Deployment plans has been edited by Phani Balaji Madgula (Apr 02, 2008).

(View changes)

Content:

Every module that you install in Geronimo, whether it is a service, application, resource, etc., can be configured via a deployment plan. These deployment plans are XML files based on XML Schemas containing the configuration details for a specific application module or component. The Java EE 5 specification defines standard deployment descriptors such as web.xml, application.xml, etc. In some cases, the deployment descriptor is all that is required to install a module into a Geronimo server. However, in many cases, server-specific configuration is required when modules are installed. This server-specific configuration is accomplished by using Geronimo deployment plans.

Geronimo deployment plans can be packaged along with the application or specified externally at deployment time. If provided during deployment, this plan will overwrite any other Geronimo specific deployment plan provided with the application.

To package the deployment plans in you application you have to follow some naming conventions and place the file in a specific directory within your packaged application. For example, in a web application you would include the geronimo-web.xml under the /WEB-INF directory, same place where you are also providing the web.xml descriptor, all within the WAR. For an enterprise application you would include the geronimo-application.xml under the /META-INF directory, same place where you are also providing the application.xml descriptor, all within the WAR.

The Java EE 5 specification also let's you use Annotations where you add resource references, dependencies, etc. directly in the code. Geronimo provides a Deployment plan wizard that automatically generates the necessary deployment plans based on the standard deployment descriptors and annotations.

This document is organized in the following sections:

XML Schemas

Java EE Deployment Plans

Module Type Geronimo Schema Preferred Java EE Schema
General (Tomcat or Jetty) Web Application (WAR) http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1 web-app_2_5.xsd
Tomcat-Only Web Application (WAR) http://geronimo.apache.org/xml/ns/j2ee/web/tomcat-2.0.1 web-app_2_5.xsd
Jetty-Only Web Application (WAR) http://geronimo.apache.org/xml/ns/j2ee/web/jetty-2.0.2 web-app_2_5.xsd
EJB (JAR) http://www.openejb.org/xml/ns/openejb-jar-2.1 ejb-jar_3_0.xsd
J2EE Connector (RAR) http://geronimo.apache.org/xml/ns/j2ee/connector-1.2 connector_1_5.xsd
Application Client (JAR) http://geronimo.apache.org/xml/ns/j2ee/application-client-2.0 application-client_5.xsd
Application (EAR) http://geronimo.apache.org/xml/ns/j2ee/application-2.0 application_5.xsd

Common Elements & Configuration

Module Type Geronimo Schema Description
Server Plans & Common Elements http://geronimo.apache.org/xml/ns/deployment-1.2 Used to deploy new services in Geronimo in a standalone plan, and also contains common elements used by many other plans.
Geronimo Plugin Descriptor http://geronimo.apache.org/xml/ns/plugins-1.3 Metadata on a Geronimo plugin or a list of available Geronimo plugins.
Security Mapping http://geronimo.apache.org/xml/ns/security-2.0 Common security elements used by other plans.
Security Realms http://geronimo.apache.org/xml/ns/loginconfig-2.0 Abbreviated syntax for configuring security realm and login module GBeans. You can either manually configure multiple GBeans or declare a single GBean for the realm using this to configure all the login modules.
Naming http://geronimo.apache.org/xml/ns/naming-1.2 Common elements for references to other components (EJBs, database pools, JMS resources, J2EE Connectors, Web Services, etc.)
Primary Key Generator http://www.openejb.org/xml/ns/pkgen-2.0 Abbreviated syntax for configuring primary key generators for CMP entity beans. Avoids manually configuring and wiring up PK generator GBeans.
CORBA CSS Configuration http://openejb.apache.org/xml/ns/corba-css-config-2.1 Abbreviated syntax for configuring security for clients accessing remote EJBs via CORBA.
CORBA TSS Configuration http://openejb.apache.org/xml/ns/corba-tss-config-2.1 Abbreviated syntax for configuring security for EJBs exposed via CORBA.
config.xml http://geronimo.apache.org/xml/ns/attributes-1.2 The format of the var/config/config.xml file.
Tomcat Web App Configuration http://geronimo.apache.org/xml/ns/web/tomcat/config-1.0 If you use the generic (geronimo-web-2.0.xsd) web application configuration, you can use these elements in the container-config element to configure Tomcat-specific behavior.
Jetty Web App Configuration http://geronimo.apache.org/xml/ns/web/jetty/config-1.0.1 If you use the generic (geronimo-web-2.0.xsd) web application configuration, you can use these elements in the container-config element to configure Jetty-specific behavior.

Configurations

The examples provided in this section are independent of any application. Most of these configurations can be generated and deployed through the Geronimo Administration Console as well.

Connection pools

For the most part, deployment plans for database connection pool will be very similar from each other. However, depending on the database the pool will be connecting to, you may need to specify some additional parameters.

Embedded Derdy DB

Embedded Derdy DB connection pool deployment plan
<?xml version="1.0" encoding="UTF-8"?>
<connector xmlns="http://geronimo.apache.org/xml/ns/j2ee/connector-1.2">
    <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2">
        <dep:moduleId>
            <dep:groupId>console.dbpool</dep:groupId>
            <dep:artifactId>TimeReportPool</dep:artifactId>
            <dep:version>1.0</dep:version>
            <dep:type>rar</dep:type>
        </dep:moduleId>
        <dep:dependencies>
            <dep:dependency>
                <dep:groupId>org.apache.geronimo.configs</dep:groupId>
                <dep:artifactId>system-database</dep:artifactId>
            </dep:dependency>
        </dep:dependencies>
    </dep:environment>
    <resourceadapter>
        <outbound-resourceadapter>
            <connection-definition>
                <connectionfactory-interface>javax.sql.DataSource</connectionfactory-interface>
                <connectiondefinition-instance>
                    <name>TimeReportPool</name>
                    <config-property-setting name="Driver">org.apache.derby.jdbc.EmbeddedDriver</config-property-setting>
                    <config-property-setting name="ConnectionURL">jdbc:derby:TimeReportDB</config-property-setting>
                    <connectionmanager>
                        <local-transaction/>
                        <single-pool>
                            <max-size>10</max-size>
                            <min-size>0</min-size>
                            <match-one/>
                        </single-pool>
                    </connectionmanager>
                </connectiondefinition-instance>
            </connection-definition>
        </outbound-resourceadapter>
    </resourceadapter>
</connector>

Security

A Java EE application may consist of several components that can be deployed on to different containers such as WEB container, EJB container, WebServices container in a JEE5 server. This kind of deployment allows multi-tier applications that interact with one another to perform a given user task. Multi-tier JEE5 applications can be secured by properly selecting authenticating mechanisms and designing authorization levels or roles. If the application components use declarative security management, the authentication and authorization aspects are declared in corresponding JEE5 deployment descriptors. The declared security roles or levels are mapped to real security roles or levels in the Geronimo deployment plans through Security realms. In Apache Geronimo, the security realms abstract away authentication and authorization aspects of the application components. Authentication and Authorization together enable access control for the various components of the application.

Depending on the selected authenticating system, a JAAS login module is selected and configured in a Security Realm. JAAS login modules connect to corresponding user/group repositories and perform authentication and retrieve authorization information. Geronimo provides login modules that connect to different types of user/group repositories. These are PropertiesFileLoginModule, LDAPLoginModule, SQLLoginModule and CertificatePropertiesFileLoginModule.

For example, Geronimo uses "geronimo-admin" security realm to authenticate users when they login to the Geronimo Administration Console. The deployment plan of the security realm is follows.

geronimo-admin security realm

<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
     <environment>

         <moduleId>
             <groupId>console.realm</groupId>
             <artifactId>geronimo-admin</artifactId>
             <version>1.0</version>
             <type>car</type>
         </moduleId>

         <dependencies>

             <dependency>
                 <groupId>org.apache.geronimo.framework</groupId>
                 <artifactId>j2ee-security</artifactId>
                 <type>car</type>
             </dependency>

         </dependencies>

     </environment>

     <gbean name="geronimo-admin"
       class="org.apache.geronimo.security.realm.GenericSecurityRealm"
       xsi:type="dep:gbeanType"
      xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

         <attribute name="realmName">geronimo-admin</attribute>
         <reference name="ServerInfo">
             <name>ServerInfo</name>
         </reference>

         <xml-reference name="LoginModuleConfiguration">

             <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                 <log:login-module control-flag="REQUIRED" wrap-principals="false">
                     <log:login-domain-name>geronimo-admin</log:login-domain-name>
                     <log:login-module-class>
  org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
                     </log:login-module-class>
                     <log:option name="groupsURI">var/security/groups.properties</log:option>
                     <log:option name="usersURI">var/security/users.properties</log:option>
                 </log:login-module>
             </log:login-config>

         </xml-reference>
     </gbean>

 </module>

The above security realm is deployed over two property files var/security/users.properties and var/security/groups.properties that contain user/group information using "org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule". The admin console is a web application that uses the above security realm for user authentication.

Security realm deployment plan is an XML file that uses "http://geronimo.apache.org/xml/ns/deployment-1.2" Geronimo schema for ModuleId, dependency and Security Realm GBean configurations. The XML file uses "http://geronimo.apache.org/xml/ns/loginconfig-2.0" Geronimo schema for login module configuration. All the XML schema files (.xsd files) are located at <GERONIMO_HOME>/schema directory. Where <GERONIMO_HOME> is the directory where Geronimo is installed.

The following table provides the summary of user/group repositories and corresponding login modules in Apache Geronimo

User/Group Repository LoginModule
Property files org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule
Database     org.apache.geronimo.security.realm.providers.SQLLoginModule
Ldap repository   org.apache.geronimo.security.realm.providers.LDAPLoginModule
Certificate Repository  org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule
Any other    User has to supply the custom JAAS module. Admin console can be used to deploy a security 
 realm over custom JAAS login modules.

Depending on the type of the login module, the options for configuration changes. 

Once a security realm is deployed, it's available for any JEE5 application deployed in Apache Geronimo to map declared roles to actual users/groups through a Geronimo deployment plan.

Applications

An enterprise application archive (EAR) can consist of several application modules. The application modules can be several Web Application Archives (WAR) , EJB modules (JAR), application client modules (JAR) or Resource Archive modules (RAR). User can either deploy these modules individually or bundle them into a single EAR file and deploy the EAR file.

When deployed individually, each application module should accompany a Geronimo deployment plan to map declared resources names, ejb names, security roles, JMS roles (if any) to actual resources in the server. The Geronimo deployment plans also contain any Geronimo specific settings and configurations. When deployed as a single bundle (EAR), user can create a single Geronimo deployment plan accomplish to perform all the mappings/settings and configurations.

The following table summarizes different JEE5 modules and corresponding Geronimo deployment plans accompany them.

JEE module JEE deployment descriptor (DD) Geronimo deployment plan
Web Application Archive (WAR) web.xml geronimo-web.xml
EJB Application Archive (JAR) ejb-jar.xml openejb-jar.xml
Resource Adapter Archive (RAR) ra.xml geronimo-ra.xml
Enterprise Application Archive (EAR) application.xml geronimo-application.xml
Enterprise Application Client Archive (JAR) application-client.xml geronimo-application-client.xml

Web Application deployment plan (geronimo-web.xml)

In the geronimo-web.xml file, application deployer maps the security roles, ejb names, database resources, JMS resources, etc. declared in web.xml to corresponding entities deployed in the server. In addition to that, if there are any web container specific configurations, such as Tomcat or Jetty specific, depending on the application needs, all these settings are configured as well here. If the web application depends on any third party libraries or other services running in the server, all these dependencies are declared in the plan. Some web applications require class loading requirements different from the default class loading behavior. The geronimo-web.xml allows application deployer to configure this as well. There are many more configurations that could be done through geronimo-web.xml depending on the needs of web application. The following sections briefly explain how geronimo-web.xml can be used configure the web container and web applications.

The geronimo-web.xml uses XML elements from http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1 namespace and one or more namespaces mentioned in "XML Schemas - Common elements and Configuration" section above in the document. Please go through the section to know what elements does each schema describe.

For example, the following web.xml and geronimo-web.xml are the deployment descriptor and geronimo deployment plan respectively, of a web application that connects to a datasource deployed on DB2 and retrieves data from a table.

Sample web.xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
                               http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
                               version="2.5">

  <resource-ref>
    <res-ref-name>jdbc/DataSource</res-ref-name>
    <res-type>javax.sql.DataSource</res-type>
    <res-auth>Container</res-auth>
    <res-sharing-scope>Shareable</res-sharing-scope>
  </resource-ref>

  <welcome-file-list>
    <welcome-file>jsp/EMPdemo.jsp</welcome-file>
  </welcome-file-list>
</web-app>

Note : With servlet2.5 spec, many of the declarations done through web.xml can also be done through corresponding annotations in the servlets and JSPs

Sample geronimo-web.xml 

<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1"
          xmlns:naming="http://geronimo.apache.org/xml/ns/naming-1.2"
          xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"
          xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.2">

     <sys:environment>
         <sys:moduleId>
             <sys:groupId>samples</sys:groupId>
             <sys:artifactId>EmployeeDemo</sys:artifactId>
             <sys:version>2.1</sys:version>
             <sys:type>war</sys:type>
         </sys:moduleId>
         <sys:dependencies>
             <sys:dependency>
                 <sys:groupId> samples</sys:groupId>
                 <sys:artifactId>EmployeeDatasource</sys:artifactId>
                 <sys:version>2.1</sys:version>
                 <sys:type>rar</sys:type>
             </sys:dependency>
         </sys:dependencies>
     </sys:environment>

     <context-root>/EmployeeDemo</context-root>

     <naming:resource-ref>
         <naming:ref-name>jdbc/DataSource</naming:ref-name>
         <naming:resource-link>jdbc/EmployeeDatasource</naming:resource-link>
     </naming:resource-ref>


 </web-app>

Please observe the different namespace prefixes and corresponding namespaces used to configure dependencies and resource mapping. Also observe how the Datasource name 'jdbc/DataSource' in web.xml is mapped to 'jdbc/EmployeeDatasource' in geronimo-web.xml. The 'jdbc/EmployeeDatasource' is the name of the Datasource (database connection pool) deployed on the server for connecting to back end DB2 database.

The deployment plan starts with <sys:moduleId> to provide a unique module id configuration for the web application. In dependencies section, using <sys:dependency>, a dependency on "samples/EmployeeDatasource/2.1/rar" is configured. This is the module id of Datasource that connects to DB2. The web context root is configured by <context-root>. Since there is no namespace prefix for this tag, it is going to be the default namespace http://geronimo.apache.org/xml/ns/j2ee/web-2.0.1.

All the XML schema files are located at <GERONIMO_HOME>/schema directory. <GERONIMO_HOME> is the location where Geronimo is installed.  Please go through the XSD files to have a feel of XML tags that can be used in geronimo-web.xml for configuring web applications.

Similarly, many container specific configurations and application security configurations are performed through other XML tags.

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences