...
There are two roles that are issued in this project: manager and employee. Since a manager is also an employee of the company, it will be listed under employee too. However, it also has its spot under the 'manager' role.
| Code Block |
|---|
| xml |
|---|
| borderStyle | solid |
|---|
| title | geronimo-web.xml |
|---|
| borderStyle | solid |
|---|
| xml |
|---|
|
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.1">
<environment>
<moduleId>
<groupId>${pom.groupId}</groupId>
<artifactId>${pom.artifactId}</artifactId>
<version>${version}</version>
<type>war</type>
</moduleId>
</environment>
<context-root>/timereport</context-root>
<security-realm-name>TimeReportRealm</security-realm-name>
<security>
<default-principal realm-name="TimeReportRealm">
<principal name="anonymous"
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
/>
</default-principal>
<role-mappings>
<role role-name="employee">
<realm realm-name="TimeReportRealm">
<principal name="EmployeeGroup"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
/>
</realm>
<realm realm-name="TimeReportRealm">
<principal name="ManagerGroup"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
/>
</realm>
</role>
<role role-name="manager">
<realm realm-name="TimeReportRealm">
<principal name="ManagerGroup"
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
/>
</realm>
</role>
</role-mappings>
</security>
</web-app>
|
web.xml will map the defined user roles to resources in the web application. It also defines the login configurations of the application.
| Code Block |
|---|
| xml | borderStyle | solid |
|---|
| title | web.xml |
|---|
| borderStyle | solid |
|---|
| xml |
|---|
|
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>employee</web-resource-name>
<url-pattern>/employee/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>employee</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>manager</web-resource-name>
<url-pattern>/manager/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>TimeReportRealm</realm-name>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/login_error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>employee</role-name>
</security-role>
<security-role>
<role-name>manager</role-name>
</security-role>
<servlet>
<display-name>AddTimeRecordServlet</display-name>
<servlet-name>AddTimeRecordServlet</servlet-name>
<servlet-class>org.apache.geronimo.samples.timereport.web.AddTimeRecordServlet</servlet-class>
</servlet>
<servlet>
<display-name>AddEmployeeServlet</display-name>
<servlet-name>AddEmployeeServlet</servlet-name>
<servlet-class>org.apache.geronimo.samples.timereport.web.AddEmployeeServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AddTimeRecordServlet</servlet-name>
<url-pattern>/employee/add_timerecord</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AddEmployeeServlet</servlet-name>
<url-pattern>/manager/add_employee</url-pattern>
</servlet-mapping>
</web-app>
|
To restrict access to the Add Employee functionality from Time Report page, programmatic authentication has beeen used as in indicated below.
| Code Block |
|---|
| java | borderStyle | solid |
|---|
| title | employee/index.jsp |
|---|
| borderStyle | solid |
|---|
| java |
|---|
|
...
<BR>
<%if(request.isUserInRole("manager")){%>
<A href="../manager/">Add Employees</A>
<BR>
...
|
geronimo-application.xml tells the application that there is a database pool that needs to be deployed as well. The security realm configurations are included along with this db pool. The db pool is defined in TimeReportPool.xml and the driver that is needs in order to be deployed is the tranql-connector-ra-1.3.rar file--these two files will reside on the top level layer of the resultant EAR file.
| Code Block |
|---|
| xml | borderStyle | solid |
|---|
| title | geronimo-application.xml |
|---|
| borderStyle | solid |
|---|
| xml |
|---|
|
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-1.2">
<environment xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
<moduleId>
<groupId>${pom.groupId}</groupId>
<artifactId>${pom.artifactId}</artifactId>
<version>${version}</version>
<type>ear</type>
</moduleId>
</environment>
<module>
<connector>tranql-connector-ra-1.3.rar</connector>
<alt-dd>TimeReportPool.xml</alt-dd>
</module>
</application>
|
TimeReportPool.xml defines two things: the database pool itself and a security realm. As shown, the first part is similar to any other db pool plan. The second part, are the essentials for a security realm plan. By combining the two into a separate file, we can ship a db pool and a security realm with the application so it will require less things to install.
| Code Block |
|---|
| xml | borderStyle | solid |
|---|
| title | TimeReportPool.xml |
|---|
| borderStyle | solid |
|---|
| xml |
|---|
|
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
<dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
<dep:moduleId>
<dep:groupId>console.dbpool</dep:groupId>
<dep:artifactId>TimeReportPool</dep:artifactId>
<dep:version>1.0</dep:version>
<dep:type>rar</dep:type>
</dep:moduleId>
<dep:dependencies>
<dep:dependency>
<dep:groupId>org.apache.geronimo.configs</dep:groupId>
<dep:artifactId>j2ee-security</dep:artifactId>
<dep:type>car</dep:type>
</dep:dependency>
<dep:dependency>
<dep:groupId>org.apache.geronimo.configs</dep:groupId>
<dep:artifactId>system-database</dep:artifactId>
<dep:type>car</dep:type>
</dep:dependency>
</dep:dependencies>
</dep:environment>
<!--db pool fragment-->
<resourceadapter>
<outbound-resourceadapter>
<connection-definition>
<connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
<connectiondefinition-instance>
<name>TimeReportPool</name>
<config-property-setting name="Driver">org.apache.derby.jdbc.EmbeddedDriver</config-property-setting>
<config-property-setting name="UserName">app</config-property-setting>
<config-property-setting name="ConnectionURL">jdbc:derby:TimeReportDB</config-property-setting>
<connectionmanager>
<local-transaction/>
<single-pool>
<max-size>10</max-size>
<min-size>0</min-size>
<match-one/>
</single-pool>
</connectionmanager>
</connectiondefinition-instance>
</connection-definition>
</outbound-resourceadapter>
</resourceadapter>
<!--security realm fragment-->
<gbean name="TimeReportRealm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">TimeReportRealm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
<log:login-module control-flag="REQUIRED" wrap-principals="false">
<log:login-domain-name>TimeReportRealm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
<log:option name="jdbcDriver">org.apache.derby.jdbc.EmbeddedDriver</log:option>
<log:option name="jdbcUser">app</log:option>
<log:option name="userSelect">select userid, password from users where userid=?</log:option>
<log:option name="groupSelect">select userid, groupname from usergroups where userid=?</log:option>
<log:option name="jdbcURL">jdbc:derby:TimeReportDB</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</connector>
|
...
After starting Apache Geronimo server, log into the console and follow the given steps to create the TimeReportDB to hold user information for the application.
| No Format |
|---|
borderStyle | solid |
|---|
| title | TimeReportDB.sql |
|---|
| borderStyle | solid |
|---|
|
CREATE TABLE users(
userid VARCHAR(15) PRIMARY KEY,
password VARCHAR(15),
name VARCHAR(40)
);
CREATE TABLE usergroups(
userid VARCHAR(15),
groupname VARCHAR(20),
PRIMARY KEY (userid, groupname)
);
INSERT INTO users VALUES('emp1', 'pass1', 'Employee 1');
INSERT INTO users VALUES('emp2', 'pass2', 'Employee 2');
INSERT INTO users VALUES('mgm1', 'pass3', 'Manager 1');
INSERT INTO users VALUES('mgm2', 'pass4', 'Manager 2');
INSERT INTO usergroups VALUES('emp1', 'EmployeeGroup');
INSERT INTO usergroups VALUES('emp2', 'EmployeeGroup');
INSERT INTO usergroups VALUES('mgm1', 'ManagerGroup');
INSERT INTO usergroups VALUES('mgm2', 'ManagerGroup');
|
...