Hi I used the 2.1.7 server,geronimo-tomcat6-javaee5-2.1.7-SNAPSHOT-bin, built on 2010.10.19 trying to verify the Generic Header based authentication as described in Geronimo-5197 on the windows platform.
I installed the Apache Http Server and configured its httpd.conf file by adding the following snippets: LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so <IfModule mod_proxy.c> ProxyPass /console http://localhost:8080/console ProxyPass /demo_properties http://localhost:8080/demo_properties </IfModule> <IfModule mod_proxy.c> ProxyPassReverse / http://localhost:8080/ </IfModule> <IfModule mod_headers.c> <Location /demo_properties> RequestHeader add SM_USER izumi </Location> </IfModule> LoadModule headers_module modules/mod_headers.so The deployment plan, TestPropsRealm.xml, for the properties file security realm is attached in the mail. In the realm, there are two additional tags: <log:option name="headerNames">SM_USER</log:option> <log:option name="authenticationAuthority">Siteminder</log:option> which shall configure the security realm for properties login module to use Generic Header based authentication. The two properties files used are: demo_groups.properties & demo_users.properties, attached in the mail. The application for verification is file-realm-demo-2.1.1.2_properties, also attached in the mail. If working correctly, to access the protect files from the index page, users should be linked to the logon page. However, by clicking on the “Protect” link, a 403 - Forbidden HTTP error was received. The information from Geronimo log is as follows: 2010-10-19 11:04:11,888 WARN [GenericHttpHeaderLoginmodule] An Unauthorized attempt has been made to access the protected resource from host 127.0.0.1 Could anyone provide some advice on the issue. Thank you very much! MAO Jia
httpd.conf
Description: Binary data
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2";> <environment> <moduleId> <groupId>console.realm</groupId> <artifactId>TestPropsRealm</artifactId> <version>1.0</version> <type>car</type> </moduleId> <dependencies> <dependency> <groupId>org.apache.geronimo.framework</groupId> <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> <!-- <dependency> <groupId>com.ibm</groupId> <artifactId>GenericLoginModule</artifactId> <version>1.0</version> <type>jar</type> </dependency> --> </dependencies> </environment> <gbean name="TestSqlRealm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <attribute name="realmName">TestPropsRealm</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0";> <log:login-module control-flag="REQUIRED" wrap-principals="false"> <log:login-domain-name>TestPropsRealm</log:login-domain-name> <log:login-module-class>org.apache.geronimo.security.realm.providers.GenericHttpHeaderPropertiesFileLoginModule</log:login-module-class> <log:option name="groupsURI">var/security/demo_groups.properties</log:option> <log:option name="headerNames">SM_USER</log:option> <log:option name="authenticationAuthority">Siteminder</log:option> </log:login-module> </log:login-config> </xml-reference> </gbean> </module>
demo_groups.properties
Description: Binary data
demo_users.properties
Description: Binary data
file-realm-demo-2.1.1.2_properties.war
Description: Binary data
