This article shows you how to create a security realm using Geronimo Eclipse Plugin(GEP) during development.

GEP provides an easy-using wizard for different types of security realm configuration such as properties file realm, SQL realm and LDAP realm.

In this article, we use a sample Dynamic Web Project and SQL realm for demonstration. You can of course choose the project or realm type as you needed.

Creating a SQL realm

  1. Double-click the geronimo-web.xml file under /META-INF directory of your application to open it in Geronimo Deployment Plan Editor, you will see general information page of the application.
  2. Select Security tab, and then open Security Realm section to display the security realms that are defined.
    • Add - start a wizard for security realm creation.
    • Remove - remove an existing security realm.
    • Edit - reconfigure an existing security realm.
  3. Click Add to start a security realm wizard and fill in required fields. In this example, we select SQL Realm.
    • Realm Name is used to specify the name of the security realm that will be used for user authentication for the application.
    • Realm Type is the type of login module.
  4. Click Next to input SQL statements for user and group verification.
    • Select SQL : input SQL statements to retrieve user and group information from database .
    • Digest Configuration : specify digesting algorithm and encoding configuration for the user's password.
  5. Input a database pool name or JDBC URL to connect to the database where the credentials are stored.
  6. Click Finish to complete the wizard, and you will see that the realm and corresponding LoginModule class are listed in the Security Realm section.
  7. In the tool-bar, click Finish to save the changes.

Now you have created a new security realm for a simple Web application. You can click the Source tab to review the sample deployment plan.

geronimo-web.xml <?xml version="1.0" encoding="UTF-8"?> <web:web-app xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0" xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2" xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0" xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2" xmlns:pers="http://java.sun.com/xml/ns/persistence" xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"> <dep:environment> <dep:moduleId> <dep:groupId>default</dep:groupId> <dep:artifactId>TestWAR</dep:artifactId> <dep:version>1.0</dep:version> <dep:type>car</dep:type> </dep:moduleId> <dep:dependencies> <dep:dependency> <dep:groupId>org.apache.geronimo.framework</dep:groupId> <dep:artifactId>j2ee-security</dep:artifactId> <dep:type>car</dep:type> </dep:dependency> </dep:dependencies> </dep:environment> <web:context-root>/TestWAR</web:context-root> <dep:gbean class="org.apache.geronimo.security.realm.GenericSecurityRealm" name="testSQLRealm"> <dep:attribute name="realmName">testSQLRealm</dep:attribute> <dep:reference name="ServerInfo"> <dep:name>ServerInfo</dep:name> </dep:reference> <dep:xml-reference name="LoginModuleConfiguration"> <log:loginConfig> <log:login-module control-flag="REQUIRED" wrap-principals="false"> <log:login-domain-name>testSQLRealm</log:login-domain-name> <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class> <log:option name="dataSourceName">SecurityDatabasePool</log:option> <log:option name="userSelect">select username, password from users where username=?</log:option> <log:option name="groupSelect">select username, groupname from groups where username=?</log:option> <log:option name="digest"/> <log:option name="encoding"/> </log:login-module> </log:loginConfig> </dep:xml-reference> </dep:gbean> </web:web-app>
  • No labels