[GERONIMO-4603] PropertiesLoginManager is hardwired to properties-login login module - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.4, 2.2
Fix Version/s: 2.2, 3.0.0
Component/s: console
Security Level: public (Regular issues)
Labels:
None

Description

In production you want to replace the toy properties login realm with something else such as an ldap realm. However the admin console has a hardwired dependency on the properties-login gbean.

We should make the reference from PropertiesLoginManager multi-valued and scan through it for properties login modules so you can edit any such properties files.

Workaround for replacing server-security-config with something with a real security realm is to include the properties login module as a dummy, not used in a security realm:

<gbean name="properties-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
<attribute name="options">
usersURI=var/security/users.properties
groupsURI=var/security/groups.properties
</attribute>
<attribute name="loginDomainName">geronimo-admin</attribute>
</gbean>

Attachments

Activity

People

Assignee:: Haihong Xu

Reporter:: David Jencks

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 25/Mar/09 09:48

Updated:: 18/Sep/09 13:19

Resolved:: 18/Sep/09 13:19