The above security realm is deployed over two property files var/security/users.properties and var/security/groups.properties that contain user/group information using "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule". The Administration Console is a web application that uses the above security realm for user authentication.

Security realm deployment plan is an XML file that uses "http://geronimo.apache.org/xml/ns/deployment-1.2" Geronimo schema for ModuleId, dependency and security realm GBean configurations. The XML file uses "http://geronimo.apache.org/xml/ns/loginconfig-2.0" Geronimo schema for login module configuration.

The following table provides the summary of user/group repositories and corresponding login modules in Apache

 Geronimo
|| User/Group Repositories

 || Login

 Modules ||
| Property Files | org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule

 |
| Database | org.apache.geronimo.security.realm.providers.SQLLoginModule

 |
| Ldap repository

 | org.apache.geronimo.security.realm.providers.LDAPLoginModule

 |
| Certificate Repository

 | org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule

 |
| Any other

 | User has to supply the custom JAAS module. Admin console can be used to create and deploy a security

 \\
 realm over custom JAAS login modules.

 |
Depending on the type of the login module, the options for configuration changes. Geronimo Administration Console enables users to create and deploy security realms using all the above mentioned login modules.

Once a security realm is deployed, it's available for any JEE5 application deployed in Apache Geronimo to map declared roles to actual users/groups through a Geronimo deployment plan.

h2.

 Resources


h1. Applications

An enterprise application archive (EAR) can consist of several application modules. The application modules can be Web Application Archives (WAR) , EJB modules (JAR), application client modules (JAR) or Resource Archive modules (RAR). User can either deploy these modules individually or bundle them into a single EAR file and deploy the EAR file.

When deployed individually, each application module should accompany a Geronimo deployment plan to map declared resources names, ejb names, security roles, JMS roles to corresponding actual entities deployed in the server. The Geronimo deployment plans also contain any Geronimo specific settings and configurations. When deployed as a single bundle (EAR), user can create a single Geronimo deployment plan to accomplish all the mappings, settings and configurations.

The following table summarizes different JEE5 modules and corresponding Geronimo deployment plans accompany them.

|| File || Standard JEE deployment descriptors || Apache Geronimo specific Deployment plan ||
| Enterprise Web application archive (EAR) | application.xml | geronimo-application.xml

 |
| Web Application Archive (WAR)

 | web.xml

 | geronimo-web.xml

 |
| J2EE Connector resources archive (RAR)

 | ra.xml

 | geronimo-ra.xml

 |
| J2EE client application archive (JAR)

 | client.xml

 | geronimo-application-client.xml

 |
| JAR containing EJBs

 | ejb-jar.xml

 | openejb-jar.xml

 |

h2.
Web Application deployment plan (geronimo-web.xml

)

In the geronimo-

web.xml file, application deployer maps the security roles, ejb names, database resources, JMS resources, etc. declared in web.xml to corresponding entities deployed in the server. In addition to that, if there are any web container specific configurations, such as Tomcat or Jetty specific, depending on the application needs, all these settings are configured as well here. If the web application depends on any third party libraries or other services running in the server, all these dependencies are declared in the plan. Some web applications require class loading requirements different from the default class loading hierarchy. The geronimo-web.xml allows application deployer to configure this as well. There are many more configurations that could be done through geronimo-web.xml depending on the needs of web application. The following sections briefly explain how geronimo-web.xml can be used configure the web container and web applications.

The geronimo-web.xml uses XML elements from http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1 namespace and one or more namespaces mentioned in "XML Schemas - Common elements and Configuration" section above in the document. Please go through the section to know what elements does each schema describe.

For example, the following Geronimo-web.xml is the deployment plan of a web application that connects to a datasource deployed on DB2 and retrieves data.