To administer security realms via the Geronimo Administration Console the Security Realms portlet is available on the Console Navigation menu on the left hand side. This portlet allows you to add a new security realm or edit an existing one. To remove realms you would normally use the command line option with the Deployer tool.
Listed in this portlet you will find all the available security realms. By default, the security realm used by Geronimo to authenticate users via properties file is geronimo-properties-realm
.
When you edit an existing realm (in this case geronimo-properties-realm
) you will be presented with the following screen, note that you will not be able to change the realm name nor the login domain name.
The following example illustrates the deployment plan generated by this realm.
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1"> <environment> <moduleId> <groupId>console</groupId> <artifactId>realm-geronimo-properties-realm</artifactId> <version>1.0</version> <type>car</type> </moduleId> <dependencies> <dependency> <groupId>geronimo</groupId> <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> </dependencies> </environment> <gbean name="geronimo-properties-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> <attribute name="realmName">geronimo-properties-realm</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <reference name="LoginService"> <name>JaasLoginService</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1"> <log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false"> <log:login-domain-name>geronimo-properties-realm</log:login-domain-name> <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class> <log:option name="usersURI">var/security/users.properties</log:option> <log:option name="groupsURI">var/security/groups.properties</log:option> </log:login-module> </log:login-config> </xml-reference> </gbean> </module>
As we mentioned before, this plan is for the default, properties file based, security realm. When you create a new realm you will have to choose from the following realm types available:
- Certificate Properties File Realm
- Database (SQL) Realm
- LDAP Realm
- Properties File Realm
- Other
The last available option lets you create your custom realm type when none of the above fits your environment needs.
Having the Properties File Real covered by default we will now focus on the other alternatives.