Apache Geronimo >  Index >  Development >  XML Schemas >  Apache Geronimo v3.0 XML Schemas User List | Dev List | Wiki | Issue Tracker  
  Overview
Home
License
ASF
Project Policies
Downloads
Documentation
News Archive
  Search
Powered by Google Search
  Community
Events
Get Involved
Committers
Mailing Lists
Discussion Forums
IRC
FAQ
Wiki
Found a Bug?
Service and Support
ASF Sponsorship
ASF Thanks!
  Development
Javadoc
XML Schemas
Source Code
Coding Standards
Issue Tracker
Related Projects
Sample Applications
  Subprojects
Development Tools
GBuild
GShell
XBean

Documentation for geronimo-security-2.0

Table of Contents

top

Schema Document Properties

Target Namespace http://geronimo.apache.org/xml/ns/security-2.0
Version 2.0
Element and Attribute Namespaces
  • Global element and attribute declarations belong to this schema's target namespace.
  • By default, local element declarations belong to this schema's target namespace.
  • By default, local attribute declarations have no namespace.
Schema Composition
  • This schema imports schema(s) from the following namespace(s):
    • http://www.w3.org/XML/1998/namespace (at http://www.w3.org/2001/xml.xsd)
    • http://geronimo.apache.org/xml/ns/j2ee/application-2.0 (at geronimo-application-2.0.xsd)
    • http://geronimo.apache.org/xml/ns/deployment-1.2 (at geronimo-module-1.2.xsd)

Declared Namespaces

Prefix Namespace
xml http://www.w3.org/XML/1998/namespace
j2ee http://java.sun.com/xml/ns/j2ee
geronimo http://geronimo.apache.org/xml/ns/security-2.0
app http://geronimo.apache.org/xml/ns/j2ee/application-2.0
sys http://geronimo.apache.org/xml/ns/deployment-1.2
xsd http://www.w3.org/2001/XMLSchema
Schema Component Representation
<xsd:schema targetNamespace="http://geronimo.apache.org/xml/ns/security-2.0" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0">
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
<xsd:import namespace="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" schemaLocation="geronimo-application-2.0.xsd"/>
<xsd:import namespace="http://geronimo.apache.org/xml/ns/deployment-1.2" schemaLocation="geronimo-module-1.2.xsd"/>
...
</xsd:schema>
top

Global Declarations

Element: credential-store

Name credential-store
Type sys:patternType
Nillable no
Abstract no
XML Instance Representation
<geronimo:credential-store> sys:patternType </geronimo:credential-store>
Diagram
Schema Component Representation
<xsd:element name="credential-store" type=" sys:patternType "/>
top

Element: default-subject

Name default-subject
Type geronimo:subject-infoType
Nillable no
Abstract no
XML Instance Representation
<geronimo:default-subject>
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
<geronimo:realm> xsd:string </geronimo:realm> [1]
<geronimo:id> xsd:string </geronimo:id> [1]
</geronimo:default-subject>
Diagram
h-308716975
Schema Component Representation
<xsd:element name="default-subject" type=" geronimo:subject-infoType "/>
top

Element: security

  • This element can be used wherever the following element is referenced:
  • The following elements can be used wherever this element is referenced:
Name security
Type geronimo:securityType
Nillable no
Abstract no
XML Instance Representation
<geronimo:security
name=" xsd:string [0..1]

'Name of standalone security configurations. Optional for security elements in ee apps.'

"

doas-current-caller=" xsd:boolean [0..1]

'Set this attribute to \"true\" if the work is to be performed as the calling Subject.'

"

use-context-handler=" xsd:boolean [0..1]

'Set this attribute to \"true\" if the installed JACC policy contexts will use PolicyContextHandlers.'

"

default-role=" xsd:string [0..1]

'Used by the the Deployer to assign method permissions for all of the unspecified methods, either by assigning them to security roles, or by marking them as unchecked. If the value of default-role is empty, then the unspecified methods are marked unchecked'

"
>
<!-- ' app:abstract-securityType ' super type was not found in this schema. Some elements and attributes may be missing. -->
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
<geronimo:credential-store-ref> sys:patternType </geronimo:credential-store-ref> [0..1]
<geronimo:default-subject> geronimo:subject-infoType </geronimo:default-subject> [0..1]
<geronimo:role-mappings> geronimo:role-mappingsType </geronimo:role-mappings> [0..1]
</geronimo:security>
Diagram
h-1297446679
Schema Component Representation
<xsd:element name="security" type=" geronimo:securityType " substitutionGroup="app:security"/>
top

Element: security-ref

  • This element can be used wherever the following element is referenced:
Name security-ref
Type geronimo:security-refType
Nillable no
Abstract no
XML Instance Representation
<geronimo:security-ref>
<!-- ' app:abstract-securityType ' super type was not found in this schema. Some elements and attributes may be missing. -->
Start Choice [1]
<geronimo:name> xsd:string </geronimo:name> [1]
<geronimo:ref> sys:patternType </geronimo:ref> [1]
End Choice
</geronimo:security-ref>
Diagram
h-2080266973
Schema Component Representation
<xsd:element name="security-ref" type=" geronimo:security-refType " substitutionGroup="app:security"/>
top

Global Definitions

Complex Type: descriptionType

Super-types: xsd:string < descriptionType (by extension)
Sub-types: None
Name descriptionType
Used by (from the same schema document) Complex Type securityType , Complex Type roleType , Complex Type principalType , Complex Type distinguishedNameType , Complex Type subject-infoType
Abstract no
XML Instance Representation
<...
xml:lang="[0..1]">
xsd:string
</...>
Diagram
Schema Component Representation
<xsd:complexType name="descriptionType">
<xsd:simpleContent>
<xsd:extension base=" xsd:string ">
<xsd:attribute ref=" xml:lang"/>
</xsd:extension>
</xsd:simpleContent>
</xsd:complexType>
top

Complex Type: distinguishedNameType

Super-types: None
Sub-types: None
Name distinguishedNameType
Used by (from the same schema document) Complex Type roleType
Abstract no
XML Instance Representation
<...
name=" xsd:string [1]">
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
</...>
Diagram
h-308716975
Schema Component Representation
<xsd:complexType name="distinguishedNameType">
<xsd:sequence>
<xsd:element name="description" type=" geronimo:descriptionType " minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="name" type=" xsd:string " use="required"/>
</xsd:complexType>
top

Complex Type: loginDomainPrincipalType

Super-types: principalType < loginDomainPrincipalType (by extension)
Sub-types:
Name loginDomainPrincipalType
Used by (from the same schema document) Complex Type roleType
Abstract no
XML Instance Representation
<...
class=" xsd:string [1]"
name=" xsd:string [1]"
domain-name=" xsd:string [1]">
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
</...>
Diagram
Schema Component Representation
<xsd:complexType name="loginDomainPrincipalType">
<xsd:complexContent>
<xsd:extension base=" geronimo:principalType ">
<xsd:attribute name="domain-name" type=" xsd:string " use="required"/>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
top

Complex Type: principalType

Super-types: None
Sub-types:
Name principalType
Used by (from the same schema document) Complex Type roleType
Abstract no
XML Instance Representation
<...
class=" xsd:string [1]"
name=" xsd:string [1]">
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
</...>
Diagram
h-308716975
Schema Component Representation
<xsd:complexType name="principalType">
<xsd:sequence>
<xsd:element name="description" type=" geronimo:descriptionType " minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="class" type=" xsd:string " use="required"/>
<xsd:attribute name="name" type=" xsd:string " use="required"/>
</xsd:complexType>
top

Complex Type: realmPrincipalType

Super-types: principalType < loginDomainPrincipalType (by extension) < realmPrincipalType (by extension)
Sub-types: None
Name realmPrincipalType
Used by (from the same schema document) Complex Type roleType
Abstract no
XML Instance Representation
<...
class=" xsd:string [1]"
name=" xsd:string [1]"
domain-name=" xsd:string [1]"
realm-name=" xsd:string [1]">
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
</...>
Diagram
Schema Component Representation
<xsd:complexType name="realmPrincipalType">
<xsd:complexContent>
<xsd:extension base=" geronimo:loginDomainPrincipalType ">
<xsd:attribute name="realm-name" type=" xsd:string " use="required"/>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
top

Complex Type: role-mappingsType

Super-types: None
Sub-types: None
Name role-mappingsType
Used by (from the same schema document) Complex Type securityType
Abstract no
XML Instance Representation
<...>
<geronimo:role> geronimo:roleType </geronimo:role> [1..*]
</...>
Diagram
h819952693
Schema Component Representation
<xsd:complexType name="role-mappingsType">
<xsd:sequence>
<xsd:element name="role" type=" geronimo:roleType " minOccurs="1" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:complexType>
top

Complex Type: roleType

Super-types: None
Sub-types: None
Name roleType
Used by (from the same schema document) Complex Type role-mappingsType
Abstract no
XML Instance Representation
<...
role-name=" xsd:string [1]">
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
<geronimo:run-as-subject> geronimo:subject-infoType </geronimo:run-as-subject> [0..1]
<geronimo:realm-principal> geronimo:realmPrincipalType </geronimo:realm-principal> [0..*]
<geronimo:login-domain-principal> geronimo:loginDomainPrincipalType </geronimo:login-domain-principal> [0..*]
<geronimo:principal> geronimo:principalType </geronimo:principal> [0..*]
<geronimo:distinguished-name> geronimo:distinguishedNameType </geronimo:distinguished-name> [0..*]
</...>
Diagram
h-308716975 h-1336439058 h360958814 h207422816 h-1190469565 h212466436
Schema Component Representation
<xsd:complexType name="roleType">
<xsd:sequence>
<xsd:element name="description" type=" geronimo:descriptionType " minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="run-as-subject" type=" geronimo:subject-infoType " minOccurs="0"/>
<xsd:element name="realm-principal" type=" geronimo:realmPrincipalType " minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="login-domain-principal" type=" geronimo:loginDomainPrincipalType " minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="principal" type=" geronimo:principalType " minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="distinguished-name" type=" geronimo:distinguishedNameType " minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="role-name" type=" xsd:string " use="required"/>
</xsd:complexType>
top

Complex Type: security-refType

Super-types: app:abstract-securityType < security-refType (by extension)
Sub-types: None
Name security-refType
Used by (from the same schema document) Element security-ref
Abstract no
Documentation Reference to security element in a parent module.
XML Instance Representation
<...>
<!-- ' app:abstract-securityType ' super type was not found in this schema. Some elements and attributes may be missing. -->
Start Choice [1]
<geronimo:name> xsd:string </geronimo:name> [1]
<geronimo:ref> sys:patternType </geronimo:ref> [1]
End Choice
</...>
Diagram
Schema Component Representation
<xsd:complexType name="security-refType">
<xsd:complexContent>
<xsd:extension base=" app:abstract-securityType ">
<xsd:choice>
<xsd:element name="name" type=" xsd:string "/>
<xsd:element name="ref" type=" sys:patternType "/>
</xsd:choice>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
top

Complex Type: securityType

Super-types: app:abstract-securityType < securityType (by extension)
Sub-types: None
Name securityType
Used by (from the same schema document) Element security
Abstract no
Documentation Security entries If this element is present, all web and EJB modules MUST make the appropriate access checks as outlined in the JACC spec.
XML Instance Representation
<...
name=" xsd:string [0..1]

'Name of standalone security configurations. Optional for security elements in ee apps.'

"

doas-current-caller=" xsd:boolean [0..1]

'Set this attribute to \"true\" if the work is to be performed as the calling Subject.'

"

use-context-handler=" xsd:boolean [0..1]

'Set this attribute to \"true\" if the installed JACC policy contexts will use PolicyContextHandlers.'

"

default-role=" xsd:string [0..1]

'Used by the the Deployer to assign method permissions for all of the unspecified methods, either by assigning them to security roles, or by marking them as unchecked. If the value of default-role is empty, then the unspecified methods are marked unchecked'

"
>
<!-- ' app:abstract-securityType ' super type was not found in this schema. Some elements and attributes may be missing. -->
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
<geronimo:credential-store-ref> sys:patternType </geronimo:credential-store-ref> [0..1]
<geronimo:default-subject> geronimo:subject-infoType </geronimo:default-subject> [0..1]
<geronimo:role-mappings> geronimo:role-mappingsType </geronimo:role-mappings> [0..1]
</...>
Diagram
Schema Component Representation
<xsd:complexType name="securityType">
<xsd:complexContent>
<xsd:extension base=" app:abstract-securityType ">
<xsd:sequence>
<xsd:element name="description" type=" geronimo:descriptionType " minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="credential-store-ref" type=" sys:patternType " minOccurs="0"/>
<xsd:element name="default-subject" type=" geronimo:subject-infoType " minOccurs="0"/>
<xsd:element name="role-mappings" type=" geronimo:role-mappingsType " minOccurs="0"/>
</xsd:sequence>
<xsd:attribute name="name" type=" xsd:string "/>
<xsd:attribute name="doas-current-caller" type=" xsd:boolean " default="false"/>
<xsd:attribute name="use-context-handler" type=" xsd:boolean " default="false"/>
<xsd:attribute name="default-role" type=" xsd:string "/>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
top

Complex Type: subject-infoType

Super-types: None
Sub-types: None
Name subject-infoType
Used by (from the same schema document) Element default-subject , Complex Type securityType , Complex Type roleType
Abstract no
XML Instance Representation
<...>
<geronimo:description> geronimo:descriptionType </geronimo:description> [0..*]
<geronimo:realm> xsd:string </geronimo:realm> [1]
<geronimo:id> xsd:string </geronimo:id> [1]
</...>
Diagram
h-308716975
Schema Component Representation
<xsd:complexType name="subject-infoType">
<xsd:sequence>
<xsd:element name="description" type=" geronimo:descriptionType " minOccurs="0" maxOccurs="unbounded"/>
<xsd:element name="realm" type=" xsd:string "/>
<xsd:element name="id" type=" xsd:string "/>
</xsd:sequence>
</xsd:complexType>
top

Legend

Complex Type:

Schema Component Type

AusAddress

Schema Component Name
Super-types: Address < AusAddress (by extension)
Sub-types:
  • QLDAddress (by restriction)
If this schema component is a type definition, its type hierarchy is shown in a gray-bordered box.
Name AusAddress
Abstract no
The table above displays the properties of this schema component.
XML Instance Representation
<... country="Australia" >
<unitNo> string </unitNo> [0..1]
<houseNo> string </houseNo> [1]
<street> string </street> [1]
Start Choice [1]
<city> string </city> [1]
<town> string </town> [1]
End Choice
<state> AusStates </state> [1]
<postcode> string <<pattern = [1-9][0-9]{3}>> </postcode> [1]
</...>

The XML Instance Representation table above shows the schema component's content as an XML instance.

  • The minimum and maximum occurrence of elements and attributes are provided in square brackets, e.g. [0..1].
  • Model group information are shown in gray, e.g. Start Choice ... End Choice.
  • For type derivations, the elements and attributes that have been added to or changed from the base type's content are shown in bold.
  • If an element/attribute has a fixed value, the fixed value is shown in green, e.g. country="Australia".
  • Otherwise, the type of the element/attribute is displayed.
    • If the element/attribute's type is in the schema, a link is provided to it.
    • For local simple type definitions, the constraints are displayed in angle brackets, e.g. <<pattern = [1-9][0-9]{3}>>.
Schema Component Representation
<complexType name="AusAddress">
<complexContent>
<extension base=" Address ">
<sequence>
<element name="state" type=" AusStates "/>
<element name="postcode">
<simpleType>
<restriction base=" string ">
<pattern value="[1-9][0-9]{3}"/>
</restriction>
</simpleType>
</element>
</sequence>
<attribute name="country" type=" string " fixed="Australia"/>
</extension>
</complexContent>
</complexType>
The Schema Component Representation table above displays the underlying XML representation of the schema component. (Annotations are not shown.)
top

Glossary

Abstract (Applies to complex type definitions and element declarations). An abstract element or complex type cannot used to validate an element instance. If there is a reference to an abstract element, only element declarations that can substitute the abstract element can be used to validate the instance. For references to abstract type definitions, only derived types can be used.

All Model Group Child elements can be provided in any order in instances. See: http://www.w3.org/TR/xmlschema-1/#element-all.

Choice Model Group Only one from the list of child elements and model groups can be provided in instances. See: http://www.w3.org/TR/xmlschema-1/#element-choice.

Collapse Whitespace Policy Replace tab, line feed, and carriage return characters with space character (Unicode character 32). Then, collapse contiguous sequences of space characters into single space character, and remove leading and trailing space characters.

Disallowed Substitutions (Applies to element declarations). If substitution is specified, then substitution group members cannot be used in place of the given element declaration to validate element instances. If derivation methods, e.g. extension, restriction, are specified, then the given element declaration will not validate element instances that have types derived from the element declaration's type using the specified derivation methods. Normally, element instances can override their declaration's type by specifying an xsi:type attribute.

Key Constraint Like Uniqueness Constraint, but additionally requires that the specified value(s) must be provided. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.

Key Reference Constraint Ensures that the specified value(s) must match value(s) from a Key Constraint or Uniqueness Constraint. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.

Model Group Groups together element content, specifying the order in which the element content can occur and the number of times the group of element content may be repeated. See: http://www.w3.org/TR/xmlschema-1/#Model_Groups.

Nillable (Applies to element declarations). If an element declaration is nillable, instances can use the xsi:nil attribute. The xsi:nil attribute is the boolean attribute, nil, from the http://www.w3.org/2001/XMLSchema-instance namespace. If an element instance has an xsi:nil attribute set to true, it can be left empty, even though its element declaration may have required content.

Notation A notation is used to identify the format of a piece of data. Values of elements and attributes that are of type, NOTATION, must come from the names of declared notations. See: http://www.w3.org/TR/xmlschema-1/#cNotation_Declarations.

Preserve Whitespace Policy Preserve whitespaces exactly as they appear in instances.

Prohibited Derivations (Applies to type definitions). Derivation methods that cannot be used to create sub-types from a given type definition.

Prohibited Substitutions (Applies to complex type definitions). Prevents sub-types that have been derived using the specified derivation methods from validating element instances in place of the given type definition.

Replace Whitespace Policy Replace tab, line feed, and carriage return characters with space character (Unicode character 32).

Sequence Model Group Child elements and model groups must be provided in the specified order in instances. See: http://www.w3.org/TR/xmlschema-1/#element-sequence.

Substitution Group Elements that are members of a substitution group can be used wherever the head element of the substitution group is referenced.

Substitution Group Exclusions (Applies to element declarations). Prohibits element declarations from nominating themselves as being able to substitute a given element declaration, if they have types that are derived from the original element's type using the specified derivation methods.

Target Namespace The target namespace identifies the namespace that components in this schema belongs to. If no target namespace is provided, then the schema components do not belong to any namespace.

Uniqueness Constraint Ensures uniqueness of an element/attribute value, or a combination of values, within a specified scope. See: http://www.w3.org/TR/xmlschema-1/#cIdentity-constraint_Definitions.

top