Jboss EJB3.0 security

Calculator.Java

package org.jboss.tutorial.security.bean;

import Javax.ejb.Remote;

@Remote

public interface Calculator

{

int add(int x, int y);

int suBTract(int x, int y);

int divide(int x, int y);

}

CalculatorBean.Java

package org.jboss.tutorial.security.bean;

import org.jboss.ejb3.security.SecurityDomain;

import Javax.ejb.MethodPermissions;

import Javax.ejb.Stateless;

import Javax.ejb.TransactionAttribute;

import Javax.ejb.TransactionAttributeType;

import Javax.ejb.Unchecked;

@Stateless

@SecurityDomain("other")

public class CalculatorBean implements Calculator

{

@Unchecked //it's ok to delete this line,it means to use this method without checked

@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)

public int add(int x, int y)

{

return x + y;

}

@MethodPermissions({"student","teacher"}) //note that we can more role here

public int suBTract(int x, int y)

{

return x - y;

}

@MethodPermissions({"teacher"})

public int divide(int x, int y)

{

return x / y;

}

}

這裡substract方法定義了訪問對象：student和teacher ; divide 方法定義了訪問對象為: teacher .可以看role.propertIEs,當然也可以加入些自定義對象。

ClIEnt.Java

package org.jboss.tutorial.security.clIEnt;

import org.jboss.security.SecurityAssociation;

import org.jboss.security.SimplePrincipal;

import org.jboss.tutorial.security.bean.Calculator;

import Javax.naming.InitialContext;

public class ClIEnt

{

public static void main(String[] args) throws Exception

{

InitialContext ctx = new InitialContext();

Calculator calculator = (Calculator) ctx.lookup(Calculator.class.getName());

System.out.println("Everybody can add");

System.out.println("1 + 1 = " + calculator.add(1, 1));

System.out.println("Change role:Kabir is a student");

SecurityAssociation.setPrincipal(new SimplePrincipal("kabir"));

SecurityAssociation.setCredential("validpassWord".toCharArray());

System.out.println("Students are allowed to do suBTraction but division");

System.out.println("1 - 1 = " + calculator.suBTract(1, 1));

try

{

System.out.println("16/4="+calculator.divide(16, 4));

}

catch (SecurityException ex)

{

System.out.println("Kabir try to do division:"+ex.getMessage());

}

System.out.println("Change role:roson is a teacher");

SecurityAssociation.setPrincipal(new SimplePrincipal("roson"));

SecurityAssociation.setCredential("sandy".toCharArray());

System.out.println("Teacher are allowed do substraction and division");

System.out.println("2 - 1 = " + calculator.suBTract(2, 1));

System.out.println("16/4 = "+calculator.divide(16, 4));

}

}

這裡有兩個人物分別為: kabir 是student 密碼為 validpassWord ; roson 是 teacher 密碼為 sandy。

這兩個人調用了減、除這兩個方法程序將根據訪問權限做相應的處理。

users.propertIEs

kabir=validpassWord

roson=sandy

裡面是username=passWord這樣的格式，一行一個用戶。

roles.propertIEs

kabir=student

roson=teacher

裡面是username=role1,role2,role3，即用戶和該用戶所屬的所有角色。

這裡附上log4j.properties 在jboss-EJB-3.0_PrevIEw_5.zip　裡面沒有這個老是顯示缺少appender。有了這個將在該目錄下生成個record.log日志文件

log4j.propertIEs

log4j.appender.R=org.apache.log4j.RollingFileAppender

log4j.appender.R.File=record.log

log4j.appender.R.layout=org.apache.log4j.PatternLayout

log4j.appender.R.layout.ConversionPattern=%p %d{hh:mm:ss} %t %c{1} -%m%n

log4j.appender.R.MaxBackupIndex=1

log4j.appender.R.MaxFileSize=100KB

log4j.appender.stdout.layout=org.apache.log4j.PatternLayout

log4j.appender.stdout.layout.ConversionPattern=%5p [%t] (%F:%L) -%m%n

log4j.appender.stdout=org.apache.log4j.ConsoleAppender

log4j.rootLogger=stdout,R

運行：參考installing.Html

Windows下

打開命令提示符cmd，到 jboss_home/bin

Run.bat –c all

用ant

先build後run 就行了。

討論：

由於對jaas接觸的不多，只能盡力說說自己的一些想法和改過的地方。