THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
One way to install the LDAP realm for the sample is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1/
if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Samples :: ldap-sample-app :: security realm and then install it. However, this process hides many of the details of creating and installing the realm. For those details refer to the next section.
...
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ldap-realm.xml and the content is illustrated in the following example.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
<environment>
<moduleId>
<groupId>console.realm</groupId>
<artifactId>LDAP_Sample_Realm</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
</environment>
<gbean name="LDAP_Sample_Realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<attribute name="realmName">LDAP_Sample_Realm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.2">
<log:login-module control-flag="REQUIRED" wrap-principals="false">
<log:login-domain-name>LDAP_Sample_Realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>
<log:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</log:option>
<log:option name="connectionURL">ldap://localhost:10389</log:option>
<log:option name="connectionUsername">uid=admin,ou=system</log:option>
<log:option name="connectionPassword">secret</log:option>
<log:option name="authentication">simple</log:option>
<log:option name="userBase">ou=users,ou=system</log:option>
<log:option name="userSearchMatching">uid={0}</log:option>
<log:option name="userSearchSubtree">false</log:option>
<log:option name="roleBase">ou=groups,ou=system</log:option>
<log:option name="roleName">cn</log:option>
<log:option name="roleSearchMatching">(uniqueMember={0})</log:option>
<log:option name="roleSearchSubtree">false</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL" wrap-principals="false">
<log:login-domain-name>LDAP_Sample_Realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
<log:option name="file">var/log/login-attempts.log</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
|
...
One way to install the LDAP sample application is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1.2/ if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Configs :: LDAP Sample for Tomcat or Geronimo Configs :: LDAP Sample for Jetty (depending upon you Geronimo service choice) and then install it. However, this process hides many of the details of creating and installing the sample. For those details refer to the next section.
...
There is a common deployment plan that is used for the sample. The unprocessed version of this plan is at ldap-sample-app/ldap-sample-app-jetty/src/main/plan/plan.xml. The processed version shown here with plugin name and all dependencies filled in can be found at ldap-sample-app/ldap-sample-app-jetty/target/resources/META-INF/plan.xml after building the project.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.2">
<dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
<dep:moduleId>
<dep:groupId>org.apache.geronimo.samples</dep:groupId>
<dep:artifactId>ldap-sample-app-jetty</dep:artifactId>
<dep:version>2.1.2</dep:version>
<dep:type>car</dep:type>
</dep:moduleId>
<dep:dependencies>
<dep:dependency>
<dep:groupId>org.apache.geronimo.samples</dep:groupId>
<dep:artifactId>ldap-sample-app-realm</dep:artifactId>
<dep:version>2.1.2</dep:version>
<dep:type>car</dep:type>
</dep:dependency>
<dep:dependency>
<dep:groupId>org.apache.geronimo.configs</dep:groupId>
<dep:artifactId>jasper</dep:artifactId>
<dep:version>2.1.2</dep:version>
<dep:type>car</dep:type>
</dep:dependency>
<dep:dependency>
<dep:groupId>org.apache.geronimo.configs</dep:groupId>
<dep:artifactId>jetty6</dep:artifactId>
<dep:version>2.1.2</dep:version>
<dep:type>car</dep:type>
</dep:dependency>
</dep:dependencies>
<dep:hidden-classes/>
<dep:non-overridable-classes/>
</dep:environment>
<context-root>/LDAP_Sample</context-root>
<security-realm-name>LDAP_Sample_Realm</security-realm-name>
<security>
<default-principal realm-name="LDAP_Sample_Realm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
</default-principal>
<role-mappings>
<role role-name="content-administrator">
<realm realm-name="LDAP_Sample_Realm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
</realm>
</role>
<role role-name="guest">
<realm realm-name="LDAP_Sample_Realm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/>
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/>
</realm>
</role>
</role-mappings>
</security>
</web-app>
|
...
The web.xml deployment descriptor shown in the following example (also located in the <ldap_home>/WEB-INF diretory) adds security constraints based on the location of the files.
| Code Block | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| |||||||||
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Role</web-resource-name>
<url-pattern>/protect/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>content-administrator</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>No Access</web-resource-name>
<url-pattern>/forbidden/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldap-realm-1</realm-name>
<form-login-config>
<form-login-page>/auth/logon.html?param=test</form-login-page>
<form-error-page>/auth/logonError.html?param=test</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>content-administrator</role-name>
</security-role>
</web-app>
|
...