...
Anchor
This article focuses on the web application security related features of the Apache Geronimo server. The sample application covered in this article is a basic time reporting system that uses Servlets, JSPs and J2EE declarative security. In addition to above features it uses Geronimo's embedded Derby database to store user information of the system. Even though this application uses a database to hold user information, it is merely for configuration purposes. For detailed information on the usage of JDBC in Geronimo, refer the Simple database access sample application (1.2 Ok) article.
...
Web Applications in GeronimoAnchor web web
Apache Geronimo includes a Web application container supporting J2EE Web applications. The Web container itself supports basic configuration such as network ports and SSL options, and each Web application may include Geronimo-specific configuration information as well. Web applications participate in the Geronimo security infrastructure, so authenticating to a Web application allows access to secure EJBs and Connectors as well.
...
Apache Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies.
http://tomcat.apache.org/
Application Overview Anchor overview overview
The Time Report application helps to report working times of different projects. Even though this is not a full blown time reporting application, it covers most of the displaying and security related features web applications in Apache Geronimo.
...
Following is the main folder hireachy of the Time Reporting application. It display both JSPs and configuration files used in the application.
...
In addition to the above JSPs and configurations, two other servlets are also required to fullfil the business logic of the application.
...
Security configuration of the Time Report application is handled by geronimo-web.xml and web.xml files. geronimo-web.xml is used to define user roles of the application with TimeReportRealm.
...
web.xml will map the defined user roles to resources in the web application. It also defines the login configurations of the application.
...
...
To restrict access to the Add Employee functionality from Time Report page, programmatic authentication has beeen used as in indicated below.
...
Tools used
The tools used for developing and building the Time Reporting sample application are:
...
Configuring, Building and Deploying the Sample Application Anchor configure configure
Download the Time Reporting application from the following link:
Time Report
...
After starting Apache Geronimo server, log into the console and follow the given steps to create the TimeReportDB to hold user information for the application.
...
...
- Select DB Manager link from the Console Navigation in the left.
- Give the database name as TimeReportDB in the Create DB field and click Create button.
- Select TimeReportDB to the Use DB field.
- Open TimeReportDB.sql in the time_report/config directory.
- Paste the content TimeReportDB.sql to the SQL Commands text area and press Run SQL button.
...
As same as in the creating database, follow the given steps to deploy the security relam of the Time Reporting application.
...
...
- Select Deploy New link from the Console Navigation panel.
- Load time_report/config/TimeReportRealm.xml to the Plan input box.
- Press Install button deploy security realm to the application server.
(Make sure Start app after install check box is checked before pressing install button.)
...
Testing of the Sample Application Anchor testing
To test the sample application open a browser and type http://localhost:8080/timereport. It will forward to the Welcome page of the application.
User can access Time Report page providing username as emp1 and password with pass1. To login to the application as a Manager provide mgm1 and pass3 credentials.
Summary Anchor summary summary
This article has shown you how to deploy web application in to the Geronimo Application server with J2EE declarative security features. You followed step-by-step instructions to build, deploy and test the sample application.
...