Versions Compared

Old Version 22

changes.mady.by.user Unknown User (hcunico@gmail.com)

Saved on

compared with

New Version 23

changes.mady.by.user Unknown User (hcunico@gmail.com)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Apache Geronimo can be configured to use two different Web containers, you can either use Jetty or Apache Tomcat. The following sections will address how to configure LDAP on Geronimo for each of these containers.

Configure Geronimo LDAP using Jetty
Anchor
jetty
jetty

This section covers the configuration of the LDAP directory service in Geronimo when the Web container in use is Jetty. For this configuration example, the sample application used is a modified version of the application already available in the open JIRA GERONIMO-417.

LDAP sample application

Download the sample application from the following URL:

...

At this point it is assumed that you have installed Java 1.4.2 and an LDAP client and you are capable of exporting/importing an .ldif file to a directory server.

Add LDAP entries

Ensure that Geronimo is up and running and the Directory service is started. Start your LDAP client and create a new connection profile with the following values:

...

Once the file is imported you should get a confirmation that five entries were successfully imported.

Deploy the LDAP realm

The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ ldap-realm.xml and the content is illustrated in the following example.

...

No Format
bgColor#000000
borderStylesolid
E:\geronimo\bin>java -jar deployer.jar --user system --password manager deploy e:/ldap-jetty/ldap-realm.xml
    Deployed org/apache/geronimo/ldap-secure

Deployment plans

The deployment plans are located in the <ldap_home>/WEB-INF directory. Clearly, geronimo-web.xml is the Geronimo specific deployment plan. It provides the details on what security realm to use and user role mappings as well as the Geronimo specific namespace used to identify the elements in the security configuration. Common to other types of applications, not just security, the deployment plan also provides the main namespace for the deployment plan, a module identification (optional), a parent module configuration ID (also optional) and a context root. The following example illustrates the deployment plan.

...

Code Block
xml
xml
borderStylesolid
titleweb.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
         version="2.4">

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Admin Role</web-resource-name>
        <url-pattern>/protect/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>content-administrator</role-name>
      </auth-constraint>
    </security-constraint>
    
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>No Access</web-resource-name>
        <url-pattern>/forbidden/*</url-pattern>
      </web-resource-collection>
      <auth-constraint/>
    </security-constraint>

    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>MYREALM</realm-name>
      <form-login-config>
         <form-login-page>/auth/logon.html?param=test</form-login-page>
         <form-error-page>/auth/logonError.html?param=test</form-error-page>
      </form-login-config>
    </login-config>

  <security-role>
      <role-name>content-administrator</role-name>
  </security-role>

</web-app>

Package the sample application

Now that all the elements have been identified, it is necessary to package the sample application in a Web application Archive (.war). Open a command line window, change directory to <ldap_home> and run the following command:

...

This command will package all the existing files and directories inside <ldap_home>. Although not needed inside the .war file, the ldap-realm.xml and ldap-sample.ldif files will also be included.

Deploy the application

To deploy the LDAP sample application make sure the Geronimo server is up and running. Open a command line window, change directory to <geronimo_home>/bin and run the following command:

...

At this point you have an application that is validating username and passwords against an LDAP Directory Server database based on the security configuration you provided earlier. Now, if you go back to the welcome page and click on Forbidden you should receive a 403 - Forbidden HTTP error similar as the one shown in the next figure.

Configure Geronimo LDAP using Tomcat
Anchor
tomcat
tomcat