Versions Compared

Old Version 2

changes.mady.by.user Viet Nguyen

Saved on

compared with

New Version Current

changes.mady.by.user Jarek Gawor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Anchortoptop

This article focuses on the web application security related features of the Apache Geronimo server. The sample application covered in this article is a basic time reporting system that uses Servlets, JSPs and J2EE declarative security. In addition to above features it uses Geronimo's embedded Derby database to store user information of the system. Even though this application uses a database to hold user information, it is merely for configuration purposes. For detailed information on the usage of JDBC in Geronimo, refer the Simple database access sample application (1.2 Ok) article.

After reading this article you should be able to configure Geronimo application server for web applications with declarative security features.

...

Web Applications in Geronimo Anchorwebweb

Apache Geronimo includes a Web application container supporting J2EE Web applications. The Web container itself supports basic configuration such as network ports and SSL options, and each Web application may include Geronimo-specific configuration information as well. Web applications participate in the Geronimo security infrastructure, so authenticating to a Web application allows access to secure EJBs and Connectors as well.

...

Apache Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies.
http://tomcat.apache.org/

Application Overview Anchoroverviewoverview

The Time Report application helps to report working times of different projects. Even though this is not a full blown time reporting application, it covers most of the displaying and security related features web applications in Apache Geronimo.

...

Following is the main folder hierarchy of the Time Reporting application. It display both JSPs and configuration files used in the application.

...

...

In addition to the above JSPs and configurations, two other servlets are also required to fulfill the business logic of the application.

...

There are two roles that are issued in this project: manager and employee. Since a manager is also an employee of the company, it will be listed under employee too. However, it also has its spot under the 'manager' role.

...

...

web.xml will map the defined user roles to resources in the web application. It also defines the login configurations of the application.

...

...

To restrict access to the Add Employee functionality from Time Report page, programmatic authentication has beeen used as in indicated below.

...

...

Tools used

The tools used for developing and building the Time Reporting sample application are:

Apache Maven 2

Maven is a popular open source build tool for enterprise Java projects, designed to take much of the hard work out of the build process. Maven uses a declarative approach, where the project structure and contents are described, rather than the task-based approach used in Ant or in traditional make files, for example. This helps enforce company-wide development standards and reduces the time needed to write and maintain build scripts. The declarative, lifecycle-based approach used by Maven 1 is, for many, a radical departure from more traditional build techniques, and Maven 2 goes even further in this regard. Maven 2 can be download from the following URL:
http://maven.apache.org

...

Download the Time Reporting application from the following link:
Time Report

After extracting the zip file, the <time_report> directory is created.

Configuring

Since Time Reporting application is going to use J2EE declarative security, user needs to create a database to hold the information and deploy the security realm.

Create Database to hold User Information

After starting Apache Geronimo server, log into the console and follow the given steps to create the TimeReportDB to hold user information for the application.

No Format
borderStylesolid
titleTimeReportDB.sql

CREATE TABLE users(
	userid VARCHAR(15) PRIMARY KEY,
	password VARCHAR(15),
	name VARCHAR(40)
);

CREATE TABLE usergroups(
	userid VARCHAR(15),
	groupname VARCHAR(20),
	PRIMARY KEY (userid, groupname)
);

INSERT INTO users VALUES('emp1', 'pass1', 'Employee 1');
INSERT INTO users VALUES('emp2', 'pass2', 'Employee 2');
INSERT INTO users VALUES('mgm1', 'pass3', 'Manager 1');
INSERT INTO users VALUES('mgm2', 'pass4', 'Manager 2');

INSERT INTO usergroups VALUES('emp1', 'EmployeeGroup');
INSERT INTO usergroups VALUES('emp2', 'EmployeeGroup');
INSERT INTO usergroups VALUES('mgm1', 'ManagerGroup');
INSERT INTO usergroups VALUES('mgm2', 'ManagerGroup');
  1. Select DB Manager link from the Console Navigation in the left.
  2. Give the database name as TimeReportDB in the Create DB field and click Create button.
  3. Select TimeReportDB to the Use DB field.
  4. Open TimeReportDB.sql in the time_report/config directory.
  5. Paste the content TimeReportDB.sql to the SQL Commands text area and press Run SQL button.

Configure Security Realm

As same as in the creating database, follow the given steps to deploy the security relam of the Time Reporting application.

...


<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
    <environment>
        <moduleId>
            <groupId>org.apache.geronimo.samples</groupId>
            <artifactId>TimeReportRealm</artifactId>
            <version>1.2</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.configs</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
            <dependency>
               <groupId>org.apache.geronimo.configs</groupId>
		       <artifactId>system-database</artifactId>
			   <type>car</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="TimeReportRealm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
        <attribute name="realmName">TimeReportRealm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <reference name="LoginService">
            <name>JaasLoginService</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
                <log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
                    <log:login-domain-name>TimeReportRealm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.SQLLoginModule</log:login-module-class>
                    <log:option name="jdbcDriver">org.apache.derby.jdbc.EmbeddedDriver</log:option>
                    <log:option name="jdbcUser">app</log:option>
                    <log:option name="userSelect">select userid, password from users where userid=?</log:option>
                    <log:option name="groupSelect">select userid, groupname from usergroups where userid=?</log:option>
                    <log:option name="jdbcURL">jdbc:derby:TimeReportDB</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>

geronimo-application.xml tells the application that there is a database pool that needs to be deployed as well. The security realm configurations are included along with this db pool. The db pool is defined in TimeReportPool.xml and the driver that is needs in order to be deployed is the tranql-connector-ra-1.3.rar file--these two files will reside on the top level layer of the resultant EAR file.

...

TimeReportPool.xml defines two things: the database pool itself and a security realm. As shown, the first part is similar to any other db pool plan. The second part, are the essentials for a security realm plan. By combining the two into a separate file, we can ship a db pool and a security realm with the application so it will require less things to install.

...

Tools used

The tools used for developing and building the Time Reporting sample application are:

Apache Maven 2

Maven is a popular open source build tool for enterprise Java projects, designed to take much of the hard work out of the build process. Maven uses a declarative approach, where the project structure and contents are described, rather than the task-based approach used in Ant or in traditional make files, for example. This helps enforce company-wide development standards and reduces the time needed to write and maintain build scripts. The declarative, lifecycle-based approach used by Maven 1 is, for many, a radical departure from more traditional build techniques, and Maven 2 goes even further in this regard. Maven 2 can be download from the following URL:
http://maven.apache.org

Configuring, Building and Deploying the Sample Application configure

Download the Time Reporting application from the following link:
Time Report

After extracting the zip file, the <time_report> directory is created.

Source Code

You can checkout the source code of this sample from SVN:

svn checkout http://svn.apache.org/repos/asf/geronimo/samples/trunk/samples/timereport

Configuring

Since Time Reporting application is going to use J2EE declarative security, user needs to create a database to hold the information and deploy the security realm.

Create Database to hold User Information

After starting Apache Geronimo server, log into the console and follow the given steps to create the TimeReportDB to hold user information for the application.

...

  1. Select DB Manager link from the Console Navigation in the left.
  2. Give the database name as TimeReportDB in the Create DB field and click Create button.
  3. Select TimeReportDB to the Use DB field.
  4. Open TimeReportDB.sql in the time_report/config directory.
  5. Paste the content TimeReportDB.sql to the SQL Commands text area and press Run SQL button
  1. Select Deploy New link from the Console Navigation panel.
  2. Load time_report/config/TimeReportRealm.xml to the Plan input box.
  3. Press Install button deploy security realm to the application server.
    (Make sure Start app after install check box is checked before pressing install button.)

...

  1. .

Building

Time Report application comes with an Ant script pom.xml to help users to build from source code. Open a command prompt window and navigate to the time_report timereport directory and just give mvn clean install site command to build. This will create a timereport-warear-2.0-SNAPSHOT.warear under the timereport-war/target folder in the time_report. Now, you are ready to deploy the Time Report application in the Geronimo Application server.

...

  1. Scroll down to Deploy New from the Console Navigation panel.
  2. Load timereport-warear-2.0-SNAPSHOT.warear from time_report/timereport-war/target folder in to the Archive input box.
  3. Press Install button to deploy application in the server.

...

Testing of the Sample Application Anchortestingtesting

To test the sample application open a browser and type http://localhost:8080/timereportImage Removed. It will forward to the Welcome page of the application.

User can access Time Report page providing username as emp1 and password with pass1. To login to the application as a Manager provide mgm1 and pass3 credentials.

Summary Anchorsummarysummary

This article has shown you how to deploy web application in to the Geronimo Application server with J2EE declarative security features. You followed step-by-step instructions to build, deploy and test the sample application.

...