shouldn't
<principal name="scort" designated-run-as="true"
class
="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
be
<principal name="spadmin" designated-run-as="true"
class
="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
?
I'd leave out designated-run-as="true"
thanks
david jencks
On Oct 31, 2008, at 2:59 AM, johnxmas wrote:
Hi David,
Anyway I think what you need to do is:
1. define a properties file login module based security realm,
perhaps
by using the admin console. Lets say you call it my-realm
2. translate the data into property files:
my-users.properties:
scort=scort
my-groups.properties:
spadmin=scort
3. put the properties files in the correct location, I'd suggest var/
security
4. specify the my-realm security realm in the geronimo web app plan
<security-realm>my-realm</security-realm>
5. Include the desired principal-role mapping that maps the spadmin
group to the app-specific spadmin role. There are some instructions
on this at the end of
http://cwiki.apache.org/GMOxDOC21/configuring-run-as-and-default-subjects-and-principal-role-mapping.html
hope this helps,
david jencks
Thanks for your answer. So I did create a realm (BTW, the console is
very nice for this item) and the corresponding properties files. I
validated that realm. It
was ok for
scort
org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
spadmin
org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
and added to geronmo-web.xml the following
<security-realm-name>
smartpack-realm
</security-realm-name>
<security>
<role-mappings>
<role role-name="spadim">
<principal name="scort" designated-run-as="true"
class
=
"org
.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
</role>
</role-mappings>
</security>
But when calling the app, I still get a 403 error: Access to the
specified resource () has been forbidden.
What I'm doing wrong ?
Jean-Noël
