The security schema namespace for the Apache Geronimo M5 is "http://geronimo.apache.org/xml/ns/security-1.0"

Geronimo M5 and earlier versions do not support concepts of the DomainPrincipal and RealmPrincipal. When wrapping J2EE roles to Principals, Principal elements are wrapped by the Realm elements.

<xsd:complexType name="roleType">
   <xsd:sequence>
      <xsd:element name="description" type="security-1.0:descriptionType" 
         minOccurs="0" maxOccurs="unbounded"/>
      <xsd:element name="realm" type="security-1.0:realmType" minOccurs="0" 
         maxOccurs="unbounded"/>
      <xsd:element name="distinguished-name" 
         type="security-1.0:distinguishedNameType" minOccurs="0" 
         maxOccurs="unbounded"/>
   </xsd:sequence>
   <xsd:attribute name="role-name" type="xsd:string" use="required"/>
</xsd:complexType>
<?xml version="1.0" encoding="UTF-8"?>
<web-app
    xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"
    xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.0"
    configId="org/apache/geronimo/tools/JMXConsole"
    parentId="org/apache/geronimo/Server">

    <context-root>/example</context-root>
    <context-priority-classloader>false</context-priority-classloader>

    <security-realm-name>geronimo-properties-realm</security-realm-name>
    <sec:security>
        <sec:default-principal realm-name="geronimo-properties-realm">
            <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
        </sec:default-principal>
        <sec:role-mappings>
            <sec:role role-name="admin">
                <sec:realm realm-name="geronimo-properties-realm">
                    <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
                        name="admin" designated-run-as="true"/>
                </sec:realm>
            </sec:role>
        </sec:role-mappings>
    </sec:security>
</web-app>
  • No labels