...
You can also include security realm configuration, keystores, and credential stores in your geronimo plan for your application. Just put the gbean configurations at the end after the javaee specific configuration. In this case you may not want to remove the standard server-security-config as removing it would prevent the admin console or mejb from starting.
For Web applications using Spring Security
Spring security may secure spring applications but it won't relate to container managed authorization in Geronimo unless you do something to hook it up. You need some code that looks vaguely like this:
| Code Block | ||||
|---|---|---|---|---|
| ||||
Subject subject = getSpringAuthenticatedSubject(); ContextManager.registerSubject(subject); //if the subject is cached in a session this should only happen once when the subject is first authenticated/constructed. //the following should happen on every request ContextManager.setCallers(subject, subject); try { //process request } finally { ContextManager.clearCallers(); } |