Child pages
  • Database (SQL) Realm

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Wiki Markup
{scrollbar}

In this section we will focus on the use a database for verifying and retrieving user names and passwords.

...

If you get an error the first time you try to validate this realm, you will very likely see the SQL Exception: Failed to start database ... error in the terminal and logs. This is a know issue with Derby, you will need to restart Geronimio so the new database can communicate properly.

...

<geronimo_home>\bin\deploy --user system --password manager deploy <realm_path>\derby_security_realm.xml

...

...


<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>derby_security_realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.configs</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
            <dependency>
                <groupId>console.dbpool</groupId>
                <artifactId>SecurityDatabasePool</artifactId>
                <version>1.0</version>
                <type>rar</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="derby_security_realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType"
           xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">derby_security_realm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>derby_security_realm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
                    <log:option name="dataSourceName">SecurityDatabasePool</log:option>
                    <log:option name="dataSourceApplication">null</log:option>
                    <log:option name="groupSelect">select username, groupname from groups where username=?</log:option>
                    <log:option name="userSelect">select username, password from users where username=?</log:option>
                </log:login-module>
                <log:login-module control-flag="OPTIONAL" wrap-principals="false">
                    <log:login-domain-name>derby_security_realm-Audit</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
                    <log:option name="file">var/log/derby_security_realm.log</log:option>
                </log:login-module>
                <log:login-module control-flag="REQUISITE" wrap-principals="false">
                    <log:login-domain-name>derby_security_realm-Lockout</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.RepeatedFailureLockoutLoginModule</log:login-module-class>
                    <log:option name="failureCount">3</log:option>
                    <log:option name="failurePeriodSecs">10</log:option>
                    <log:option name="lockoutDurationSecs">60</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>

Once the security realm has been created, you can use the usage link to view samples of how to use the new realm in your applications.