Versions Compared

Old Version 55

changes.mady.by.user Unknown User (hcunico@gmail.com)

Saved on

compared with

New Version Current

changes.mady.by.user Hernan Cunico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Anchor
top
top
Image Removed
Article donated by: Ivan S Dubrov, Artem Papkov, Hernan Cunico

Overview


This article will help you migrate security applications developed for JBoss v4 to Apache Geronimo. This article is part of a series of migration articles covering different types of applications migration.

...

Sample application
Anchor
sampleApp
sampleApp

The Security application represents a sample application that exploits security related features in the JBoss. It represents a simple document manager in which users can view and upload documents. It consists of the following three pages:

  • Login Page
  • Documents Page
  • Login Error Page

Image RemovedImage Added

The application starts with the Login page. After logging in the user is redirected to the Documents page. There are two types of users - viewers and editors. Both kinds can view documents, but only the editor can upload them.

...

The Security sample application included with this article provides an Ant script that you will use in order to build the application. Download the Securityapplication from the following URL:link:

Security Samplehttp://opensource2.atlassian.com/confluence/oss/download/attachments/1138/security.zip

After extracting the zip file a security directory is created, from now on this directory will be referred as <security_home>. In that directory open the build.properties file and edit the properties to match your environment as shown in the following example:

...

Try logging in as "user" and as "editor". Try invoking upload servlet directly typing the following URL in the browser http://localhost:8080/security/upload, you should receive an exception if you do not use an "editor" type user.

Image RemovedImage Added

Back to Top

The Geronimo environment
Anchor
Geronimo
Geronimo

...

The following steps were performed to migrate the sample application:

  • Developed a Geronimo specific deployment plan for the Enterprise application. The geronimo-application.xml deployment plan is located in the <security_home>modules/security.ear/src/META-INF/geronimo directory. During the build process, this deployment plan is placed in the META-INF subdirectory in the EAR archive and should look like the following example:
Code Block
xml
xml
borderStylesolid
titlegeronimo-application.xml
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
	configId="com/ibm/j2g/security"
	parentId="org/apache/geronimo/Server">

    <security xmlns="http://geronimo.apache.org/xml/ns/security">
        <default-principal realm-name="j2g">
            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
        </default-principal>
        <role-mappings>
            <role role-name="authenticated">
                <realm realm-name="j2g">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="authenticated"/>
                </realm>
            </role>
            <role role-name="uploader">
                <realm realm-name="j2g">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="uploader"/>
               </realm>
            </role>
        </role-mappings>
    </security>

   	<gb:gbean name="j2g-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"
   		xmlns:gb="http://geronimo.apache.org/xml/ns/deployment-1.0">
        <gb:reference name="ServerInfo">
        	<gb:application>*</gb:application>
        	<gb:module>org/apache/geronimo/System</gb:module>
        	<gb:name>ServerInfo</gb:name>
        </gb:reference>
        <gb:reference name="LoginService">
        	<gb:application>*</gb:application>
        	<gb:module>org/apache/geronimo/Security</gb:module>
        	<gb:name>JaasLoginService</gb:name>
        </gb:reference>
    	<gb:attribute name="realmName">j2g</gb:attribute>
    	<gb:xml-reference name="LoginModuleConfiguration">
    		<l:login-config xmlns:l="http://geronimo.apache.org/xml/ns/loginconfig">
    			<l:login-module control-flag="REQUIRED" server-side="true">
    				<l:login-domain-name>j2g</l:login-domain-name>
    				<l:login-module-class>
    					org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
    				</l:login-module-class>
     				<l:option name="usersURI">
				    	var/security/j2g_users.properties
			        </l:option>
        			<l:option name="groupsURI">
          				var/security/j2g_groups.properties
        			</l:option>
    			</l:login-module>
    		</l:login-config>
    	</gb:xml-reference>
    </gb:gbean>
</application>
Info

Note that in contrast to JBoss, application roles must be explicitly defined in the deployment plan.

  • Created a Geronimo specific deployment plan for the EJB module openejb-jar.xml. This deployment plan is located in the <security_home>/modules/security.jar/src/META-INF/geronimo/openejb-jar.xml. During the build the file is copied to the META-INF subdirectory of the security.jar EJB module. This deployment plan should look like the following example:
Code Block
xml
xml
borderStylesolid
titleopenejb-jar.xml
<?xml version="1.0"?>
<openejb-jar xmlns="http://www.openejb.org/xml/ns/openejb-jar"
    configId="com/ibm/j2g/security/ejb" parentId="com/ibm/j2g/security">
    <enterprise-beans>
    	<session>
    		<ejb-name>BusinessLogic</ejb-name>
    	</session>
    </enterprise-beans>
</openejb-jar>
  • Created a Geronimo specificdeployment plan for the Web module geronimo-web.xml. This plan is located in the security/modules/security.war/src/WEB-INF/geronimo/geronimo-web.xml. During the build, this file is copied to the WEB-INF subdirectory of the security.war Web module. This deployment plan should look like the following example:
Code Block
xml
xml
borderStylesolid
titlegeronimo-web.xml
<web-app xmlns="http://geronimo.apache.org/xml/ns/web" 
   configId="com/ibm/j2g/security/web" parentId="com/ibm/j2g/security">
    <context-root>/security</context-root>
    <context-priority-classloader>true</context-priority-classloader>
    <security-realm-name>j2g</security-realm-name> 
</web-app>
  • Rewrited the properties files with users to group mapping. JBoss login module have mapping in the form of "user=group1,group2" and Geronimo have mapping in the form of "group=user1,user2".

Since the realm configuration is done in the geronimo-application.xml, the SAR archive is not required anymore. Actually, this archive can contain custom login modules as well, but since there is some difficulties regarding the deployment of custom login modules to Geronimo (see JIRA GERONIMO-1044 ) they are not covered in this article.

...

Once the application is deployed, open a Web browser and access the following URL:

http://localhost:8080/securityImage Removed

Login with the same user name and password you used when testing the application from JBoss.

...