Jboss EJB3.0 security

Calculator.java

package org.jboss.tutorial.security.bean;

import javax.ejb.Remote;

@Remote

public interface Calculator

{

int add(int x, int y);

int subtract(int x, int y);

int divide(int x, int y);

}

CalculatorBean.java

package org.jboss.tutorial.security.bean;

import org.jboss.ejb3.security.SecurityDomain;

import javax.ejb.MethodPermissions;

import javax.ejb.Stateless;

import javax.ejb.TransactionAttribute;

import javax.ejb.TransactionAttributeType;

import javax.ejb.Unchecked;

@Stateless

@SecurityDomain("other")

public class CalculatorBean implements Calculator

{

@Unchecked //it's ok to delete this line,it means to use this method without checked

@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)

public int add(int x, int y)

{

return x + y;

}

@MethodPermissions({"student","teacher"}) //note that we can more role here

public int subtract(int x, int y)

{

return x - y;

}

@MethodPermissions({"teacher"})

public int divide(int x, int y)

{

return x / y;

}

}

这里substract方法定义了访问对象：student和teacher ; divide 方法定义了访问对象为: teacher .可以看role.properties,当然也可以加入些自定义对象。

Client.java

package org.jboss.tutorial.security.client;

import org.jboss.security.SecurityAssociation;

import org.jboss.security.SimplePrincipal;

import org.jboss.tutorial.security.bean.Calculator;

import javax.naming.InitialContext;

public class Client

{

public static void main(String[] args) throws Exception

{

InitialContext ctx = new InitialContext();

Calculator calculator = (Calculator) ctx.lookup(Calculator.class.getName());

System.out.println("Everybody can add");

System.out.println("1 + 1 = " + calculator.add(1, 1));

System.out.println("Change role:Kabir is a student");

SecurityAssociation.setPrincipal(new SimplePrincipal("kabir"));

SecurityAssociation.setCredential("validpassword".toCharArray());

System.out.println("Students are allowed to do subtraction but division");

System.out.println("1 - 1 = " + calculator.subtract(1, 1));

try

{

System.out.println("16/4="+calculator.divide(16, 4));

}

catch (SecurityException ex)

{

System.out.println("Kabir try to do division:"+ex.getMessage());

}

System.out.println("Change role:roson is a teacher");

SecurityAssociation.setPrincipal(new SimplePrincipal("roson"));

SecurityAssociation.setCredential("sandy".toCharArray());

System.out.println("Teacher are allowed do substraction and division");

System.out.println("2 - 1 = " + calculator.subtract(2, 1));

System.out.println("16/4 = "+calculator.divide(16, 4));

}

}

这里有两个人物分别为: kabir 是student 密码为 validpassword ; roson 是 teacher 密码为 sandy。

这两个人调用了减、除这两个方法程序将根据访问权限做相应的处理。

users.properties

kabir=validpassword

roson=sandy

里面是username=password这样的格式，一行一个用户。

roles.properties

kabir=student

roson=teacher

里面是username=role1,role2,role3，即用户和该用户所属的所有角色。

这里附上log4j.properties 在jboss-EJB-3.0_Preview_5.zip里面没有这个老是显示缺少appender。有了这个将在该目录下生成个record.log日志文件

log4j.properties

log4j.appender.R=org.apache.log4j.RollingFileAppender

log4j.appender.R.File=record.log

log4j.appender.R.layout=org.apache.log4j.PatternLayout

log4j.appender.R.layout.ConversionPattern=%p %d{hh:mm:ss} %t %c{1} -%m%n

log4j.appender.R.MaxBackupIndex=1

log4j.appender.R.MaxFileSize=100KB

log4j.appender.stdout.layout=org.apache.log4j.PatternLayout

log4j.appender.stdout.layout.ConversionPattern=%5p [%t] (%F:%L) -%m%n

log4j.appender.stdout=org.apache.log4j.ConsoleAppender

log4j.rootLogger=stdout,R

运行：参考installing.html

Windows下

打开命令提示符cmd，到 jboss_home/bin

Run.bat –c all

用ant

先build后run 就行了。

讨论：

由于对jaas接触的不多，只能尽力说说自己的一些想法和改过的地方。

• ·Jsp+beans分页显示记录实战
• ·Bugzilla2.18 在window下的安
• ·《Essential .Net》读书笔记 -
• ·《Test-Driven Developmen
• ·What is hibernate?
• ·在BootLoader中实现LAN91C113
• ·律师点评——员工因“对公司的赞美不合格”被淘汰
• ·Tomcat研究之组件结构
• ·Tomat组件研究之ThreadPool
• ·栅格式游戏设计（Grid Based Game