Versions Compared

Old Version 11

changes.mady.by.user Joseph Bohn

Saved on

compared with

New Version 12

changes.mady.by.user Joseph Bohn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can checkout the source code of this sample from SVN:

svn checkout httphttps://svn.apache.org/repos/asf/geronimo/samples/trunk/tags/samples-parent-2.1.2/samples/ldap-sample-appImage Modified ldap-sample-app

The above command places the source under ldap-sample-app, from now on this directory will be referred as <ldap_home>.

...

One way to install the LDAP realm for the sample is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1/ if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Configs Samples :: ldap-sample-app :: LDAP Sample Security Realmsecurity realm and then install it. However, this process hides many of the details of creating and installing the realm. For those details refer to the next section.

...

Code Block
xml
xml
borderStylesolid
titleldap-realm.xml
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>LDAP_Sample_Realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies></environment>
    <gbean        <dependency>name="LDAP_Sample_Realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"
                <groupId>org.apache.geronimo.configs</groupId>xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <artifactId>j2ee-security</artifactId>
   <attribute name="realmName">LDAP_Sample_Realm</attribute>
            <type>car</type><reference name="ServerInfo">
            <<name>ServerInfo</dependency>name>
        </dependencies>reference>
    </environment>
    <gbean<xml-reference name="LDAP_Sample_Realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" LoginModuleConfiguration">
                                    xsi:type="dep:gbeanType"<log:login-config xmlns:deplog="http://geronimo.apache.org/xml/ns/deploymentloginconfig-1.2" >
                   <log:login-module control-flag="REQUIRED" wrap-principals="false">
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">LDAP <log:login-domain-name>LDAP_Sample_Realm</attribute>
 log:login-domain-name>
       <reference name="ServerInfo">
            <name>ServerInfo</name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>
         </reference>
           <xml-reference<log:option name="LoginModuleConfiguration">
initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</log:option>
                    <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.2">
option name="connectionURL">ldap://localhost:10389</log:option>
                    <log:login-module control-flagoption name="REQUIRED" wrap-principals="false">connectionUsername">uid=admin,ou=system</log:option>
                    <log:login-domain-name>LDAP_Sample_Realm<option name="connectionPassword">secret</log:login-domain-name>option>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>option name="authentication">simple</log:option>
                    <log:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory<userBase">ou=users,ou=system</log:option>
                    <log:option name="connectionURL">ldap://localhost:10389</userSearchMatching">uid={0}</log:option>
                    <log:option name="connectionUsername">uid=admin,ou=system<userSearchSubtree">false</log:option>
                    <log:option name="connectionPassword">secret<roleBase">ou=groups,ou=system</log:option>
                    <log:option name="authenticationroleName">simple<>cn</log:option>
                    <log:option name="userBaseroleSearchMatching">ou=users,ou=system<>(uniqueMember={0})</log:option>
                    <log:option name="userSearchMatching">uid={0}<roleSearchSubtree">false</log:option>
                    <log:option name="userSearchSubtree">false<</log:option>
   login-module>
                 <log:option namelogin-module control-flag="roleBase">ou=groups,ou=system</log:option>OPTIONAL" wrap-principals="false">
                    <log:option name="roleName">cn<login-domain-name>LDAP_Sample_Realm-Audit</log:option>login-domain-name>
                    <log:option name="roleSearchMatching">(uniqueMember={0})</log:option>login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
                    <log:option name="roleSearchSubtree">false<file">var/log/login-attempts.log</log:option>
                </log:login-module>
            </log:login-config>
      <log:login-module control-flag="OPTIONAL" wrap-principals="false">
                    <log:login-domain-name>LDAP_Sample_Realm-Audit</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
                    <log:option name="file">var/log/login-attempts.log</log:option>
  </xml-reference>
    </gbean>
</module>

This deployment plan tell Geronimo all the connection and search parameters against the LDAP database. This plan also specifies to record each login attempt into the login-attempts.log log file.

To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:

java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-realm.xml

Once deployed you should see a confirmation message similar to the following example:

No Format
bgColor#000000
borderStylesolid

D:\geronimo-tomcat6-jee5-2.0\bin>deploy deploy \samples\2.0\ldap-sample-app\ldap-realm.xml
Using GERONIMO_BASE:   D:\geronimo-tomcat6-javaee5-2.1.2
Using GERONIMO_HOME:   D:\geronimo-tomcat6-javaee5-2.1.2
Using GERONIMO_TMPDIR: D:\geronimo-tomcat6-javaee5-2.1.2\var\temp
Using JRE_HOME:

...

C:\Java\jdk1.5.0_06\\jre

...

Deployed console.realm/LDAP_Sample_Realm/1.0/car

Back to Top

For further details refer to the LDAP Realm section.

Creating and Installing the LDAP Sample Application

One way to install the LDAP sample application is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1.2/Image Added if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Configs :: LDAP Sample for Tomcat or Geronimo Configs :: LDAP Sample for Jetty (depending upon you Geronimo service choice) and then install it. However, this process hides many of the details of creating and installing the sample. For those details refer to the next section.

Deployment plans

There is a common deployment plan that is used for the sample. The unprocessed version of this plan is at ldap-sample-app/ldap-sample-app-jetty/src/main/plan/plan.xml. The processed version shown here with plugin name and all dependencies filled in can be found at ldap-sample-app/ldap-sample-app-jetty/target/resources/META-INF/plan.xml after building the project.

Code Block
xml
xml
borderStylesolid
titleplan.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.2">
  <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <dep:moduleId>
      <dep:groupId>org.apache.geronimo.samples</dep:groupId>
      <dep:artifactId>ldap-sample-app-jetty</dep:artifactId>
      <dep:version>2.1.2</dep:version>
      <dep:type>car</dep:type>
    </dep:moduleId>
    <dep:dependencies>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.samples</dep:groupId>
        <dep:artifactId>ldap-sample-app-realm</dep:artifactId>
        <dep:version>2.1.2</dep:version>
        <dep:type>car</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.configs</dep:groupId>
        <dep:artifactId>jasper</dep:artifactId>
        <dep:version>2.1.2</dep:version>
        <dep:type>car</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.configs</dep:

This deployment plan tell Geronimo all the connection and search paraments against the LDAP database. This plan also specifies to record each login attempt into the login-attempts.log log file.

To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:

java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-realm.xml

...

No Format
bgColor#000000
borderStylesolid

D:\geronimo-tomcat6-jee5-2.0\bin>deploy deploy \samples\2.0\ldap-sample-app\ldap-realm.xml
Using GERONIMO_BASE:   D:\geronimo-tomcat6-jee5-2.0
Using GERONIMO_HOME:   D:\geronimo-tomcat6-jee5-2.0
Using GERONIMO_TMPDIR: D:\geronimo-tomcat6-jee5-2.0\var\temp
Using JRE_HOME:        C:\Java\jdk1.5.0_06\\jre
    Deployed console.realm/LDAP_Sample_Realm/1.0/car

...

For further details refer to the LDAP Realm section.

Creating and Installing the LDAP Sample Application

One way to install the LDAP sample application is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1/Image Removed if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Configs :: LDAP Sample for Tomcat or Geronimo Configs :: LDAP Sample for Jetty (depending upon you Geronimo service choice) and then install it. However, this process hides many of the details of creating and installing the sample. For those details refer to the next section.

Deployment plans

The deployment plans are located in the <ldap_home>/WEB-INF directory. Clearly, geronimo-web.xml is the Geronimo specific deployment plan. It provides the details on what security realm to use and user role mappings as well as the Geronimo specific namespace used to identify the elements in the security configuration. Common to other types of applications, not just security, the deployment plan also provides the main namespace for the deployment plan, a module identification (optional), a parent module configuration ID (also optional) and a context root. The following example illustrates the Geronimo specific deployment plan.

Code Block
xmlxml
borderStylesolid
titlegeronimo-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.2">
    <environment>
        <moduleId>
            <groupId>samples</groupId>
        <dep:artifactId>jetty6</dep:artifactId>
    <artifactId>LDAP_Sample</artifactId>
    <dep:version>2.1.2</dep:version>
        <dep:type>car</dep:type>
      <version>1.2</version></dep:dependency>
    </dep:dependencies>
    </moduleId>
  <dep:hidden-classes/>
    <dep:non-overridable-classes/>
  </dep:environment>
    <context-root>/LDAP_Sample</context-root>

    <security-realm-name>LDAP_Sample_Realm</security-realm-name>
    <security>
        <default-principal realm-name="LDAP_Sample_Realm">
            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
        </default-principal>
        <role-mappings>
            <role role-name="content-administrator">
     ">
           <realm realm-name="LDAP_Sample_Realm">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/>
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
                </realm>
            </role>
            <role role-name="guest">
                <realm realm-name="LDAP_Sample_Realm">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/>
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/>
        
        </realm>
            </role>
        </role-mappings>
    </security>
</web-app>

The first part Most of the deployment plan is straight forward. However, the security configuration is tricky. The <security-realm-name> is described in the <security> element through a sequence of declarations in the <realms> each <realm> element.

While the web.xml specifies the security roles, the geronimo-webplan.xml maps to which specific users or groups in the Geronimo security realms they belong to. If there is a user that is not logged in, it defaults to what is defined in the <default-principal> element.

...

Code Block
xml
xml
borderStylesolid
titleweb.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
         version="2.4">

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Admin Role</web-resource-name>
            <url-pattern>/protect/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>content-administrator</role-name>
        </auth-constraint>
    </security-constraint>
    
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>No Access</web-resource-name>
            <url-pattern>/forbidden/*</url-pattern>
        </web-resource-collection>
        <auth-constraint/>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
            <realm-name>ldap-realm-1</realm-name>
            <form-login-config>
                <form-login-page>/auth/logon.html?param=test</form-login-page>
                <form-error-page>/auth/logonError.html?param=test</form-error-page>
            </form-login-config>
    </login-config>

    <security-role>
        <role-name>content-administrator</role-name>
    </security-role>

</web-app>

...

Package the sample application

Now that all the elements have been identified, it is necessary to package the sample application in a Web application Archive (.war). Open a command line window, change directory to <ldap_home> and run You can build the war alone from within the ldap-sample-app-war directory and issuing the following command:jar -cvf ldap-demo.war *

mvn clean install

This command will package all the existing files and directories inside <ldap_home>. Although not needed inside the .war file, the ldap-realm.xml and ldap-sample.ldif files will also be included.

Back to Top

Deploy the

...

sample application

It's easiest to deploy the appropriate Geronimo plugin for your specific server image (either tomcat or jetty). This will deploy the sample application with the Geronimo deployment plan specified earier. However, you can optionally choose to deploy the war with the appropriate deployment plan.

Back to Top

Deploy the sample application

To deploy the LDAP sample application in this fashion, make sure the Geronimo server is up and running. Open a command line window, change directory to <geronimo_home>/bin and run the following command:

java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-demo.war <deployment_plan_home>/plan.xml

Testing the sample application

...

No Format
bgColor#000000
borderStylesolid
D:\geronimo-tomcat6-jee5-2.0\bin>deploy deploy \samples\2.0\ldap-sample-app\ldap-demo.war
Using GERONIMO_BASE:   D:\geronimo-tomcat6-jee5javaee5-2.1.02
Using GERONIMO_HOME:   D:\geronimo-tomcat6-jee5javaee5-2.1.02
Using GERONIMO_TMPDIR: D:\geronimo-tomcat6-jee5javaee5-2.01.2\var\temp
Using JRE_HOME:        C:\Java\jdk1.5.0_06\\jre
    Deployed samples/LDAP_Sample/1.2/war @
    http://localhost:8080/LDAP_Sample

...