...
La configuración de Seguridad en la aplicación de Reporte de Tiempo es controlada por los archivos geronimo-web.xml y web.xml. geronimo-web.xml se usa para definir roles de usuario de la aplicación con TimeReportRealm.
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1"> <environment> <moduleId> <artifactId>TimeReportApp</artifactId> </moduleId> </environment> <context-root>/timereport</context-root> <security-realm-name>TimeReportRealm</security-realm-name> <security> <default-principal realm-name="TimeReportRealm"> <principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" /> </default-principal> <role-mappings> <role role-name="employee"> <realm realm-name="TimeReportRealm"> <principal name="EmployeeGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" /> </realm> <realm realm-name="TimeReportRealm"> <principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" /> </realm> </role> <role role-name="manager"> <realm realm-name="TimeReportRealm"> <principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" /> </realm> </role> </role-mappings> </security> </web-app> |
web.xml mapeará los roles de usuario definidos a los recursos en la aplicación web. También define una configuración de acceso a la aplicación.
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name>employee</web-resource-name> <url-pattern>/employee/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>employee</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>manager</web-resource-name> <url-pattern>/manager/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>TimeReportRealm</realm-name> <form-login-config> <form-login-page>/login/login.jsp</form-login-page> <form-error-page>/login/login_error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>employee</role-name> </security-role> <security-role> <role-name>manager</role-name> </security-role> <servlet> <display-name>AddTimeRecordServlet</display-name> <servlet-name>AddTimeRecordServlet</servlet-name> <servlet-class>org.timereport.web.employee.AddTimeRecordServlet</servlet-class> </servlet> <servlet> <display-name>AddEmployeeServlet</display-name> <servlet-name>AddEmployeeServlet</servlet-name> <servlet-class>org.timereport.web.manager.AddEmployeeServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>AddTimeRecordServlet</servlet-name> <url-pattern>/employee/add_timerecord</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>AddEmployeeServlet</servlet-name> <url-pattern>/manager/add_employee</url-pattern> </servlet-mapping> </web-app> |
Para restringir el acceso a la funcionalidad de Agregar Empleado en la página de Reporte de Tiempo, autenticación programática ha sido usada como se indica a continuación.
Code Block | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
... <BR> <%if(request.isUserInRole("manager")){%> <A href="../manager/">Add Employees</A> <BR> ... |
...
As same as in the creating database, follow the given steps to deploy the security relam of the Time Reporting application.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1"> <environment> <moduleId> <groupId>console</groupId> <artifactId>TimeReportRealm</artifactId> <version>1.0</version> <type>car</type> </moduleId> <dependencies> <dependency> <groupId>geronimo</groupId> <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> <dependency> <groupId>org.apache.derby</groupId> <artifactId>derby</artifactId> <version>10.1.1.0</version> <type>jar</type> </dependency> </dependencies> </environment> <gbean name="TimeReportRealm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"> <attribute name="realmName">TimeReportRealm</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> <reference name="LoginService"> <name>JaasLoginService</name> </reference> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1"> <log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false"> <log:login-domain-name>TimeReportRealm</log:login-domain-name> <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class> <log:option name="jdbcDriver">org.apache.derby.jdbc.EmbeddedDriver</log:option> <log:option name="jdbcUser">app</log:option> <log:option name="userSelect">select userid, password from users where userid=?</log:option> <log:option name="groupSelect">select userid, groupname from usergroups where userid=?</log:option> <log:option name="jdbcURL">jdbc:derby:TimeReportDB</log:option> </log:login-module> </log:login-config> </xml-reference> </gbean> </module> |
...
To test the sample application open a browser and type http://localhost:8080/timereport. It will forward to the Welcome page of the application.
...