THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
To package the deployment plans in you application you have to follow some naming conventions and place the file in a specific directory within your packaged application. For example, in a web application you would include the geronimo-web.xml under the /WEB-INF directory, same place where you are also providing the web.xml descriptor, all within the WAR. For an enterprise application you would include the geronimo-application.xml under the /META-INF directory, same place where you are also providing the application.xml descriptor, all within the WAR.
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
<dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
<dep:moduleId>
<dep:groupId>console.dbpool</dep:groupId>
<dep:artifactId>TimeReportPool</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>rar</dep:type>
</dep:moduleId>
<dep:dependencies>
<dep:dependency>
<dep:groupId>org.apache.geronimo.configs</dep:groupId>
<dep:artifactId>system-database</dep:artifactId>
</dep:dependency>
</dep:dependencies>
</dep:environment>
<resourceadapter>
<outbound-resourceadapter>
<connection-definition>
<connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
<connectiondefinition-instance>
<name>TimeReportPool</name>
<config-property-setting name="Driver">org.apache.derby.jdbc.EmbeddedDriver</config-property-setting>
<config-property-setting name="ConnectionURL">jdbc:derby:TimeReportDB</config-property-setting>
<connectionmanager>
<local-transaction/>
<single-pool>
<max-size>10</max-size>
<min-size>0</min-size>
<match-one/>
</single-pool>
</connectionmanager>
</connectiondefinition-instance>
</connection-definition>
</outbound-resourceadapter>
</resourceadapter>
</connector>
|
Security
A Java EE application may consist of several components that can be deployed on to different containers such as WEB container, EJB container, WebServices container in a JEE5 server. This kind of deployment allows multi-tier applications that interact with one another to perform a given user task. Multi-tier JEE5 applications can be secured by properly selecting authenticating mechanisms and designing authorization levels or roles. The authentication and authorization aspects of the application components are declared in corresponding JEE5 deployment descriptors. The declared security roles or levels are mapped to real security roles or levels in the Geronimo deployment plans through Security realms. In Apache Geronimo, the security realms abstract away authentication and authorization aspects of the application components. Authentication and Authorization together enable access control for the various components of the application.
Depending on the selected authenticating system, a JAAS login module is selected and configured in a Security Realm. JAAS login modules connect to corresponding user/group repositories and perform authentication and retrieve authorization information. Geronimo provides login modules that connect to different types of user/group repositories. These are PropertiesFileLoginModule, LDAPLoginModule, SQLLoginModule and CertificatePropertiesFileLoginModule.
For example, Geronimo uses "geronimo-admin" security realm to authenticate users when they login to admin console. The deployment plan of the security realm is follows.
Deployment plan of the "geronimo-admin" security realm used by Geronimo admin console |
|---|
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2"> |
The above security realm is deployed over two property files var/security/users.properties and var/security/groups.properties that contain user/group information using "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule". The admin console is a web application that uses the above security realm for user authentication.
Security realm deployment plan is an XML file that uses "http://geronimo.apache.org/xml/ns/deployment-1.2" Geronimo schema for ModuleId, dependency and security realm GBean configurations. The XML file uses "http://geronimo.apache.org/xml/ns/loginconfig-2.0" Geronimo schema for login module configuration.
The following table provides the summary of user/group repositories and corresponding login modules in Apache Geronimo
User/Group Repositories | Login Modules |
|---|---|
Property Files | org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule |
Database | org.apache.geronimo.security.realm.providers.SQLLoginModule |
Ldap repository | org.apache.geronimo.security.realm.providers.LDAPLoginModule |
Certificate Repository | org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule |
Any other | User has to supply the custom JAAS module. Admin console can be used to deploy a security |
Depending on the type of the login module, the options for configuration changes.
Once a security realm is deployed, it's available for any JEE5 application deployed in Apache Geronimo to map declared roles to actual users/groups through a Geronimo deployment plan.
Resources
Applications
Depending on the type of application you are deploying you will need a different type of deployment plan. The following table illustrates the standard JEE deployment descriptors as well as those specific to Apache Geronimo.
...