This topic covers some common security related tasks such as adding and removing users and groups, dealing with digital certificates and increasing the security level by using different realms and authentication methods.

• Certification Authority
• Basic Hints on Security Configuration — In a normal Geronimo server, the basic security configuration is divided into two plugins, j2ee-security and server-security-config.
• Using SPNEGO in Geronimo — Using the Simple and Protected GSS-API Negotiation Mechanism(SPNEGO) ftp://ftp.isi.edu/in-notes/rfc2478.txt in Geronimo allows HTTP users to log in and authenticate only once in their desktop, then they can receive automatic authentication from the Geronimo server.
• Securing RMI port of Geronimo
• OpenID — OpenID http://openid.net is an open specification for distributed authentication for web apps popularly used for social networking applications.
• Administering security realms — To administer security realms via the Geronimo Administration Console, the Security Realms portlet is available on the Console Navigation menu on the left hand side.
  • Properties File Realm
  • Certificate Properties File Realm
  • Database (SQL) Realm
  • LDAP Realm
• Configuring JavaEE App Client Security — Application client security starts with specifying the CallbackHandler that you want to use in the application client deployment descriptor (in Geronimo) or in a similar element in the Geronimo deployment plan.
• Configuring login modules — Geronimo replaces login.conf entirely with security realms that are configured by GenericSecurityRealm GBeans.
• Configuring run-as and Default Subjects, and principal-role mapping — Starting from version 2.0.1, Geronimo adopts the basic principle that all security flows from Subjects that result from logging in to a security realm.
• Administering certificates — This section is about how to administer certificates from the administration console.
• Administering users and groups
  • Obscuring Passwords
• Creating your keystorefile for SSL authentication — You can connect to a running server through a SSL tunnel by specifying the location of the trusted keystore file to org.apache.geronimo.keyStoreTrustStorePasswordFile, especially when you connect to a Geronimo server with JCsonle.
• Configuring HTTP header-based authentication — This chapter introduces the process of achieving Single Sign-on by using CA severs,such as Siteminder http://www.ca.com/us/internet-access-control.aspx, to validate authentication information that is passed by the the HTTP headers http://www.w3.org/Protocols/HTTP/1.0/spec.html#Message-Headers.
• Replacing default Realm in Geronimo — This article is about how to replace default .properties realm geronimo-admin with SQL or LDAP realms.