Calculator.java
package org.jboss.tutorial.security.bean;
import javax.ejb.Remote;
@Remote
public interface Calculator
{
int add(int x, int y);
int subtract(int x, int y);
int divide(int x, int y);
}
CalculatorBean.java
package org.jboss.tutorial.security.bean;
import org.jboss.ejb3.security.SecurityDomain;
import javax.ejb.MethodPermissions;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.ejb.Unchecked;
@Stateless
@SecurityDomain("other")
public class CalculatorBean implements Calculator
{
@Unchecked //it's ok to delete this line,it means to use this method without checked
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public int add(int x, int y)
{
return x + y;
}
@MethodPermissions({"student","teacher"}) //note that we can more role here
public int subtract(int x, int y)
{
return x - y;
}
@MethodPermissions({"teacher"})
public int divide(int x, int y)
{
return x / y;
}
}
这里substract方法定义了访问对象:student和teacher ; divide 方法定义了访问对象为: teacher .可以看role.properties,当然也可以加入些自定义对象。
Client.java
package org.jboss.tutorial.security.client;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.tutorial.security.bean.Calculator;
import javax.naming.InitialContext;
public class Client
{
public static void main(String[] args) throws Exception
{
InitialContext ctx = new InitialContext();
Calculator calculator = (Calculator) ctx.lookup(Calculator.class.getName());
System.out.println("Everybody can add");
System.out.println("1 + 1 = " + calculator.add(1, 1));
System.out.println("Change role:Kabir is a student");
SecurityAssociation.setPrincipal(new SimplePrincipal("kabir"));
SecurityAssociation.setCredential("validpassword".toCharArray());
System.out.println("Students are allowed to do subtraction but division");
System.out.println("1 - 1 = " + calculator.subtract(1, 1));
try
{
System.out.println("16/4="+calculator.divide(16, 4));
}
catch (SecurityException ex)
{
System.out.println("Kabir try to do division:"+ex.getMessage());
}
System.out.println("Change role:roson is a teacher");
SecurityAssociation.setPrincipal(new SimplePrincipal("roson"));
SecurityAssociation.setCredential("sandy".toCharArray());
System.out.println("Teacher are allowed do substraction and division");
System.out.println("2 - 1 = " + calculator.subtract(2, 1));
System.out.println("16/4 = "+calculator.divide(16, 4));
}
}
这里有两个人物分别为: kabir 是student 密码为 validpassword ; roson 是 teacher 密码为 sandy。
这两个人调用了减、除这两个方法程序将根据访问权限做相应的处理。
users.properties
kabir=validpassword
roson=sandy
里面是username=password这样的格式,一行一个用户。
roles.properties
kabir=student
roson=teacher
里面是username=role1,role2,role3,即用户和该用户所属的所有角色。
这里附上log4j.properties 在jboss-EJB-3.0_Preview_5.zip里面没有这个老是显示缺少appender。有了这个将在该目录下生成个record.log日志文件
log4j.properties
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=record.log
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%p %d{hh:mm:ss} %t %c{1} -%m%n
log4j.appender.R.MaxBackupIndex=1
log4j.appender.R.MaxFileSize=100KB
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%5p [%t] (%F:%L) -%m%n
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.rootLogger=stdout,R
运行:参考installing.html
Windows下
打开命令提示符cmd,到 jboss_home/bin
Run.bat –c all
用ant
先build后run 就行了。
讨论:
由于对jaas接触的不多,只能尽力说说自己的一些想法和改过的地方。