Versions Compared

Old Version 56

changes.mady.by.user Unknown User (hcunico@gmail.com)

Saved on

compared with

New Version Current

changes.mady.by.user Hernan Cunico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Anchor
top
top
Image Removed
Article donated by: Ivan S Dubrov, Artem Papkov, Hernan Cunico

Overview


This article will help you migrate security applications developed for JBoss v4 to Apache Geronimo. This article is part of a series of migration articles covering different types of applications migration.

...

The following steps were performed to migrate the sample application:

  • Developed a Geronimo specific deployment plan for the Enterprise application. The geronimo-application.xml deployment plan is located in the <security_home>modules/security.ear/src/META-INF/geronimo directory. During the build process, this deployment plan is placed in the META-INF subdirectory in the EAR archive and should look like the following example:
Code Block
xml
xml
borderStylesolid
titlegeronimo-application.xml
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
	configId="com/ibm/j2g/security"
	parentId="org/apache/geronimo/Server">

    <security xmlns="http://geronimo.apache.org/xml/ns/security">
        <default-principal realm-name="j2g">
            <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/>
        </default-principal>
        <role-mappings>
            <role role-name="authenticated">
                <realm realm-name="j2g">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="authenticated"/>
                </realm>
            </role>
            <role role-name="uploader">
                <realm realm-name="j2g">
                    <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="uploader"/>
               </realm>
            </role>
        </role-mappings>
    </security>

   	<gb:gbean name="j2g-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"
   		xmlns:gb="http://geronimo.apache.org/xml/ns/deployment-1.0">
        <gb:reference name="ServerInfo">
        	<gb:application>*</gb:application>
        	<gb:module>org/apache/geronimo/System</gb:module>
        	<gb:name>ServerInfo</gb:name>
        </gb:reference>
        <gb:reference name="LoginService">
        	<gb:application>*</gb:application>
        	<gb:module>org/apache/geronimo/Security</gb:module>
        	<gb:name>JaasLoginService</gb:name>
        </gb:reference>
    	<gb:attribute name="realmName">j2g</gb:attribute>
    	<gb:xml-reference name="LoginModuleConfiguration">
    		<l:login-config xmlns:l="http://geronimo.apache.org/xml/ns/loginconfig">
    			<l:login-module control-flag="REQUIRED" server-side="true">
    				<l:login-domain-name>j2g</l:login-domain-name>
    				<l:login-module-class>
    					org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
    				</l:login-module-class>
     				<l:option name="usersURI">
				    	var/security/j2g_users.properties
			        </l:option>
        			<l:option name="groupsURI">
          				var/security/j2g_groups.properties
        			</l:option>
    			</l:login-module>
    		</l:login-config>
    	</gb:xml-reference>
    </gb:gbean>
</application>
Info

Note that in contrast to JBoss, application roles must be explicitly defined in the deployment plan.

  • Created a Geronimo specific deployment plan for the EJB module openejb-jar.xml. This deployment plan is located in the <security_home>/modules/security.jar/src/META-INF/geronimo/openejb-jar.xml. During the build the file is copied to the META-INF subdirectory of the security.jar EJB module. This deployment plan should look like the following example:
Code Block
xml
xml
borderStylesolid
titleopenejb-jar.xml
<?xml version="1.0"?>
<openejb-jar xmlns="http://www.openejb.org/xml/ns/openejb-jar"
    configId="com/ibm/j2g/security/ejb" parentId="com/ibm/j2g/security">
    <enterprise-beans>
    	<session>
    		<ejb-name>BusinessLogic</ejb-name>
    	</session>
    </enterprise-beans>
</openejb-jar>
  • Created a Geronimo specificdeployment plan for the Web module geronimo-web.xml. This plan is located in the security/modules/security.war/src/WEB-INF/geronimo/geronimo-web.xml. During the build, this file is copied to the WEB-INF subdirectory of the security.war Web module. This deployment plan should look like the following example:
Code Block
xml
xml
borderStylesolid
titlegeronimo-web.xml
<web-app xmlns="http://geronimo.apache.org/xml/ns/web" 
   configId="com/ibm/j2g/security/web" parentId="com/ibm/j2g/security">
    <context-root>/security</context-root>
    <context-priority-classloader>true</context-priority-classloader>
    <security-realm-name>j2g</security-realm-name> 
</web-app>
  • Rewrited the properties files with users to group mapping. JBoss login module have mapping in the form of "user=group1,group2" and Geronimo have mapping in the form of "group=user1,user2".

Since the realm configuration is done in the geronimo-application.xml, the SAR archive is not required anymore. Actually, this archive can contain custom login modules as well, but since there is some difficulties regarding the deployment of custom login modules to Geronimo (see JIRA GERONIMO-1044 ) they are not covered in this article.

...

Once the application is deployed, open a Web browser and access the following URL:

http://localhost:8080/securityImage Removed

Login with the same user name and password you used when testing the application from JBoss.

...