...
Deploy the LDAP realm
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ldap-realm.xml and the content is illustrated in the following example.
...
One way to install the LDAP realm for the sample is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/
...
...
...
2.1/ if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Configs :: LDAP Sample Security Realm and then install it. However, this process hides many of the details of creating and installing the realm. For those details refer to the next section.
LDAP realm deployment details
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ldap-realm.xml and the content is illustrated in the following example.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2"> <environment> <moduleId> <groupId>console.realm</groupId> <artifactId>LDAP_Sample_Realm</artifactId> <version>1.0</version> <type>car</type> </moduleId> <dependencies> <dependency> <groupId>org.apache.geronimo.configs</groupId> <artifactId>j2ee-security</artifactId> "> <environment> <moduleId> <groupId>console.realm</groupId> <artifactId>LDAP_Sample_Realm</artifactId> <type>car</type> <version>1.0<</version>dependency> </dependencies> <type>car<</type>environment> <gbean name="LDAP_Sample_Realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" </moduleId> <dependencies> <dependency> <groupId>orgxsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.geronimo.configs</groupId>org/xml/ns/deployment-1.2" <artifactId>j2ee-security</artifactId> <type>car</type> </dependency> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> </dependencies><attribute name="realmName">LDAP_Sample_Realm</attribute> </environment> <gbean<reference name="LDAP_Sample_Realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" ="ServerInfo"> <name>ServerInfo</name> </reference> <xml-reference name="LoginModuleConfiguration"> xsi:type="dep:gbeanType"<log:login-config xmlns:deplog="http://geronimo.apache.org/xml/ns/deploymentloginconfig-1.2" > <log:login-module control-flag="REQUIRED" wrap-principals="false"> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <attribute name="realmName">LDAP <log:login-domain-name>LDAP_Sample_Realm</attribute>log:login-domain-name> <reference name="ServerInfo"> <name>ServerInfo</name> </reference><log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class> <xml-reference name="LoginModuleConfiguration"> <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.2"> option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</log:option> <log:login-module control-flag="REQUIRED" wrap-principals="false">:option name="connectionURL">ldap://localhost:10389</log:option> <log:login-domain-name>LDAP_Sample_Realm</log:login-domain-name>option name="connectionUsername">uid=admin,ou=system</log:option> <log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>option name="connectionPassword">secret</log:option> <log:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory<authentication">simple</log:option> <log:option name="connectionURL">ldap://localhost:10389<userBase">ou=users,ou=system</log:option> <log:option name="connectionUsernameuserSearchMatching">uid=admin,ou=system<{0}</log:option> <log:option name="connectionPassworduserSearchSubtree">secret<>false</log:option> <log:option name="authentication">simple<roleBase">ou=groups,ou=system</log:option> <log:option name="userBase">ou=users,ou=system<roleName">cn</log:option> <log:option name="userSearchMatchingroleSearchMatching">uid>(uniqueMember={0})</log:option> <log:option name="userSearchSubtreeroleSearchSubtree">false</log:option> <log:option name="roleBase">ou=groups,ou=system< </log:option>login-module> <log:option name="roleName">cn</log:option>login-module control-flag="OPTIONAL" wrap-principals="false"> <log:option name="roleSearchMatching">(uniqueMember={0})</log:option>login-domain-name>LDAP_Sample_Realm-Audit</log:login-domain-name> <log:option name="roleSearchSubtree">false</log:option> login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class> < <log:option name="file">var/log:/login-module>attempts.log</log:option> <log</log:login-module control-flag="OPTIONAL" wrap-principals="false"> module> </log:login-config> </xml-reference> <log:login-domain-name>LDAP_Sample_Realm-Audit</log:login-domain-name> <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class> <log:option name="file">var/log/login-attempts.log</log:option> </log:login-module> </log:login-config> </gbean> </module> |
This deployment plan tell Geronimo all the connection and search paraments against the LDAP database. This plan also specifies to record each login attempt into the login-attempts.log
log file.
To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:
java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-realm.xml
Once deployed you should see a confirmation message similar to the following example: No Format bgColor #000000 borderStyle solid
D:\geronimo-tomcat6-jee5-2.0\bin>deploy deploy \samples\2.0\ldap-sample-app\ldap-realm.xml
Using GERONIMO_BASE: D:\geronimo-tomcat6-jee5-2.0
Using GERONIMO_HOME: D:\geronimo-tomcat6-jee5-2.0
Using GERONIMO_TMPDIR: D:\geronimo-tomcat6-jee5-2.0\var\temp
Using JRE_HOME:
...
C:\Java\jdk1.5.0_06\\jre
Deployed console.realm/LDAP_Sample_Realm/1.0/car
Back to Top
For further details refer to the LDAP Realm section.
Creating and Installing the LDAP Sample Application
One way to install the LDAP sample application is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1/ if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Configs :: LDAP Sample for Tomcat or Geronimo Configs :: LDAP Sample for Jetty (depending upon you Geronimo service choice) and then install it. However, this process hides many of the details of creating and installing the sample. For those details refer to the next
This deployment plan tell Geronimo all the connection and search paraments against the LDAP database. This plan also specifies to record each login attempt into the login-attempts.log
log file.
To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:
java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-realm.xml
Once deployed you should see a confirmation message similar to the following example:
Back to TopFor further details refer to the LDAP Realm section. No Format bgColor #000000 borderStyle solid
D:\geronimo-tomcat6-jee5-2.0\bin>deploy deploy \samples\2.0\ldap-sample-app\ldap-realm.xml
Using GERONIMO_BASE: D:\geronimo-tomcat6-jee5-2.0
Using GERONIMO_HOME: D:\geronimo-tomcat6-jee5-2.0
Using GERONIMO_TMPDIR: D:\geronimo-tomcat6-jee5-2.0\var\temp
Using JRE_HOME: C:\Java\jdk1.5.0_06\\jre
Deployed console.realm/LDAP_Sample_Realm/1.0/car
Deployment plans
The deployment plans are located in the <ldap_home>/WEB-INF directory. Clearly, geronimo-web.xml is the Geronimo specific deployment plan. It provides the details on what security realm to use and user role mappings as well as the Geronimo specific namespace used to identify the elements in the security configuration. Common to other types of applications, not just security, the deployment plan also provides the main namespace for the deployment plan, a module identification (optional), a parent module configuration ID (also optional) and a context root. The following example illustrates the Geronimo specific deployment plan.
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name>Admin Role</web-resource-name> <url-pattern>/protect/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>content-administrator</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>No Access</web-resource-name> <url-pattern>/forbidden/*</url-pattern> </web-resource-collection> <auth-constraint/> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>ldap-realm-1</realm-name> <form-login-config> <form-login-page>/auth/logon.html?param=test</form-login-page> <form-error-page>/auth/logonError.html?param=test</form-error-page> </form-login-config> </login-config> <security-role> <role-name>content-administrator</role-name> </security-role> </web-app> |
Package the sample application
Now that all the elements have been identified, it is necessary to package the sample application in a Web application Archive (.war). Open a command line window, change directory to <ldap_home> and run the following command:
...
This command will package all the existing files and directories inside <ldap_home>. Although not needed inside the .war file, the ldap-realm.xml and ldap-sample.ldif files will also be included.
Deploy
...
the sample application
To deploy the LDAP sample application make sure the Geronimo server is up and running. Open a command line window, change directory to <geronimo_home>/bin and run the following command:
java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-demo.war
Testing the sample application
Once the Web application is successfully deployed you should see a confirmation message similar as the one shown in the following example:
...