...
<moduleId> .. </moduleId>
: is the tag that defines the module ID of the security realm. This attribute is included Applications which use this security realm for authentication should include this attribute as a dependency in the deployment plan of any application that uses this security realm to authenticate clients.<attribute name="realmName">CertificatePropsRealm</attribute>
:CertificatePropsRealm
is the name of the security realm.
Configure the deployment descriptor and deployment plan of your web application to use the Certificate Properties File Realm for client authentication. For example, applications which use the CertificatePropsRealm
security realm must configure their The deployment descriptor is configured as follows:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>Not Required for CLIENT-CERT</realm-name> </login-config> |
...
<auth-method>CLIENT-CERT</auth-method>
: suggests that the auth-method is set toCLIENT-CERT
and thus, uses client certificate for authentication.CLIENT-CERT
is often used for SSL mutual authentication. In Geronimo, such configuration suggests that a Certificate Properties File Realm is used for authentication with a client certificate.
The deployment plan is configured Web applications which use the CertificatePropsRealm
security realm, for example, must configure their deployment plans as follows:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1" xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"> <sys:environment> <sys:moduleId> <sys:groupId>org.apache.geronimo</sys:groupId> <sys:artifactId>sampleapplication</sys:artifactId> <sys:version>1.0</sys:version> <sys:type>car</sys:type> </sys:moduleId> <sys:dependencies> <sys:dependency> <sys:groupId>console.realm</sys:groupId> <sys:artifactId>cert-prop-file-realm</sys:artifactId> <sys:version>1.0</sys:version> <sys:type>car</sys:type> </sys:dependency> </sys:dependencies> </sys:environment> <context-root>/cert-realm-sample</context-root> <security-realm-name>CertificatePropsRealm</security-realm-name> <security> <default-principal realm-name="CertificatePropsRealm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client1"/> <!-- name should match the entries from cert-users.properties of the realm --> </default-principal> <role-mappings> <role role-name="content-administrator"> <realm realm-name="CertificatePropsRealm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/> <!-- name should match the entries from cert-groups.properties of the realm --> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client1"/> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="client2"/> </realm> </role> </role-mappings> </security> </web-app> |
...