Page History

...

...

You want to replace server-security-config with your own Geronimo plugin (see Administering plugins) that contains a security realm customized for your security setup (e.g. ldap) and includes whatever keystores you need. To replace all uses of server-security-config with your plugin, include an artifact-alias element in your geronimo-plugin.xml file.

<artifact-alias key="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car">com.myco/myco-security-config/1.0/car</artifact-alias>
<artifact-alias key="org.apache.geronimo.framework/server-security-config//car">com.myco/myco-security-config/1.0/car</artifact-alias>

Another option is to use maven with the car-maven-plugin. The above code would need to be included in the car-maven-plugin configuration in pom.xml.

Note that if you want the admin console and MEJB to continue working without redeployment, you have to include a security realm named geronimo-admin. geronimo-admin should supply supply appropriate users with principals of class org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal and names of (as appropriate) admin (for console and MEJB read access) and mejbadmin (for MEJB write access).

...

While getting all your configuration into plugins with source code in scm and built by maven provides a completely reproducible environment, you might want to experiment with a security realm you set up using the admin console. In this case you need to, while geronimo is stopped, edit the var/config/artifact-aliases.properties file by hand. Assuming that you named the configuration geronimo-admin the console will come up with a plugin id of console.realm/geronimo-admin/1.0/car. You need to put lines like:

org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car=console.realm/geronimo-admin/1.0/car
org.apache.geronimo.framework/server-security-config//car=console.realm/geronimo-admin/1.0/car

where you've replaced 2.2-SNAPSHOT with the actual version of geronimo you are using.

...