<?xml version="1.0" encoding="UTF-8"?> | |
<!-- | |
Licensed to the Apache Software Foundation (ASF) under one or more | |
contributor license agreements. See the NOTICE file distributed with | |
this work for additional information regarding copyright ownership. | |
The ASF licenses this file to You under the Apache License, Version 2.0 | |
(the "License"); you may not use this file except in compliance with | |
the License. You may obtain a copy of the License at | |
http://www.apache.org/licenses/LICENSE-2.0 | |
Unless required by applicable law or agreed to in writing, software | |
distributed under the License is distributed on an "AS IS" BASIS, | |
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
See the License for the specific language governing permissions and | |
limitations under the License. | |
--> | |
<!-- $Rev: 661037 $ $Date: 2008-05-28 11:19:08 -0700 (Wed, 28 May 2008) $ --> | |
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" | |
xmlns:geronimo="http://geronimo.apache.org/xml/ns/loginconfig-2.0" | |
targetNamespace="http://geronimo.apache.org/xml/ns/loginconfig-2.0" | |
xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2" | |
elementFormDefault="qualified" attributeFormDefault="unqualified" | |
version="2.0"> | |
<xsd:annotation> | |
<xsd:documentation> | |
This is an XML Schema Definition for login module configuration to | |
use for particular security module. Login module configuration is | |
specified by the level element as login-config with namespace | |
specified as xmlns = | |
"http://geronimo.apache.org/xml/ns/loginconfig-2.0". The default | |
location for this document is: | |
http://geronimo.apache.org/xml/ns/loginconfig-2.0 | |
The definition of the XML format for storing login-config should | |
look like this: | |
<![CDATA[ | |
<login-config xmlns="http://geronimo.apache.org/xml/ns/loginconfig-2.0"> | |
<login-module control-flag="REQUIRED"> | |
<login-domain-name> | |
some-name | |
</login-domain-name> | |
<login-module-class> | |
org.apache.geronimo.LoginModuleClass | |
</login-module-class> | |
<option name="usersURI"> | |
usersinfo | |
</option> | |
</login-module> | |
</login-config> | |
]]> | |
</xsd:documentation> | |
</xsd:annotation> | |
<xsd:import namespace="http://geronimo.apache.org/xml/ns/deployment-1.2" | |
schemaLocation="geronimo-module-1.2.xsd"> | |
<xsd:annotation> | |
<xsd:documentation> | |
Import Geronimo Services deployment plans, the imported plan | |
includes complex types like moduleType, environmentType, | |
dependenciesType, etc. required by this plan schema. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:import> | |
<xsd:element name="login-config" type="geronimo:login-configType"> | |
<xsd:annotation> | |
<xsd:documentation> | |
The root element for Geronimo login module configuration. This | |
configuration can either refer to existing login module or | |
define a new login configuration. Note that the sub-elements of | |
this element should be as in the given order in sequence. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:element> | |
<xsd:complexType name="login-configType"> | |
<xsd:annotation> | |
<xsd:documentation> | |
Defines the list of login modules for a login configuration | |
represented by a GenericSecurityRealm | |
</xsd:documentation> | |
</xsd:annotation> | |
<xsd:sequence> | |
<xsd:choice minOccurs="0" maxOccurs="unbounded"> | |
<xsd:element name="login-module-ref" | |
type="geronimo:login-module-refType"> | |
<xsd:annotation> | |
<xsd:documentation> | |
The login-module-ref element defines a reference to | |
existing login module configured in some other | |
GBean. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:element> | |
<xsd:element name="login-module" | |
type="geronimo:login-moduleType"> | |
<xsd:annotation> | |
<xsd:documentation> | |
The login-module element defines a new login module | |
configuration. It should provide the complete | |
information to GBean module being referred. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:element> | |
</xsd:choice> | |
</xsd:sequence> | |
</xsd:complexType> | |
<xsd:complexType name="abstract-login-moduleType" abstract="true"> | |
<xsd:attribute name="control-flag" type="geronimo:control-flagType" | |
use="required"> | |
<xsd:annotation> | |
<xsd:documentation> | |
The control-flag attribute specifies the JAAS control flag | |
used for this a login module configuration. It can be | |
REQUIRED, REQUISITE, SUFFICIENT, or OPTIONAL as defined by | |
JAAS API's. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:attribute> | |
<xsd:attribute name="wrap-principals" type="xsd:boolean"> | |
<xsd:annotation> | |
<xsd:documentation> | |
This boolean attribute specifies if the principals are | |
wrapped in this login module. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:attribute> | |
</xsd:complexType> | |
<xsd:complexType name="login-module-refType"> | |
<xsd:complexContent> | |
<xsd:extension base="geronimo:abstract-login-moduleType"> | |
<xsd:annotation> | |
<xsd:documentation> | |
Include attributes defined in abstract-login-moduleType | |
above. | |
</xsd:documentation> | |
</xsd:annotation> | |
<xsd:sequence> | |
<xsd:element name="pattern" type="sys:patternType"> | |
<xsd:annotation> | |
<xsd:documentation> | |
The pattern element defines a components of the | |
abstract name of GBean referred. It includes | |
information like groupId, artifactId, version, | |
module, type, and name of the GBean module. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:element> | |
</xsd:sequence> | |
</xsd:extension> | |
</xsd:complexContent> | |
</xsd:complexType> | |
<xsd:simpleType name="control-flagType"> | |
<xsd:restriction base="xsd:string"> | |
<xsd:enumeration value="REQUIRED"> | |
<xsd:annotation> | |
<xsd:documentation> | |
REQUIRED: Defines the requirement of this login module | |
configuration for authentication. In any case, control | |
will proceed to next login module. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:enumeration> | |
<xsd:enumeration value="REQUISITE"> | |
<xsd:annotation> | |
<xsd:documentation> | |
REQUISITE: Defines the requirement of this login module | |
configuration for authentication. On failure, control | |
will return to application else proceed to next login | |
module. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:enumeration> | |
<xsd:enumeration value="SUFFICIENT"> | |
<xsd:annotation> | |
<xsd:documentation> | |
SUFFICIENT: Defines the non-requirement of this login | |
module configuration for authentication. On success, | |
control will return to application else proceed to next | |
login module. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:enumeration> | |
<xsd:enumeration value="OPTIONAL"> | |
<xsd:annotation> | |
<xsd:documentation> | |
OPTIONAL: Defines the requirement of this login module | |
configuration for authentication. In any case, control | |
will return to application. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:enumeration> | |
</xsd:restriction> | |
</xsd:simpleType> | |
<xsd:complexType name="login-moduleType"> | |
<xsd:complexContent> | |
<xsd:extension base="geronimo:abstract-login-moduleType"> | |
<xsd:annotation> | |
<xsd:documentation> | |
Include attributes defined in abstract-login-moduleType | |
above. | |
</xsd:documentation> | |
</xsd:annotation> | |
<xsd:sequence> | |
<xsd:element name="login-domain-name" type="xsd:string"> | |
<xsd:annotation> | |
<xsd:documentation> | |
This element defines a unique domain name to | |
each configuration of login module. This allows | |
configuration of same login module multiple | |
times with different domain name. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:element> | |
<xsd:element name="login-module-class" type="xsd:string"> | |
<xsd:annotation> | |
<xsd:documentation> | |
This provides the name of class which provides | |
implementation of this LoginModule. This name | |
should be fully qualified java class name. Also | |
this class should have implemented | |
javax.security.auth.spi.LoginModule interface. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:element> | |
<xsd:element name="option" type="geronimo:optionType" | |
minOccurs="0" maxOccurs="unbounded"> | |
<xsd:annotation> | |
<xsd:documentation> | |
The name value pair for options (properties) | |
required by this login module. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:element> | |
<xsd:element name="xml-option" type="sys:xml-attributeType" minOccurs="0" maxOccurs="unbounded"/> | |
</xsd:sequence> | |
</xsd:extension> | |
</xsd:complexContent> | |
</xsd:complexType> | |
<xsd:complexType name="optionType"> | |
<xsd:simpleContent> | |
<xsd:extension base="xsd:string"> | |
<xsd:attribute name="name" type="xsd:string" use="required"> | |
<xsd:annotation> | |
<xsd:documentation> | |
The name attribute specifies the name of option. The | |
value is specified by element value. | |
</xsd:documentation> | |
</xsd:annotation> | |
</xsd:attribute> | |
</xsd:extension> | |
</xsd:simpleContent> | |
</xsd:complexType> | |
</xsd:schema> |