Versions Compared

Old Version 32

changes.mady.by.user Hernan Cunico

Saved on

compared with

New Version 33

changes.mady.by.user Hernan Cunico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The noAnnotations-TestSecuritySettings.zip provides a number of SQL scripts and deployment plans to facilitate set up the environment the security sample application requires to run. The provided files are 1_TimeReportDB.sql, 2_dbPoolPlan.xml, 3_securityRealmPlan.xml. In addition there is a 0_Readme.txt which is a condensed set of intructions to deploy this sample application, timereport.war which is the application we will be deploying and a sample of the generated deployment plan timereport_generatedPlan.xml. Download and extract the zip file to a directory of your convenience.

timereport.war provides 2 Servlets, several JSPs and the web.xml we will be focusing on. In addition this WAR contains the sources and full java docs.

...

Before we continue with the security application itself we need to create some additional configurations using the provided plans.

  1. With the server up and running access the Geronimo Administration Console and click on DB Manager. Create a database by name "TimeReportDB" and run

...

  1. 1_TimeReportDB.sql

...

  1. on this new database.

...

  1. Create a database connection pool by clicking on Deploy New and specify <geronimo_home>\repository\org\tranql\tranql-connector-ra\1.3\tranql-connector-ra-1.3.rar

...

  1. as the

...

  1. Archive

...

  1. : and

...

  1. 2_dbPoolPlan.xml

...

  1. as the

...

  1. Plan

...

  1. . This will create the new database pool "TimeReportPool".
  2. Create

...

  1. a new security realm

...

  1. by clickin on Deploy New and only specify 3_securityRealmPlan.xml

...

  1. as the "Plan". This will create the TimeReportRealm security realm.

Now that we have configured the environment we go back to the application. timereport.war provides 2 Servlets, several JSPs and the web.xml we will be focusing on. In addition this WAR contains the sources and full java docs. The following sample illustrates the web.xml, here are defined all the security constraints, realms and roles the Plan Creator wizard will use to generate the Geronimo specific deployment plan.

Code Block
xml
xml
borderStylesolid
titleweb.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
	 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	 xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
	 http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
	 version="2.4">	
	 
	<welcome-file-list>
		<welcome-file>index.html</welcome-file>
  	</welcome-file-list>
  	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>employee</web-resource-name>
			<url-pattern>/employee/*</url-pattern>			
		</web-resource-collection>
		<auth-constraint>
			<role-name>employee</role-name>			 
		</auth-constraint>
	</security-constraint>
	
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>manager</web-resource-name>
			<url-pattern>/manager/*</url-pattern>			
		</web-resource-collection>
		<auth-constraint>
			<role-name>manager</role-name>
		</auth-constraint>
	</security-constraint>
	
	<login-config>
		<auth-method>FORM</auth-method>
		<realm-name>TimeReportRealm</realm-name>
		<form-login-config>
			<form-login-page>/login/login.jsp</form-login-page>
			<form-error-page>/login/login_error.jsp</form-error-page>
		</form-login-config>
	</login-config>
	
	<security-role>
		<role-name>employee</role-name>		
    </security-role>
	<security-role>
		<role-name>manager</role-name>		
    </security-role>
    	
    <servlet>
	    <display-name>AddTimeRecordServlet</display-name>
	    <servlet-name>AddTimeRecordServlet</servlet-name>
	    <servlet-class>org.apache.geronimo.samples.timereport.web.AddTimeRecordServlet</servlet-class>
  	</servlet>
  	<servlet>
	    <display-name>AddEmployeeServlet</display-name>
	    <servlet-name>AddEmployeeServlet</servlet-name>
	    <servlet-class>org.apache.geronimo.samples.timereport.web.AddEmployeeServlet</servlet-class>
  	</servlet>
  	
  	<servlet-mapping>
	    <servlet-name>AddTimeRecordServlet</servlet-name>
	    <url-pattern>/employee/add_timerecord</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
	    <servlet-name>AddEmployeeServlet</servlet-name>
	    <url-pattern>/manager/add_employee</url-pattern>
    </servlet-mapping>
        
</web-app>

Back in the Geronimo Administration Console click on Plan Creator. Browse to the timereport.war you just extracted and click on Configure.

Image Added

In the resulting screen you will be configuring the web application identity. You may want to change the default proposed values however, for this example, we will be accepting the defaults. Click Next.

Image Added

As a difference from the other sample applications, for this example we do not have to resolve any resource references so the wizard will jump directly to the security part of the configuration. In the resulting screendefine the security configuration.

Select "TimeReportRealm" from the "Security Realm Name:" pull down menu. This is the security realm you deployed earlier.

For security role employee select Add -> Principal from the pull down menu and add 2 Group Prinicipals with name EmployeeGroup and ManagerGroup.

For security role manager, select Add -> Principal and add 1 Group Prinicipal with name ManagerGroup.

Image Added

Click Next, the following screen allows you to select WAR dependencies. This application has not dependencies on any these modules, click Next.

In the Created Plan screen you should see a plan similar to this one..4) Finally create the geronimo-web.xml for "timereport.war" by using "Create Plan" portlet as below:
a) In the 'security configuration' page, select "TimeReportRealm" as the "Security Realm Name".
b) For security role "employee", select "Add -> Principal" and add 2 "Group Prinicipals" with name "EmployeeGroup" and "ManagerGroup".
c) For security role "manager", select "Add -> Principal" and add 1 "Group Prinicipal" with name "ManagerGroup".
d) Press "Next" twice.
e) In the 'created plan' page, you should see a plan similar to "timereport_generatedPlan.xml".
f) Press "Deploy WAR" and click on "Launch Web App" to run the sample application.
g) Verify using "userid" and "password" values from "1_TimeReportDB.sql".

Code Block
xml
xml
borderStylesolid
titleGenerated deployment plan without Annotations
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1">
    <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
        <dep:moduleId>
            <dep:groupId>default</dep:groupId>
            <dep:artifactId>timereport</dep:artifactId>
            <dep:version>1.0</dep:version>
            <dep:type>war</dep:type>
        </dep:moduleId>
    </dep:environment>
    <context-root>timereport</context-root>
    <security-realm-name>TimeReportRealm</security-realm-name>
    <app:security xsi:type="sec:securityType" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" 
                  xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" 
		  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <sec:role-mappings>
            <sec:role role-name="employee">
                <sec:principal name="EmployeeGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
                <sec:principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
            </sec:role>
            <sec:role role-name="manager">
                <sec:principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
            </sec:role>
        </sec:role-mappings>
    </app:security>
</web-app>

Click on Deploy WAR and then click on Launch Web App to run the sample application. Verify using userid and password values from 1_TimeReportDB.sql.

Attachments

Attachments
patterns.*zip