Home > Apache Geronimo v1.0 > Documentation > Apache Geronimo v1.0 - User's Guide > Security > Geronimo Login Config Schema |
As was explained before, Geronimo login configuration schema was devised as a user-friendly syntax for configuring Security Realm GBeans. It is included with xml-reference element into the host GBean and processed by the syntax-aware deployer.
Geronimo login configuration namespace is http://geronimo.apache.org/xml/ns/loginconfig-1.0 and the schema file is geronimo-login-config-1.0.xsd. All types are defined in this namespace.
Element login-config of the login-configType type is the top-level element in the login configuration schema.
It defines login module configurations for the enclosing Security Realm GBean. Currently the only GBean that implements the SecuritRealm interface is GenericSecurityRealm.
<xsd:complexType name="login-configType"> <xsd:annotation> <xsd:documentation> Defines the list of login modules for a login configuration represented by a GenericSecurityRealm </xsd:documentation> </xsd:annotation> <xsd:sequence> <xsd:choice minOccurs="0" maxOccurs="unbounded"> <xsd:element name="login-module-ref" type="geronimo:login-module-refType" minOccurs="0" maxOccurs="unbounded"/> <xsd:element name="login-module" type="geronimo:login-moduleType" minOccurs="0" maxOccurs="unbounded"/> </xsd:choice> </xsd:sequence> </xsd:complexType>
login-module-ref - optinal element in the sequence of choices. Defines reference to a login module.
login-module - optional element in the sequence of choices. Defines login module.
This is an abstract base type from which all other login module types are derived.
<xsd:complexType name="abstract-login-moduleType" abstract="true"> <xsd:attribute name="control-flag" type="geronimo:control-flagType" use="required"/> </xsd:complexType>
@control-flag - login module control flag of the geronimo:control-flagType. Defines how authentication outcome from the login module must be combined with authentication outcomes from other login modules.
This type constrains the values of the module control flag. Values of this type emulate JAAS module combination semantics.
<xsd:simpleType name="control-flagType"> <xsd:restriction base="xsd:string"> <xsd:enumeration value="REQUIRED"/> <xsd:enumeration value="REQUISITE"/> <xsd:enumeration value="SUFFICIENT"/> <xsd:enumeration value="OPTIONAL"/> </xsd:restriction> </xsd:simpleType>
This type allows reference to the login module by the object name. Object name is split into components, so you do not have to write an extensive object name by hand, just a extensive object-name enclosed in pointy brackets.
Login-module-refType extends from abstract-login-moduleType.
<xsd:complexType name="login-module-refType"> <xsd:complexContent> <xsd:extension base="geronimo:abstract-login-moduleType"> <xsd:sequence> <xsd:element name="domain" type="xsd:string" minOccurs="0"/> <xsd:element name="server" type="xsd:string" minOccurs="0"/> <xsd:element name="application" type="xsd:string" minOccurs="0"/> <xsd:element name="module" type="xsd:string" minOccurs="0"/> <xsd:element name="type" type="xsd:string" minOccurs="0"/> <xsd:element name="name" type="xsd:string"/> </xsd:sequence> </xsd:extension> </xsd:complexContent> </xsd:complexType>
@control-flag - required attribute of the control-flagType type. It is inherited from the abstract base class. Defines how referenced login module authentication outcome must be combined with authentication outcome of other modules.
domain - optional element of the xs:string type that defines domain component of the login module object name.
server - optional element of the xs:string type that defines server component of the login module object name.
application - optional element of the xs:string type that defines application component of the login module object name.
module - optional element of the xs:string type that defines module component of the login module object name
type - optional element of the xs:string type that defines j2eeType component of the login module object name.
name - required element of the xs:string type that defines name component of the login module object name.
The login-moduleType describes configuration for one login module within the enclosing GenericSecurityRealm GBean.
<xsd:complexType name="login-moduleType"> <xsd:complexContent> <xsd:extension base="geronimo:abstract-login-moduleType"> <xsd:sequence> <xsd:element name="login-domain-name" type="xsd:string"/> <xsd:element name="login-module-class" type="xsd:string"/> <xsd:element name="option" type="geronimo:optionType" minOccurs="0" maxOccurs="unbounded"/> </xsd:sequence> <xsd:attribute name="server-side" type="xsd:boolean" use="required"/> </xsd:extension> </xsd:complexContent> </xsd:complexType>
@control-flag - required attribute of the control-flagType type. It is inherited from the abstract base class. Defines how login module authentication outcome must be combined with authentication outcome of other modules.
@server-side - required attribute of the xs:boolean type. If set to true login module is server-side login module.
login-domain-name - required element of the xs:string type. This is Login Domain name.
login-module-class - required element of the xs:string type. This is a name of the class that implements this login module.
option - optional sequence of options of type optionType from 0 to many. Options are specific to the login module.
This type defines login module specific option, like location of the authentication database, etc.
<xsd:complexType name="optionType"> <xsd:simpleContent> <xsd:extension base="xsd:string"> <xsd:attribute name="name" type="xsd:string" use="required"/> </xsd:extension> </xsd:simpleContent> </xsd:complexType>
@name - required attribute of type xs:string. This is login module option name.