hello david,
thanks for you quick response!
the servlet 3.0 implementation seems to be a much nicer approach.
but at the moment I stuck with geronimo 2.2.
> LoginContext lc =
org.apache.geronimo.security.ContextManager.login(realm,
callbackHandler);
> ContextManager.registerSubject(lc.getSubject());
> ContextManager.setCallers(lc.getSubject(), lc,getSubject());
that is what I wanted to know. thanks.
unfortunately I get an exception when I try this. the exception says
that there are no LoginModules configured for the given realm.
I created the realm according to this document:
https://cwiki.apache.org/GMOxDOC22/database-sql-realm.html
I tested the realm, it's working.
As far as I understand, if I create a realm with the geronimo
adminstration console, the realm is fully configured and I can
reference the realm in my war without further configuration:
LoginContext lc =
org.apache.geronimo.security.ContextManager.login("my_security_realm",
this);
because this was not working ( ... no LoginModules configured for
the given realm ...), I also tried to add deployment plan of this
realm to my ear (geronimo-application.xml). but still I get the
exception.
so my deployment plan for my realm look like this:
<module
xmlns=
"http://geronimo.apache.org/xml/ns/deployment-1.2">
<environment>
<moduleId>
<groupId>console.realm</groupId>
<artifactId>my_security_realm</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
<dependencies>
<dependency>
<groupId>org.apache.geronimo.framework</groupId>
<artifactId>j2ee-security</artifactId>
<type>car</type>
</dependency>
<dependency>
<groupId>console.dbpool</groupId>
<artifactId>SecurityDatabasePool</artifactId>
<version>1.0</version>
<type>car</type>
</dependency>
</dependencies>
</environment>
<gbean name="my_security_realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType"
xmlns:dep=
"http://geronimo.apache.org/xml/ns/deployment-1.2"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance">
<attribute
name="realmName">my_security_realm</attribute>
<attribute name="global">false</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config
xmlns:log=
"http://geronimo.apache.org/xml/ns/loginconfig-2.0">
<log:login-module control-flag="REQUIRED"
wrap-principals="false">
<log:login-domain-name>eusoda_security_realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="groupSelect">select
username, groupname from groups where username=?</log:option>
<log:option
name="dataSourceApplication">null</log:option>
<log:option name="userSelect">select
username, password from users where username=?</log:option>
<log:option
name="dataSourceName">SecurityDatabasePool</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL"
wrap-principals="false">
<log:login-domain-name>eusoda_security_realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
<log:option
name="file">var/log/security_log.log</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
if I put this plan in my ear, the geronimo-application.xml look like
this:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<app:application
xmlns:app=
"http://geronimo.apache.org/xml/ns/j2ee/application-2.0"
xmlns:client=
"http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"
xmlns:conn=
"http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"
xmlns:dep=
"http://geronimo.apache.org/xml/ns/deployment-1.2"
xmlns:ejb=
"http://openejb.apache.org/xml/ns/openejb-jar-2.2"
xmlns:log=
"http://geronimo.apache.org/xml/ns/loginconfig-2.0"
xmlns:name=
"http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:pers=
"http://java.sun.com/xml/ns/persistence"
xmlns:pkgen=
"http://openejb.apache.org/xml/ns/pkgen-2.1"
xmlns:sec=
"http://geronimo.apache.org/xml/ns/security-2.0"
xmlns:web=
"http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"
application-name="test-geronimo">
<dep:environment>
<dep:moduleId>
<dep:groupId>test</dep:groupId>
<dep:artifactId>test-geronimo</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>ear</dep:type>
</dep:moduleId>
<dep:dependencies>
<dep:dependency>
<dep:groupId>org.apache.geronimo.framework</dep:groupId>
<dep:artifactId>j2ee-security</dep:artifactId>
<dep:type>car</dep:type>
</dep:dependency>
<dep:dependency>
<dep:groupId>console.dbpool</dep:groupId>
<dep:artifactId>SecurityDatabasePool</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>car</dep:type>
</dep:dependency>
</dep:dependencies>
</dep:environment>
<dep:gbean name="my_security_realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType"
xmlns:dep=
"http://geronimo.apache.org/xml/ns/deployment-1.2"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance">
<dep:attribute
name="realmName">my_security_realm</dep:attribute>
<dep:attribute
name="global">false</dep:attribute>
<dep:reference name="ServerInfo">
<dep:name>ServerInfo</dep:name>
</dep:reference>
<dep:xml-reference name="LoginModuleConfiguration">
<log:login-config
xmlns:log=
"http://geronimo.apache.org/xml/ns/loginconfig-2.0">
<log:login-module control-flag="REQUIRED"
wrap-principals="false">
<log:login-domain-name>my_security_realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="groupSelect">select
username, groupname from groups where username=?</log:option>
<log:option
name="dataSourceApplication">null</log:option>
<log:option name="userSelect">select
username, password from users where username=?</log:option>
<log:option
name="dataSourceName">SecurityDatabasePool</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL"
wrap-principals="false">
<log:login-domain-name>eusoda_security_realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
<log:option
name="file">var/log/eusoda_security_log.log</log:option>
</log:login-module>
</log:login-config>
</dep:xml-reference>
</dep:gbean>
</app:application>
for my war I added this to geronimo-web.xml :
<web:security-realm-name>my_security_realm</web:security-realm-name>
<sec:security>
<sec:role-mappings>
<sec:role role-name="admin">
<sec:principal name="administrators"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
/>
<sec:principal name="root"
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
/>
</sec:role>
</sec:role-mappings>
</sec:security>
What am I'm doing wrong?
regards,
Andreas
It's not entirely clear what you want to do.
The documentation you point to is still fairly accurate but
not really relevant IIUC.
In servlet 3.0 (implemented in geronimo 3.0, not yet released
but this part is working), there are new methods on
HttpServletRequest where you can either force a login (e.g.
form or basic) that has been otherwise configured for the web
app or login using username and password you have collected
yourself somehow. After this login all container managed
security will work just as if the user had tried to access a
protected resource and been logged in automatically.
Before servlet 3.0 you can always get some credentials and
login but the resulting subject won't automatically be known
to the container and container managed security won't work at
all unless you do something to register the result.
I think I've given some advice on how to do this on the user
list in the past. IIRC you want to do something like
LoginContext lc =
org.apache.geronimo.security.ContextManager.login(realm,
callbackHandler);
ContextManager.registerSubject(lc.getSubject());
ContextManager.setCallers(lc.getSubject(), lc,getSubject());
//do work
ContextManager.clearCallers();
ContextManager.unregisterSubject(lc.getSubject());
lc.logout();
hope this helps
david jencks
.
dear list,
there is an example (time report) on how to configure a form
based login (j_security_check) but how am I'm doing a
programmatic login with geronimo?
I can not find any references on how to do this with geronimo
2.x
I found this, but I wonder if it is still up to date:
http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html
If the above documentation is obsolet:
Do I need to write a login-config.xm and how does it look like?
Are there any callbackhandler implementations that I can pass to
a LoginContext?
Any help is very much appreciated.
Andreas
dear list,
there is an example (time report) on how to configure a form
based login (j_security_check) but how am I'm doing a
programmatic login with geronimo?
I can not find any references on how to do this with geronimo
2.x
I found this:
http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html
Is this still up to date?
If the documentation is obsolet:
Do I need to write a login-config.xm and how does it look like?
Are there any callbackhandler implementations that I can pass to
a LoginContext?
Any help is very much appreciated.
Andreas