You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by dj...@apache.org on 2005/09/30 09:59:39 UTC
svn commit: r292671 - in /geronimo/trunk/modules/assembly: maven.xml
src/plan/j2ee-client-corba-plan.xml src/plan/j2ee-client-security-plan.xml
Author: djencks
Date: Fri Sep 30 00:59:36 2005
New Revision: 292671
URL: http://svn.apache.org/viewcvs?rev=292671&view=rev
Log:
add client-security example plan, tweak a couple corba settings
Added:
geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml
Modified:
geronimo/trunk/modules/assembly/maven.xml
geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml
Modified: geronimo/trunk/modules/assembly/maven.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/maven.xml?rev=292671&r1=292670&r2=292671&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/maven.xml (original)
+++ geronimo/trunk/modules/assembly/maven.xml Fri Sep 30 00:59:36 2005
@@ -269,7 +269,7 @@
<!-- why aren't these used? -->
<!-- <j:set var="PlanORBHost" value="0.0.0.0"/>-->
<!-- <j:set var="PlanORBPort" value="2001"/>-->
- <j:set var="PlanORBSSLHost" value="0.0.0.0"/>
+ <j:set var="PlanORBSSLHost" value="localhost"/>
<j:set var="PlanORBSSLPort" value="2001"/>
<j:set var="PlanActiveMQPort" value="61616"/>
<j:set var="PlanDerbyPort" value="1527"/>
@@ -550,6 +550,12 @@
username="system"
password="manager"
plan="${basedir}/target/plan/j2ee-client-corba-plan.xml"
+ />
+ <deploy:distribute
+ uri="deployer:geronimo:jmx:rmi://localhost/jndi/rmi:/JMXConnector"
+ username="system"
+ password="manager"
+ plan="${basedir}/target/plan/j2ee-client-security-plan.xml"
/>
Modified: geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml?rev=292671&r1=292670&r2=292671&view=diff
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml (original)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-client-corba-plan.xml Fri Sep 30 00:59:36 2005
@@ -24,7 +24,7 @@
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
parentId="org/apache/geronimo/Client"
- configId="org/apache/geronimo/ClientCorba"
+ configId="org/apache/geronimo/ClientCORBA"
>
<gbean name="DyanmicStubClassLoader" class="org.openejb.corba.util.DynamicStubClassLoader"/>
Added: geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml?rev=292671&view=auto
==============================================================================
--- geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml (added)
+++ geronimo/trunk/modules/assembly/src/plan/j2ee-client-security-plan.xml Fri Sep 30 00:59:36 2005
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright 2005 The Apache Software Foundation
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- $Rev: 46040 $ $Date: 2004-09-14 14:28:44 -0700 (Tue, 14 Sep 2004) $ -->
+
+<!--
+Configuration for the main ring of a Geronimo app client.
+
+This configuration should contain those services normally provided
+by the app client.
+-->
+<configuration
+ xmlns="http://geronimo.apache.org/xml/ns/deployment"
+ parentId="org/apache/geronimo/Client"
+ configId="org/apache/geronimo/ClientSecurity"
+ >
+
+
+ <!-- required -->
+ <gbean name="SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
+ <reference name="ServerInfo">
+ <module>org/apache/geronimo/ClientSystem</module>
+ <name>ServerInfo</name>
+ </reference>
+ <attribute name="policyConfigurationFactory">org.apache.geronimo.security.jacc.GeronimoPolicyConfigurationFactory</attribute>
+ <attribute name="policyProvider">org.apache.geronimo.security.jacc.GeronimoPolicy</attribute>
+ <attribute name="keyStore">var/security/clientcert.jks</attribute>
+ <attribute name="keyStorePassword">changeit</attribute>
+ <attribute name="trustStore">var/security/clientcert.jks</attribute>
+ <attribute name="trustStorePassword">changeit</attribute>
+ </gbean>
+
+ <!-- required -->
+ <gbean name="LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration">
+ <references name="Configurations">
+ <pattern>
+ <gbean-name>geronimo.client:j2eeType=SecurityRealm,*</gbean-name>
+ </pattern>
+ <pattern>
+ <gbean-name>geronimo.client:j2eeType=ConfigurationEntry,*</gbean-name>
+ </pattern>
+ </references>
+ </gbean>
+
+ <!-- use for app client: logs into server remotely -->
+ <gbean name="ServerLoginStubDCE" class="org.apache.geronimo.security.jaas.DirectConfigurationEntry">
+ <attribute name="applicationConfigName">server-login</attribute>
+ <attribute name="controlFlag">REQUIRED</attribute>
+ <reference name="Module">
+ <name>ServerLoginCoordinator</name>
+ </reference>
+ </gbean>
+
+ <gbean name="ServerLoginCoordinator" class="org.apache.geronimo.security.jaas.LoginModuleGBean">
+ <attribute name="loginModuleClass">org.apache.geronimo.security.jaas.JaasLoginCoordinator</attribute>
+ <attribute name="serverSide">false</attribute>
+ <attribute name="options">
+ host=localhost
+ port=4242
+ realm=geronimo-properties-realm
+ </attribute>
+ <attribute name="loginDomainName">geronimo-properties-realm</attribute>
+ </gbean>
+
+ <!-- useful for corba: logs into a local realm, and server must reauthenticate each call -->
+ <gbean name="client-properties-realm"
+ class="org.apache.geronimo.security.realm.GenericSecurityRealm">
+ <attribute name="realmName">client-properties-realm</attribute>
+ <xml-reference name="LoginModuleConfiguration">
+ <lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig">
+ <lc:login-module control-flag="REQUIRED" server-side="true">
+ <lc:login-domain-name>client-properties-realm</lc:login-domain-name>
+ <lc:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</lc:login-module-class>
+ <lc:option name="usersURI">var/security/users.properties</lc:option>
+ <lc:option name="groupsURI">var/security/groups.properties</lc:option>
+ </lc:login-module>
+ </lc:login-config>
+ </xml-reference>
+ <reference name="ServerInfo">
+ <module>org/apache/geronimo/ClientSystem</module>
+ <name>ServerInfo</name>
+ </reference>
+ <reference name="LoginService">
+ <name>JaasLoginService</name>
+ </reference>
+ </gbean>
+ <!-- this is really a server-side only gbean but its needed to make the client side GenericSecurityRealm work -->
+ <gbean name="JaasLoginService" class="org.apache.geronimo.security.jaas.JaasLoginService">
+ <reference name="Realms">
+ <name>client-properties-realm</name>
+ </reference>
+ <!-- <attribute name="reclaimPeriod">100000</attribute>-->
+ <attribute name="algorithm">HmacSHA1</attribute>
+ <attribute name="password">secret</attribute>
+ </gbean>
+
+
+</configuration>