In this section, we will discuss about the configurations that are already deployed and running in the server when the server is installed and started.

Connection pools

Apache Geronimo ships with embedded Derby database and ActiveMQ message broker. There are also connection pools that connect to Derby and activeMQ configured to run in the installed server. The following sections discuss about various such configurations already running in the installed server.

Embedded Derby Database connection pool

Apache Geronimo ships with embedded Derby database. The Derby libraries are present in the server repository at <geronimo_home>/repository/org/apache/derby. By default, a Derby database by name SystemDatabase is created and the files related to the database are stored at <geronimo_home>/var/derby/SystemDatabase. Along with that, by default, server deploys a database connection pool over the SystemDatabase with the configuration name org.apache.geronimo.configs/system-database/2.1/car. The name of the database connection pool is SystemDatasource. The configuration artifacts are stored at <geronimo_home>/repository/org/apache/geronimo/configs/system-database. The deployment plan used for database connection pool is as follows.

SystemDatasource
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
  <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <dep:moduleId>
      <dep:groupId>org.apache.geronimo.configs</dep:groupId>
      <dep:artifactId>system-database</dep:artifactId>
      <dep:version>2.1</dep:version>
      <dep:type>car</dep:type>
    </dep:moduleId>
    <dep:dependencies>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.configs</dep:groupId>
        <dep:artifactId>transaction</dep:artifactId>
        <dep:version>2.1</dep:version>
        <dep:type>car</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.modules</dep:groupId>
        <dep:artifactId>geronimo-derby</dep:artifactId>
        <dep:version>2.1</dep:version>
        <dep:type>jar</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.modules</dep:groupId>
        <dep:artifactId>geronimo-timer</dep:artifactId>
        <dep:version>2.1</dep:version>
        <dep:type>jar</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.derby</dep:groupId>
        <dep:artifactId>derby</dep:artifactId>
        <dep:version>10.2.2.0</dep:version>
        <dep:type>jar</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.derby</dep:groupId>
        <dep:artifactId>derbynet</dep:artifactId>
        <dep:version>10.2.2.0</dep:version>
        <dep:type>jar</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.apache.derby</dep:groupId>
        <dep:artifactId>derbyclient</dep:artifactId>
        <dep:version>10.2.2.0</dep:version>
        <dep:type>jar</dep:type>
      </dep:dependency>
      <dep:dependency>
        <dep:groupId>org.tranql</dep:groupId>
        <dep:artifactId>tranql-connector-derby-embed-xa
        </dep:artifactId>
        <dep:version>1.3</dep:version>
        <dep:type>rar</dep:type>
      </dep:dependency>
    </dep:dependencies>
    <dep:hidden-classes/>
    <dep:non-overridable-classes/>
  </dep:environment>
  <resourceadapter>
    <outbound-resourceadapter>
      <connection-definition>
        <connectionfactory-interface>javax.sql.DataSource
        </connectionfactory-interface>
        <connectiondefinition-instance>
          <name>SystemDatasource</name>
          <config-property-setting name="UserName"/>
          <config-property-setting name="Password"/>
          <config-property-setting name="DatabaseName">
             SystemDatabase
          </config-property-setting>
          <config-property-setting name="CreateDatabase">
             true
          </config-property-setting>
          <connectionmanager>
            <xa-transaction>
              <transaction-caching/>
            </xa-transaction>
            <single-pool>
              <max-size>100</max-size>
              <blocking-timeout-milliseconds>
                 5000
              </blocking-timeout-milliseconds>
              <select-one-assume-match/>
            </single-pool>
          </connectionmanager>
        </connectiondefinition-instance>
        <connectiondefinition-instance>
          <name>NoTxDatasource</name>
          <config-property-setting name="UserName"/>
          <config-property-setting name="Password"/>
          <config-property-setting name="DatabaseName">
             SystemDatabase
          </config-property-setting>
          <config-property-setting name="CreateDatabase">
             true
          </config-property-setting>
          <connectionmanager>
            <no-transaction/>
            <single-pool>
              <max-size>100</max-size>
              <blocking-timeout-milliseconds>5000
              </blocking-timeout-milliseconds>
              <select-one-assume-match/>
            </single-pool>
          </connectionmanager>
        </connectiondefinition-instance>
      </connection-definition>
    </outbound-resourceadapter>
  </resourceadapter>
  <gbean name="DerbySystem" 
         class="org.apache.geronimo.derby.DerbySystemGBean">
    <reference name="ServerInfo">
      <name>ServerInfo</name>
    </reference>
    <attribute name="derbySystemHome">var/derby</attribute>
  </gbean>
  <gbean name="DerbyNetwork" 
         class="org.apache.geronimo.derby.DerbyNetworkGBean">
    <reference name="derbySystem">
      <name>DerbySystem</name>
    </reference>
    <attribute name="host">localhost</attribute>
    <attribute name="port">1527</attribute>
  </gbean>
  <gbean name="DerbyLog" 
         class="org.apache.geronimo.derby.DerbyLogGBean">
    <reference name="DerbySystem">
      <name>DerbySystem</name>
    </reference>
  </gbean>
  <gbean name="DerbyDriver" 
  class="org.apache.geronimo.system.util.JDBCDriverRegistrationGBean">
    <attribute name="driverClassName">
       org.apache.derby.jdbc.EmbeddedDriver
    </attribute>
  </gbean>
  <gbean name="DerbyClientDriver" 
   class="org.apache.geronimo.system.util.JDBCDriverRegistrationGBean">
    <attribute name="driverClassName">
      org.apache.derby.jdbc.ClientDriver
    </attribute>
  </gbean>
  <gbean name="TransactionalThreadPooledTimer" class="org.apache.geronimo.timer.jdbc.JDBCStoreThreadPooledTransactionalTimer">
    <attribute name="repeatCount">5</attribute>
    <reference name="TransactionManager">
      <name>TransactionManager</name>
    </reference>
    <reference name="ManagedConnectionFactoryWrapper">
      <name>SystemDatasource</name>
    </reference>
    <reference name="ThreadPool">
      <name>DefaultThreadPool</name>
    </reference>
    <dependency>
      <name>DerbySystem</name>
    </dependency>
  </gbean>
  <gbean name="NonTransactionalThreadPooledTimer" class="org.apache.geronimo.timer.jdbc.JDBCStoreThreadPooledNonTransactionalTimer">
    <reference name="TransactionManager">
      <name>TransactionManager</name>
    </reference>
    <reference name="ManagedConnectionFactoryWrapper">
      <name>SystemDatasource</name>
    </reference>
    <reference name="ThreadPool">
      <name>DefaultThreadPool</name>
    </reference>
    <dependency>
      <name>DerbySystem</name>
    </dependency>
  </gbean>
</connector>

The default namespace of the above XML document is http://geronimo.apache.org/xml/ns/j2ee/connector-1.2. The XML elements that do not have a namespace prefix belong to the default namespace.

After starting the server, the running database connection pool SystemDatasource can be observed on the admin console from console Navigation => Services => Database pools. The resource adapter used to deploy the above database connection pool is tranql-connector-derby-embed-xa-1.3.rar. The above plan is actually deployment plan of a outbound resource adapter. If the above plan is packaged along with the rar file, the xml content will be placed in META-INF/geronimo-ra.xml of the archive.

Closely observe various configurations in the deployment plan. Many derby libraries in the server repository are mentioned as dependencies. After configuring the outbound resource adapter, there are series of gbeans configured for the database connection pool.

Embedded ActiveMQ resource adapter

By default, a JMS resource adapter that connects to embedded activemq message broker is deployed and running in the apache geronimo server. This is an outbound jms resource adapter that configures a connection factory and two message queues. The configuration name of the resource adapter is org.apache.geronimo.configs/activemq-ra/2.1/car. The artifacts of the resource adapter are stored at <geronimo_home>/repository/org/apache/geronimo/configs/activemq-ra. The deployment plan is as follows.

ActiveMQ RA
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
  <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <dep:moduleId>
      <dep:groupId>org.apache.geronimo.configs</dep:groupId>
      <dep:artifactId>activemq-ra</dep:artifactId>
      <dep:version>2.1</dep:version>
      <dep:type>car</dep:type>
    </dep:moduleId>
    <dep:dependencies>
      <dep:dependency>
        <dep:groupId>org.apache.geronimo.configs</dep:groupId>
        <dep:artifactId>activemq-broker</dep:artifactId>
        <dep:version>2.1</dep:version>
        <dep:type>car</dep:type>
      </dep:dependency>
    </dep:dependencies>
    <dep:hidden-classes/>
    <dep:non-overridable-classes/>
  </dep:environment>
  <resourceadapter>
    <resourceadapter-instance>
      <resourceadapter-name>ActiveMQ RA</resourceadapter-name>
      <config-property-setting name="ServerUrl">tcp://0.0.0.0:61616</config-property-setting>
      <config-property-setting name="UserName">geronimo</config-property-setting>
      <config-property-setting name="Password">geronimo</config-property-setting>
      <workmanager>
        <gbean-link>DefaultWorkManager</gbean-link>
      </workmanager>
    </resourceadapter-instance>
    <outbound-resourceadapter>
      <connection-definition>
        <connectionfactory-interface>javax.jms.ConnectionFactory</connectionfactory-interface>
        <connectiondefinition-instance>
          <name>DefaultActiveMQConnectionFactory</name>
          <implemented-interface>javax.jms.QueueConnectionFactory</implemented-interface>
          <implemented-interface>javax.jms.TopicConnectionFactory</implemented-interface>
          <connectionmanager>
            <xa-transaction>
              <transaction-caching/>
            </xa-transaction>
            <single-pool>
              <max-size>10</max-size>
              <blocking-timeout-milliseconds>5000</blocking-timeout-milliseconds>
              <match-one/>
            </single-pool>
          </connectionmanager>
        </connectiondefinition-instance>
      </connection-definition>
    </outbound-resourceadapter>
  </resourceadapter>
  <adminobject>
    <adminobject-interface>javax.jms.Queue</adminobject-interface>
    <adminobject-class>org.apache.activemq.command.ActiveMQQueue</adminobject-class>
    <adminobject-instance>
      <message-destination-name>MDBTransferBeanOutQueue</message-destination-name>
      <config-property-setting name="PhysicalName">MDBTransferBeanOutQueue</config-property-setting>
    </adminobject-instance>
  </adminobject>
  <adminobject>
    <adminobject-interface>javax.jms.Queue</adminobject-interface>
    <adminobject-class>org.apache.activemq.command.ActiveMQQueue</adminobject-class>
    <adminobject-instance>
      <message-destination-name>SendReceiveQueue</message-destination-name>
      <config-property-setting name="PhysicalName">SendReceiveQueue</config-property-setting>
    </adminobject-instance>
  </adminobject>
</connector>

The default namespace of the deployment plan is http://geronimo.apache.org/xml/ns/j2ee/connector-1.2. The xml elements that do not have a namespace prefix belong to default namespace.

The resource adapter used to deploy the above plan is <geronimo_home>/repository/org/apache/geronimo/modules/geronimo-activemq-ra/2.1. After the server is started, the running resource adapter can be looked up on the admin console from Console Navigation => Services => JMS Resource. We can also observe the connection factories and queues deployed by the resource adapter on the admin console.

Security

A Java EE application may consist of several components that can be deployed into different containers such as WEB container, EJB container, WebServices container in a JEE5 server. This kind of deployment allows multi-tier applications that interact with one another to perform a given user task. Multi-tier JEE5 applications can be secured by properly selecting authenticating mechanisms and designing authorization levels or roles. If the application components use declarative security management, the authentication and authorization aspects are declared in corresponding JEE5 deployment descriptors. The declared security roles or levels are mapped to real security roles or levels in the geronimo deployment plans through security realms. In Apache Geronimo , the security realms abstract away authentication and authorization aspects of the application components. The authentication and authorization together enable access control for the various components of the application.

Depending on the selected authenticating system, a JAAS login module is selected and configured in a security realm. JAAS login modules connect to corresponding user/group repositories and perform authentication and retrieve authorization information. The Geronimo server provides login modules that connect to different types of user/group repositories. These are PropertiesFileLoginModule, LDAPLoginModule, SQLLoginModule and CertificatePropertiesFileLoginModule.

For example, Geronimo uses geronimo-admin security realm to authenticate users when they login to the geronimo administration Console. The deployment plan of the security realm is follows.

geronimo-admin security realm

geronimo-admin security realm
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>geronimo-admin</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>

        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.framework</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
        </dependencies>
    </environment>
    
    <gbean name="geronimo-admin"
           class="org.apache.geronimo.security.realm.GenericSecurityRealm"
           xsi:type="dep:gbeanType"
           xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

        <attribute name="realmName">geronimo-admin</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>geronimo-admin</log:login-domain-name>
                    <log:login-module-class>
                        org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
                    </log:login-module-class>
                    <log:option name="groupsURI">var/security/groups.properties</log:option>
                    <log:option name="usersURI">var/security/users.properties</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>

</module>

The default namespace of the above XML document is http://geronimo.apache.org/xml/ns/deployment-1.2. The XML elements that do not have a namespace prefix belong to the default namespace.

The above security realm is deployed over two property files <geronimo_home>/var/security/users.properties and var/security/groups.properties that contain user/group information using org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule. The Geronimo Administration Console is a web application that uses the above security realm for user authentication.

The security realm deployment plan is an XML file that uses http://geronimo.apache.org/xml/ns/deployment-1.2 schema for moduleId, dependency and security realm GBean configurations. The XML file uses http://geronimo.apache.org/xml/ns/loginconfig-2.0 schema for login module configuration. All the XML schema files (.xsd) are located at <geronimo_home>/schema directory.

The following table provides the summary of user/group repositories and corresponding login modules in Apache Geronimo

User/Group Repository

LoginModule

Property files

org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule

Database

org.apache.geronimo.security.realm.providers.SQLLoginModule

Ldap repository

org.apache.geronimo.security.realm.providers.LDAPLoginModule

Certificate Repository

org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule

Any other

User has to supply the custom JAAS module. Admin console can be used to deploy a security
realm over custom JAAS login modules

Depending on the type of the login module, the options for configuration may change.

Once a security realm is deployed, it is available for any JEE5 application deployed in Geronimo to map declared roles to actual users/groups through a Geronimo specific deployment plan.

  • No labels