Versions Compared

Old Version 12

changes.mady.by.user Unknown User (hcunico@gmail.com)

Saved on

compared with

New Version 13

changes.mady.by.user Bryan Noll

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top
top

Article donated by: Simon Godik, Hernan Cunico

The purpose of this section is to provide some general guidelines on the application deployment process from a Security perspective. This is not intended to be the absolute guide for deployment. Throughout the articles in the Apache Geronimo V1 - Documentation, you will find several deployment examples organized by topics such as JDBC, Web services, JCA, SecutirySecurity, etc.

This section is organized in the following topics:

...

The namespace for the container neutral Web application deployment plan is http://geronimo.apache.org/xml/ns/j2ee/web-1.0Image Removed. The name of the schema file is
geronimo-web-1.0.xsd. It is best if you become familiar with the schema.

...

Code Block
xml
xml
borderStylesolid
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0">
   ...
   <security-realm-name>geronimo-properties-realm</security-realm-name>
   <security:security xmlns:security=":http://geronimo.apache.org/xml/ns/security-1.1">...</security:security>
   ...
</web-app>

 

Back to Top

Defining Security Realm Name

...

Code Block
xml
xml
borderStylesolid
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0">
   ...
   <security-realm-name>geronimo-properties-realm</security-realm-name>
   <security:security 
      xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1">

      <default-principal>
         <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"
                designated-run-as="true"/>
      </default-principal>

      <role-mappings>
         <role role-name="admin">
            <login-domain-principal domain-name="geronimo-properties-realm"
                name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
         </role>
      </role-mappings>
   </security:security>
   ...
</web-app>

 

This example defines principal as the default principal for the application and mapped J2EE admin role to the login-domain-principal named admin that wraps the org.apache.geronimo.securityrealm.providers.GeronimoGroupPrincipal class. In other words we maped J2EE admin role to the admin group from the
geronimo-login-domain Login Domain.

...

Jetty container deployment plan namespace is http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0Image Removed
As far as security configuration is concerned it allows the same structure as the container-neutral schema:

Code Block
xml
xml
borderStylesolid
<xs:schema targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0"
  
	      xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1">
	       <xs:complexType name="web-appType">
	     ....
		                <xs:sequence minOccurs="0">
     			                <xs:element name="security-realm-name" type="xs:string"/>
                    			   <xs:element ref="security:security" minOccurs="0"/>
		             </xs:sequence>
	  ...
	 </xs:complexType>
</xs:schema>

 

And security definition will be the same as in the container-neutral schema.

Code Block
xml
xml
borderStylesolid
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0">
   ...
   <security-realm-name>geronimo-properties-realm</security-realm-name>
   <security:security 
      xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1">

      <default-principal>
         <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"
                designated-run-as="true"/>
      </default-principal>

      <role-mappings>
         <role role-name="admin">
            <login-domain-principal domain-name="geronimo-properties-realm"
                name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
         </role>
      </role-mappings>
   </security:security>
   ...
</web-app>

 

Back to Top

Deploying Web application on Tomcat container

Tomcat container deployment plan namespace is http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0Image Removed.
As far as security configuration is concerned it allows the same structure as container-neutral schema:

Code Block
xml
xml
borderStylesolid
<xs:schema targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0"
	 xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1">
	       <xs:complexType name="web-appType">
	     ....
		                <xs:sequence minOccurs="0">
                    			 <xs:element name="security-realm-name" type="xs:string"/>
                     			  <xs:element ref="security:security" minOccurs="0"/>
		             </xs:sequence>
	  ...
	 </xs:complexType>
</xs:schema>

 

And security definition will be the same as in the container-neutral schema.

Code Block
xml
xml
borderStylesolid
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0">
   ...
   <security-realm-name>geronimo-properties-realm</security-realm-name>
   <security:security 
      xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1">

      <default-principal>
         <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"
                designated-run-as="true"/>
      </default-principal>

      <role-mappings>
         <role role-name="admin">
            <login-domain-principal domain-name="geronimo-properties-realm"
                name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
         </role>
      </role-mappings>
   </security:security>
   ...
</web-app>

 

Back to Top