Versions Compared

Old Version 60

changes.mady.by.user Tim McConnell

Saved on

compared with

New Version 61

changes.mady.by.user Tim McConnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is used to define GBean(s) that are configured and deployed with the web application.. These additional Geronimo services will be deployed when the application is deployed (and stopped when the application is stopped). Normally, the implementation classes for these services are included at the server level and referenced using a dependency element.

Security

Additional information and details for configuring security for Geronimo can be found here:

<security-realm-name>

The <security-realm-name> XML element uses the Geronimo default namespace for the geronimo-web.xml file, and is documented here:

...

The <security-realm-name> element is used to specify the name of the security realm that will be used for user authentication for the web application. It is used in conjunction with the <security-constraint> element in the corresponding web.xml deployment plan for this web application. This element will not cause the creation of a new security realm in Geronimo, it references a security realm that has already been created and configured. See Security for details on how this is typically accomplished from the Geronimo Admin Console.

<sec:security>

The <sec:security> XML element uses the Geronimo Security namespace, and is documented here:

...

The <sec:security> element groups the security role mapping settings for the web application. This is an optional element, but if it is present all the web modules must make the appropriate access checks as outlined in the JACC specification.

...

This element includes the <role-mapping> section that references the role(s) defined in the <security-role> element in the web.xml file. An example web.xml and corresponding geronimo-web.xml file is shown below with the "admin" role name defined in the web.xml is referenced in the geronimo-web.xml:

Code Block
xml
xml
borderStylesolid
title<security> web.xml Example

<web-app version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>Geronimo Remote Deployer</display-name>

    <description>
        Receives file upload requests from the deployer when running on a different machine
        than the Geronimo server.
    </description>

    <servlet>
        <display-name>File Upload</display-name>
        <servlet-name>file-upload</servlet-name>
        <servlet-class>org.apache.geronimo.deployment.remote.FileUploadServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>file-upload</servlet-name>
        <url-pattern>/upload</url-pattern>
    </servlet-mapping>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Upload Servlet</web-resource-name>
            <url-pattern>/upload</url-pattern>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Geronimo File Upload</realm-name>
    </login-config>

    <security-role>
        <role-name>admin</role-name>
    </security-role>
</web-app>
Code Block
xml
xml
borderStylesolid
title<security> geronimo-web.xml Example

<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0"
         xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"
         xmlns:cfg="http://geronimo.apache.org/xml/ns/deployment-1.2">

    <dep:environment>
      <dep:moduleId>
        <dep:groupId>org.apache.geronimo.plugins</dep:groupId>
        <dep:artifactId>geronimo-remote-deploy</dep:artifactId>
        <dep:version>2.1.1</dep:version>
      </dep:moduleId>
      <dep:dependencies/>
      <dep:hidden-classes/>
      <dep:non-overridable-classes/>
    </dep:environment>

    <context-root>/remote-deploy</context-root>

    <security-realm-name>geronimo-admin</security-realm-name>

    <sec:security>
        <sec:role-mappings>
            <sec:role role-name="admin">
                <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
                               name="admin" designated-run-as="true"/>
            </sec:role>
        </sec:role-mappings>
    </sec:security>

</web-app>

JNDI Environment References

All the JNDI reference elements in this section use the Geronimo Naming namespace, which is used to identify the common elements for resolving EJB references, resource references, and Web services references, and is documented here:

...