo-admin</attribute> >>> </gbean> >>> <gbean name="geronimo-admin" >>> class="org.apache.geronimo.security.realm.GenericSecurityRealm"> >>> <attribute name="realmName">geronimo-admin</attribute> >>> <reference name="LoginModuleConfiguration"> >>> <name>admin-login</name> >>> </reference> >>> <reference name="ServerInfo"> >>> <name>ServerInfo</name> >>> </reference> >>> </gbean> >>> <gbean name="admin-login" >>> class="org.apache.geronimo.security.jaas.JaasLoginModuleUse"> >>> <attribute name="controlFlag">REQUIRED</attribute> >>> <reference name="LoginModule"> >>> <name>admin-login</name> >>> </reference> >>> </gbean> >>> >>> <!-- >>> <gbean name="properties-login" >>> class="org.apache.geronimo.security.jaas.LoginModuleGBean"> >>> <attribute >>> name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute> >>> <attribute name="options">usersURI=var/security/users.properties >>> groupsURI=var/security/groups.properties</attribute> >>> <attribute name="loginDomainName">geronimo-admin</attribute> >>> </gbean> >>> --> >>> >>> <gbean name="geronimo-default" >>> class="org.apache.geronimo.security.keystore.FileKeystoreInstance"> >>> <attribute name="keystoreName">geronimo-default</attribute> >>> <attribute >>> name="keystorePath">var/security/keystores/geronimo-default</attribute> >>> <attribute name="keystorePassword">secret</attribute> >>> <attribute name="keystoreType">JKS</attribute> >>> <attribute name="keyPasswords">geronimo=secret</attribute> >>> <reference name="ServerInfo"> >>> <name>ServerInfo</name> >>> </reference> >>> </gbean> >>> </module> >>> >>> You can see the configuration for my custom login module. The important >>> piece for this problem is the "properties-login" gbean that I have commented >>> out. Without this GBean, Geronimo is unable to startup due to the bug >>> originally discussed in this thread (GERONIMO-4603). If you enable this >>> GBean, then Geronimo can startup correctly (granted everything else is >>> configured appropriately). Because of the hardwired issue discussed in issue >>> 4603, I have to put the dummy "properties-login" gbean in place even though >>> I'm not using a "properties-login" gbean in my configuration. >>> >>> Joe >>> >>> =========================== >>> I also tried creating a realm through the console, then exporting it >>> as a plugin, undeploying the original, deploying as a plugin and >>> restarting the server after doing the config.xml changes. >>> >>> Doesn't work either. Complains about: >>> org.omg.CORBA.COMM_FAILURE: socket() failed: Unable to create server >>> SSL socket factory: Keystore 'geronimo-default' is locked; please use >>> the keystore page in the admin console to unlock it: vmcid: Apache >>> minor code: 0x5 completed: No >>> >>> Q >>> >>> On Fri, Sep 11, 2009 at 10:16 PM, Quintin Beukes <[email protected]> >>> wrote: >>>> >>>> No. This isn't working right. I don't know what I'm doing wrong. >>>> >>>> I take the exported plugin. Extract it to directory "x". >>>> >>>> Then I change only the groupId everywhere in the plugin frmo >>>> "org.apache.geronimo.framework" to "test" and version from >>>> "2.2-SNAPSHOT" to "2.2". Then I jar it again. >>>> >>>> Then I start geronimo and deploy this with deploy.sh install-plugin. >>>> Successfully installed: test/server-security-config/2.2/car >>>> >>>> I stop the server, and then edit artifact_aliases.properties and change: >>>> >>>> org.apache.geronimo.framework/server-security-config//car=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car >>>> test/server-security-config//car=test/server-security-config/2.2/car >>>> >>>> TO >>>> >>>> org.apache.geronimo.framework/server-security-config//car=test/server-security-config/2.2/car >>>> >>>> org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car=test/server-security-config/2.2/car >>>> test/server-security-config//car=test/server-security-config/2.2/car >>>> >>>> And config.xml from: >>>> <module >>>> name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car"/> >>>> <module name="test/server-security-config/2.2/car"/> >>>> >>>> TO: >>>> <module >>>> name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car" >>>> load="false"/> >>>> <module name="test/server-security-config/2.2/car"/> >>>> >>>> Then I try and start the server, and all I get is this, ie. it starts >>>> and right after loading my plugin stops the server without an error. >>>> 2009-09-11 22:14:37,642 INFO [Log4jService] >>>> ---------------------------------------------- >>>> 2009-09-11 22:14:37,643 INFO [Log4jService] Started Logging Service >>>> 2009-09-11 22:14:37,643 INFO [Log4jService] Runtime Information: >>>> 2009-09-11 22:14:37,644 INFO [Log4jService] Install Directory = >>>> /opt/testkms/server/geronimo-2.2-20090908 >>>> 2009-09-11 22:14:37,645 INFO [JvmVendor] Sun JVM 1.5.0_17 >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] JVM in use = Sun >>>> JVM 1.5.0_17 >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] Java Information: >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [java.runtime.name] = Java(TM) 2 Runtime Environment, Standard >>>> Edition >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [java.runtime.version] = 1.5.0_17-b04 >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [os.name] = Linux >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [os.version] = 2.6.24-24-generic >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [sun.os.patch.level] = unknown >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [os.arch] = i386 >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [java.class.version] = 49.0 >>>> 2009-09-11 22:14:37,645 INFO [Log4jService] System property >>>> [locale] = en_ZA >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [unicode.encoding] = UnicodeLittle >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [file.encoding] = UTF-8 >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.vm.name] = Java HotSpot(TM) Client VM >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.vm.vendor] = Sun Microsystems Inc. >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.vm.version] = 1.5.0_17-b04 >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.vm.info] = mixed mode >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.home] = /opt/kms/java/sun-jdk1.5.0_17/jre >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.classpath] = null >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.library.path] = >>>> >>>> /opt/kms/java/sun-jdk1.5.0_17/jre/lib/i386/client:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/i386:/opt/kms/java/sun-jdk1.5.0_17/jre/../lib/i386 >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.endorsed.dirs] = >>>> >>>> /opt/testkms/server/geronimo-2.2-20090908/lib/endorsed:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/endorsed >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [java.ext.dirs] = >>>> >>>> /opt/testkms/server/geronimo-2.2-20090908/lib/ext:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/ext >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] System property >>>> [sun.boot.class.path] = >>>> >>>> /opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-spec-corba-1.0.jar:/opt/testkms/server/geronimo-2.2-20090908/lib/endorsed/yoko-rmi-spec-1.0.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/rt.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/i18n.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/sunrsasign.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/jsse.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/jce.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/lib/charsets.jar:/opt/kms/java/sun-jdk1.5.0_17/jre/classes >>>> 2009-09-11 22:14:37,646 INFO [Log4jService] >>>> ---------------------------------------------- >>>> 2009-09-11 22:14:39,041 INFO [KernelContextGBean] bound gbean >>>> >>>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaCompContext >>>> at name java:comp >>>> 2009-09-11 22:14:39,043 INFO [KernelContextGBean] bound gbean >>>> >>>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaContext >>>> at name java: >>>> 2009-09-11 22:14:39,043 INFO [KernelContextGBean] bound gbean >>>> >>>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=GeronimoContext >>>> at name ger: >>>> 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting >>>> Property=javax.xml.soap.MetaFactory to >>>> Value=org.apache.geronimo.webservices.saaj.GeronimoMetaFactory >>>> 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting >>>> Property=javax.xml.soap.MessageFactory to >>>> Value=org.apache.geronimo.webservices.saaj.GeronimoMessageFactory >>>> 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting >>>> Property=java.net.preferIPv4Stack to Value=true >>>> 2009-09-11 22:14:40,086 INFO [SystemProperties] Setting >>>> Property=javax.xml.soap.SOAPConnectionFactory to >>>> Value=org.apache.geronimo.webservices.saaj.GeronimoSOAPConnectionFactory >>>> 2009-09-11 22:14:40,087 INFO [SystemProperties] Setting >>>> Property=javax.xml.soap.SOAPFactory to >>>> Value=org.apache.geronimo.webservices.saaj.GeronimoSOAPFactory >>>> 2009-09-11 22:14:40,087 INFO [SystemProperties] Setting >>>> Property=java.security.Provider to Value=SUN >>>> 2009-09-11 22:14:40,261 INFO [KernelContextGBean] unbound gbean >>>> >>>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaContext >>>> at name java: >>>> 2009-09-11 22:14:40,264 INFO [KernelContextGBean] unbound gbean >>>> >>>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=GeronimoContext >>>> at name ger: >>>> 2009-09-11 22:14:40,264 INFO [KernelContextGBean] unbound gbean >>>> >>>> org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/rmi-naming/2.2-SNAPSHOT/car,j2eeType=Context,name=JavaCompContext >>>> at name java:comp >>>> 2009-09-11 22:14:40,265 INFO [Log4jService] Stopping Logging Service >>>> 2009-09-11 22:14:40,265 INFO [Log4jService] >>>> ---------------------------------------------- >>>> >>>> Q >>>> On Fri, Sep 11, 2009 at 9:31 PM, Quintin Beukes <[email protected]> >>>> wrote: >>>>> >>>>> do i need to delete config.ser? >>>>> >>>>> Q >>>>> >>>>> On Fri, Sep 11, 2009 at 9:16 PM, Joe Dente <[email protected]> >>>>> wrote: >>>>>> >>>>>> That's how I got started. I have a project that includes a custom >>>>>> login module as well as a customized geronimo-plugin.xml that originally >>>>>> was >>>>>> an exported version of the server-security-config plugin. My plugin >>>>>> project >>>>>> creates a simple jar with the geronimo-plugin.xml in my jar's 'META-INF' >>>>>> folder. I then deploy this jar into Geronimo with the geronimo-plugin.xml >>>>>> being my jar's deployment plan. You can also try and build a car using >>>>>> the >>>>>> maven car plugin, although I haven't played around with this yet. I found >>>>>> this wiki article to be helpful: >>>>>> http://cwiki.apache.org/confluence/display/GMOxDOC22/Administering+plugins >>>>>> >>>>>> Joe >>>>>> >>>>>> --------------------- >>>>>> Sorry, I've never created a plugin. To create a new >>>>>> server-security-config plugin, do you mean I should copy >>>>>> server-security-config using the console's plugin export and modify >>>>>> it? >>>>>> >>>>>> Q >>>>>> >>>>>> On Fri, Sep 11, 2009 at 8:47 PM, Joe Dente <[email protected]> >>>>>> wrote: >>>>>>> >>>>>>> To reproduce it create your own server-security-config plugin that >>>>>>> uses any login module other than the properties-login gbean that is >>>>>>> expected. You then need to deploy your new server-security-config >>>>>>> plugin and >>>>>>> have it completely replace the default server-security-config (see >>>>>>> http://cwiki.apache.org/confluence/display/GMOxDOC22/Basic+Hints+on+Security+Configuration). >>>>>>> I achieved this by telling the server-security-config car to not load >>>>>>> in the >>>>>>> config.xml, telling my security plugin to load in the config.xml, and >>>>>>> then >>>>>>> adding artifact aliases for both the 2.1.4 and wildcard-versioned lines >>>>>>> referring to the server-security-config plugin in the >>>>>>> artifact_aliases.properties file. >>>>>>> >>>>>>> In artifact_alases.properties: >>>>>>> >>>>>>> org.apache.geronimo.framework/server-security-config//car=com.my.geronimo/my-security-config/1.0/car >>>>>>> >>>>>>> org.apache.geronimo.framework/server-security-config/2.1.4/car=org >>>>>>> com.my.geronimo/my-security-config/1.0/car >>>>>>> >>>>>>> In config.xml: >>>>>>> <module >>>>>>> name="org.apache.geronimo.framework/server-security-config/2.1.4/car" >>>>>>> load="false"/> >>>>>>> <module name="com.my.geronimo/my-security-config/1.0/car"/> >>>>>>> >>>>>>> Now try and startup Geronimo. You will see the error discussing the >>>>>>> missing expected gbean. >>>>>>> Hope this helps, >>>>>>> Joe >>>>>>> >>>>>>> >>>>>>> >>>>>>> ------------- >>>>>>> Errr. Ouch. *rubbing the brused area in his brain*. >>>>>>> >>>>>>> I'm not that on with everything you said. I think the best thing >>>>>>> would >>>>>>> be to reproduce it. What would I do to reproduce it? >>>>>>> >>>>>>> Q >>>>>>> >>>>>>> On Fri, Sep 11, 2009 at 6:42 PM, David Jencks >>>>>>> <[email protected]> wrote: >>>>>>>> >>>>>>>> On Sep 11, 2009, at 5:49 AM, Quintin Beukes wrote: >>>>>>>> >>>>>>>>> I'll be willing to have a look at it. >>>>>>>>> >>>>>>>>> can you give me a general idea what I'm supposed to look at and how >>>>>>>>> it >>>>>>>>> would be done? >>>>>>>> >>>>>>>> IIRC the failure is caused by an unsatisfied single valued gbean >>>>>>>> reference >>>>>>>> to the properties login module gbean from something in the admin >>>>>>>> console. >>>>>>>> You need to find the gbean reference and change it to a collection >>>>>>>> valued >>>>>>>> reference so it's no longer a mandatory reference. You can wrap a >>>>>>>> collection valued reference with SingleElementCollection to make it >>>>>>>> act like >>>>>>>> an optional single valued reference. >>>>>>>> >>>>>>>> hope this is clear enough to help.. >>>>>>>> david jencks >>>>>>>> >>>>>>>>> >>>>>>>>> Q >>>>>>>>> >>>>>>>>> On Fri, Sep 11, 2009 at 12:07 AM, David Jencks >>>>>>>>> <[email protected]> >>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi Joe! >>>>>>>>>> On Sep 10, 2009, at 2:18 PM, Joe Dente wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> I've been working on replacing Geronimo 2.1.4's >>>>>>>>>> server-security-config >>>>>>>>>> plugin's example security with our own security plugin. We need >>>>>>>>>> single >>>>>>>>>> sign >>>>>>>>>> on for our application which also means the same sign on process >>>>>>>>>> has to >>>>>>>>>> work >>>>>>>>>> with the Geronimo admin console. We need to be able to use custom >>>>>>>>>> realms >>>>>>>>>> and >>>>>>>>>> custom login modules in our server-security-config plugin >>>>>>>>>> replacement >>>>>>>>>> that >>>>>>>>>> may change depending on the environment we deploy to. I've run >>>>>>>>>> into two >>>>>>>>>> limitations so far that I've found documented online. One is that >>>>>>>>>> unless >>>>>>>>>> I >>>>>>>>>> want to re-deploy other plugins that use the 'geronimo-admin' >>>>>>>>>> security >>>>>>>>>> realm, than our custom security realm must be named >>>>>>>>>> 'geronimo-admin' as >>>>>>>>>> well. The other is that I ran >>>>>>>>>> intohttp://issues.apache.org/jira/browse/GERONIMO-4603, forcing me >>>>>>>>>> to >>>>>>>>>> creating a dummy properties-login gbean in order for the tomcat >>>>>>>>>> components >>>>>>>>>> to start up. >>>>>>>>>> >>>>>>>>>> In my experience this is incredibly annoying. I don't have time >>>>>>>>>> but >>>>>>>>>> wonder >>>>>>>>>> if anyone else can see about fixing this for 2.2. >>>>>>>>>> >>>>>>>>>> I've created alias' for my plugin over the server-security-config >>>>>>>>>> plugin >>>>>>>>>> in >>>>>>>>>> 'artifact-aliases.properties' file and I've also disabled the >>>>>>>>>> server-security-config plugin and added my plugin as a loaded >>>>>>>>>> module in >>>>>>>>>> the >>>>>>>>>> 'config.xml'. Unfortunately, I still cannot log into the Geronimo >>>>>>>>>> console >>>>>>>>>> using my custom security realm and login module. Geronimo has no >>>>>>>>>> problem >>>>>>>>>> starting with the current configuration and I can even login using >>>>>>>>>> my >>>>>>>>>> custom >>>>>>>>>> login module. Everything seems happy as far as the login process >>>>>>>>>> is >>>>>>>>>> concerned when I step through the code, but instead of seeing the >>>>>>>>>> Geronimo >>>>>>>>>> console I get a tomcat error page stating 'Access to the specified >>>>>>>>>> resource >>>>>>>>>> () has been forbidden'. The logs are completely clean as well as >>>>>>>>>> the >>>>>>>>>> console output. My only idea is that my admin users also need to >>>>>>>>>> be >>>>>>>>>> members >>>>>>>>>> of a specifically named Geronimo admin group (make my admin groups >>>>>>>>>> name >>>>>>>>>> exactly match the one setup in the default security plugin)? I >>>>>>>>>> have not >>>>>>>>>> tested this hypothesis out yet, because I have my own admin group >>>>>>>>>> that is >>>>>>>>>> used by our application that I would like to re-use as the >>>>>>>>>> Geronimo >>>>>>>>>> console's admin group. Any other thoughts? >>>>>>>>>> >>>>>>>>>> In 2.1.x you are stuck with the principal-role mapping in the ee >>>>>>>>>> application, although in 2.2 you can put it into a different >>>>>>>>>> plugin if >>>>>>>>>> you >>>>>>>>>> want and I think then swap it via an artifact-alias with one in a >>>>>>>>>> different >>>>>>>>>> plugin. >>>>>>>>>> So, that means that you need to supply the principals the >>>>>>>>>> principal-role >>>>>>>>>> mapping expects: >>>>>>>>>> <security >>>>>>>>>> xmlns="http://geronimo.apache.org/xml/ns/security-1.2";> >>>>>>>>>> <role-mappings> >>>>>>>>>> <role role-name="admin"> >>>>>>>>>> <principal >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" >>>>>>>>>> name="admin" /> >>>>>>>>>> </role> >>>>>>>>>> </role-mappings> >>>>>>>>>> </security> >>>>>>>>>> >>>>>>>>>> So, your login module needs to supply a principal of >>>>>>>>>> class GeronimoGroupPrincipal and name "admin". >>>>>>>>>> Let us know if this doesn't work. >>>>>>>>>> thanks >>>>>>>>>> david jencks >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Joe >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Quintin Beukes >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Quintin Beukes >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Quintin Beukes >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Quintin Beukes >>>>> >>>> >>>> >>>> >>>> -- >>>> Quintin Beukes >>>> >>> >>> >>> >>> -- >>> Quintin Beukes >>> >> >> >> >> -- >> Quintin Beukes > > -- Quintin Beukes
