...

To package the deployment plans in you application you have to follow some naming conventions and place the file in a specific directory within your packaged application. For example, in a web application you would include the geronimo-web.xml under the /WEB-INF directory, same place where you are also providing the web.xml descriptor, all within the WAR. For an enterprise application you would include the geronimo-application.xml under the /META-INF directory, same place where you are also providing the application.xml descriptor, all within the WAR.

...

A Java EE application may consist of several components that can be deployed into different containers such as WEB container, EJB container, WebServices container in a JEE5 server. This kind of deployment allows multi-tier applications that interact with one another to perform a given user task. Multi-tier JEE5 applications can be secured by properly selecting authenticating mechanisms and designing authorization levels or roles. If the application components use declarative security management, the authentication and authorization aspects are declared in corresponding JEE5 deployment descriptors. The declared security roles or levels are mapped to real security roles or levels in the geronimo deployment plans through security realms. In apache geronimo Apache Geronimo , the security realms abstract away authentication and authorization aspects of the application components. The authentication and authorization together enable access control for the various components of the application.

Depending on the selected authenticating system, a JAAS login module is selected and configured in a security realm. JAAS login modules connect to corresponding user/group repositories and perform authentication and retrieve authorization information. The geronimo Geronimo server provides login modules that connect to different types of user/group repositories. These are PropertiesFileLoginModule, LDAPLoginModule, SQLLoginModule and CertificatePropertiesFileLoginModule.

For example, geronimo Geronimo uses geronimo-admin security realm to authenticate users when they login to the geronimo administration Console. The deployment plan of the security realm is follows.

...

<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
     <environment>

         <moduleId>
             <groupId>console.realm</groupId>
             <artifactId>geronimo-admin</artifactId>
             <version>1.0</version>
             <type>car</type>
         </moduleId>

         <dependencies>

             <dependency>
                 <groupId>org.apache.geronimo.framework</groupId>
                 <artifactId>j2ee-security</artifactId>
                 <type>car</type>
             </dependency>

         </dependencies>

     </environment>
    
     <gbean name="geronimo-admin"
           class="org.apache.geronimo.security.realm.GenericSecurityRealm"
           xsi:type="dep:gbeanType"
           xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

         <attribute name="realmName">geronimo-admin</attribute>
         <reference name="ServerInfo">
             <name>ServerInfo</name>
         </reference>
        
         <xml-reference name="LoginModuleConfiguration">

             <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                 <log:login-module control-flag="REQUIRED" wrap-principals="false">
                     <log:login-domain-name>geronimo-admin</log:login-domain-name>
                     <log:login-module-class>
                        org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
                     </log:login-module-class>
                     <log:option name="groupsURI">var/security/groups.properties</log:option>
                     <log:option name="usersURI">var/security/users.properties</log:option>
                 </log:login-module>
             </log:login-config>

         </xml-reference>
     </gbean>

 </module>

The above security realm is deployed over two property files <geronimo_home>/var/security/users.properties and var/security/groups.properties that contain user/group information using org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule. The admin console Geronimo Administration Console is a web application that uses the above security realm for user authentication.

The security realm deployment plan is an XML file that uses http://geronimo.apache.org/xml/ns/deployment-1.2 schema for moduleid moduleId, dependency and security realm GBean configurations. The XML file uses http://geronimo.apache.org/xml/ns/loginconfig-2.0 schema for login module configuration. All the XML schema files (.xsd) are located at <geronimo_home>/schema directory.

...

Depending on the type of the login module, the options for configuration changesmay change. 

Once a security realm is deployed, it 's is available for any JEE5 application deployed in geronimo Geronimo to map declared roles to actual users/groups through a geronimo Geronimo specific deployment plan.

Applications

An enterprise application archive (earEAR) can consist of several application modules. The application modules can be several web application archives war(WAR) , EJB modules (jarJAR), application client modules (jarJAR) or resource archive modules (rarRAR). User can either deploy these modules individually or bundle them into a single ear EAR file and deploy the ear that file.

When deployed individually, each application module should accompany a geronimo Geronimo deployment plan to map declared resources names, ejb names, security roles, JMS roles (if any) to actual resources in the server. The geronimo Geronimo deployment plans also contain any geronimo Geronimo specific settings and configurations. When deployed as a single bundle (earEAR), user can create a single geronimo Geronimo deployment plan accomplish to perform all the mappings/settings and configurations.

The following table summarizes different JEE5 modules and corresponding geronimo Geronimo deployment plans accompany them.

...