You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by "Ken T." <kt...@gmail.com> on 2009/05/02 12:58:09 UTC
Really basic security question
I have an install of Geronimo and a few web apps installed on it and I
would like to add some basic security so that only people I ask to look
at the demos can actually access them. I've created a user under
Geronimo called "demo" and given the user a password. Now I would like
to make the necessary changes to the web.xml or geronimo.xml file to tell
my web apps to not allow use by any user other than demo (or users in the
demo role). If I need to write a form to get the user name and password,
I can do that, but if there is a default form that can be used, I would
just assume use it.
So how do I go about doing this?
Thanks.
I looked online for this information but it assumed a much deeper
understanding of how security works than I really have. Any assistance
would be greatly appreciated. Thanks.
--
Ken T. <kt...@gmail.com>
Re: Really basic security question
Posted by Rex Wang <rw...@gmail.com>.
1. in \var\security, create 2 files, eg:rex_users.properties &
rex_groups.properties
rex_users.properties
-------------------------------------------
andy=aaa
bill=bbb
cindy=ccc
dan=ddd
-------------------------------------------
rex_groups.properties
-------------------------------------------
employee=andy,bill,cindy,dan
-------------------------------------------
2.in Web-console -> security realms Portlet
add new security realm
-> name of realm: rexRealm
realmType: Properties file realm
-> users file URI: var/security/rex_users.properties
groups file URI: var/security/rex_groups.properties
-> deploy realm
3. write a app like the following attachment.
HTH
Rex
2009/5/2 Ken T. <kt...@gmail.com>
> I have an install of Geronimo and a few web apps installed on it and I
> would like to add some basic security so that only people I ask to look
> at the demos can actually access them. I've created a user under
> Geronimo called "demo" and given the user a password. Now I would like
> to make the necessary changes to the web.xml or geronimo.xml file to tell
> my web apps to not allow use by any user other than demo (or users in the
> demo role). If I need to write a form to get the user name and password,
> I can do that, but if there is a default form that can be used, I would
> just assume use it.
>
> So how do I go about doing this?
>
> Thanks.
>
> I looked online for this information but it assumed a much deeper
> understanding of how security works than I really have. Any assistance
> would be greatly appreciated. Thanks.
>
> --
> Ken T. <kt...@gmail.com>
>
>
Re: Really basic security question
Posted by Jack Cai <gr...@gmail.com>.
You might want to take a look at the one of the Geronimo samples [1]. It
shows how to use LDAP for authentication, but it also shows how to configure
form-login.
-Jack
[1]
http://cwiki.apache.org/GMOxDOC21/ldap-sample-app-ldap-sample-application.html
2009/5/2 Ken T. <kt...@gmail.com>
> I have an install of Geronimo and a few web apps installed on it and I
> would like to add some basic security so that only people I ask to look
> at the demos can actually access them. I've created a user under
> Geronimo called "demo" and given the user a password. Now I would like
> to make the necessary changes to the web.xml or geronimo.xml file to tell
> my web apps to not allow use by any user other than demo (or users in the
> demo role). If I need to write a form to get the user name and password,
> I can do that, but if there is a default form that can be used, I would
> just assume use it.
>
> So how do I go about doing this?
>
> Thanks.
>
> I looked online for this information but it assumed a much deeper
> understanding of how security works than I really have. Any assistance
> would be greatly appreciated. Thanks.
>
> --
> Ken T. <kt...@gmail.com>
>
>