This article is about how to replace default .properties realm
geronimo-admin with SQL or LDAP realms.
By default, Geronimo is using a .properties file realm for authentication named
geronimo-admin, which is used by JMX server, Administration Console, Online-deploy and MEJB applications. However, you may not want to use it for production use. Alternatively, you can use database(SQL) or LDAP realms in a production environment. To demonstrate how to replace the default realm, we will use 2 samples as followed:
With a database(SQL) realm
In this example, we will use an embedded Derby database as the security provider.
- Create a database named
SecurityDatabaseusing DB manager on the administration console;
- Create two tables
Groupsto store user credential and group information;
- Create an Derby XA database pool named
SecurityDatabasePoolusing Database Pools on the console;
- Stop the server and update module
<Geronimo_Home>/var/config/config.xmlfile to enable the SQL realm. Where
- geronimo_admin is the same realm name as the original one. You might use another name instead, by doing so, you have to replace the security realm name in all other applications that were using the same security constraint as console.
- Then,restart the server and try to login with user name userone and password p1. You will see the newly created SQL realm working.
With a LDAP realm
To replace the default .properties file realm using a LDAP realm, the configuration is nearly identical to the sample above. The only difference is to use
LoginModuleClass. Here is the code snippet you can use in