...
For example, Geronimo uses "geronimo-admin" security realm to authenticate users when they login to admin console. The deployment plan of the security realm is follows.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2"> |
...
<environment> <moduleId> <groupId>console.realm</groupId> |
...
<artifactId>geronimo-admin</artifactId> <version>1.0</version> |
...
<type>car</type> |
...
</moduleId> |
...
<dependencies> <dependency> <groupId>org.apache.geronimo.framework</groupId> |
...
<artifactId>j2ee-security</artifactId> |
...
<type>car</type> </dependency> </dependencies> </environment> <gbean name="geronimo-admin" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
...
> <attribute name="realmName">geronimo-admin</attribute> |
...
<reference name="ServerInfo"> |
...
<name>ServerInfo</name> |
...
</reference> |
...
<xml-reference name="LoginModuleConfiguration"> |
...
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0"> |
...
<log:login-module control-flag="REQUIRED" |
...
wrap-principals="false"> <log:login-domain-name>geronimo-admin</log:login-domain-name> |
...
<log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log |
...
:login-module-class> <log:option name="groupsURI">var/security/groups.properties</log:option> |
...
<log:option name="usersURI">var/security/users.properties</log:option> |
...
</log:login-module> |
...
</log:login-config> |
...
</xml-reference> |
...
</gbean> |
...
</module> |
The above security realm is deployed over two property files var/security/users.properties and var/security/groups.properties that contain user/group information using "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule". The admin console is a web application that uses the above security realm for user authentication.
...
User/Group Repositories | Login Modules |
---|---|
Property Files | org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule |
Database | org.apache.geronimo.security.realm.providers.SQLLoginModule |
Ldap repository | org.apache.geronimo.security.realm.providers.LDAPLoginModule |
Certificate Repository | org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule |
Any other | User has to supply the custom JAAS module. Admin console can be used to create and deploy a security security |
Depending on the type of the login module, the options for configuration changes. Admin Admin console enables users to create and deploy security realms using all the above mentioned login modules.
Once a security realm is deployed, it's available for any JEE5 application deployed in Apache Geronimo to map map declared roles to actual users/groups through a Geronimo deployment plan.
Resources
Applications
An enterprise application archive (EAR) can consist of several application modules. The application modules can be Web Application Archives (WAR) , EJB modules (JAR), application client modules (JAR) or Resource Archive modules (RAR). User can either deploy these modules individually or bundle them into a single EAR file and deploy the EAR file.
When deployed individually, each application module should accompany a Geronimo deployment plan to map declared resources names, ejb names, security roles, JMS roles to roles to corresponding actual entities deployed in deployed in the server. The Geronimo deployment plans also contain any Geronimo specific settings and configurations. When deployed as a single bundle (EAR), user can create a single Geronimo deployment plan to accomplish to accomplish all the mappings, settings and configurations.
...
File | Standard JEE deployment descriptors | Apache Geronimo specific Deployment plan |
---|---|---|
Enterprise Web application archive (EAR) | application.xm | geronimo-application.xml |
Web Application Archive (WAR) | web.xml | geronimo-web.xml |
J2EE Connector resources archive (RAR) | ra.xml | geronimo-ra.xml |
J2EE client application archive (JAR) | client.xml | geronimo-application-client.xml |
JAR containing EJBs | ejb-jar.xml | openejb-jar.xml |
...