...
The noAnnotations-TestSecuritySettings.zip provides a number of SQL scripts and deployment plans to facilitate set up the environment the security sample application requires to run. The provided files are 1_TimeReportDB.sql
, 2_dbPoolPlan.xml
, 3_securityRealmPlan.xml
. In addition there is a 0_Readme.txt
which is a condensed set of intructions to deploy this sample application, timereport.war
which is the application we will be deploying and a sample of the generated deployment plan timereport_generatedPlan.xml
. Download and extract the zip file to a directory of your convenience.
timereport.war
provides 2 Servlets, several JSPs and the web.xml
we will be focusing on. In addition this WAR contains the sources and full java docs.
...
Before we continue with the security application itself we need to create some additional configurations using the provided plans.
- With the server up and running access the Geronimo Administration Console and click on DB Manager. Create a database by name "TimeReportDB" and run
...
1_TimeReportDB.sql
...
- on this new database.
...
- Create a database connection pool by clicking on Deploy New and specify
<geronimo_home>\repository\org\tranql\tranql-connector-ra\1.3\tranql-connector-ra-1.3.rar
...
- as the
...
- Archive
...
- : and
...
2_dbPoolPlan.xml
...
- as the
...
- Plan
...
- . This will create the new database pool "TimeReportPool".
- Create
...
- a new security realm
...
- by clickin on Deploy New and only specify
3_securityRealmPlan.xml
...
- as the "Plan". This will create the TimeReportRealm security realm.
Now that we have configured the environment we go back to the application. timereport.war
provides 2 Servlets, several JSPs and the web.xml
we will be focusing on. In addition this WAR contains the sources and full java docs. The following sample illustrates the web.xml
, here are defined all the security constraints, realms and roles the Plan Creator wizard will use to generate the Geronimo specific deployment plan.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>employee</web-resource-name>
<url-pattern>/employee/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>manager</web-resource-name>
<url-pattern>/manager/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>TimeReportRealm</realm-name>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<display-name>AddTimeRecordServlet</display-name>
<servlet-name>AddTimeRecordServlet</servlet-name>
<servlet-class>org.apache.geronimo.samples.timereport.web.AddTimeRecordServlet</servlet-class>
</servlet>
<servlet>
<display-name>AddEmployeeServlet</display-name>
<servlet-name>AddEmployeeServlet</servlet-name>
<servlet-class>org.apache.geronimo.samples.timereport.web.AddEmployeeServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AddTimeRecordServlet</servlet-name>
<url-pattern>/employee/add_timerecord</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AddEmployeeServlet</servlet-name>
<url-pattern>/manager/add_employee</url-pattern>
</servlet-mapping>
</web-app>
|
Back in the Geronimo Administration Console click on Plan Creator. Browse to the timereport.war
you just extracted and click on Configure.
In the resulting screen you will be configuring the web application identity. You may want to change the default proposed values however, for this example, we will be accepting the defaults. Click Next.
As a difference from the other sample applications, for this example we do not have to resolve any resource references so the wizard will jump directly to the security part of the configuration. In the resulting screendefine the security configuration.
Select "TimeReportRealm" from the "Security Realm Name:" pull down menu. This is the security realm you deployed earlier.
For security role employee select Add -> Principal from the pull down menu and add 2 Group Prinicipals with name EmployeeGroup and ManagerGroup.
For security role manager, select Add -> Principal and add 1 Group Prinicipal with name ManagerGroup.
Click Next, the following screen allows you to select WAR dependencies. This application has not dependencies on any these modules, click Next.
In the Created Plan screen you should see a plan similar to this one..4) Finally create the geronimo-web.xml for "timereport.war" by using "Create Plan" portlet as below:
a) In the 'security configuration' page, select "TimeReportRealm" as the "Security Realm Name".
b) For security role "employee", select "Add -> Principal" and add 2 "Group Prinicipals" with name "EmployeeGroup" and "ManagerGroup".
c) For security role "manager", select "Add -> Principal" and add 1 "Group Prinicipal" with name "ManagerGroup".
d) Press "Next" twice.
e) In the 'created plan' page, you should see a plan similar to "timereport_generatedPlan.xml".
f) Press "Deploy WAR" and click on "Launch Web App" to run the sample application.
g) Verify using "userid" and "password" values from "1_TimeReportDB.sql".
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"> <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"> <dep:moduleId> <dep:groupId>default</dep:groupId> <dep:artifactId>timereport</dep:artifactId> <dep:version>1.0</dep:version> <dep:type>war</dep:type> </dep:moduleId> </dep:environment> <context-root>timereport</context-root> <security-realm-name>TimeReportRealm</security-realm-name> <app:security xsi:type="sec:securityType" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0" xmlns:app="http://geronimo.apache.org/xml/ns/j2ee/application-2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <sec:role-mappings> <sec:role role-name="employee"> <sec:principal name="EmployeeGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> <sec:principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </sec:role> <sec:role role-name="manager"> <sec:principal name="ManagerGroup" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"/> </sec:role> </sec:role-mappings> </app:security> </web-app> |
Click on Deploy WAR and then click on Launch Web App to run the sample application. Verify using userid and password values from 1_TimeReportDB.sql.
Attachments
Attachments | ||
---|---|---|
|