Support for in geronimo-web.xml

Field, John Fri, 24 May 2013 11:41:28 -0700

Greetings,

I have a Geronimo 3 deployment and I have configured my application to use the 
LDAPLoginModule against Fortress (i.e. OpenLDAP).


I have included a security role as part of the web.xml, and I've successfully 
mapped that abstract role to LDAP groups using 

<principal name="myAbstractRoleName" 
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal/> 

in my geronimo-web.xml.

However, the configuration option for a <distinguished-name> here does not seem 
to work.  

Does anyone know i this is implemented in the runtime, or perhaps there is 
something wrong in my configuration?

Below is a simple geronimo-web.xml configuration that I've done against one of 
the sample EJB applications to demonstrate the problem.

TIA,
John


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0";  
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0";>

        <dep:environment 
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2";>
                <dep:moduleId>
                        <dep:artifactId>MyTimeWeb</dep:artifactId>
                        <dep:version>1.0</dep:version>
                        <dep:type>war</dep:type>
                </dep:moduleId>
                <dep:dependencies>
                        <dep:dependency>
                                <dep:groupId>console.realm</dep:groupId>
                                <dep:artifactId>FortressRealm</dep:artifactId>
                                <dep:version>1.0</dep:version>
                                <dep:type>car</dep:type>
                        </dep:dependency>
                </dep:dependencies>
        </dep:environment>

        <context-root>/mytime</context-root>

        <security-realm-name>FortressRealm</security-realm-name>

        <sec:security>
                <sec:default-principal>
                        <sec:principal name="anonymous"
                                
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
                </sec:default-principal>
                <sec:role-mappings>
                        <sec:role role-name="EnmasseSuperUserRole">
                        
                                <sec:principal name="EnmasseSuperUser" 
                                        
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" />
                                <sec:principal name="role1" 
                                        
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" />

                                <!-- Support for this does not seem to be 
implemented: -->                                                      
                                <sec:distinguished-name 
name="uid=johnfield,ou=People,dc=jts,dc=us"></sec:distinguished-name>   
                                <sec:distinguished-name 
name="cn=EnmasseSuperUser,ou=Roles,ou=RBAC,dc=jts,dc=us"></sec:distinguished-name>
                                <sec:distinguished-name 
name="cn=role1,ou=Roles,ou=RBAC,dc=jts,dc=us"></sec:distinguished-name>
 
                                <!-- This works, but is not my preferred 
approach. -->                          
                                <sec:principal name="johnfield" 
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />   
 
                                </sec:role>
                </sec:role-mappings>
        </sec:security>


</web-app>

Support for in geronimo-web.xml

Reply via email to