And IIRC, you also need to add your realm as a dependency in the deployment plan of your application.
geronimo-application.xml ... <dep:dependency> <dep:groupId>console.realm</dep:groupId> <dep:artifactId>my_security_realm</dep:artifactId> <dep:type>car</dep:type> </dep:dependency> ... HTH. Jeff On Tue, Feb 22, 2011 at 1:59 AM, David Jencks <david_jen...@yahoo.com>wrote: > Hi Andreas, > > I think (but haven't checked) that if you do this kind of programatic use > of a named security realm you have to mark the realm <attribute > name="global">true</attribute>. IIRC the built in code does some more > lookup to find the actual login Configuration object for a non-global realm > and you probably don't want to mess with that unless you need several realms > all with the same name for different apps. > > thanks > david jencks > > On Feb 21, 2011, at 9:21 AM, Andreas Bohnert wrote: > > hello david, > > thanks for you quick response! > the servlet 3.0 implementation seems to be a much nicer approach. but at > the moment I stuck with geronimo 2.2. > > > LoginContext lc = > org.apache.geronimo.security.ContextManager.login(realm, callbackHandler); > > ContextManager.registerSubject(lc.getSubject()); > > ContextManager.setCallers(lc.getSubject(), lc,getSubject()); > > that is what I wanted to know. thanks. > unfortunately I get an exception when I try this. the exception says that > there are no LoginModules configured for the given realm. > > I created the realm according to this document: > https://cwiki.apache.org/GMOxDOC22/database-sql-realm.html > I tested the realm, it's working. > > As far as I understand, if I create a realm with the geronimo adminstration > console, the realm is fully configured and I can reference the realm in my > war without further configuration: > > LoginContext lc = > org.apache.geronimo.security.ContextManager.login("my_security_realm", > this); > > because this was not working ( ... no LoginModules configured for the given > realm ...), I also tried to add deployment plan of this realm to my ear > (geronimo-application.xml). but still I get the exception. > > so my deployment plan for my realm look like this: > <module > xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2"<http://geronimo.apache.org/xml/ns/deployment-1.2> > > > <environment> > <moduleId> > <groupId>console.realm</groupId> > <artifactId>my_security_realm</artifactId> > <version>1.0</version> > <type>car</type> > </moduleId> > <dependencies> > <dependency> > <groupId>org.apache.geronimo.framework</groupId> > <artifactId>j2ee-security</artifactId> > <type>car</type> > </dependency> > <dependency> > <groupId>console.dbpool</groupId> > <artifactId>SecurityDatabasePool</artifactId> > <version>1.0</version> > <type>car</type> > </dependency> > </dependencies> > </environment> > <gbean name="my_security_realm" > class="org.apache.geronimo.security.realm.GenericSecurityRealm" > xsi:type="dep:gbeanType" xmlns:dep= > "http://geronimo.apache.org/xml/ns/deployment-1.2"<http://geronimo.apache.org/xml/ns/deployment-1.2>xmlns:xsi= > "http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance> > > > <attribute name="realmName">my_security_realm</attribute> > <attribute name="global">false</attribute> > <reference name="ServerInfo"> > <name>ServerInfo</name> > </reference> > <xml-reference name="LoginModuleConfiguration"> > <log:login-config xmlns:log= > "http://geronimo.apache.org/xml/ns/loginconfig-2.0"<http://geronimo.apache.org/xml/ns/loginconfig-2.0> > > > <log:login-module control-flag="REQUIRED" > wrap-principals="false"> > > <log:login-domain-name>eusoda_security_realm</log:login-domain-name> > > <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class> > <log:option name="groupSelect">select username, > groupname from groups where username=?</log:option> > <log:option > name="dataSourceApplication">null</log:option> > <log:option name="userSelect">select username, password > from users where username=?</log:option> > <log:option > name="dataSourceName">SecurityDatabasePool</log:option> > </log:login-module> > <log:login-module control-flag="OPTIONAL" > wrap-principals="false"> > > <log:login-domain-name>eusoda_security_realm-Audit</log:login-domain-name> > > <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class> > <log:option > name="file">var/log/security_log.log</log:option> > </log:login-module> > </log:login-config> > </xml-reference> > </gbean> > </module> > > if I put this plan in my ear, the geronimo-application.xml look like this: > > <?xml version="1.0" encoding="UTF-8" standalone="no"?> > <app:application xmlns:app= > "http://geronimo.apache.org/xml/ns/j2ee/application-2.0"<http://geronimo.apache.org/xml/ns/j2ee/application-2.0>xmlns:client= > "http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"<http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0>xmlns:conn= > "http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"<http://geronimo.apache.org/xml/ns/j2ee/connector-1.2>xmlns:dep= > "http://geronimo.apache.org/xml/ns/deployment-1.2"<http://geronimo.apache.org/xml/ns/deployment-1.2>xmlns:ejb= > "http://openejb.apache.org/xml/ns/openejb-jar-2.2"<http://openejb.apache.org/xml/ns/openejb-jar-2.2>xmlns:log= > "http://geronimo.apache.org/xml/ns/loginconfig-2.0"<http://geronimo.apache.org/xml/ns/loginconfig-2.0>xmlns:name= > "http://geronimo.apache.org/xml/ns/naming-1.2"<http://geronimo.apache.org/xml/ns/naming-1.2>xmlns:pers= > "http://java.sun.com/xml/ns/persistence"<http://java.sun.com/xml/ns/persistence>xmlns:pkgen= > "http://openejb.apache.org/xml/ns/pkgen-2.1"<http://openejb.apache.org/xml/ns/pkgen-2.1>xmlns:sec= > "http://geronimo.apache.org/xml/ns/security-2.0"<http://geronimo.apache.org/xml/ns/security-2.0>xmlns:web= > "http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"<http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1>application-name="test-geronimo"> > <dep:environment> > <dep:moduleId> > <dep:groupId>test</dep:groupId> > <dep:artifactId>test-geronimo</dep:artifactId> > <dep:version>1.0</dep:version> > <dep:type>ear</dep:type> > </dep:moduleId> > <dep:dependencies> > <dep:dependency> > <dep:groupId>org.apache.geronimo.framework</dep:groupId> > <dep:artifactId>j2ee-security</dep:artifactId> > <dep:type>car</dep:type> > </dep:dependency> > <dep:dependency> > <dep:groupId>console.dbpool</dep:groupId> > <dep:artifactId>SecurityDatabasePool</dep:artifactId> > <dep:version>1.0</dep:version> > <dep:type>car</dep:type> > </dep:dependency> > </dep:dependencies> > </dep:environment> > <dep:gbean name="my_security_realm" > class="org.apache.geronimo.security.realm.GenericSecurityRealm" > xsi:type="dep:gbeanType" xmlns:dep= > "http://geronimo.apache.org/xml/ns/deployment-1.2"<http://geronimo.apache.org/xml/ns/deployment-1.2>xmlns:xsi= > "http://www.w3.org/2001/XMLSchema-instance"<http://www.w3.org/2001/XMLSchema-instance> > > > <dep:attribute name="realmName">my_security_realm</dep:attribute> > <dep:attribute name="global">false</dep:attribute> > <dep:reference name="ServerInfo"> > <dep:name>ServerInfo</dep:name> > </dep:reference> > <dep:xml-reference name="LoginModuleConfiguration"> > <log:login-config xmlns:log= > "http://geronimo.apache.org/xml/ns/loginconfig-2.0"<http://geronimo.apache.org/xml/ns/loginconfig-2.0> > > > <log:login-module control-flag="REQUIRED" > wrap-principals="false"> > > <log:login-domain-name>my_security_realm</log:login-domain-name> > > <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class> > <log:option name="groupSelect">select username, > groupname from groups where username=?</log:option> > <log:option > name="dataSourceApplication">null</log:option> > <log:option name="userSelect">select username, password > from users where username=?</log:option> > <log:option > name="dataSourceName">SecurityDatabasePool</log:option> > </log:login-module> > <log:login-module control-flag="OPTIONAL" > wrap-principals="false"> > > <log:login-domain-name>eusoda_security_realm-Audit</log:login-domain-name> > > <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class> > <log:option > name="file">var/log/eusoda_security_log.log</log:option> > </log:login-module> > </log:login-config> > </dep:xml-reference> > </dep:gbean> > > </app:application> > > for my war I added this to geronimo-web.xml : > > <web:security-realm-name>my_security_realm</web:security-realm-name> > <sec:security> > <sec:role-mappings> > <sec:role role-name="admin"> > <sec:principal name="administrators" > class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" > /> > <sec:principal name="root" > class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" > /> > </sec:role> > </sec:role-mappings> > </sec:security> > > What am I'm doing wrong? > > regards, > Andreas > > > David Jencks <david_jen...@yahoo.com> > 21. Februar 2011 08:10 > > It's not entirely clear what you want to do. > > The documentation you point to is still fairly accurate but not really > relevant IIUC. > > In servlet 3.0 (implemented in geronimo 3.0, not yet released but this part > is working), there are new methods on HttpServletRequest where you can > either force a login (e.g. form or basic) that has been otherwise configured > for the web app or login using username and password you have collected > yourself somehow. After this login all container managed security will work > just as if the user had tried to access a protected resource and been logged > in automatically. > > Before servlet 3.0 you can always get some credentials and login but the > resulting subject won't automatically be known to the container and > container managed security won't work at all unless you do something to > register the result. > > I think I've given some advice on how to do this on the user list in the > past. IIRC you want to do something like > > LoginContext lc = org.apache.geronimo.security.ContextManager.login(realm, > callbackHandler); > ContextManager.registerSubject(lc.getSubject()); > ContextManager.setCallers(lc.getSubject(), lc,getSubject()); > //do work > > ContextManager.clearCallers(); > ContextManager.unregisterSubject(lc.getSubject()); > lc.logout(); > > hope this helps > david jencks > > . > ------------------------------ > > Andreas Bohnert <a...@weberhofer.at> > 21. Februar 2011 07:26 > > dear list, > > there is an example (time report) on how to configure a form based login > (j_security_check) but how am I'm doing a programmatic login with geronimo? > I can not find any references on how to do this with geronimo 2.x > > I found this, but I wonder if it is still up to date: > http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html > > If the above documentation is obsolet: > Do I need to write a login-config.xm and how does it look like? > Are there any callbackhandler implementations that I can pass to a > LoginContext? > > Any help is very much appreciated. > > Andreas > > ------------------------------ > > Andreas Bohnert <a...@online.de> > 21. Februar 2011 00:28 > > dear list, > > there is an example (time report) on how to configure a form based login > (j_security_check) but how am I'm doing a programmatic login with geronimo? > I can not find any references on how to do this with geronimo 2.x > > I found this: > http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html > Is this still up to date? > > If the documentation is obsolet: > Do I need to write a login-config.xm and how does it look like? > Are there any callbackhandler implementations that I can pass to a > LoginContext? > > Any help is very much appreciated. > > Andreas > > ------------------------------ > > > > >
<<compose-unknown-contact.jpg>>