...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
admin=client1,client2 |
The deployment plan of the Certificate Properties File Realm CertificatePropsRealm is as follows:
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
<environment>
<moduleId>
<groupId>console.realm</groupId>
<artifactId>cert-prop-file-realm</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
<dependencies>
<dependency>
<groupId>org.apache.geronimo.framework</groupId>
<artifactId>j2ee-security</artifactId>
<type>car</type>
</dependency>
</dependencies>
</environment>
<gbean name="cert-prop-file-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep=
"http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<attribute name="realmName">CertificatePropsRealm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
<log:login-module control-flag="REQUIRED" wrap-principals="false">
<log:login-domain-name>CertificatePropsRealm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
<log:option name="usersURI">var/security/user_sample.properties</log:option>
<log:option name="groupsURI">var/security/group_sample.properties</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
|
where
<moduleId> </moduleId>: is the tag that defines the module ID of the security realm. This attribute is included as a dependency in the deployment plan of any application that uses this security realm to authenticate clients.
Configure the deployment descriptor and deployment plan of your web application to use the Certificate Properties File Realm for client authentication. For example, applications which use the CertificatePropsRealm security realm must configure their deployment descriptor as follows:
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"
xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"
xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2">
<sys:environment>
<sys:moduleId>
<sys:groupId>org.apache.geronimo</sys:groupId>
<sys:artifactId>sampleapplication</sys:artifactId>
<sys:version>1.0</sys:version>
<sys:type>car</sys:type>
</sys:moduleId>
<sys:dependencies>
<sys:dependency>
<sys:groupId>console.realm</sys:groupId>
<sys:artifactId>CertificatePropsRealm<artifactId>cert-prop-file-realm</sys:artifactId>
<sys:version>1.0</sys:version>
<sys:type>car</sys:type>
</sys:dependency>
</sys:dependencies>
</sys:environment>
<context-root>/cert-realm-sample</context-root>
<security-realm-name>CertificatePropsRealm</security-realm-name>
<security>
<default-principal realm-name="CertificatePropsRealm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client1"/>
<!-- name should match the entries from cert-users.properties of the realm -->
</default-principal>
<role-mappings>
<role role-name="content-administrator">
<realm realm-name="CertificatePropsRealm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
<!-- name should match the entries from cert-groups.properties of the realm -->
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client1"/>
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client2"/>
</realm>
</role>
</role-mappings>
</security>
</web-app>
|
...