plugins/client/client-security/src/main/plan/plan.xml - geronimo - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
     Licensed to the Apache Software Foundation (ASF) under one or more
     contributor license agreements.  See the NOTICE file distributed with
     this work for additional information regarding copyright ownership.
     The ASF licenses this file to You under the Apache License, Version 2.0
     (the "License"); you may not use this file except in compliance with
     the License.  You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.
 -->

 <!-- $Rev$ $Date$ -->

 <module xmlns="http://geronimo.apache.org/xml/ns/deployment-${geronimoSchemaVersion}">

     <!-- required -->
     <gbean name="SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
         <reference name="ServerInfo">
             <name>ServerInfo</name>
         </reference>
         <attribute name="policyConfigurationFactory">org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory</attribute>
         <attribute name="policyProvider">org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy</attribute>
         <attribute name="keyStore">var/security/clientcert.jks</attribute>
         <attribute name="keyStorePassword">changeit</attribute>
         <attribute name="trustStore">var/security/clientcert.jks</attribute>
         <attribute name="trustStorePassword">changeit</attribute>
     </gbean>

     <!-- required -->
     <gbean name="LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration">
         <references name="Configurations">
             <pattern>
                 <type>SecurityRealm</type>
             </pattern>
             <pattern>
                 <type>ConfigurationEntry</type>
             </pattern>
         </references>
     </gbean>

     <!-- useful for corba: logs into a local realm, and server must reauthenticate each call -->
     <gbean name="client-properties-realm"
         class="org.apache.geronimo.security.realm.GenericSecurityRealm">
         <attribute name="realmName">client-properties-realm</attribute>
         <attribute name="global">true</attribute>
         <xml-reference name="LoginModuleConfiguration">
             <lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-${geronimoSchemaVersion}">
                 <lc:login-module control-flag="REQUIRED" wrap-principals="true">
                     <lc:login-domain-name>client-properties-realm</lc:login-domain-name>
                     <lc:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</lc:login-module-class>
                     <lc:option name="usersURI">var/security/users.properties</lc:option>
                     <lc:option name="groupsURI">var/security/groups.properties</lc:option>
                 </lc:login-module>
                 <lc:login-module control-flag="REQUIRED" wrap-principals="true">
                     <lc:login-domain-name>default</lc:login-domain-name>
                     <lc:login-module-class>org.apache.geronimo.security.realm.providers.NamedUsernamePasswordCredentialLoginModule</lc:login-module-class>
                     <lc:option name="Name">default</lc:option>
                 </lc:login-module>
             </lc:login-config>
         </xml-reference>
         <reference name="ServerInfo">
             <name>ServerInfo</name>
         </reference>
     </gbean>

     <gbean name="KeystoreManager" class="org.apache.geronimo.security.keystore.FileKeystoreManager">
         <attribute name="keystoreDir">var/security/keystores</attribute>
         <reference name="ServerInfo"><name>ServerInfo</name></reference>
         <references name="KeystoreInstances">
           <pattern>
             <type>Keystore</type>
           </pattern>
         </references>
     </gbean>

     <gbean name="geronimo-default" class="org.apache.geronimo.security.keystore.FileKeystoreInstance">
         <attribute name="keystoreName">geronimo-default</attribute>
         <attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
         <attribute name="keystorePassword">secret</attribute>
         <attribute name="keystoreType">JKS</attribute>
         <attribute name="keyPasswords">geronimo=secret</attribute>
         <reference name="ServerInfo"><name>ServerInfo</name></reference>
     </gbean>

 </module>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	<!-- $Rev$ $Date$ -->

	<module xmlns="http://geronimo.apache.org/xml/ns/deployment-${geronimoSchemaVersion}">

	<!-- required -->
	<gbean name="SecurityService" class="org.apache.geronimo.security.SecurityServiceImpl">
	<reference name="ServerInfo">
	<name>ServerInfo</name>
	</reference>
	<attribute name="policyConfigurationFactory">org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicyConfigurationFactory</attribute>
	<attribute name="policyProvider">org.apache.geronimo.security.jacc.mappingprovider.GeronimoPolicy</attribute>
	<attribute name="keyStore">var/security/clientcert.jks</attribute>
	<attribute name="keyStorePassword">changeit</attribute>
	<attribute name="trustStore">var/security/clientcert.jks</attribute>
	<attribute name="trustStorePassword">changeit</attribute>
	</gbean>

	<!-- required -->
	<gbean name="LoginConfiguration" class="org.apache.geronimo.security.jaas.GeronimoLoginConfiguration">
	<references name="Configurations">
	<pattern>
	<type>SecurityRealm</type>
	</pattern>
	<pattern>
	<type>ConfigurationEntry</type>
	</pattern>
	</references>
	</gbean>

	<!-- useful for corba: logs into a local realm, and server must reauthenticate each call -->
	<gbean name="client-properties-realm"
	class="org.apache.geronimo.security.realm.GenericSecurityRealm">
	<attribute name="realmName">client-properties-realm</attribute>
	<attribute name="global">true</attribute>
	<xml-reference name="LoginModuleConfiguration">
	<lc:login-config xmlns:lc="http://geronimo.apache.org/xml/ns/loginconfig-${geronimoSchemaVersion}">
	<lc:login-module control-flag="REQUIRED" wrap-principals="true">
	<lc:login-domain-name>client-properties-realm</lc:login-domain-name>
	<lc:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</lc:login-module-class>
	<lc:option name="usersURI">var/security/users.properties</lc:option>
	<lc:option name="groupsURI">var/security/groups.properties</lc:option>
	</lc:login-module>
	<lc:login-module control-flag="REQUIRED" wrap-principals="true">
	<lc:login-domain-name>default</lc:login-domain-name>
	<lc:login-module-class>org.apache.geronimo.security.realm.providers.NamedUsernamePasswordCredentialLoginModule</lc:login-module-class>
	<lc:option name="Name">default</lc:option>
	</lc:login-module>
	</lc:login-config>
	</xml-reference>
	<reference name="ServerInfo">
	<name>ServerInfo</name>
	</reference>
	</gbean>

	<gbean name="KeystoreManager" class="org.apache.geronimo.security.keystore.FileKeystoreManager">
	<attribute name="keystoreDir">var/security/keystores</attribute>
	<reference name="ServerInfo"><name>ServerInfo</name></reference>
	<references name="KeystoreInstances">
	<pattern>
	<type>Keystore</type>
	</pattern>
	</references>
	</gbean>

	<gbean name="geronimo-default" class="org.apache.geronimo.security.keystore.FileKeystoreInstance">
	<attribute name="keystoreName">geronimo-default</attribute>
	<attribute name="keystorePath">var/security/keystores/geronimo-default</attribute>
	<attribute name="keystorePassword">secret</attribute>
	<attribute name="keystoreType">JKS</attribute>
	<attribute name="keyPasswords">geronimo=secret</attribute>
	<reference name="ServerInfo"><name>ServerInfo</name></reference>
	</gbean>

	</module>