You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by da...@apache.org on 2005/12/12 06:27:58 UTC
svn commit: r356160 [2/11] - in
/geronimo/branches/1.0/modules/scripts/src/resources/docs: ./
Administrative tasks_attachments/ Apache Geronimo V1 -
Documentation_attachments/ Architecture_attachments/ Configuring
LDAP_attachments/ Geronimo Administrat...
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Backup and recovery.html
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Backup%20and%20recovery.html?rev=356160&view=auto
==============================================================================
--- geronimo/branches/1.0/modules/scripts/src/resources/docs/Backup and recovery.html (added)
+++ geronimo/branches/1.0/modules/scripts/src/resources/docs/Backup and recovery.html Sun Dec 11 21:27:20 2005
@@ -0,0 +1,40 @@
+<html>
+ <head>
+ <title>Geronimo : Backup and recovery</title>
+ <link rel="stylesheet" href="styles/site.css" type="text/css" />
+ <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+
+ <body>
+ <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff">
+ <tr>
+ <td valign="top" class="pagebody">
+ <div class="pageheader">
+ <span class="pagetitle">
+ Geronimo : Backup and recovery
+ </span>
+ </div>
+ <div class="pagesubheading">
+ This page last changed on Dec 01, 2005 by <font color="#0050B2">hcunico@gmail.com</font>.
+ </div>
+
+
+<p><a name="Backupandrecovery-top"></a></p>
+
+<p><em><b>Article donated by:</b> <a href="mailto:hcunico@gmail.com" title="Send mail to Hernan Cunico">Hernan Cunico</a></em></p>
+
+
+
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="0" cellspacing="0" width="100%">
+ <tr>
+ <td height="12" background="border/border_bottom.gif"><img src="border/spacer.gif" width="1" height="1" border="0"/></td>
+ </tr>
+ <tr>
+ <td align="center"><font color="grey">Document generated by Confluence on Dec 09, 2005 22:10</font></td>
+ </tr>
+ </table>
+ </body>
+</html>
\ No newline at end of file
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Backup and recovery.html
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Backup and recovery.html
------------------------------------------------------------------------------
svn:executable = *
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Component Configuration.html
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Component%20Configuration.html?rev=356160&view=auto
==============================================================================
--- geronimo/branches/1.0/modules/scripts/src/resources/docs/Component Configuration.html (added)
+++ geronimo/branches/1.0/modules/scripts/src/resources/docs/Component Configuration.html Sun Dec 11 21:27:20 2005
@@ -0,0 +1,263 @@
+<html>
+ <head>
+ <title>Geronimo : Component Configuration</title>
+ <link rel="stylesheet" href="styles/site.css" type="text/css" />
+ <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+
+ <body>
+ <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff">
+ <tr>
+ <td valign="top" class="pagebody">
+ <div class="pageheader">
+ <span class="pagetitle">
+ Geronimo : Component Configuration
+ </span>
+ </div>
+ <div class="pagesubheading">
+ This page last changed on Nov 18, 2005 by <font color="#0050B2">hcunico@gmail.com</font>.
+ </div>
+
+
+<p><a name="ComponentConfiguration-top"></a></p>
+
+<p><em><b>Article donated by:</b> <a href="mailto:simon@godik.com" title="Send mail to Simon Godik">Simon Godik</a>, <a href="mailto:hcunico@gmail.com" title="Send mail to Hernan Cunico">Hernan Cunico</a></em></p>
+
+<p>There are a number of components that need be configured for the system to work. Such components are: implementations of the <tt>ConfiguraitonEntryFactory</tt> interface, Login Modules, Login Module Use among others.</p>
+
+<p>We start with GBeans that implement <tt>ConfigurationEntryFactory</tt> interface and supporting GBeans, followed by the <tt>LoginModule</tt> gbean.</p>
+
+<h1><a name="ComponentConfiguration-ConfiguringDirectConfigurationEntry"></a>Configuring DirectConfigurationEntry</h1>
+<p><tt>DirectConfigurationEntry</tt> exposes login module directly to JAAS clients. You have to specify Login Module here directly. To be able to login into Geronimo specify <tt>JaasLoginCoordinator</tt> login module.</p>
+
+<p><tt>DirectConfigurationEntry</tt> GBean declares following metadata:</p>
+<ul>
+ <li><tt>applicationConfigName</tt> - attribute; application configuration name; this is a key by which configuration entry is found.</li>
+ <li><tt>controlFlag</tt> - attribute; login module control flag according to the JAAS semantics; the only value that makes sense here is REQUIRED.</li>
+ <li><tt>wrapPrincipals</tt> - attribute; possible values are true and false. If set to <b>true</b>, all Principals generated by the login module (<b>Login Domain</b>) will be wrapped into the <tt>DomainPrincipal</tt> and every <tt>DomainPrincipal</tt> will be wrapped into the <tt>RealmPrincipal</tt>. This enables J2EE role mappings into <tt>DomainPrincipals</tt> and <tt>RealmPrincipals</tt>.</li>
+ <li><tt>Module</tt> - reference; This is object name specification for the <tt>LoginModuleGBean</tt>.</li>
+</ul>
+
+
+<p>The following example shows how <tt>DirectConfigurationEntry</tt> is configured to use the <tt>ServerLoginCoordinator</tt> login module GBean.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeContent">
+<pre class="code-xml"><configuration
+ xmlns=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment"</span>
+ parentId=<span class="code-quote">"org/apache/geronimo/Client"</span>
+ configId=<span class="code-quote">"org/apache/geronimo/ClientSecurity"</span>
+ >
+<span class="code-tag"><GBean name=<span class="code-quote">"ServerLoginStubDCE"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.DirectConfigurationEntry"</span>></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"applicationConfigName"</span>></span>server-login<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"controlFlag"</span>></span>REQUIRED<span class="code-tag"></attribute></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"Module"</span>></span> <span class="code-tag"><span class="code-comment"><!-- reference to the login module GBean: name=ServerLoginCoordinator --></span></span>
+ <span class="code-tag"><name></span>ServerLoginCoordinator<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+<span class="code-tag"></GBean></span>
+
+<span class="code-tag"><GBean name=<span class="code-quote">"ServerLoginCoordinator"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.LoginModuleGBean"</span>></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginModuleClass"</span>></span>org.apache.geronimo.security.jaas.client.JaasLoginCoordinator<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"serverSide"</span>></span>false<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"options"</span>></span>
+ host=localhost <span class="code-tag"><span class="code-comment"><!-- Geronimo login service endpoint --></span></span>
+ port=4242
+ realm=geronimo-properties-realm <span class="code-tag"><span class="code-comment"><!-- Security realm name --></span></span>
+ <span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginDomainName"</span>></span>geronimo-properties-realm<span class="code-tag"></attribute></span>
+<span class="code-tag"></GBean></span>
+<span class="code-tag"></configuration></span></pre>
+</div></div>
+
+<p><a href="#ComponentConfiguration-top" title="top on Component Configuration">Back to Top</a></p>
+
+<h1><a name="ComponentConfiguration-ConfiguringServerRealmConfigurationEntry"></a>Configuring ServerRealmConfigurationEntry</h1>
+<p><tt>ServerRealmConfigurationEntry</tt> connects server side component (such as a Servlet) to the <b>Security Realm</b>. It allows <b>decoupling</b> of configuration name and <b>Security Realm</b> name.</p>
+
+<p><tt>ServerRealmConfigurationEntry</tt> declares following metadata:</p>
+<ul>
+ <li><tt>applicationConfigName</tt> - attribute; application configuration name; this is a key by which configuration entry is found.</li>
+ <li><tt>realmName</tt> - attribute; security realm name.</li>
+ <li><tt>LoginService</tt> - reference; object name for the JAAS Login Service GBean.</li>
+ <li><tt>wrapPrincipals</tt> - attribute; possible values are true and false. If set to <b>true</b>, all Principals generated by the login module (<b>Login Domain</b>) will be wrapped into the DomainPrincipal and every DomainPrincipal will be wrapped into the RealmPrincipal. This enables J2EE role mappings into DomainPrincipals and RealmPrincipals.</li>
+</ul>
+
+
+<p>The following example shows how to setup the <tt>ServerRealmConfigurationEntry</tt> with the name of JMX. The security realm name is <tt>geronimo-properties-realm</tt>.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeContent">
+<pre class="code-xml"><configuration
+ xmlns=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment-1.0"</span>
+ configId=<span class="code-quote">"org/apache/geronimo/Security"</span>
+ parentId=<span class="code-quote">"org/apache/geronimo/RMINaming"</span>
+ >
+
+ <span class="code-tag"><GBean name=<span class="code-quote">"JMX"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry"</span>></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"applicationConfigName"</span>></span>JMX<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"realmName"</span>></span>geronimo-properties-realm<span class="code-tag"></attribute></span> <span class="code-tag"><span class="code-comment"><!-- Security Realm name --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginService"</span>></span> <span class="code-tag"><span class="code-comment"><!--reference to the login service GBean --></span></span>
+ <span class="code-tag"><name></span>JaasLoginService<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+ <span class="code-tag"></GBean></span>
+
+<span class="code-tag"></configuration></span></pre>
+</div></div>
+
+<p><a href="#ComponentConfiguration-top" title="top on Component Configuration">Back to Top</a></p>
+
+<h1><a name="ComponentConfiguration-ConfiguringSecurityRealm"></a>Configuring Security Realm</h1>
+<p>The only implementation of the <tt>org.apache.geronimo.security.realm.SecurityRealm</tt> interface in Geronimo is the <tt>org.apache.geronimo.security.realm.GenericSecurityRealm</tt> class. </p>
+
+<p><tt>org.apache.geronimo.security.realm.GenericSecurityRealm</tt> implements 2 interfaces: <tt>SecurityRealm</tt> and <tt>ConfigurationEntryFactory</tt>. The <tt>GenericSecurityRealm</tt> name is also the name of the <tt>ConfigurationEntryFactory</tt> implementation. That is why you can use <tt>GenericSecurityRealm</tt> name from your application as <b>application configuration entry name</b> passed to the <tt>LoginContext()</tt> constructor, see the <a href="Geronimo and JAAS.html" title="Geronimo and JAAS">Geronimo and JAAS</a> section.</p>
+
+<p>You need to give a name to the <tt>GenericSecurityRealm</tt> and configure it's authentication policy by wiring up login modules into the realm. Login modules are not wired up by themselves but are <b>qualified by their use</b> in the computation of authentication outcome.</p>
+
+<p>The list of login modules that must be configured into the <tt>GenericSecurityRealm</tt> is specified with the <tt>org.apache.geronimo.security.jaas.JaasLoginModuleUse</tt> GBean. It is injected with the <tt>LoginModuleGBean</tt>, the value of the control-flag that specifies how authentication outcome of this login module must be combined with the authentication outcomes of other login modules to compute authentication result, and a reference to the next <tt>LoginModuleUse</tt> definition.</p>
+
+<p>You may wonder why do you need a linked list of GBeans. Wouldn't it be much easier to list parameters for the <tt>GenericSecurityRealm</tt> and be done with it?</p>
+
+<p>The answer is that Geronimo is an <b>IOC container</b> and one of it's major functions in addition to dependency injection is dependency management. That means that if GBean A depends on GBean B, then GBean B will be started by the Geronimo container before GBean A. Login modules are deployed as GBeans and <tt>GenericSecurityRealm</tt> GBean depends on the login module GBeans. If you just list login module object names together with the control flags, Geronimo container would not be able to resolve this dependencies and you would not have a guarantee that all login modules wired up into the generic Security Realm are up and running before <tt>GenericSecurityRealm</tt> comes online.</p>
+
+<p>But still, an effort required to configure login modules into <tt>GenericSecurityRealm</tt> with the list of <tt>LoginModuleUse</tt> GBeans may seem excessive. To help with this kind of problems GBean definition syntax allows for <em>syntactic sugar</em> in the form of <b>xml-reference</b> element. At this point it is necessary to emphasize that this is just a reference that gets processed at the deployment time to create and wire up all GBeans that otherwise would have been explicitly defined. We will show the use of <b>xml-reference</b> in the <tt>GenericSecurityRealm</tt> configuration later.</p>
+
+<p>Here is an example of generic-security-realm setup, we want to wire the <tt>GenericSecurityRealm</tt> named <b>geronimo-properties-realm</b> with the login module <br/>
+named <b>properties-login</b> that authenticates against a property file. Our <b>Security Realm</b> authentication policy requires <b>properties-login</b> module authentication to succeed.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeContent">
+<pre class="code-xml"><span class="code-tag"><GBean name=<span class="code-quote">"geronimo-properties-realm"</span> class=<span class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span>></span>
+
+ <!-- security-realm name; this is a name of the Security Realm as well as the name of
+ -- the configuration entry used by the application -->
+
+ <span class="code-tag"><attribute name=<span class="code-quote">"realmName"</span>></span>geronimo-properties-realm<span class="code-tag"></attribute></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- reference to the head of the login module use list --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginModuleConfiguration"</span>></span>
+ <span class="code-tag"><name></span>properties-login<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- server-info reference is passed to most GBeans --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"ServerInfo"</span>></span>
+ <span class="code-tag"><module></span>org/apache/geronimo/System<span class="code-tag"></module></span><span class="code-tag"><name></span>ServerInfo<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- reference to the login-service GBean --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginService"</span>></span><span class="code-tag"><name></span>JaasLoginService<span class="code-tag"></name></span><span class="code-tag"></reference></span>
+<span class="code-tag"></GBean></span>
+
+<span class="code-tag"><span class="code-comment"><!-- this is the head of the login-module-use list --></span></span>
+<span class="code-tag"><GBean name=<span class="code-quote">"properties-login"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.JaasLoginModuleUse"</span>></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- login module must succeed --></span></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"controlFlag"</span>></span>REQUIRED<span class="code-tag"></attribute></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- reference to the login module --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginModule"</span>></span>
+ <span class="code-tag"><name></span>properties-login<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+<span class="code-tag"></GBean></span>
+
+<span class="code-tag"><span class="code-comment"><!-- this is login module GBean --></span></span>
+<span class="code-tag"><GBean name=<span class="code-quote">"properties-login"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.LoginModuleGBean"</span>></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginModuleClass"</span>></span>
+ org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
+ <span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"serverSide"</span>></span>true<span class="code-tag"></attribute></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- login module specific options --></span></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"options"</span>></span>
+ usersURI=var/security/users.properties <span class="code-tag"><span class="code-comment"><!-- user database --></span></span>
+ groupsURI=var/security/groups.properties <span class="code-tag"><span class="code-comment"><!-- group database --></span></span>
+ <span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginDomainName"</span>></span>geronimo-properties<span class="code-tag"></attribute></span>
+<span class="code-tag"></GBean></span></pre>
+</div></div>
+
+<p>It does not look too bad in this example but imagine that you have 2 login modules in the Security Realm and how many GBean dependencies you have to configure.</p>
+
+<p>Note that the order in which all these elements are defined does not matter. If you look at the deployment plans, you will find that login-module GBeans are defined first (as they represent elements of reuse by the <tt>GenericSecurityRealm</tt> GBeans). <tt>GenericSecurityRealm</tt> GBeans and <tt>JaasLoginModuleUse</tt> GBeans are normally close to each other.</p>
+
+<p><a href="#ComponentConfiguration-top" title="top on Component Configuration">Back to Top</a></p>
+
+<h1><a name="ComponentConfiguration-ConfiguringGenericSecurityRealmusingxmlreference"></a>Configuring GenericSecurityRealm using xml-reference <a name="ComponentConfiguration-xmlreference"></a></h1>
+<p>The reason for the introduction of the <b>xml-reference</b> element in GBean syntax was explained earlier. But just to repeat: it is a <em>syntactic sugar</em> that allows <b>problem friendly</b> xml syntax in GBean definition. </p>
+
+<p><b>Problem-friendly</b> xml syntax for the login module configuration is defined by the "http://geronimo.apache.org/xml/ns/loginconfig-1.0" xml namespace.</p>
+
+<p>The following example briefly shows how the <tt>LoginConfig</tt> schema is used.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeContent">
+<pre class="code-xml"><GBean name=<span class="code-quote">"geronimo-properties-realm"</span>
+ class=<span class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span>>
+
+ <!-- security-realm name; this name is reused by the
+ -- configuration-entry-factory interface implementation by the
+ -- generic-security-realm; you may use this name as application
+ -- configuration name parameter passed to the LoginContext constructor -->
+
+ <span class="code-tag"><attribute name=<span class="code-quote">"realmName"</span>></span>geronimo-properties-realm<span class="code-tag"></attribute></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- xml reference, better than before? --></span></span>
+ <span class="code-tag"><xml-reference name=<span class="code-quote">"LoginModuleConfiguration"</span>></span>
+ <span class="code-tag"><lc:login-config <span class="code-keyword">xmlns:lc</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/loginconfig"</span>></span>
+ <span class="code-tag"><lc:login-module control-flag=<span class="code-quote">"REQUIRED"</span> server-side=<span class="code-quote">"true"</span>></span>
+ <span class="code-tag"><lc:login-domain-name></span>client-properties-realm<span class="code-tag"></lc:login-domain-name></span>
+ <span class="code-tag"><lc:login-module-class></span>
+ org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
+ <span class="code-tag"></lc:login-module-class></span>
+ <span class="code-tag"><lc:option name=<span class="code-quote">"usersURI"</span>></span>
+ var/security/users.properties
+ <span class="code-tag"></lc:option></span>
+ <span class="code-tag"><lc:option name=<span class="code-quote">"groupsURI"</span>></span>
+ var/security/groups.properties
+ <span class="code-tag"></lc:option></span>
+ <span class="code-tag"></lc:login-module></span>
+ <span class="code-tag"></lc:login-config></span>
+ <span class="code-tag"></xml-reference></span>
+ <span class="code-tag"><span class="code-comment"><!-- server-info reference is passed to most GBeans --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"ServerInfo"</span>></span>
+ <span class="code-tag"><module></span>org/apache/geronimo/System<span class="code-tag"></module></span><span class="code-tag"><name></span>ServerInfo<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+
+ <span class="code-tag"><span class="code-comment"><!-- reference to the login-service GBean --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginService"</span>></span><span class="code-tag"><name></span>JaasLoginService<span class="code-tag"></name></span><span class="code-tag"></reference></span>
+<span class="code-tag"></GBean></span></pre>
+</div></div>
+
+<p><a href="#ComponentConfiguration-top" title="top on Component Configuration">Back to Top</a></p>
+
+<h1><a name="ComponentConfiguration-ConfiguringLoginmodule"></a>Configuring Login module</h1>
+<p>Login module is configured with <tt>org.apache.geronimo.security.jaas.LoginModuleGBean</tt>. It takes <tt>loginModuleClass</tt> attribute that specifies the login module implementation class. Other interesting parameters are options and <tt>loginDomainName</tt>.</p>
+
+<p>The following is an example of a login module that uses property files as authentication database. Values of property files are passed as options attribute.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeContent">
+<pre class="code-xml"><GBean name=<span class="code-quote">"properties-login"</span>
+ class=<span class="code-quote">"org.apache.geronimo.security.jaas.LoginModuleGBean"</span>>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginModuleClass"</span>></span>
+ org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
+ <span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"serverSide"</span>></span>true<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"options"</span>></span>
+ usersURI=var/security/users.properties
+ groupsURI=var/security/groups.properties
+ <span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginDomainName"</span>></span>geronimo-properties-realm<span class="code-tag"></attribute></span>
+<span class="code-tag"></GBean></span></pre>
+</div></div>
+
+<p><a href="#ComponentConfiguration-top" title="top on Component Configuration">Back to Top</a></p>
+
+
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="0" cellspacing="0" width="100%">
+ <tr>
+ <td height="12" background="border/border_bottom.gif"><img src="border/spacer.gif" width="1" height="1" border="0"/></td>
+ </tr>
+ <tr>
+ <td align="center"><font color="grey">Document generated by Confluence on Dec 09, 2005 22:10</font></td>
+ </tr>
+ </table>
+ </body>
+</html>
\ No newline at end of file
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Component Configuration.html
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Component Configuration.html
------------------------------------------------------------------------------
svn:executable = *
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Concepts.html
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Concepts.html?rev=356160&view=auto
==============================================================================
--- geronimo/branches/1.0/modules/scripts/src/resources/docs/Concepts.html (added)
+++ geronimo/branches/1.0/modules/scripts/src/resources/docs/Concepts.html Sun Dec 11 21:27:20 2005
@@ -0,0 +1,88 @@
+<html>
+ <head>
+ <title>Geronimo : Concepts</title>
+ <link rel="stylesheet" href="styles/site.css" type="text/css" />
+ <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+
+ <body>
+ <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff">
+ <tr>
+ <td valign="top" class="pagebody">
+ <div class="pageheader">
+ <span class="pagetitle">
+ Geronimo : Concepts
+ </span>
+ </div>
+ <div class="pagesubheading">
+ This page last changed on Nov 15, 2005 by <font color="#0050B2">hcunico@gmail.com</font>.
+ </div>
+
+
+<p><a name="Concepts-top"></a></p>
+
+<p><em><b>Article donated by:</b> <a href="mailto:simon@godik.com" title="Send mail to Simon Godik">Simon Godik</a>, <a href="mailto:hcunico@gmail.com" title="Send mail to Hernan Cunico">Hernan Cunico</a></em></p>
+
+<p>This article explains some basic the rational and working of the Apache Geronimo security system. JAAC implementation will not be addressed in this article. The basic concepts on which Geronimo security architecture is build are: <b>Login Domain</b> and <b>Security Realm</b>. These concepts are integrated into the JAAS architecture for use by the container.</p>
+
+<p>A lot of the security terms are overloaded, and you may find many definitions of principals, roles, etc. This article tries to stay with the established frameworks where possible such as <a href="http://www.oasis-open.org/committees/security" title="Visit page outside Confluence">OASIS SAML reference model</a>.</p>
+
+<h1><a name="Concepts-LoginDomain"></a>Login Domain</h1>
+<p>According to the <a href="http://www.oasis-open.org/committees/security" title="Visit page outside Confluence">SAML specification</a> a <b>principal</b> is a system entity whose identity can be authenticated. An <b>Identity Provider</b> is a service provider that creates, maintains, and manages identity information for principals and provides principal authentication to other service providers.</p>
+
+<p>A principal can have any number of <b>attributes</b>, identity is just one of them, Other attributes are groups or locations for example. Logically these values are asserted by the <b>Attribute Authority</b> based on the identity. In practice, the <b>Identity Provider</b> and the <b>Attribute Authority</b> are usually collocated - although in complex SOA models providers can form a federation for identities and attributes.</p>
+
+<p>Note that the reliance on <b>Identity Provider</b> and <b>Attribute Provider</b> implies certain level of trust between the Geronimo server and service providers. How trust is established is out of scope here, but it could be implicit, by agreement, by assertion, etc.</p>
+
+<p>What is described here as the Identity Provider and Attribute Authority together with the established trust relationship Geronimo calls <b>Login Domain</b>. JAAS login modules (that abstract login domains) query for the identity and group attributes of a principal and believe that they are authentic.</p>
+
+<p>One example of <b>Login Domain</b> is <b>LDAP directory server</b>, it combines maintenance of identity information and other attributes (such as groups). <b>Relational databases</b> with tables for users and groups is another.</p>
+
+<p><a href="#Concepts-top" title="top on Concepts">Back to Top</a></p>
+
+<h1><a name="Concepts-SecurityRealm"></a>Security Realm</h1>
+<p><b>Security realm</b> configures and enforces <b>application-specific authentication policy</b> and is the entry point into login domains. Security realm implements pluggable authentication framework allowing for a combination of authentication protocols with different properties and different trust relationships that match application requirements.</p>
+
+<p>Authentication policy for the security realm is expressed as a statement over authentication outcome of configured login domains.</p>
+
+<p>For example, you can configure security realm with two login domains, for example kerberos and active directory, and require that both of them succeed for the authentication to succeed. Or you can configure a security realm with the LDAP directory login domain without any regard for the authentication outcome from it (maybe because you do not trust it). The point here is that you express an authentication policy and you have a <b>security realm</b> enforce it.</p>
+
+<p>Of course, security realm authentication policy emulates JAAS login module combination semantics. In fact, security realm implementation is wired with the JAAS login modules that are configured with the familiar attributes such as control flag and options. The authentication procedure is driven by the Login Module JAAS API and the authentication result is computed over control flag values and authentication outcomes of individual login modules.</p>
+
+<p><a href="#Concepts-top" title="top on Concepts">Back to Top</a></p>
+
+<h1><a name="Concepts-Authenticationandprincipals"></a>Authentication and principals</h1>
+<p>As authentication proceeds each login domain (implemented by the login module), it creates it's own principals that implement java.security.Principal interface. There are several implementations of the java.security.Principal interface in Geronimoas illustrated in the following table:</p>
+
+<ul>
+ <li>org.apache.geronimo.security.RealmPrincipal</li>
+ <li>org.apache.geronimo.secuirty.PrimaryRealmPrincipal</li>
+ <li>org.apache.geronimo.security.DomainPrincipal</li>
+ <li>org.apache.geronimo.security.IdentificationPrincipal</li>
+ <li>org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal</li>
+ <li>org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal</li>
+</ul>
+
+
+<p>Principals are created by the login domains, so ideally a principal must be associated with the login domain. To that end, org.apache.geronimo.security.DomainPrincipal will wrap every principal created by the login module (<b>login domain</b>) and in turn it will be wrapped by the org.apache.geronimo.security.RealmPrincipal if security realm is configured to wrap login modules.</p>
+
+<p>Despite it's name, the org.apache.geronimo.security.realm.providers.GeronimoCallerPrincipal interface is just a marker and is implemented by the org.apache.geronimo.security.providers.GeronimoUserPrincipal. This type of principal is added to the set of principals of the <b>Subject</b> within login modules distributed with Geronimo. There is no interface that would assure GeronimoUserPrincipal is indeed included, so do not forget about it if you write your own login module. In fact, some of the Geronimo login modules do not include this type of principal (for example FileAuditLoginModule).</p>
+
+<p>There are some special types of Principal's that are created after authentication procedure succeeds and used by Geronimo to track authenticated subject through it's lifetime in the container.</p>
+
+<p><a href="#Concepts-top" title="top on Concepts">Back to Top</a></p>
+
+
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="0" cellspacing="0" width="100%">
+ <tr>
+ <td height="12" background="border/border_bottom.gif"><img src="border/spacer.gif" width="1" height="1" border="0"/></td>
+ </tr>
+ <tr>
+ <td align="center"><font color="grey">Document generated by Confluence on Dec 09, 2005 22:10</font></td>
+ </tr>
+ </table>
+ </body>
+</html>
\ No newline at end of file
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Concepts.html
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Concepts.html
------------------------------------------------------------------------------
svn:executable = *
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP.html
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring%20LDAP.html?rev=356160&view=auto
==============================================================================
--- geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP.html (added)
+++ geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP.html Sun Dec 11 21:27:20 2005
@@ -0,0 +1,499 @@
+<html>
+ <head>
+ <title>Geronimo : Configuring LDAP</title>
+ <link rel="stylesheet" href="styles/site.css" type="text/css" />
+ <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+
+ <body>
+ <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff">
+ <tr>
+ <td valign="top" class="pagebody">
+ <div class="pageheader">
+ <span class="pagetitle">
+ Geronimo : Configuring LDAP
+ </span>
+ </div>
+ <div class="pagesubheading">
+ This page last changed on Dec 09, 2005 by <font color="#0050B2">system</font>.
+ </div>
+
+ <p><a name="ConfiguringLDAP-top"></a><br/>
+<em><b>Article donated by:</b> <a href="mailto:hcunico@gmail.com" title="Send mail to Hernan Cunico">Hernan Cunico</a></em></p>
+
+<p>Geronimo uses the Apache Directory Server for its directory service, this is part of the <a href="http://directory.apache.org" title="Visit page outside Confluence">Apache Directory Project</a>. Geronimo implements the following two projects from the ApacheDS project.</p>
+
+<ul>
+ <li>ApacheDS Core:<br/>
+Server's core contains all backend subsystems. It depends on protocol and uses it with seda to service LDAP requests. The core contains the JNDI provider, interceptor framework, interceptor services, the schema subsystem and the database subsystem. Hence the core is the heart of the server.</li>
+</ul>
+
+
+<ul>
+ <li>ApacheDS Shared:<br/>
+Created to eliminate cyclic project dependencies between the core and the maven plug-in. Any code shared across modules in general can go here so long as it does not depend on other modules.</li>
+</ul>
+
+
+<p>More information about these two projects can be found at the ApacheDS project URL:</p>
+
+<p><a href="http://directory.apache.org/subprojects/apacheds/projects/index.html" title="Visit page outside Confluence">http://directory.apache.org/subprojects/apacheds/projects/index.html</a></p>
+
+<p>At this point, Geronimo does not provide a LDAP client commands for configuring the server. You can use any LDAP client such as ldapbrowser/editor, jxplorer or gq for browsing and editing the configurations of the Directory Server in Geronimo.</p>
+
+<p>Ensure that the Geronimo server is up and running and the "Directory" application is started. The initial default status for the Directory application in M5 is <b>Stopped</b>. To start the Directory module (<tt>org/apache/geronimo/Directory</tt>) you can use the Geronimo console, after you logged in click on <b>System Modules</b> on the left panel, look for <b>org/apache/geronimo/Directory</b> and click on <b>Start</b>.</p>
+
+<p>Apache Geronimo can be configured to use two different Web containers, you can either use Jetty or Apache Tomcat. The sample application and instructions provided in this article are Web container independent. They have been tested on Jetty and Tomcat and it works without having to modify anything in the application.</p>
+
+<p>The following sections will address how to configure LDAP on Geronimo for each of these containers.</p>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<h1><a name="ConfiguringLDAP-LDAPsampleapplication"></a>LDAP sample application</h1>
+<p>For this LDAP configuration example, the sample application used is a modified version of the application already available in the open <a href="http://issues.apache.org/jira/browse/GERONIMO-417" title="Visit page outside Confluence">JIRA GERONIMO-417</a>. Download the sample application from the following URL:</p>
+
+<p><a href="http://localhost:8080/download/attachments/51/ldap-jetty.zip?version=2" title="ldap-jetty.zip attached to Configuring LDAP">ldap-jetty.zip</a></p>
+
+<p>After extracting the zip file a ldap-jetty directory is created, from now on this directory will be referred as <ldap_home>.</p>
+
+<table cellpadding='5' width='85%' cellspacing='8px' class='noteMacro' border="0" align='center'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td><b>Note:</b> Although the zip file and the directory created for the sample application indicates "jetty" in the name, this sample application is designed as Web container independent, so it will work on both Jetty and Apache Tomcat.</td></tr></table>
+
+<p>At this point it is assumed that you have installed Java 1.4.2 and an LDAP client and you are capable of exporting/importing an .ldif file to a directory server.</p>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<h1><a name="ConfiguringLDAP-AddLDAPentries"></a>Add LDAP entries</h1>
+<p>Ensure that Geronimo is up and running and the Directory service is started. Start your LDAP client and create a new connection profile with the following values:</p>
+
+<table class='confluenceTable'><tbody>
+<tr>
+<td class='confluenceTd'>Host:</td>
+<td class='confluenceTd'><localhost></td>
+</tr>
+<tr>
+<td class='confluenceTd'>Port:</td>
+<td class='confluenceTd'>1389</td>
+</tr>
+<tr>
+<td class='confluenceTd'>Base DN:</td>
+<td class='confluenceTd'>ou=system</td>
+</tr>
+<tr>
+<td class='confluenceTd'>User DN:</td>
+<td class='confluenceTd'>uid=admin,ou=system</td>
+</tr>
+<tr>
+<td class='confluenceTd'>Password:</td>
+<td class='confluenceTd'>secret</td>
+</tr>
+</tbody></table>
+
+<p>Once you connect to the Geronimo Directory server you will see the initial configuration, this configuration can be exported as a backup in a ldif file. Depending the LDAP client you are using the export/import steps will be different. When you export the initial configuration you get an ldif file with a content similar as the one shown in the following example.</p>
+
+<div class="preformatted" style="border-style: solid; "><div class="preformattedHeader" style="border-bottom-style: solid; "><b>export.ldif</b></div><div class="preformattedContent">
+<pre>dn: ou=system
+ou: system
+objectClass: organizationalUnit
+objectClass: top
+
+dn: uid=admin, ou=system
+displayName: Directory Superuser
+uid: admin
+userPassword:: c2VjcmV0
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+sn: administrator
+cn: system administrator
+
+dn: ou=users, ou=system
+ou: users
+objectClass: organizationalUnit
+objectClass: top
+
+dn: ou=groups, ou=system
+ou: groups
+objectClass: organizationalUnit
+objectClass: top
+
+dn: ou=configuration, ou=system
+ou: configuration
+objectClass: organizationalUnit
+objectClass: top
+
+dn: ou=partitions, ou=configuration, ou=system
+ou: partitions
+objectClass: organizationalUnit
+objectClass: top
+
+dn: ou=services, ou=configuration, ou=system
+ou: services
+objectClass: organizationalUnit
+objectClass: top
+
+dn: ou=interceptors, ou=configuration, ou=system
+ou: interceptors
+objectClass: organizationalUnit
+objectClass: top
+
+dn: prefNodeName=sysPrefRoot, ou=system
+objectClass: extensibleObject
+prefNodeName: sysPrefRoot</pre>
+</div></div>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<p>Now you need to import the entries needed to run the sample application. Packaged with the sample application is a sample .ldif file with all the entries necessary to run the LDAP sample application, this file is located in <b><ldap_home>/ldap-sample.ldif</b>.</p>
+
+<p>The following example shows the content of the ldap-sample.ldif file.</p>
+
+<div class="preformatted" style="border-style: solid; "><div class="preformattedHeader" style="border-bottom-style: solid; "><b>ldap-sample.ldif</b></div><div class="preformattedContent">
+<pre># User: system
+
+dn: uid=system,ou=users,ou=system
+cn: John Doe
+sn: Doe
+givenname: John
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Las Vegas
+uid: system
+mail: system@apachecon.comm
+telephonenumber: +1 408 555 5555
+facsimiletelephonenumber: +1 408 555 5556
+roomnumber: 4613
+userPassword: manager
+
+# User: user1
+
+dn: uid=user1,ou=users,ou=system
+cn: User
+sn: One
+givenname: User1
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Las Vegas
+uid: user1
+mail: user1@apachecon.comm
+telephonenumber: +1 408 555 5555
+facsimiletelephonenumber: +1 408 555 5556
+roomnumber: 4613
+userPassword: p1
+
+# User: user2
+
+dn: uid=user2,ou=users,ou=system
+cn: User
+sn: Two
+givenname: User2
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+ou: Human Resources
+ou: People
+l: Las Vegas
+uid: user2
+mail: user2@apachecon.comm
+telephonenumber: +1 408 555 5555
+facsimiletelephonenumber: +1 408 555 5556
+roomnumber: 4613
+userPassword: p2
+
+# Group: admin
+
+dn: cn=admin,ou=groups,ou=system
+objectClass: groupOfUniqueNames
+uniqueMember: uid=system,ou=users,ou=system
+cn: admin
+
+# Group: guest
+
+dn: cn=guest,ou=groups,ou=system
+objectClass: groupOfUniqueNames
+uniqueMember: uid=user1,ou=users,ou=system
+uniqueMember: uid=user2,ou=users,ou=system
+cn: guest</pre>
+</div></div>
+
+<p>Once the file is imported you should get a confirmation that five entries were successfully imported.</p>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<h1><a name="ConfiguringLDAP-DeploytheLDAPrealm"></a>Deploy the LDAP realm</h1>
+<p>The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <b><ldap_home>/ldap-realm.xml</b> and the content is illustrated in the following example.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeHeader" style="border-bottom-style: solid; "><b>ldap-realm.xml</b></div><div class="codeContent">
+<pre class="code-xml"><span class="code-tag"><?xml version=<span class="code-quote">"1.0"</span> encoding=<span class="code-quote">"UTF-8"</span>?></span>
+
+<configuration
+ xmlns=<span class="code-quote">"http://geronimo.apache.org/xml/ns/deployment"</span>
+ configId=<span class="code-quote">"org/apache/geronimo/ldap-secure"</span>
+ parentId=<span class="code-quote">"org/apache/geronimo/Server"</span>>
+
+ <gbean name=<span class="code-quote">"ldap-login"</span>
+ class=<span class="code-quote">"org.apache.geronimo.security.jaas.LoginModuleGBean"</span>>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginModuleClass"</span>></span>org.apache.geronimo.security.realm.providers.LDAPLoginModule<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"serverSide"</span>></span>true<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"options"</span>></span>
+ initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+ connectionURL=ldap://localhost:1389
+ connectionUsername=uid=admin,ou=system
+ connectionPassword=secret
+ connectionProtocol=
+ authentication=simple
+ userBase=ou=users,ou=system
+ userSearchMatching=uid={0}
+ userSearchSubtree=false
+ roleBase=ou=groups,ou=system
+ roleName=cn
+ roleSearchMatching=(uniqueMember={0})
+ roleSearchSubtree=false
+ userRoleName=
+ <span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"loginDomainName"</span>></span>ldap-realm<span class="code-tag"></attribute></span>
+ <span class="code-tag"></gbean></span>
+
+ <span class="code-tag"><gbean name=<span class="code-quote">"ldap-realm"</span> class=<span class="code-quote">"org.apache.geronimo.security.realm.GenericSecurityRealm"</span>></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"realmName"</span>></span>ldap-realm<span class="code-tag"></attribute></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginModuleConfiguration"</span>></span>
+ <span class="code-tag"><name></span>ldap-login<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"ServerInfo"</span>></span>
+ <span class="code-tag"><module></span>org/apache/geronimo/System<span class="code-tag"></module></span>
+ <span class="code-tag"><name></span>ServerInfo<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+ <span class="code-tag"><span class="code-comment"><!-- Add --></span></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginService"</span>></span>
+ <span class="code-tag"><gbean-name></span>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,
+ J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService
+ <span class="code-tag"></gbean-name></span>
+ <span class="code-tag"></reference></span>
+ <span class="code-tag"></gbean></span>
+
+ <span class="code-tag"><gbean name=<span class="code-quote">"ldap-login"</span> class=<span class="code-quote">"org.apache.geronimo.security.jaas.JaasLoginModuleUse"</span>></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"controlFlag"</span>></span>REQUIRED<span class="code-tag"></attribute></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginModule"</span>></span>
+ <span class="code-tag"><name></span>ldap-login<span class="code-tag"></name></span>
+ <span class="code-tag"></reference></span>
+ <span class="code-tag"></gbean></span>
+
+ <gbean name=<span class="code-quote">"ldaptest"</span>
+ class=<span class="code-quote">"org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry"</span>>
+ <span class="code-tag"><attribute name=<span class="code-quote">"applicationConfigName"</span>></span>ldaptest<span class="code-tag"></attribute></span>
+ <span class="code-tag"><attribute name=<span class="code-quote">"realmName"</span>></span>ldap-realm<span class="code-tag"></attribute></span>
+ <span class="code-tag"><reference name=<span class="code-quote">"LoginService"</span>></span>
+ <span class="code-tag"><gbean-name></span>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,
+ J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService
+ <span class="code-tag"></gbean-name></span>
+ <span class="code-tag"></reference></span>
+ <span class="code-tag"></gbean></span>
+
+
+<span class="code-tag"></configuration></span></pre>
+</div></div>
+
+<p>To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:</p>
+
+<p><b><tt>java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-realm.xml</tt></b></p>
+
+<p>Once deployed you should see a confirmation message similar to the following example:</p>
+
+<p><font color="white"><div class="preformatted" style="border-style: solid; "><div class="preformattedContent" style="background-color: #000000; ">
+<pre>E:\geronimo\bin>java -jar deployer.jar --user system --password manager deploy e:/ldap-jetty/ldap-realm.xml
+ Deployed org/apache/geronimo/ldap-secure
+</pre>
+</div></div></font></p>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<h1><a name="ConfiguringLDAP-Deploymentplans"></a>Deployment plans</h1>
+<p>The deployment plans are located in the <b><ldap_home>/WEB-INF</b> directory. Clearly, <b>geronimo-web.xml</b> is the Geronimo specific deployment plan. It provides the details on what security realm to use and user role mappings as well as the Geronimo specific namespace used to identify the elements in the security configuration. Common to other types of applications, not just security, the deployment plan also provides the main namespace for the deployment plan, a module identification (optional), a parent module configuration ID (also optional) and a context root. The following example illustrates the Geronimo specific deployment plan.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeHeader" style="border-bottom-style: solid; "><b>geronimo-web.xml</b></div><div class="codeContent">
+<pre class="code-xml"><span class="code-tag"><?xml version=<span class="code-quote">"1.0"</span> encoding=<span class="code-quote">"UTF-8"</span>?></span>
+<web-app
+ xmlns=<span class="code-quote">"http://geronimo.apache.org/xml/ns/web"</span>
+ <span class="code-keyword">xmlns:sec</span>=<span class="code-quote">"http://geronimo.apache.org/xml/ns/security"</span>
+ configId=<span class="code-quote">"org/apache/geronimo/ldap-secure-demo"</span>
+ parentId=<span class="code-quote">"org/apache/geronimo/ldap-secure"</span>>
+ <span class="code-tag"><context-root></span>/ldap-demo<span class="code-tag"></context-root></span>
+ <span class="code-tag"><context-priority-classloader></span>false<span class="code-tag"></context-priority-classloader></span>
+ <span class="code-tag"><security-realm-name></span>ldap-realm<span class="code-tag"></security-realm-name></span>
+ <span class="code-tag"><security></span>
+ <span class="code-tag"><default-principal realm-name=<span class="code-quote">"ldap-realm"</span>></span>
+ <span class="code-tag"><principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"</span> name=<span class="code-quote">"system"</span>/></span>
+ <span class="code-tag"></default-principal></span>
+ <span class="code-tag"><role-mappings></span>
+ <span class="code-tag"><role role-name=<span class="code-quote">"content-administrator"</span>></span>
+ <span class="code-tag"><realm realm-name=<span class="code-quote">"ldap-realm"</span>></span>
+ <span class="code-tag"><principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"</span> name=<span class="code-quote">"admin"</span> designated-run-as=<span class="code-quote">"true"</span>/></span>
+ <span class="code-tag"><principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"</span> name=<span class="code-quote">"system"</span>/></span>
+ <span class="code-tag"></realm></span>
+ <span class="code-tag"></role></span>
+ <span class="code-tag"><role role-name=<span class="code-quote">"guest"</span>></span>
+ <span class="code-tag"><realm realm-name=<span class="code-quote">"ldap-realm"</span>></span>
+ <span class="code-tag"><principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"</span> name=<span class="code-quote">"guest"</span> designated-run-as=<span class="code-quote">"true"</span>/></span>
+ <span class="code-tag"><principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"</span> name=<span class="code-quote">"user1"</span>/></span>
+ <span class="code-tag"><principal class=<span class="code-quote">"org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"</span> name=<span class="code-quote">"user2"</span>/></span>
+ <span class="code-tag"></realm></span>
+ <span class="code-tag"></role></span>
+ <span class="code-tag"></role-mappings></span>
+ <span class="code-tag"></security></span>
+<span class="code-tag"></web-app></span></pre>
+</div></div>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<p>The <b>web.xml</b> deployment descriptor shown in the following example (also located in the <ldap_home>/WEB-INF diretory) adds security constraints based on the location of the files.</p>
+
+<div class="code" style="border-style: solid; "><div class="codeHeader" style="border-bottom-style: solid; "><b>web.xml</b></div><div class="codeContent">
+<pre class="code-xml"><span class="code-tag"><?xml version=<span class="code-quote">"1.0"</span> encoding=<span class="code-quote">"ISO-8859-1"</span>?></span>
+<web-app xmlns=<span class="code-quote">"http://java.sun.com/xml/ns/j2ee"</span>
+ <span class="code-keyword">xmlns:xsi</span>=<span class="code-quote">"http://www.w3.org/2001/XMLSchema-instance"</span>
+ xsi:schemaLocation=<span class="code-quote">"http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"</span>
+ version=<span class="code-quote">"2.4"</span>>
+
+ <span class="code-tag"><welcome-file-list></span>
+ <span class="code-tag"><welcome-file></span>index.html<span class="code-tag"></welcome-file></span>
+ <span class="code-tag"></welcome-file-list></span>
+
+ <span class="code-tag"><security-constraint></span>
+ <span class="code-tag"><web-resource-collection></span>
+ <span class="code-tag"><web-resource-name></span>Admin Role<span class="code-tag"></web-resource-name></span>
+ <span class="code-tag"><url-pattern></span>/protect/*<span class="code-tag"></url-pattern></span>
+ <span class="code-tag"></web-resource-collection></span>
+ <span class="code-tag"><auth-constraint></span>
+ <span class="code-tag"><role-name></span>content-administrator<span class="code-tag"></role-name></span>
+ <span class="code-tag"></auth-constraint></span>
+ <span class="code-tag"></security-constraint></span>
+
+ <span class="code-tag"><security-constraint></span>
+ <span class="code-tag"><web-resource-collection></span>
+ <span class="code-tag"><web-resource-name></span>No Access<span class="code-tag"></web-resource-name></span>
+ <span class="code-tag"><url-pattern></span>/forbidden/*<span class="code-tag"></url-pattern></span>
+ <span class="code-tag"></web-resource-collection></span>
+ <span class="code-tag"><auth-constraint/></span>
+ <span class="code-tag"></security-constraint></span>
+
+ <span class="code-tag"><login-config></span>
+ <span class="code-tag"><auth-method></span>FORM<span class="code-tag"></auth-method></span>
+ <span class="code-tag"><realm-name></span>MYREALM<span class="code-tag"></realm-name></span>
+ <span class="code-tag"><form-login-config></span>
+ <span class="code-tag"><form-login-page></span>/auth/logon.html?param=test<span class="code-tag"></form-login-page></span>
+ <span class="code-tag"><form-error-page></span>/auth/logonError.html?param=test<span class="code-tag"></form-error-page></span>
+ <span class="code-tag"></form-login-config></span>
+ <span class="code-tag"></login-config></span>
+
+ <span class="code-tag"><security-role></span>
+ <span class="code-tag"><role-name></span>content-administrator<span class="code-tag"></role-name></span>
+ <span class="code-tag"></security-role></span>
+
+<span class="code-tag"></web-app></span></pre>
+</div></div>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<h1><a name="ConfiguringLDAP-Packagethesampleapplication"></a>Package the sample application</h1>
+<p>Now that all the elements have been identified, it is necessary to package the sample application in a Web application Archive (.war). Open a command line window, change directory to <ldap_home> and run the following command:</p>
+
+<p><b><tt>jar -cvf ldap-demo.war *</tt></b></p>
+
+<p>This command will package all the existing files and directories inside <ldap_home>. Although not needed inside the .war file, the ldap-realm.xml and ldap-sample.ldif files will also be included.</p>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+<h1><a name="ConfiguringLDAP-Deploytheapplication"></a>Deploy the application</h1>
+<p>To deploy the LDAP sample application make sure the Geronimo server is up and running. Open a command line window, change directory to <geronimo_home>/bin and run the following command:</p>
+
+<p><b><tt>java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-demo.war</tt></b></p>
+
+<p>Once the Web application is successfully deployed you should see a confirmation message similar as the one shown in the following example:</p>
+
+<p><font color="white"><div class="preformatted" style="border-style: solid; "><div class="preformattedContent" style="background-color: #000000; ">
+<pre>E:\geronimo\bin>java -jar deployer.jar --user system --password manager deploy e:/ldap-jetty/ldap-demo.war
+ Deployed org/apache/geronimo/ldap-secure-demo @
+ http://hcunico:8080/ldap-demo
+</pre>
+</div></div></font></p>
+
+<p>To test the LDAP application open a Web browser and access the following URL:</p>
+
+<p><a href="http://localhost:8080/ldap-demo" title="Visit page outside Confluence">http://localhost:8080/ldap-demo</a></p>
+
+<p>The following figure shows the welcome page for the LDAP sample application.</p>
+
+<p><img src="Configuring LDAP_attachments/ldap-jetty-t1.jpg" align="absmiddle" border="0" /></p>
+
+<p>Click on <a href="http://localhost:8080/ldap-demo/protect" title="Visit page outside Confluence">Protect</a> to validate against the LDAP Directory Server.</p>
+
+<p><img src="Configuring LDAP_attachments/ldap-jetty-t2.jpg" align="absmiddle" border="0" /></p>
+
+<p>Enter <b>system</b> as the username and <b>manager</b> as the password and click <b>Login</b>. The username and password you provide here is the same you use to access the Geronimo Web console and it is stored in the Directory Server database. Once you are logged in you should see the following screen.</p>
+
+<p><img src="Configuring LDAP_attachments/ldap-jetty-t3.jpg" align="absmiddle" border="0" /></p>
+
+<p>At this point you have an application that is validating username and passwords against an LDAP Directory Server database based on the security configuration you provided earlier. Now, if you go back to the welcome page and click on <a href="http://localhost:8080/ldap-demo/forbidden" title="Visit page outside Confluence">Forbidden</a> you should receive a 403 - Forbidden HTTP error similar as the one shown in the following figures.</p>
+
+<p>If you are using Jetty as the Web container:<br/>
+<img src="Configuring LDAP_attachments/ldap-jetty-t4.jpg" align="absmiddle" border="0" /></p>
+
+<p>If you are using Apache Tomcat as the Web container:<br/>
+<img src="Configuring LDAP_attachments/ldap-tomcat-t1.jpg" align="absmiddle" border="0" /></p>
+
+<p><a href="#ConfiguringLDAP-top" title="top on Configuring LDAP">Back to Top</a></p>
+
+ <br/>
+ <div class="tabletitle">
+ <a name="attachments">Attachments:</a>
+ </div>
+
+ <div class="greybox" align="left">
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-jetty.zip">ldap-jetty.zip</a> (application/x-zip-compressed)
+ <br/>
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-jetty.zip">ldap-jetty.zip</a> (application/x-zip-compressed)
+ <br/>
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-jetty-t1.jpg">ldap-jetty-t1.jpg</a> (image/pjpeg)
+ <br/>
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-jetty-t2.jpg">ldap-jetty-t2.jpg</a> (image/pjpeg)
+ <br/>
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-jetty-t3.jpg">ldap-jetty-t3.jpg</a> (image/pjpeg)
+ <br/>
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-jetty-t4.jpg">ldap-jetty-t4.jpg</a> (image/pjpeg)
+ <br/>
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-tomcat-t1.jpg">ldap-tomcat-t1.jpg</a> (image/pjpeg)
+ <br/>
+ <img src="icons/bullet_blue.gif" height="8" width="8" alt=""/>
+ <a href="Configuring LDAP_attachments/ldap-tomcat-t1.jpg">ldap-tomcat-t1.jpg</a> (image/pjpeg)
+ <br/>
+ </div>
+
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="0" cellspacing="0" width="100%">
+ <tr>
+ <td height="12" background="border/border_bottom.gif"><img src="border/spacer.gif" width="1" height="1" border="0"/></td>
+ </tr>
+ <tr>
+ <td align="center"><font color="grey">Document generated by Confluence on Dec 09, 2005 22:10</font></td>
+ </tr>
+ </table>
+ </body>
+</html>
\ No newline at end of file
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP.html
------------------------------------------------------------------------------
svn:executable = *
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t1.jpg
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring%20LDAP_attachments/ldap-jetty-t1.jpg?rev=356160&view=auto
==============================================================================
Binary file - no diff available.
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t1.jpg
------------------------------------------------------------------------------
svn:executable = *
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t1.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t2.jpg
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring%20LDAP_attachments/ldap-jetty-t2.jpg?rev=356160&view=auto
==============================================================================
Binary file - no diff available.
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t2.jpg
------------------------------------------------------------------------------
svn:executable = *
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t2.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t3.jpg
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring%20LDAP_attachments/ldap-jetty-t3.jpg?rev=356160&view=auto
==============================================================================
Binary file - no diff available.
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t3.jpg
------------------------------------------------------------------------------
svn:executable = *
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t3.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t4.jpg
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring%20LDAP_attachments/ldap-jetty-t4.jpg?rev=356160&view=auto
==============================================================================
Binary file - no diff available.
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t4.jpg
------------------------------------------------------------------------------
svn:executable = *
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty-t4.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty.zip
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring%20LDAP_attachments/ldap-jetty.zip?rev=356160&view=auto
==============================================================================
Binary file - no diff available.
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty.zip
------------------------------------------------------------------------------
svn:executable = *
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-jetty.zip
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-tomcat-t1.jpg
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring%20LDAP_attachments/ldap-tomcat-t1.jpg?rev=356160&view=auto
==============================================================================
Binary file - no diff available.
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-tomcat-t1.jpg
------------------------------------------------------------------------------
svn:executable = *
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Configuring LDAP_attachments/ldap-tomcat-t1.jpg
------------------------------------------------------------------------------
svn:mime-type = image/jpeg
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Deployer tool.html
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Deployer%20tool.html?rev=356160&view=auto
==============================================================================
--- geronimo/branches/1.0/modules/scripts/src/resources/docs/Deployer tool.html (added)
+++ geronimo/branches/1.0/modules/scripts/src/resources/docs/Deployer tool.html Sun Dec 11 21:27:20 2005
@@ -0,0 +1,219 @@
+<html>
+ <head>
+ <title>Geronimo : Deployer tool</title>
+ <link rel="stylesheet" href="styles/site.css" type="text/css" />
+ <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+
+ <body>
+ <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff">
+ <tr>
+ <td valign="top" class="pagebody">
+ <div class="pageheader">
+ <span class="pagetitle">
+ Geronimo : Deployer tool
+ </span>
+ </div>
+ <div class="pagesubheading">
+ This page last changed on Nov 18, 2005 by <font color="#0050B2">hcunico@gmail.com</font>.
+ </div>
+
+
+<p><a name="Deployertool-top"></a></p>
+
+<p><em><b>Article donated by:</b> <a href="mailto:hcunico@gmail.com" title="Send mail to Hernan Cunico">Hernan Cunico</a></em></p>
+
+<p>The deployer application is a Java application that manages J2EE artifacts and GBean components in the Geronimo server. If the server is running, it will connect to the server and perform its action through the server's deployment service. If it cannot find a running server, it will manage the configuration it finds in its own installation directory. </p>
+
+<p>The deployment tool is started by using the <b>java -jar</b> to invoke the main class in <geronimo_home>/bin/deployer.jar.</p>
+
+<p>Typically, the deployment tool is started using the <b>deploy</b> script, but you can also run the application by starting a Java virtual machine using the following syntax:</p>
+
+<p><b><tt>java -jar deployer.jar <general_options> <command> <command_options></tt></b></p>
+
+<p>where <b><general_options></b> specify common options that apply to all commands and control how the application behaves, <b><command></b> is a command name that specifies the action to be performed, and <b><command_options></b> are options unique to the command specified. </p>
+
+<h2><a name="Deployertool-Generaloptions"></a>General options</h2>
+<p>This section lists all the available general options for the Geronimo deployer tool.</p>
+<ul>
+ <li>--uri <identifier><br/>
+Where <identifier> is a Universal Resource Identifier (URI) that specifies how the deployer is to contact the server. If this flag is not specified, the deployer will attempt to contact the server using the standard port on localhost. The identifier must have the following form:<br/>
+deployer:geronimo:jmx:rmi:///jndi/rmi:[//host[:port]]/JMXConnector<br/>
+where <host> is replaced with the host name or TCP/IP address of the system where the server is running and <port> is replaced with the port number where the server is listening. If unspecified, localhost and the default port will be used. </li>
+ <li>--driver <driver_path><br/>
+Where <driver_path> is the path to the driver JAR if you want to use this tool with a server other than Geronimo. Currently, manifest Class-Path entries in that JAR are ignored.</li>
+ <li>--user <username><br/>
+Where <username> is a user name authorized to be an administrator on the server. If the command requires authorization, you must use this option.</li>
+ <li>--password <password><br/>
+Where <password> is a the password required to authenticate the user name. If this flag is not specified, the deployer will attempt to perform the command with no password, but if that fails, it will prompt you to enter a password.</li>
+ <li>--syserr <select><br/>
+Where <select> can be either true or false. If this flag is unspecified. false is assumed. Specify true when you want errors to be logged to the syserr device. </li>
+ <li>--verbose <select><br/>
+Where <select> can be either true or false. If this flag is unspecified. false is assumed. Specify true when you need more messages to determine the cause of an error.</li>
+</ul>
+
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h2><a name="Deployertool-Commands"></a>Commands</h2>
+<p>The available commands for the Geronimo deployer tool are listed below:</p>
+<ul>
+ <li>Common commands
+ <ul>
+ <li><a href="#Deployertool-deploy" title="deploy on Deployer tool">deploy</a></li>
+ <li><a href="#Deployertool-redeploy" title="redeploy on Deployer tool">redeploy</a></li>
+ <li><a href="#Deployertool-start" title="start on Deployer tool">start</a></li>
+ <li><a href="#Deployertool-stop" title="stop on Deployer tool">stop</a></li>
+ <li><a href="#Deployertool-undeploy" title="undeploy on Deployer tool">undeploy</a></li>
+ </ul>
+ </li>
+ <li>Other commands
+ <ul>
+ <li><a href="#Deployertool-distribute" title="distribute on Deployer tool">distribute</a></li>
+ <li><a href="#Deployertool-listmodules" title="list-modules on Deployer tool">list\-modules</a></li>
+ <li><a href="#Deployertool-listtargets" title="list-targets on Deployer tool">list\-targets</a></li>
+ <li><a href="#Deployertool-package" title="package on Deployer tool">package</a></li>
+ </ul>
+ </li>
+</ul>
+
+
+<p>Additionally, you can type <b>help</b> for further details on a given command, the syntax is as follows:</p>
+
+<p><b><tt>java -jar deployer.jar help <commands></tt></b></p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Deploy"></a>Deploy <a name="Deployertool-deploy"></a></h3>
+<p>Use the <b>deploy</b> command to add and start a new module. The deploy command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>deploy</b> <module> <deployment_plan></tt></p>
+
+<p>The most common <general_options> would be --user and --password.<br/>
+The <module> specifies the application file name and location. The <deployment_plan> specifies the file name and location of the XML with the deployment plan. Sometimes the application module already has included in the package a deployment plan or the application is so simple that does not require any deployment plan, in these cases this parameter can be omited.</p>
+
+<p>A module file can be one of the following:</p>
+
+<ul>
+ <li>J2EE Enterprise Application Archive (EAR) file</li>
+ <li>J2EE Web Application Archive (WAR) file</li>
+ <li>J2EE Enterprise JavaBean Archive (JAR) file</li>
+ <li>J2EE Java Resource Archive (RAR) file</li>
+</ul>
+
+
+<p>If the server is not currently running at the time of deploying the application, the module will be marked to start next time the server is started.</p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Redeploy"></a>Redeploy <a name="Deployertool-redeploy"></a></h3>
+<p>Use the <b>redeploy</b> command to stop, replace and restart a module that has been deployed before. The redeploy command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>redeploy</b> <module> <deployment_plan></tt></p>
+
+<p>Just like the <a href="#Deployertool-deploy" title="deploy on Deployer tool">deploy command</a>, the redeploy command accepts the following modules file types:</p>
+
+<ul>
+ <li>J2EE Enterprise Application Archive (EAR) file</li>
+ <li>J2EE Web Application Archive (WAR) file</li>
+ <li>J2EE Enterprise JavaBean Archive (JAR) file</li>
+ <li>J2EE Java Resource Archive (RAR) file</li>
+</ul>
+
+
+<p>Typically, both a module and a plan are specified. If the module contains a plan or if a default plan can be used, the plan can be omitted. However, if a plan is specified in this case, it overrides the other plans. If the plan references a server component already deployed in the server's environment, the module is omitted.</p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Start"></a>Start <a name="Deployertool-start"></a></h3>
+<p>Use the <b>start</b> command to start a previously deployed module. The start command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>start</b> <moduleIDs></tt></p>
+
+<p>Where <moduleIDs> is a list of one or more modules (configID) separated by blank space. The module identification (or ConfigID) is defined at deployment time in the respective deployment plan for each module previously deployed.</p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Stop"></a>Stop <a name="Deployertool-stop"></a></h3>
+<p>Use the <b>stop</b> command to stop a running module. The stop command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>stop</b> <moduleIDs></tt></p>
+
+<p>Where <moduleIDs> is a list of one or more modules (configID) separated by blank space. The module identification (or ConfigID) is defined at deployment time in the respective deployment plan for each module previously deployed.</p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Undeploy"></a>Undeploy <a name="Deployertool-undeploy"></a></h3>
+<p>Use the <b>undeploy</b> command to stop and remove a module (running or not) and its deployment information from the server. The undeploy command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>undeploy</b> <moduleIDs></tt></p>
+
+<p>Where <moduleIDs> is a list of one or more modules (configID) separated by blank space. The module identification (or ConfigID) is defined at deployment time in the respective deployment plan for each module previously deployed.</p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Distribute"></a>Distribute <a name="Deployertool-distribute"></a></h3>
+<p>Use the <b>distribute</b> command to add a new module to the server. This command does not start the module nor mark it to be started in the future. The distribute command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>distribute</b> <module> <deployment_plan></tt></p>
+
+<p>Just like with the deploy command, <module> specifies the application file name and location. The <deployment_plan> specifies the file name and location of the XML with the deployment plan. Sometimes the application module already has included in the package a deployment plan or the application is so simple that does not require any deployment plan, in these cases this parameter can be omited.</p>
+
+<p>A module file can be one of the following:</p>
+
+<ul>
+ <li>J2EE Enterprise Application Archive (EAR) file</li>
+ <li>J2EE Web Application Archive (WAR) file</li>
+ <li>J2EE Enterprise JavaBean Archive (JAR) file</li>
+ <li>J2EE Java Resource Archive (RAR) file</li>
+</ul>
+
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Listmodules"></a>List-modules <a name="Deployertool-listmodules"></a></h3>
+<p>Use the <b>list-modules</b> command to list all available modules on the server, note that for running this command the server must be runnning. The list-modules command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>list-modues</b> [--all|--stated|--stopped]</tt></p>
+
+<ul>
+ <li>--all : is used by default when no other option is specified. It will list all the available modules.</li>
+ <li>--started : this option will list only the modules that are running.</li>
+ <li>--stopped : this option will list only the modules that are not running.</li>
+</ul>
+
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Listtargets"></a>List-targets <a name="Deployertool-listtargets"></a></h3>
+<p>Use the <b>list-targets</b> command to lists the targets known to the server you have connected to. The list-targets command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>list-targets</b></tt></p>
+
+<p>In the case of Geronimo, each configuration store is a separate target. Geronimo does not yet support clusters as targets.</p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+<h3><a name="Deployertool-Package"></a>Package <a name="Deployertool-package"></a></h3>
+<p>Use the <b>package</b> command to create a configuration JAR file rather than installing into the server environment. The package command has the following syntax:</p>
+
+<p><tt>java -jar deployer.jar <general_options> <b>package</b> [--classPath path] [--mainClass class] [--install] <module> <deployment_plan> fileName</tt></p>
+
+<p>The optional --classPath argument specifies a Class-Path to include in the JAR manifest. The optional --mainClass argument specifies the Main-Class to include in the JAR manifest. The --install option specifies that the configuration should be build into a JAR and also installed into the server configuration (otherwise it is packaged but not installed). The fileName argument specifies the JAR to create.</p>
+
+<p><a href="#Deployertool-top" title="top on Deployer tool">Back to top</a></p>
+
+
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="0" cellspacing="0" width="100%">
+ <tr>
+ <td height="12" background="border/border_bottom.gif"><img src="border/spacer.gif" width="1" height="1" border="0"/></td>
+ </tr>
+ <tr>
+ <td align="center"><font color="grey">Document generated by Confluence on Dec 09, 2005 22:10</font></td>
+ </tr>
+ </table>
+ </body>
+</html>
\ No newline at end of file
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Deployer tool.html
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Deployer tool.html
------------------------------------------------------------------------------
svn:executable = *
Added: geronimo/branches/1.0/modules/scripts/src/resources/docs/Deploying configurations and resources.html
URL: http://svn.apache.org/viewcvs/geronimo/branches/1.0/modules/scripts/src/resources/docs/Deploying%20configurations%20and%20resources.html?rev=356160&view=auto
==============================================================================
--- geronimo/branches/1.0/modules/scripts/src/resources/docs/Deploying configurations and resources.html (added)
+++ geronimo/branches/1.0/modules/scripts/src/resources/docs/Deploying configurations and resources.html Sun Dec 11 21:27:20 2005
@@ -0,0 +1,44 @@
+<html>
+ <head>
+ <title>Geronimo : Deploying configurations and resources</title>
+ <link rel="stylesheet" href="styles/site.css" type="text/css" />
+ <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ </head>
+
+ <body>
+ <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff">
+ <tr>
+ <td valign="top" class="pagebody">
+ <div class="pageheader">
+ <span class="pagetitle">
+ Geronimo : Deploying configurations and resources
+ </span>
+ </div>
+ <div class="pagesubheading">
+ This page last changed on Nov 18, 2005 by <font color="#0050B2">hcunico@gmail.com</font>.
+ </div>
+
+
+<p><a name="Deployingconfigurationsandresources-top"></a></p>
+
+<p><em><b>Article donated by:</b> <a href="mailto:" title="Send mail to "></a></em></p>
+
+
+
+
+<p><a href="#Deployingconfigurationsandresources-top" title="top on Deploying configurations and resources">Back to Top</a></p>
+
+
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellpadding="0" cellspacing="0" width="100%">
+ <tr>
+ <td height="12" background="border/border_bottom.gif"><img src="border/spacer.gif" width="1" height="1" border="0"/></td>
+ </tr>
+ <tr>
+ <td align="center"><font color="grey">Document generated by Confluence on Dec 09, 2005 22:10</font></td>
+ </tr>
+ </table>
+ </body>
+</html>
\ No newline at end of file
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Deploying configurations and resources.html
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/branches/1.0/modules/scripts/src/resources/docs/Deploying configurations and resources.html
------------------------------------------------------------------------------
svn:executable = *