Versions Compared

Old Version 4

changes.mady.by.user Ming Xia

Saved on

compared with

New Version 5

changes.mady.by.user Ming Xia

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Two JPA entity beans: DataCDBean and OwnerBean, represents Data CD records and Owner records respectively. The relation bewteen OwnerBean and DataCDBean is 1...*, one owner could have multiple Data CDs.
  • The DataCDInfoJTAImpl is a stateless session bean which implements the business logic of DataCDInfo application, including login, registration/unregistration of owner, and add/update/remove data CD records. DataCDInfoLocal and DataCDInfoRemote is the local and remote business interface respectively.
  • The DataCDInfoAdmin is a stateful session, in which there is an EXTENDED persistence context. By default, a container-managed persistence context is of type TRANSACTION. The EXTENDED persistence context can only be initiated within a scope of a stateful session bean.
  • The DataCDInfoAdmin defines two roles "superadmin" and "admin" with security annotation @RolesAllowed. In the code, role "superadmin" can access all of three methods, while role "admin" can only access "listOwners" method. Another way to define the access is via EJB deployment descriptor "ejb-jar.mxl". The definition in ejb-jar.xml overrides the one in code.
    As the definition of "ejb-jar.xml" below, the role "admin" also has access to method "listAllDataCDs" besides the method "listOwners" defined in the code.
    Code Block
    xml
    xml
    borderStylesolid
    titleejb-jar.xml
    <?xml version="1.0" encoding="UTF-8"?>
<!--
    Licensed to the Apache Software Foundation (ASF) under one or more
    contributor license agreements.  See the NOTICE file distributed with
    this work for additional information regarding copyright ownership.
    The ASF licenses this file to You under the Apache License, Version 2.0
    (the "License"); you may not use this file except in compliance with
    the License.  You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-->
<ejb-jar version="3.0"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd"> 
    <display-name>DataCDInfo Enterprise Bean Definitions</display-name>
    
    <enterprise-beans>
	<session>
		<ejb-name>ejb/DataCDInfoJTAImpl</ejb-name>
		<business-local>org.apache.geronimo.samples.datacdinfo.core.DataCDInfoLocal</business-local>
		<business-remote>org.apache.geronimo.samples.datacdinfo.core.DataCDInfoRemote</business-remote>
		<ejb-class>org.apache.geronimo.samples.datacdinfo.core.DataCDInfoJTAImpl</ejb-class>
                <!-- Stateful|Stateless -->
		<session-type>Stateless</session-type>
                <!-- Who manages transanction? Bean|Container -->
		<transaction-type>Container</transaction-type>
	</session>
	<session>
		<ejb-name>ejb/DataCDInfoAdmin</ejb-name>
		<business-local>org.apache.geronimo.samples.datacdinfo.core.DataCDInfoAdminLocal</business-local>
		<ejb-class>org.apache.geronimo.samples.datacdinfo.core.DataCDInfoAdmin</ejb-class>
                <!-- Stateful|Stateless -->
	        <session-type>Stateful</session-type>
                <!-- Who manages transanction? Bean|Container -->
		<transaction-type>Container</transaction-type>
	</session>		
    </enterprise-beans>	

    <assembly-descriptor>
	<method-permission>
	    <role-name>superadmin</role-name>
	    <method>
		<ejb-name>ejb/DataCDInfoAdmin</ejb-name>
		<method-name>*</method-name>
	    </method>
	</method-permission>
		<!-- In code, role "admin" only has right to access listOwners method
		but via this xml definition, the role could also access listAllDataCDs method -->
	<method-permission>
	    <role-name>admin</role-name>
		<method>
	 	    <ejb-name>ejb/DataCDInfoAdmin</ejb-name>
		    <method-name>listAllDataCDs</method-name>					
		</method>
	</method-permission>
    </assembly-descriptor>     
</ejb-jar>
  • A persistence unit is defined via META-INF/persistence.xml as shown below.
    Code Block
    xml
    xml
    borderStylesolid
    titlepersistence.xml
    <?xml version="1.0" encoding="UTF-8"?>

<!--

    Licensed to the Apache Software Foundation (ASF) under one or more

    contributor license agreements.  See the NOTICE file distributed with

    this work for additional information regarding copyright ownership.

    The ASF licenses this file to You under the Apache License, Version 2.0

    (the "License"); you may not use this file except in compliance with

    the License.  You may obtain a copy of the License at



       http://www.apache.org/licenses/LICENSE-2.0



    Unless required by applicable law or agreed to in writing, software

    distributed under the License is distributed on an "AS IS" BASIS,

    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

    See the License for the specific language governing permissions and

    limitations under the License.

-->

<persistence xmlns="http://java.sun.com/xml/ns/persistence" version="1.0">

  <persistence-unit name="DataCDInfoUnit" transaction-type="JTA">

    <description>DataCDInfo Persistence Unit Definition</description>

    <jta-data-source>jdbc/DataCDInfoDS</jta-data-source>

    <non-jta-data-source>jdbc/NoTxDataCDInfoDS</non-jta-data-source>	

    <class>org.apache.geronimo.samples.datacdinfo.beans.OwnerBean</class>

    <class>org.apache.geronimo.samples.datacdinfo.beans.DataCDBean</class>

    <exclude-unlisted-classes>true</exclude-unlisted-classes>

    <properties>      

      <property name="openjpa.Sequence" value="table(Table=OPENJPASEQ, Increment=1)"/>       

      <!--<property name="openjpa.jdbc.SynchronizeMappings" value="buildSchema(ForeignKeys=true)"/>-->

      <!--<property name="openjpa.Log" value="DefaultLevel=WARN, Tool=INFO"/>-->

      <property name="openjpa.Log" value="File=/tmp/org.apache.openjpa.log, DefaultLevel=WARN, Tool=INFO, Runtime=TRACE, SQL=TRACE"/>

    </properties>

  </persistence-unit>

</persistence>
Note

If the persistence context requires some non-transactional operations, such as table sequence generation, you need to define a non-jta-data-source as well. Otherwise, you will encounter an exception like "org.apache.openjpa.persistence.RollbackException: The transaction has been rolled back."

The EJB module maven project is layout of the EJB module as follows:

No Format
borderColor#FFFFFF
bgColor#FFFFFF
borderStylesolid
|-- pom.xml
`-- src
    `-- main
        |-- java
        |   `-- org
        |       `-- apache
        |           `-- geronimo
        |               `-- samples
        |                   `-- datacdinfo
        |                       |-- beans
        |                       |   |-- DataCDBean.java
        |                       |   `-- OwnerBean.java
        |                       |-- core
        |                       |   |-- DataCDInfoAdmin.java
        |                       |   |-- DataCDInfoAdminLocal.java
        |                       |   |-- DataCDInfoJTAImpl.java
        |                       |   |-- DataCDInfoLocal.java
        |                       |   `-- DataCDInfoRemote.java
        |                       `-- exceptions
        |                           |-- DuplicatedDataCDException.java
        |                           |-- IncorrectPasswordException.java
        |                           |-- InvalidOwnerException.java
        |                           `-- InvalidPasswordException.java
        `-- resources
            `-- META-INF
                |-- ejb-jar.xml
                |-- openejb-jar.xml
                `-- persistence.xml

The Web Module

...

borderColor#FFFFFF
bgColor#FFFFFF
borderStylesolid

...

All Struts1 objects are in the Web module. A typical Struts1 web application uses a configuration file to initialize its resources. The resources include ActionForms to collect input from users, ActionMappings to direct input to server-side Actions, and ActionForwards to select output pages.(Quoted from Struts1 documentation).

The DataCDInfo application web module consists of:

  • Struts1 ActionForm: DataCDForm and OwnerForm.
    • The two ActionForm extends Struts1 ValidatorForm in order to utilize the convenient validation feature provided by Struts1.
    • You may find these two classes are very similar with the JPA entity beans. This kind of design is a demand of Struts1, so that view model is separated from the backend business model. To convey data between Struts1 form bean and business logic bean, you can use org.apache.commons.beanutils.PropertyUtils.
  • Struts1 Action: DataCDActions and OwnerActions
    • The two Action classes extend Struts1 MappingDispatchAction, so that business related actions could be in the same Action class. For details, check the API doc of MappingDispatchAction.
    • The two Action classes wrap form data and call the corresponding business operations to persist the data into database.
  • Struts1 resource files: DataCDInfoResource.properties and several DataCDInfoResources_LANG.properties
    • Struts1 uses standard globalization way that Java language provides to present messages for different locale.
    • At the release time, the sample includes message resources for locale en_US and zh_CN. You can easily extends the locale support by adding additional locale resource file to the resources directory, and then make a new build to deploy.
  • Struts1 configuration file: struts-config.xml and validation.xml
    • The file "struts-config.xml" is the main configuration file of Struts1 application. Struts1 artifacts, such as ActionForm, Actions, ActionMapping, and Validator, are all defined here.
    • The file "validation.xml" defines the validation rules used by the application. Struts1 provides simple validator for number and date verification.
  • Struts1 view JSPs: view/jsp/*.jsp
    • The common Struts1 taglibs are used in those JSPs. They are part of standard Struts1 view technologies. Struts1 supports several different view technologies, for example, Velocity, Tiles, and etc.

Besides the artifacts of Struts1, there are some other artifacts used to DataCDInfo admin logic operations:

  • DataCDInfoAdminServlet – A servlet used to call security-controlled business methods defined in DataCDInfoAdmin stateful session bean.
  • admin/. – The presentation files of DataCDInfo admin operations
  • auth/. – The files used to FORM authentication. By default, the DataCDInfo application uses BASIC authentication. If you want to see what FORM authentication looks like, you can modify web.xml as follows:
    Code Block
    xml
    xml
    borderStylesolid
    titlepart of web.xml
    
 ...
 <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>geronimo-admin</realm-name>
    <form-login-config>
         <form-login-page>/auth/logon.html</form-login-page>
         <form-error-page>/auth/logonError.html</form-error-page>
    </form-login-config>
 </login-config>
 <!--
 <login-config>

	<auth-method>BASIC</auth-method>

	<realm-name>geronimo-admin</realm-name>

 </login-config>
 -->
...

The maven project layout of the Web module as follows:

No Format
borderColor#FFFFFF
bgColor#FFFFFF
borderStylesolid

|-- pom.xml
`-- src
    `-- main
|   `-- NOTICE
            |-- WEB-INF
            |   |-- geronimo-web.xml
            |   |-- struts-config.xmljava
            |   |`-- validation.xmlorg
        |    |   `-- web.xmlapache
            |-- admin
            |   |`-- adminhome.html
   geronimo
         |   |-- showCDs.jsp
            |   |`-- showOwners.jspsamples
         |   |   `-- showPasswd.jsp
             |`-- authdatacdinfo
        |    |   |-- logon.html
            |   `-- logonError.htmlweb
        |    |-- header.html
            |-- index.html
            `|-- viewDataCDInfoAdminServlet.java
         |       `-- jsp
                    |-- AddCDListOwnerServlet.jspjava
        |            |-- ListCDs.jsp
                    |`-- Logon.jspstruts1
          |          |-- Logout.jsp
                    |-- RegisterDataCDActions.jspjava
          |          |-- RemoveCD.jsp
                    `|-- UpdateCDDataCDForm.jsp

The EAR module

No Format
borderColor#FFFFFF
bgColor#FFFFFF
borderStylesolid

|-- pom.xml
`-- src
java
        |         `-- main
        `-- resources
            |-- DataCDInfo_tables_derby.sqlDataCDInfoContextListener.java
            |-- DataCDInfo_tables_mysql.sql
|              `-- META-INF
                |-- applicationOwnerActions.xmljava
        |           |-- geronimo-application-mysql.xml
                    `-- geronimo-application.xml

Steps to

Code Block
xmlxml
borderStylesolid
titleweb.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
    Licensed to the Apache Software Foundation (ASF) under oneOwnerForm.java
        |-- resources
    or more contributor license agreements.| See the NOTICE file|-- DataCDInfoResources.properties
    distributed   with this| work for additional information|-- DataCDInfoResources_en_US.properties
    regarding  copyright ownership. The| ASF licenses this file
|-- DataCDInfoResources_zh.properties.template
      to you under| the Apache License, Version 2.0 (the
`-- DataCDInfoResources_zh_CN.properties
      "License"); you may not use this file except in compliance
`-- webapp
          with the License. You may obtain a copy of the License at
|-- META-INF
            
|    http://www.apache.org/licenses/LICENSE-2.0
|-- LICENSE
      
     Unless required| by applicable law or agreed to in writing,
|-- MANIFEST.MF
        software distributed under the License| is distributed on`-- anNOTICE
    "AS  IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|-- WEB-INF
     KIND,   either express or implied. See| the License for the|-- geronimo-web.xml
    specific language governing permissions and limitations
   | under the License.
|-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" struts-config.xml
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   |   |-- validation.xml
            |  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
	 http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" `-- web.xml
         version="2.4">

    |-- admin
            |   <welcome|-file-list>
 adminhome.html
            |   <welcome|--file>index.html</welcome-file> showCDs.jsp
    </welcome-file-list>

        |   |-- showOwners.jsp
       <security-constraint>
     |   <web`-resource-collection> showPasswd.jsp
            <web|-resource-name>employee</web-resource-name>- auth
            <url-pattern>/employee/*</url-pattern>|   |-- logon.html
        </web-resource-collection>
    |    <auth-constraint>`-- logonError.html
            <role|-name>employee</role-name>- header.html
        </auth-constraint>
    </security-constraint>

|-- index.html
    <security-constraint>
        <web`-resource-collection> view
            <web    `-resource-name>manager</web-resource-name>- jsp
            <url-pattern>/manager/*</url-pattern>
        </web|-resource-collection> AddCD.jsp
        <auth-constraint>
            <role|-name>manager</role-name>- ListCDs.jsp
        </auth-constraint>
            </security-constraint>
|-- Logon.jsp
    <login-config>
        <auth-method>FORM</auth-method>
        <realm|-name>TimeReportRealm</realm-name>- Logout.jsp
        <form-login-config>
            <form|-login-page>/login/login.jsp</form-login-page>
- Register.jsp
                    <form|-error-page>/login/login_error.jsp</form-error-page>
- RemoveCD.jsp
                 </form-login-config>
    </login-config>
`-- UpdateCD.jsp

The EAR module

The EAR module contains database creation scripts and the application deployment plan. The application deployment plan will override the same configurations defined in the EJB module and Web module.

In the application deployment plan, there are definitions about the web module context root and the security realm used to authenticate the admin operations.

Code Block
xml
xml
borderStylesolid
titleWeb module definition in geronimo-application.xml

...
<module>
    <security-role><web>DataCDInfo-JTA-war.war</web>
        <role-name>employee</role-name>
    </security-role>
    <security-role>
        <role-name>manager</role<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1">
	<context-root>/DataCDInfo</context-root>
	<security-realm-name>geronimo-admin</security-realm-name>
    </web-app>
</module>
...

The DataCDInfo application uses the default geronimo security realm "geronimo-admin", which is a file properties realm. To enable "superadmin" role used by this application, these files shall be modified before starting Geronimo server:

Code Block
xml
xml
borderStylesolid
titleAdd a new group in <geronimo_home>/var/security/groups.properties

...
superadmin=superman
...
Code Block
xml
xml
borderStylesolid
titleSet the password for the new user in <geronimo_home>/var/security/users.properties

...
superman=password
...
Note

The plain text password will be encrypted when the geronimo server restarts.

Two datasources are defined in the deployment plan. The "jdbc/DataCDInfoDS" is for JTA use, the "jdbc/NoTxDataCDInfoDS" is for non-JTA use.

Code Block
xml
xml
borderStylesolid
titleDatasources in geronimo-application.xml

...
<ext-module>
    <connector>DataCDInfoDataSource</connector>
    <external-path xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
	<dep:groupId>org.tranql</dep:groupId>
	<dep:artifactId>tranql-connector-derby-embed-xa</dep:artifactId>
	<dep:type>rar</dep:type></security-role>

    <servlet>
        <display-name>AddTimeRecordServlet</display-name>
        <servlet-name>AddTimeRecordServlet</servlet-name>
        <servlet-class>org.apache.geronimo.samples.timereport.web.AddTimeRecordServlet</servlet-class>
    </servlet>
    <servlet>
        <display-name>AddEmployeeServlet</display-name>
        <servlet-name>AddEmployeeServlet</servlet-name>
        <servlet-class>org.apache.geronimo.samples.timereport.web.AddEmployeeServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>AddTimeRecordServlet</servlet-name>
        <url-pattern>/employee/add_timerecord</url-pattern>
    </servlet-mapping>
    <servlet-mapping>
        <servlet-name>AddEmployeeServlet</servlet-name>
        <url-pattern>/manager/add_employee</url-pattern>
    </servletexternal-mapping>

</web-app>

The Geronimo deployment plan ( plan.xml found after building the project at timereport/timereport-jetty/target/resources/META-INF/plan.xml) includes the Geronimo specific security configuration including the security realm configuration and the principal-role mapping relating the principals from the security realm to the application roles defined above in web.xml This project uses two roles, manager and employee. There is a business rule that every manager is an employee. This is enforced through the principal-role mapping: both the EmployeeGroup and ManagerGroup imply the app specific employee role.

Code Block
xmlxml
borderStylesolid
titleplan.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--Licensed to the Apache Software Foundation (ASF) under one
    or more contributor license agreements.  See the NOTICE file
    distributed with this work for additional information
    regarding copyright ownership.  The ASF licenses this file
    to you under the Apache License, Version 2.0 (the
    "License"); you may not use this file except in compliance
    with the License.  You may obtain a copy of the License at
    
     http://www.apache.org/licenses/LICENSE-2.0
    
    Unless required by applicable law or agreed to in writing,
    software distributed under the License is distributed on an
    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    KIND, either express or implied.  See the License for the
    specific language governing permissions and limitations
    under the License.-->
<!--$Rev: 497879 $ $Date: 2007-01-19 12:11:01 -0500 (Fri, 19 Jan 2007) $-->
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1">
  <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <dep:moduleId>
      <dep:groupId>org.apache.geronimo.samples</dep:groupId>
      <dep:artifactId>timereport-jetty</dep:artifactId>
      <dep:version>2.1-SNAPSHOT</dep:version>
      <dep:type>car</dep:type>
    </dep:moduleId>
    <dep:dependencies>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.samples</dep:groupId>
        <dep:artifactId>sample-datasource</dep:artifactId>
        <dep:version>2.1-SNAPSHOT</dep:version>
        <dep:type>car</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.configs</dep:groupId>
        <dep:artifactId>jasper</dep:artifactId>
        <dep:version>2.1</dep:version>
        <dep:type>car</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.configs</dep:groupId>
        <dep:artifactId>jetty6</dep:artifactId>
        <dep:version>2.1</dep:version>
        <dep:type>car</dep:type>
      </dep:dependency>
    </dep:dependencies>
    <dep:hidden-classes/>
    <dep:non-overridable-classes/>
  </dep:environment>
  <context-root>/timereport</context-root>
  <security-realm-name>TimeReportRealm</security-realm-name>
  <security>
    <default-principal realm-name="TimeReportRealm">
      <principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"/>
    </default-principal>
    <role-mappings>
      <role role-name="employee">
        <realm realm-name="TimeReportRealm">
path>
    <connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
	<resourceadapter>
	    <outbound-resourceadapter>
		<connection-definition>
	  	    <connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
		    <connectiondefinition-instance>
			<name>jdbc/DataCDInfoDS</name>
			<config-property-setting name="UserName"></config-property-setting>
                        <config-property-setting name="Password"></config-property-setting>
                        <config-property-setting name="DatabaseName">cdinfodb</config-property-setting>
                        <config-property-setting name="CreateDatabase">true</config-property-setting>
		    <connectionmanager>
			<xa-transaction>
		  	    <transaction-caching />
			</xa-transaction>
			<single-pool>
			    <max-size>100</max-size>
			    <min-size>0</min-size>
			    <blocking-timeout-milliseconds>5000</blocking-timeout-milliseconds>
			    <idle-timeout-minutes>30</idle-timeout-minutes>
			    <match-one />
			</single-pool>
		    </connectionmanager>
		</connectiondefinition-instance>
		<!-- This non-transaction data source is for sequence generation use. Without it,
		the geronimo will throw exception when persisting entities which require sequence
		generation. -->
		<connectiondefinition-instance>
                    <name>jdbc/NoTxDataCDInfoDS</name>
                    <config-property-setting name="UserName"></config-property-setting>
                    <config-property-setting name="Password"></config-property-setting>
                    <config-property-setting name="DatabaseName">cdinfodb</config-property-setting>
                    <config-property-setting name="CreateDatabase">true</config-property-setting>
                         <connectionmanager>
                             <no-transaction/>
                             <single-pool>
                                 <max-size>10</max-size>
                                 <min-size>0</min-size>
                                 <blocking-timeout-milliseconds>5000</blocking-timeout-milliseconds>
                                 <idle-timeout-minutes>30</idle-timeout-minutes>
             <principal  name="EmployeeGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
        </realm>
        <realm realm-name="TimeReportRealm">
<match-one/>
                   <principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>
        </realm>single-pool>
      </role>
         <role role-name="manager">
        <realm realm-name="TimeReportRealm"> </connectionmanager>
          <principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/>     </connectiondefinition-instance>
	     </connection-definition>
          </realm>outbound-resourceadapter>
        </role>resourceadapter>
    </role-mappings>connector>
  </security>
  <gbean name="DBInitialization" class="org.apache.geronimo.connector.DatabaseInitializationGBean</ext-module>
...

To map the application security roles to geronimo security roles, the deployment plan includes as below:

Code Block
xml
xml
borderStylesolid
titleSecurity Roles Mapping in geronimo-application.xml

...
  <security xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0">
    <!--<attribute name="testSQL">select * from users</attribute>-->
    <attribute name="path">TimeReportDB.sql</attribute>
    <reference name="DataSource"<sec:default-principal>
      <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="anonymous"/>
      <name>SampleTxDatasource</name></sec:default-principal>
    </reference><sec:role-mappings>
  </gbean>
    <gbean<sec:role role-name="TimeReportRealm"admin">
        <sec:principal class="org.apache.geronimo.security.realm.GenericSecurityRealm".providers.GeronimoGroupPrincipal" name="admin"/>
     <attribute name="realmName">TimeReportRealm</attribute>
    <reference<sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="ServerInfosystem"/>
      <name>ServerInfo<</name>sec:role>
    </reference>
  <sec:role  <xmlrole-reference name="LoginModuleConfigurationsuperadmin">
       <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1" <sec:principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="superadmin"/>
        <log<sec:login-module control-flag="REQUIRED" wrap-principals="false"principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="superman"/>
      </sec:role>
    </sec:role-mappings>
  </security>
...

Besides the default deployment plan, there is another plan for MySQL database. You can use it like this:

Code Block
borderStylesolid
titleDeploy DataCDInfo with MySQL database

<geronimo_home>/bin/deploy.sh|bat  <log:login-domain-name>TimeReportRealm</log:login-domain-name>
          <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
          <log:option name="dataSourceName">SampleNoTxDatasource</log:option>
          <log:option name="userSelect">select userid, password from users where userid=?</log:option>
          <log:option name="groupSelect">select userid, groupname from usergroups where userid=?</log:option>
        </log:login-module>
      </log:login-config>
    </xml-reference>
  </gbean>
</web-app>

To restrict access to the Add Employee functionality from Time Report page, programmatic authentication has beeen used as in indicated below.

...


...
<BR>
<%if(request.isUserInRole("manager")){%>
<A href="../manager/">Add Employees</A>
<BR>
...

deploy <samples_home>/samples/DataCDInfo/DataCDInfo-JTA-ear/target/DataCDInfo-JTA-ear-2.2.ear <samples_home>/samples/DataCDInfo/DataCDInfo-JTA-ear/target/DataCDInfo-JTA-ear-2.2/META-INF/geronimo-application-mysql.xml
Note

You need to install proper mysql jdbc driver into geronimo repository first before deploying DataCDInfo with MySQL deployment plan.

The maven project layout of the EAR module as follows:

No Format
borderColor#FFFFFF
bgColor#FFFFFF
borderStylesolid

|-- pom.xml
`-- src
    `-- main
        `-- resources
            |-- DataCDInfo_tables_derby.sql
            |-- DataCDInfo_tables_mysql.sql
            `-- META-INF
                |-- application.xml
                |-- geronimo-application-mysql.xml
                `-- geronimo-application.xml

Run Application

Using geronimo admin console to deploy the application.

Running DataCDInfo

If you just use "admin" role(for example, use "system" account defined in the geronimo-admin realm) to pass the authentication of DataCDInfo Admin resources, you will see an exception like this when trying to view owner's password

Testing of the Sample Application

To test the sample application open a browser and type http://localhost:8080/timereportImage Removed. It will forward to the Welcome page of the application.

User can access Time Report page providing username as emp1 and password with pass1. To login to the application as a Manager provide mgm1 and pass3 credentials.

Image Removed

Summary

This article has shown you how to deploy web application in to the Geronimo Application server with J2EE declarative security features. You followed step-by-step instructions to build, deploy and test the sample application.

Some highlights of the article are:

...

.