...
La configuración de Seguridad en la aplicación de Reporte de Tiempo es controlada por los archivos geronimo-web.xml y web.xml. geronimo-web.xml se usa para definir roles de usuario de la aplicación con TimeReportRealm.
| Code Block | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| |||||||||
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
<environment>
<moduleId>
<artifactId>TimeReportApp</artifactId>
</moduleId>
</environment>
<context-root>/timereport</context-root>
<security-realm-name>TimeReportRealm</security-realm-name>
<security>
<default-principal realm-name="TimeReportRealm">
<principal name="anonymous"
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
/>
</default-principal>
<role-mappings>
<role role-name="employee">
<realm realm-name="TimeReportRealm">
<principal name="EmployeeGroup"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
/>
</realm>
<realm realm-name="TimeReportRealm">
<principal name="ManagerGroup"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
/>
</realm>
</role>
<role role-name="manager">
<realm realm-name="TimeReportRealm">
<principal name="ManagerGroup"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
/>
</realm>
</role>
</role-mappings>
</security>
</web-app> |
web.xml mapeará los roles de usuario definidos a los recursos en la aplicación web. También define una configuración de acceso a la aplicación.
| Code Block | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| |||||||||
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>employee</web-resource-name>
<url-pattern>/employee/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>manager</web-resource-name>
<url-pattern>/manager/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>TimeReportRealm</realm-name>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<display-name>AddTimeRecordServlet</display-name>
<servlet-name>AddTimeRecordServlet</servlet-name>
<servlet-class>org.timereport.web.employee.AddTimeRecordServlet</servlet-class>
</servlet>
<servlet>
<display-name>AddEmployeeServlet</display-name>
<servlet-name>AddEmployeeServlet</servlet-name>
<servlet-class>org.timereport.web.manager.AddEmployeeServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AddTimeRecordServlet</servlet-name>
<url-pattern>/employee/add_timerecord</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AddEmployeeServlet</servlet-name>
<url-pattern>/manager/add_employee</url-pattern>
</servlet-mapping>
</web-app>
|
Para restringir el acceso a la funcionalidad de Agregar Empleado en la página de Reporte de Tiempo, autenticación programática ha sido usada como se indica a continuación.
| Code Block | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| |||||||||
...
<BR>
<%if(request.isUserInRole("manager")){%>
<A href="../manager/">Add Employees</A>
<BR>
...
|
...
As same as in the creating database, follow the given steps to deploy the security relam of the Time Reporting application.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
<environment>
<moduleId>
<groupId>console</groupId>
<artifactId>TimeReportRealm</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
<dependencies>
<dependency>
<groupId>geronimo</groupId>
<artifactId>j2ee-security</artifactId>
<type>car</type>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>
<version>10.1.1.0</version>
<type>jar</type>
</dependency>
</dependencies>
</environment>
<gbean name="TimeReportRealm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">TimeReportRealm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<reference name="LoginService">
<name>JaasLoginService</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
<log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
<log:login-domain-name>TimeReportRealm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="jdbcDriver">org.apache.derby.jdbc.EmbeddedDriver</log:option>
<log:option name="jdbcUser">app</log:option>
<log:option name="userSelect">select userid, password from users where userid=?</log:option>
<log:option name="groupSelect">select userid, groupname from usergroups where userid=?</log:option>
<log:option name="jdbcURL">jdbc:derby:TimeReportDB</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
|
...
To test the sample application open a browser and type http://localhost:8080/timereport
. It will forward to the Welcome page of the application.
...