Thanks David and Aaron,
Your suggestions were right on the money.
Regards,
Eric
"Aaron Mulder" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
To
user@geronimo.apache.org
24/06/2006 05:21 AM
cc
Subject
Please respond to
Re: security gbean.....
user@geronimo.apache.org
A) that's horrible that we turn 3 lines into like 5000 lines. We have
got to do better!
B) in case it wasn't clear from David's response, the "realm-name" is
what's normally used to refer to this security realm; your login
domain names can be arbitrary, but they must be unique. I suggest
magnolia-authentication and magnolia-authorization. (If you enable
certain advanced features you can use the login domain names in your
J2EE role mapping, but it's a bit unusual that you'd want to, and if
you did want to, they'd have to have unique names for you to
distinguish them.)
Thanks,
Aaron
On 6/23/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi all,
>
> I'm having a problem configuring my security gbean and could use a bit of
> help.
>
> I have the following jaas.config file:
>
> magnolia {
> info.magnolia.jaas.sp.jcr.JCRAuthenticationModule requisite;
> info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
> };
> Jackrabbit {
> org.apache.jackrabbit.core.security.SimpleLoginModule required;
> };
>
> And I've translated it into the following gbeans:
>
> <gbean name="magnolia"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> <attribute name="realmName">magnolia</attribute>
> <reference name="ServerInfo">
>
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
> </reference>
> <reference name="LoginService">
>
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
> </reference>
> <xml-reference name="LoginModuleConfiguration">
> <log:login-config
> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0";>
> <log:login-module control-flag="REQUISITE" server-side="true"
> wrap-principals="false">
> <log:login-domain-name>magnolia</log:login-domain-name>
>
> <log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthenticationModule</log:login-module-class>
> </log:login-module>
> <log:login-module control-flag="REQUIRED" server-side="true"
> wrap-principals="false">
> <log:login-domain-name>magnolia</log:login-domain-name>
>
> <log:login-module-class>info.magnolia.jaas.sp.jcr.JCRAuthorizationModule</log:login-module-class>
> </log:login-module>
> </log:login-config>
> </xml-reference>
> </gbean>
>
>
> <gbean name="Jackrabbit"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> <attribute name="realmName">Jackrabbit</attribute>
> <reference name="ServerInfo">
>
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-system/1.0/car,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name>
> </reference>
> <reference name="LoginService">
>
> <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=geronimo/j2ee-security/1.0/car,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
> </reference>
>
> <xml-reference name="LoginModuleConfiguration">
> <log:login-config
> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.0";>
> <log:login-module control-flag="REQUIRED"
> server-side="true" wrap-principals="false">
>
> <log:login-domain-name>Jackrabbit</log:login-domain-name>
>
> <log:login-module-class>org.apache.jackrabbit.core.security.SimpleLoginModule</log:login-module-class>
> </log:login-module>
> </log:login-config>
> </xml-reference>
> </gbean>
>
>
>
> The problem I'm currently having is that it's complaining that my
> login-domain-name for both the Authenitciation and Authorization modules are
> the same (magnolia).... but it seems as though it has to be according the the
> jaas.config. Or am I
wrong?
> How do I fix this?
> Also, if you see something else wrong with this, I'd appreciate any pointers.
>
> Regards,
> Eric
>
>
- Re: security gbean..... EricCho
- Re: security gbean..... David Jencks
