Jboss EJB3.0 security

80酷酷网    80kuku.com






 


Calculator.java



package org.jboss.tutorial.security.bean;




 


import javax.ejb.Remote;




 


Remote



public interface Calculator



{



   int add(int x, int y);



   int subtract(int x, int y);



   int divide(int x, int y);



}




 



 



 


CalculatorBean.java



package org.jboss.tutorial.security.bean;




 


import org.jboss.ejb3.security.SecurityDomain;




 


import javax.ejb.MethodPermissions;



import javax.ejb.Stateless;



import javax.ejb.TransactionAttribute;



import javax.ejb.TransactionAttributeType;



import javax.ejb.Unchecked;




 


Stateless



SecurityDomain("other")



public class CalculatorBean implements Calculator



{



   Unchecked    //it's ok to delete this line,it means to use this method without checked



   TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)



   public int add(int x, int y)



   {



      return x + y;



   }




 


   MethodPermissions({"student","teacher"})   //note that we can more role here



   public int subtract(int x, int y)



   {



      return x - y;



   }




 


   MethodPermissions({"teacher"})



   public int divide(int x, int y)



   {



      return x / y;



   }



}




 


这里substract方法定义了访问对象:student和teacher ; divide 方法定义了访问对象为: teacher .可以看role.properties,当然也可以加入些自定义对象。




 



 



 


Client.java



package org.jboss.tutorial.security.client;




 


import org.jboss.security.SecurityAssociation;



import org.jboss.security.SimplePrincipal;



import org.jboss.tutorial.security.bean.Calculator;




 


import javax.naming.InitialContext;




 


public class Client



{



   public static void main(String[] args) throws Exception



   {



      InitialContext ctx = new InitialContext();



      Calculator calculator = (Calculator) ctx.lookup(Calculator.class.getName());




 


      System.out.println("Everybody can add");



      System.out.println("1 + 1 = " + calculator.add(1, 1));




 


      System.out.println("Change role:Kabir is a student");



      SecurityAssociation.setPrincipal(new SimplePrincipal("kabir"));



      SecurityAssociation.setCredential("validpassword".toCharArray());



      System.out.println("Students are allowed to do subtraction but division");



      System.out.println("1 - 1 = " + calculator.subtract(1, 1));



      try



      {



          System.out.println("16/4="+calculator.divide(16, 4));



      }



      catch (SecurityException ex)



      {



         System.out.println("Kabir try to do division:"+ex.getMessage());



      }



     



      System.out.println("Change role:roson is a teacher");



      SecurityAssociation.setPrincipal(new SimplePrincipal("roson"));



      SecurityAssociation.setCredential("sandy".toCharArray());



      System.out.println("Teacher are allowed do substraction and division");



      System.out.println("2 - 1 = " + calculator.subtract(2, 1));



      System.out.println("16/4 = "+calculator.divide(16, 4));    



   }



}




 


这里有两个人物分别为: kabir 是student 密码为 validpassword ; roson 是 teacher 密码为 sandy。



这两个人调用了减、除这两个方法程序将根据访问权限做相应的处理。




 



 


users.properties




 


kabir=validpassword



roson=sandy



里面是username=password这样的格式,一行一个用户。




 


roles.properties




 


kabir=student



roson=teacher



里面是username=role1,role2,role3,即用户和该用户所属的所有角色。




 



 


这里附上log4j.properties 在jboss-EJB-3.0_Preview_5.zip 里面没有这个老是显示缺少appender。有了这个将在该目录下生成个record.log日志文件




 



 


log4j.properties



log4j.appender.R=org.apache.log4j.RollingFileAppender



log4j.appender.R.File=record.log



log4j.appender.R.layout=org.apache.log4j.PatternLayout



log4j.appender.R.layout.ConversionPattern=%p  %d{hh:mm:ss} %t %c{1} -%m%n



log4j.appender.R.MaxBackupIndex=1



log4j.appender.R.MaxFileSize=100KB



log4j.appender.stdout.layout=org.apache.log4j.PatternLayout



log4j.appender.stdout.layout.ConversionPattern=%5p [%t] (%F:%L) -%m%n



log4j.appender.stdout=org.apache.log4j.ConsoleAppender



log4j.rootLogger=stdout,R




 



 



 


运行:参考installing.html



Windows下



打开命令提示符cmd,到  jboss_home/bin



 Run.bat –c all



用ant



先build后run 就行了。




 



 


讨论:



由于对jaas接触的不多,只能尽力说说自己的一些想法和改过的地方。




分享到
  • 微信分享
  • 新浪微博
  • QQ好友
  • QQ空间
点击: