Properties file security realms

This realm type allows you to configure Web applications to authenticate users against it.

Enter the name of security realm and select Properties File Realm from the Realm type: menu. Click Next and follow the wizard.

When you create a new properties file realm through the administrative console, the key values you supply are in the configuration options field, which is the location and filenames of the user and group property files, for example:

usersURI=var/security/vhost1_users.properties
groupsURI=var/security/vhost1_groups.properties

By default, the security realm used by the server to authenticate administrative users for console and deployer access, is the geronimo-admin properties file realm.

The following example illustrates a deployment plan for this default geronimo-admin realm.

<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>geronimo-admin</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.configs</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="geronimo-admin" class="org.apache.geronimo.security.realm.GenericSecurityRealm"
                 xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">geronimo-admin</attribute>
        <attribute name="global">true</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <reference name="LoginService">
            <name>JaasLoginService</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
                    <log:login-domain-name>geronimo-admin</log:login-domain-name>
                    <log:login-module-class>
                         org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
                    </log:login-module-class>
                    <log:option name="usersURI">var/security/users.properties</log:option>
                    <log:option name="groupsURI">var/security/groups.properties</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>

Once the security realm has been created, you can click the usage link to view samples of how to apply the new realm in your applications.

  • No labels