HomeDocumentation > Configuring and administering > Administering Security > Administering users and groups

You can add users and groups by using the Geronimo Administration Console or by modifying some configuration files. This topic uses the realm provided by Geronimo by default as examples.

To manage users and groups by using the Geronimo Administration Console, click Users and Groups on the Console Navigation menu on the left side. Here you will find two portlets, one for administering users and another for administering user groups. Both portlets are illustrated in the following figures.

To change a user's password, click Edit next to the user that you want to update in the Console Realm Users portlet. On the next page, you can update a new password for this user.

To remove a user, click the corresponding Delete. You will be prompted to confirm the deletion of that user, click OK.

To add a new user, click Create New User. You will be prompted for a UserID, Password (twice), and Group information. Enter or specify the values and click Add.

After you created the new users, you can add them to groups. By default, the group admin is available and the user system is in that group. If you click the Details next to the admin group, you will see the user system in the window on the right and any other available user will be listed in the window on the left.

To add a new user to this group, select the user first, click Add >> and then click Update.

To create a new group, click Create New Group. This step is very similar to the one mentioned before for the users. In addition to being prompted for adding users to this group, you also have to provide a group name. Once you entered the new group name and added the users, click Add to finish.

The changes you made by using the Console Realm Users and Console Realm Groups portlets are reflected in two different files, users.properties and groups.properties, respectively. These two files are located in the <geronimo_home>\var\security directory.

You can equally administer users and groups by modifying these files directly:

  • users.properties
  • groups.properties

users.properties uses the <user_name>=<password> format. groups.properties uses the <group_name>=<user_name> format. See the following examples for details.

users.properties
system=manager
user2=password
user1=password

The user IDs and passwords in this file are stored in plain text because this is the basic, by default, security configuration. You can add, remove and change passwords from this file.

groups.properties
admin=system,user1
users=user2

Just like with the users.properties* file, in the groups.properties file, you can add and remove groups and users to those groups.

The files mentioned in this sections along with all the security configuration in addition to user names and passwords are defined in the geronimo-properties-realm security realm, covered in the Administering security realms section.