Anchor | ||||
---|---|---|---|---|
|
Article donated by: Simon Godik, Hernan Cunico
The purpose of this section is to provide some general guidelines on the application deployment process from a Security perspective. This is not intended to be the absolute guide for deployment. Throughout the articles in the Apache Geronimo V1 - Documentation, you will find several deployment examples organized by topics such as JDBC, Web services, JCA, SecuritySecutiry, etc.
This section is organized in the following topics:
...
The namespace for the container neutral Web application deployment plan is http://geronimo.apache.org/xml/ns/j2ee/web-1.0. The name of the schema file is
geronimo-web-1.0.xsd
. It is best if you become familiar with the schema.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0">
...
<security-realm-name>geronimo-properties-realm</security-realm-name>
<security:security xmlns:security=":http://geronimo.apache.org/xml/ns/security-1.1">...</security:security>
...
</web-app>
|
...
Defining Security Realm Name
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |
This example defines principal
as the default principal for the application and mapped J2EE admin
role to the login-domain-principal
named admin
that wraps the org.apache.geronimo.securityrealm.providers.GeronimoGroupPrincipal
class. In other words we maped J2EE admin role to the admin
group from the
geronimo-login-domain
Login Domain.
...
Jetty container deployment plan namespace is http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0
As far as security configuration is concerned it allows the same structure as the container-neutral schema:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xs:schema targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0" xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <xs:complexType name="web-appType"> .... <xs:sequence minOccurs="0"> <xs:element name="security-realm-name" type="xs:string"/> <xs:element ref="security:security" minOccurs="0"/> </xs:sequence> ... </xs:complexType> </xs:schema> |
...
And security definition will be the same as in the container-neutral schema.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |
...
Deploying Web application on Tomcat container
Tomcat container deployment plan namespace is http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0.
As far as security configuration is concerned it allows the same structure as container-neutral schema:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xs:schema targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0" xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <xs:complexType name="web-appType"> .... <xs:sequence minOccurs="0"> <xs:element name="security-realm-name" type="xs:string"/> <xs:element ref="security:security" minOccurs="0"/> </xs:sequence> ... </xs:complexType> </xs:schema> |
...
And security definition will be the same as in the container-neutral schema.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |
...