Apache Geronimo v2.2 Documentation: Administering Security

Configuring and administering the Apache Geronimo Server

This topic covers some common security related tasks such as adding and removing users and groups, dealing with digital certificates and increasing the security level by using different realms and authentication methods.

Configuring JavaEE App Client Security — Application client security starts with specifying the CallbackHandler you want to use in the app client deployment descriptor (in Geronimo) or in a similar element in the Geronimo deployment plan.
Configuring login modules — Geronimo replaces login.conf entirely with one that is configured via GenericSecurityRealm GBeans.
Configuring run-as and Default Subjects, and principal-role mapping — Starting in Geronimo 2.0.1 we have adopted the basic principle that all security flows from Subjects that result from logging in to a security realm.
Administering certificates — This section is about how to administer certificates from console.
Administering users and groups — You can add users and groups via the Geronimo Administration Console or by modifying some configuration files.
- Obscuring Passwords
OpenID — OpenID is an open specification for distributed authentication for web apps popularly used for social networking applications.
Certification Authority — This release of Apache Geronimo allows you to define your own Certification Authority (CA) and issue certificates in reply to Certificate Signing Requests (CSR).
Configuring secure JMX server — Starting with Geronimo 2.1.2, Geronimo has a secure JMX server. However, the JMX server is not started by default.
Basic Hints on Security Configuration — In a normal Geronimo server, the basic security configuration is divided into two plugins, j2ee-security and server-security-config.
Replacing default Realm in Geronimo — This article is about how to replace default .properties realm geronimo-admin with SQL or LDAP realms.
Administering security realms — To administer security realms via the Geronimo Administration Console the Security Realms portlet is available on the Console Navigation menu on the left hand side.