blob: 705010bf7ccf219b2c22079e6b5222e97eb9947c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<web:web-app
xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0"
xmlns:client="http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0"
xmlns:conn="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2"
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-2.0"
xmlns:ejb="http://openejb.apache.org/xml/ns/openejb-jar-2.2"
xmlns:name="http://geronimo.apache.org/xml/ns/naming-1.2"
xmlns:pers="http://java.sun.com/xml/ns/persistence"
xmlns:pkgen="http://openejb.apache.org/xml/ns/pkgen-2.1"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"
xmlns:web="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1">
<dep:environment>
<dep:moduleId>
<dep:groupId>org.apache.tuscany</dep:groupId>
<dep:artifactId>sample-store-secure-webapp</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>car</dep:type>
</dep:moduleId>
<!-- TUSCANY-2622 -->
<dep:hidden-classes>
<dep:filter>org.apache.axiom</dep:filter>
<dep:filter>org.apache.axis2</dep:filter>
<dep:filter>org.apache.commons</dep:filter>
<dep:filter>org.jdom</dep:filter>
</dep:hidden-classes>
</dep:environment>
<web:context-root>/sample-store-secure-webapp</web:context-root>
<web:security-realm-name>ldap-realm</web:security-realm-name>
<sec:security>
<sec:role-mappings>
<!--
<sec:role role-name="manager">
<sec:principal name="lmanager" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
</sec:role>
<sec:role role-name="user">
<sec:principal name="lresende" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" />
</sec:role>
-->
<sec:role role-name="manager">
<sec:principal name="managers" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" designated-run-as="true"/>
</sec:role>
</sec:role-mappings>
</sec:security>
<dep:gbean name="ldap-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<dep:attribute name="realmName">ldap-realm</dep:attribute>
<dep:xml-reference name="LoginModuleConfiguration">
<lc:login-config>
<lc:login-module control-flag="REQUIRED" wrap-principals="false">
<lc:login-domain-name>ldap-realm</lc:login-domain-name>
<lc:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</lc:login-module-class>
<!-- lc:option name="users">foo,bar</lc:option-->
<lc:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</lc:option>
<lc:option name="connectionURL">ldap://dpev007.innovate.ibm.com:389</lc:option>
<lc:option name="connectionUsername">cn=ldaproot,dc=tnc,dc=org</lc:option>
<lc:option name="connectionPassword">ldappass</lc:option>
<lc:option name="authentication">simple</lc:option>
<lc:option name="userBase">ou=people,dc=tnc,dc=org</lc:option>
<lc:option name="userSearchMatching">uid={0}</lc:option>
<lc:option name="userSearchSubtree">false</lc:option>
<lc:option name="roleBase">ou=groups,dc=tnc,dc=org</lc:option>
<lc:option name="roleName">cn</lc:option>
<lc:option name="roleSearchMatching">(member={0})</lc:option>
<lc:option name="roleSearchSubtree">false</lc:option>
</lc:login-module>
</lc:login-config>
</dep:xml-reference>
</dep:gbean>
</web:web-app>
|
