Anchor | ||||
---|---|---|---|---|
|
Article donated by: Simon Godik, Hernan Cunico
The purpose of this section is to provide some general guidelines on the application deployment process from a Security perspective. This is not intended to be the absolute guide for deployment. Throughout the articles in the Apache Geronimo V1 - Documentation, you will find several deployment examples organized by topics such as JDBC, Web services, JCA, SecutirySecurity, etc.
This section is organized in the following topics:
- |#Deployment options for Web Applicationsapplications
- |#Deploying Web application with the container-neutral schema
- |#Defining Security Realm Name
- |#Example of the Web application deployment with web-container neutral schema
- |#Deploying Web application on Jetty container
- |#Deploying Web application on Tomcat container
Deployment options for Web
...
applications
Web applications can be deployed in a number of ways, standalone war file or part of an ear file. Web applications deployment can be targeted to a specific servlet container (such as jetty or tomcat) or use container-neutral schema. Note that container-neutral schema also has a way to define container-specific parameters.
If deployed as part of an ear file, there are 2 ways to include the Web application deployment plan: include it in the geronimo-application.xml
as it's own module element or include a reference to the Web application deployment plan by using <alt-dd>
element. The syntax of the Web application element is the same in both cases, so keep this in mind when you look at the examples.
Deploying Web application with the container-neutral schema
The namespace for the container neutral Web application deployment plan is http://geronimo.apache.org/xml/ns/j2ee/web-1.0. The name of the schema file is
geronimo-web-1.0.xsd
. It is best if you become familiar with the schema.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security=":http://geronimo.apache.org/xml/ns/security-1.1">...</security:security> ... </web-app> |
Defining Security Realm Name
Security realm name is specified by the <security-realm-name>
element. Its value is passed as an input parameter to the JAAS LoginContext
constructor. In JAAS terms, this is application configuration name.
...
Note that Geronimo JAAS configuration GBean will complain if the name of your own GenericSecurityRealm
GBean is a duplicate of some other configuration entry name that is already deployed. To avoid this kind of problems, use unique Security Realm names. Refer to Component Configuration, Configuring Security Realm section for the details how to configure your own GenericSecurityRealm
.
Example of the Web application deployment with web-container neutral schema
To better understand this example make sure you read the Component Configuration, Configuring Security Realm section before.
...
In the example above, the Security Realm is presumed to be deployed elsewhere. For example org/apache/geronimo/Security configuration deploys geronimo-properties-realm: geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=SecurityRealm,name=geronimo-properties-realm
Deploying Web application on Jetty container
Jetty container deployment plan namespace is http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0
As far as security configuration is concerned it allows the same structure as the container-neutral schema:
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |
Deploying Web application on Tomcat container
Tomcat container deployment plan namespace is http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0.
As far as security configuration is concerned it allows the same structure as container-neutral schema:
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-1.0"> ... <security-realm-name>geronimo-properties-realm</security-realm-name> <security:security xmlns:security="http://geronimo.apache.org/xml/ns/security-1.1"> <default-principal> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system" designated-run-as="true"/> </default-principal> <role-mappings> <role role-name="admin"> <login-domain-principal domain-name="geronimo-properties-realm" name="admin" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </role> </role-mappings> </security:security> ... </web-app> |