...
A Java EE application may consist of several components that can be deployed on to different containers such as WEB container, EJB container, WebServices container in a JEE5 server. This kind of deployment allows multi-tier applications that interact with one another to perform a given user task. Multi-tier JEE5 applications can be secured by properly selecting authenticating mechanisms and designing authorization levels or roles. If the application components use declarative security management, the authentication and authorization aspects are declared in corresponding JEE5 deployment descriptors. The declared security roles or levels are mapped to real security roles or levels in the Geronimo geronimo deployment plans through Security security realms. In Apache Geronimoapache geronimo , the security realms abstract away authentication and authorization aspects of the application components. Authentication The authentication and Authorization authorization together enable access control for the various components of the application.
Depending on the selected authenticating system, a JAAS login module is selected and configured in a Security Realmsecurity realm. JAAS login modules connect to corresponding user/group repositories and perform authentication and retrieve authorization information. Geronimo The geronimo server provides login modules that connect to different types of user/group repositories. These are PropertiesFileLoginModule
, LDAPLoginModule
, SQLLoginModule
and CertificatePropertiesFileLoginModule
.
For example, Geronimo geronimo uses geronimo-admin
security realm to authenticate users when they login to the Geronimo Administration geronimo administration Console. The deployment plan of the security realm is follows.
...
The above security realm is deployed over two property files <geronimo_home>/var/security/users.properties
and var/security/groups.properties
that contain user/group information using org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
. The admin console is a web application that uses the above security realm for user authentication.
Security The security realm deployment plan is an XML file that uses http://geronimo.apache.org/xml/ns/deployment-1.2 schema for moduleid, dependency and security realm GBean configurations. The XML file uses http://geronimo.apache.org/xml/ns/loginconfig-2.0 schema for login module configuration. All the XML schema files (.xsd
files )
are located at <geronimo_home>/schema
directory.
...
User/Group Repository | LoginModule |
---|---|
Property files | |
Database | |
Ldap repository | |
Certificate Repository | |
Any other | {{User has to supply the custom JAAS module. Admin console can be used to deploy a security |
Depending on the type of the login module, the options for configuration changes.
...
An enterprise application archive (ear)
can consist of several application modules. The application modules can be several Web Application Archives {({web application archives war)
}} , EJB modules (jar)
, application client modules (jar)
or Resource Archive resource archive modules (rar)
. User can either deploy these modules individually or bundle them into a single EAR ear
file and deploy the ear
file.
...
JEE module | JEE deployment descriptor (DD) | geronimo deployment plan |
---|---|---|
Web Application Archive (WAR web application archive | | |
EJB Application Archive application archive | | |
Resource Adapter Archive (RAR resource adapter archive | | |
Enterprise Application Archive (EAR enterprise application archive | | |
Enterprise Application Client Archive (JAR enterprise application client archive | |
...
The geronimo-web.xml
uses XML elements from http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1 namespace and one or more namespaces mentioned in { *}Common elements and Configuration
section above in the document. Please go through the section to know what elements does each schema describe.
For example, the following web.xml
and geronimo-web.xml
are the deployment descriptor and geronimo deployment plan respectively, of a web application that connects to a datasource deployed on DB2 and retrieves data from a table.
Sample (web.xml)
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="ISO-8859-1"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <resource-ref> <res-ref-name>jdbc/DataSource</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> <res-sharing-scope>Shareable</res-sharing-scope> </resource-ref> <welcome-file-list> <welcome-file>jsp/EMPdemo.jsp</welcome-file> </welcome-file-list> </web-app> |
Note |
---|
With servlet2.5 spec, many of the declarations done through |
Sample (geronimo-web.xml)
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1" xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2"> <sys:environment> <sys:moduleId> <sys:groupId>samples</sys:groupId> <sys:artifactId>EmployeeDemo</sys:artifactId> <sys:version>2.1</sys:version> <sys:type>war</sys:type> </sys:moduleId> <sys:dependencies> <sys:dependency> <sys:groupId> samples</sys:groupId> <sys:artifactId>EmployeeDatasource</sys:artifactId> <sys:version>2.1</sys:version> <sys:type>rar</sys:type> </sys:dependency> </sys:dependencies> </sys:environment> <context-root>/EmployeeDemo</context-root> <naming:resource-ref> <naming:ref-name>jdbc/DataSource</naming:ref-name> <naming:resource-link>jdbc/EmployeeDatasource</naming:resource-link> </naming:resource-ref> </web-app> |
...
The deployment plan starts with <sys:moduleId>
to provide a unique module id configuration for the web application. In dependencies section, using <sys:dependency>
, a dependency on samples/EmployeeDatasource/2.1/rar
is configured. This is the module id of Datasource that connects to DB2. The web context root is configured by <context-root>
. Since there is no namespace prefix for this tag, it is going to be the default namespace http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1.
All the XML schema files are located at <geronimo_home>/schema
directory. Please go through the .xsd
files to have a feel of XML tags that can be used in geronimo-web.xml
for configuring web applications.
...