You can add users and groups via the Geronimo Administration Console or by modifying some configuration files. We will start simple by using the realm provided by Geronimo by default. Then, as we explore the different realms and security configurations, we will come back and revisit some of the topics as needed.
To manage users and groups via the Geronimo Administration Console the Console Realm portlet is available on the Console Navigation menu on the left hand side. Here you will find two portlets, one for administering users and another for administering user groups, both are illustrated in the following figures.
To change a user's password click on (Details next to the user you want to update in the Console Realm Users portlet, it will bring up the UserID and Password so you can update that profile.
To remove a user click on the corresponding Delete, you will be prompted to confirm deletion of that user, click OK.
To add a new user click on Create New User, you will be prompted for a UserID and Password (twice), enter those values and click Add.
Once you created new users you can add them to group. By default, the group admin is available and the user system is in that group. If you click on the Details next to the admin group you will see the user system in the window on the right and any other available user will be listed in the window on the left.
To add a new user to this group select the user first, then click Add >> and then click Update.
To create a new group click on Create New Group, this step is very similar to the one mentioned before for the users. In addition to be prompted for adding users to this group you will also have to provide a group name. Once you entered the new group name and added the users click on Add to finish.
The changes you made via the Console Realm Users and Console Realm Groups portlets are reflected in two different files, these files are users.properties and groups.properties respectively and they are located in the <geronimo_home>\var\security directory.
You can equally administer users and groups by modifying directly these files:
users.properties uses the <user_name>=<password> format, groups.properties uses the <group_name>=<user_name> format. See the following examples for additional details.
As we are using the basic, by default, security configuration you will see the user IDs and passwords are stored in plain text. You can add, remove and change passwords from this file.
Just like with the users, with the
groups.properties you can add and remove groups and users to those groups.
The files mentioned in this sections along with the all the security configuration in addition to user names and passwords are defined in the geronimo-properties-realm security realm covered in the Administering security realms section.