Versions Compared

Old Version 39

changes.mady.by.user Phani Balaji Madgula

Saved on

compared with

New Version 40

changes.mady.by.user Phani Balaji Madgula

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A Java EE application may consist of several components that can be deployed on to different containers such as WEB container, EJB container, WebServices container in a JEE5 server. This kind of deployment allows multi-tier applications that interact with one another to perform a given user task. Multi-tier JEE5 applications can be secured by properly selecting authenticating mechanisms and designing authorization levels or roles. If the application components use declarative security management, the authentication and authorization aspects are declared in corresponding JEE5 deployment descriptors. The declared security roles or levels are mapped to real security roles or levels in the Geronimo geronimo deployment plans through Security security realms. In Apache Geronimoapache geronimo , the security realms abstract away authentication and authorization aspects of the application components. Authentication The authentication and Authorization authorization together enable access control for the various components of the application.

Depending on the selected authenticating system, a JAAS login module is selected and configured in a Security Realmsecurity realm. JAAS login modules connect to corresponding user/group repositories and perform authentication and retrieve authorization information. Geronimo The geronimo server provides login modules that connect to different types of user/group repositories. These are PropertiesFileLoginModule, LDAPLoginModule, SQLLoginModule and CertificatePropertiesFileLoginModule.

For example, Geronimo geronimo uses geronimo-admin security realm to authenticate users when they login to the Geronimo Administration geronimo administration Console. The deployment plan of the security realm is follows.

...

The above security realm is deployed over two property files <geronimo_home>/var/security/users.properties and var/security/groups.properties that contain user/group information using org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule. The admin console is a web application that uses the above security realm for user authentication.

Security The security realm deployment plan is an XML file that uses http://geronimo.apache.org/xml/ns/deployment-1.2 schema for moduleid, dependency and security realm GBean configurations. The XML file uses http://geronimo.apache.org/xml/ns/loginconfig-2.0 schema for login module configuration. All the XML schema files (.xsd files ) are located at <geronimo_home>/schema directory.

...

User/Group Repository

LoginModule

Property files

org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule

Database    

org.apache.geronimo.security.realm.providers.SQLLoginModule

Ldap repository  

org.apache.geronimo.security.realm.providers.LDAPLoginModule

Certificate Repository 

org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule

Any other   

{{User has to supply the custom JAAS module. Admin console can be used to deploy a security 
 realm over custom JAAS login modules.}}

Depending on the type of the login module, the options for configuration changes. 

...

An enterprise application archive (ear) can consist of several application modules. The application modules can be several Web Application Archives {({web application archives war)}} , EJB modules (jar), application client modules (jar) or Resource Archive resource archive modules (rar). User can either deploy these modules individually or bundle them into a single EAR ear file and deploy the ear file.

...

JEE module

JEE deployment descriptor (DD)

geronimo deployment plan

Web Application Archive (WAR web application archive (war)

web.xml

geronimo-web.xml

EJB Application Archive application archive (JARjar)

ejb-jar.xml

openejb-jar.xml

Resource Adapter Archive (RAR resource adapter archive (rar)

ra.xml

geronimo-ra.xml

Enterprise Application Archive (EAR enterprise application archive (ear)

application.xml

geronimo-application.xml

Enterprise Application Client Archive (JAR enterprise application client archive (jar)

application-client.xml

geronimo-application-client.xml

...

The geronimo-web.xml uses XML elements from http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1 namespace and one or more namespaces mentioned in { *}Common elements and Configuration section above in the document. Please go through the section to know what elements does each schema describe.

For example, the following web.xml and geronimo-web.xml are the deployment descriptor and geronimo deployment plan respectively, of a web application that connects to a datasource deployed on DB2 and retrieves data from a table.

Sample (web.xml)

Code Block
xml
xml
borderStylesolid
titleweb.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                               http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
                               version="2.5">

  <resource-ref>
    <res-ref-name>jdbc/DataSource</res-ref-name>
    <res-type>javax.sql.DataSource</res-type>
    <res-auth>Container</res-auth>
    <res-sharing-scope>Shareable</res-sharing-scope>
  </resource-ref>

  <welcome-file-list>
    <welcome-file>jsp/EMPdemo.jsp</welcome-file>
  </welcome-file-list>
</web-app>
Note

With servlet2.5 spec, many of the declarations done through web.xml can also be done through corresponding annotations in the servlets and JSPs

Sample (geronimo-web.xml)

Code Block
xml
xml
borderStylesolid
titlegeronimo-web.xml
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"
          xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
          xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"
          xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2">

     <sys:environment>
         <sys:moduleId>
             <sys:groupId>samples</sys:groupId>
             <sys:artifactId>EmployeeDemo</sys:artifactId>
             <sys:version>2.1</sys:version>
             <sys:type>war</sys:type>
         </sys:moduleId>
         <sys:dependencies>
             <sys:dependency>
                 <sys:groupId> samples</sys:groupId>
                 <sys:artifactId>EmployeeDatasource</sys:artifactId>
                 <sys:version>2.1</sys:version>
                 <sys:type>rar</sys:type>
             </sys:dependency>
         </sys:dependencies>
     </sys:environment>

     <context-root>/EmployeeDemo</context-root>

     <naming:resource-ref>
         <naming:ref-name>jdbc/DataSource</naming:ref-name>
         <naming:resource-link>jdbc/EmployeeDatasource</naming:resource-link>
     </naming:resource-ref>


 </web-app>

...

The deployment plan starts with <sys:moduleId> to provide a unique module id configuration for the web application. In dependencies section, using <sys:dependency>, a dependency on samples/EmployeeDatasource/2.1/rar is configured. This is the module id of Datasource that connects to DB2. The web context root is configured by <context-root>. Since there is no namespace prefix for this tag, it is going to be the default namespace http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1.

All the XML schema files are located at <geronimo_home>/schema directory. Please go through the .xsd files to have a feel of XML tags that can be used in geronimo-web.xml for configuring web applications.

...