Anchor | ||||
---|---|---|---|---|
|
The purpose of this section is to provide some general guidelines on the application deployment process from a Security perspective. This is not intended to be the absolute guide for deployment. Throughout the articles in the Apache Geronimo V1 - Documentation, you will find several deployment examples organized by topics such as JDBC, Web services, JCA, Security, etc.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0">
...
<security-realm-name>geronimo-properties-realm</security-realm-name>
<security:security xmlns:security=":http://geronimo.apache.org/xml/ns/security-1.1">...</security:security>
...
</web-app>
|
Defining Security Realm Name
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |
This example defines principal
as the default principal for the application and mapped J2EE admin
role to the login-domain-principal
named admin
that wraps the org.apache.geronimo.securityrealm.providers.GeronimoGroupPrincipal
class. In other words we maped J2EE admin role to the admin
group from the
geronimo-login-domain
Login Domain.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xs:schema targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0" xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <xs:complexType name="web-appType"> .... <xs:sequence minOccurs="0"> <xs:element name="security-realm-name" type="xs:string"/> <xs:element ref="security:security" minOccurs="0"/> </xs:sequence> ... </xs:complexType> </xs:schema> |
...
And security definition will be the same as in the container-neutral schema.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |
...
Deploying Web application on Tomcat container
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<xs:schema targetNamespace="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0" xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <xs:complexType name="web-appType"> .... <xs:sequence minOccurs="0"> <xs:element name="security-realm-name" type="xs:string"/> <xs:element ref="security:security" minOccurs="0"/> </xs:sequence> ... </xs:complexType> </xs:schema> |
...
And security definition will be the same as in the container-neutral schema.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |
...