Java/EJB3/Security
Содержание
EJB Tutorial from JBoss: ejb security
<source lang="java">
File: Calculator.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.security.bean;
public interface Calculator {
int add(int x, int y); int subtract(int x, int y); int divide(int x, int y);
}
File: CalculatorBean.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.security.bean; import javax.annotation.security.RolesAllowed; import javax.ejb.Stateless; import javax.ejb.TransactionAttribute; import javax.ejb.TransactionAttributeType; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.ejb.Remote; import org.jboss.annotation.security.SecurityDomain; import org.jboss.annotation.security.SecurityDomain; @Stateless @SecurityDomain("other") @Remote(Calculator.class) public class CalculatorBean implements Calculator {
@PermitAll @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW) public int add(int x, int y) { return x + y; } @RolesAllowed({"student"}) public int subtract(int x, int y) { return x - y; } @RolesAllowed({"teacher"}) public int divide(int x, int y) { return x / y; }
}
File: Client.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.security.client; import java.util.Properties; import javax.ejb.EJBAccessException; import javax.naming.Context; import javax.naming.InitialContext; import org.jboss.tutorial.security.bean.Calculator; /**
* @version $Revision: 57207 $ */
public class Client {
public static void main(String[] args) throws Exception { // Establish the proxy with an incorrect security identity Properties env = new Properties(); env.setProperty(Context.SECURITY_PRINCIPAL, "kabir"); env.setProperty(Context.SECURITY_CREDENTIALS, "invalidpassword"); env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory"); InitialContext ctx = new InitialContext(env); Calculator calculator = (Calculator) ctx.lookup("CalculatorBean/remote"); System.out.println("Kabir is a student."); System.out.println("Kabir types in the wrong password"); try { System.out.println("1 + 1 = " + calculator.add(1, 1)); } catch (EJBAccessException ex) { System.out.println("Saw expected SecurityException: " + ex.getMessage()); } System.out.println("Kabir types in correct password."); System.out.println("Kabir does unchecked addition."); // Re-establish the proxy with the correct security identity env.setProperty(Context.SECURITY_CREDENTIALS, "validpassword"); ctx = new InitialContext(env); calculator = (Calculator) ctx.lookup("CalculatorBean/remote"); System.out.println("1 + 1 = " + calculator.add(1, 1)); System.out.println("Kabir is not a teacher so he cannot do division"); try { calculator.divide(16, 4); } catch (javax.ejb.EJBAccessException ex) { System.out.println(ex.getMessage()); } System.out.println("Students are allowed to do subtraction"); System.out.println("1 - 1 = " + calculator.subtract(1, 1)); }
} File: users.properties kabir=validpassword
</source>
EJB Tutorial from JBoss: entity security
<source lang="java">
File: AllEntity.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import java.io.Serializable; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @Entity public class AllEntity implements Serializable {
@Id @GeneratedValue(strategy=GenerationType.AUTO) public int id; public String val;
}
File: SomeEntity.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import java.io.Serializable; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @Entity public class SomeEntity implements Serializable {
@Id @GeneratedValue(strategy=GenerationType.AUTO) public int id; public String val;
}
File: StarEntity.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import java.io.Serializable; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @Entity public class StarEntity implements Serializable {
@Id @GeneratedValue(strategy=GenerationType.AUTO) public int id; public String val;
}
File: Stateless.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import org.jboss.tutorial.entity.security.bean.AllEntity; import org.jboss.tutorial.entity.security.bean.SomeEntity; import org.jboss.tutorial.entity.security.bean.StarEntity; /**
* * @author
EJB Tutorial from JBoss: ssl service
<source lang="java">
File: ssl-service.xml <?xml version="1.0" encoding="UTF-8"?> <server>
<mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService" name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced" display-name="SecurityDomain Server Socket Factory"> <attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute> <depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends> </mbean> <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced"> <constructor> <arg type="java.lang.String" value="SSLAdvanced"/> </constructor> <attribute name="KeyStoreURL">localhost.keystore</attribute> <attribute name="KeyStorePass">opensource</attribute> </mbean> <mbean code="org.jboss.remoting.transport.Connector" xmbean-dd="org/jboss/remoting/transport/Connector.xml" name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3"> display-name="Socket transport Connector"> <attribute name="Configuration"> <config> <invoker transport="sslsocket"> <attribute name="dataType" isParam="true">invocation</attribute> <attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute> <attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute> <attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute> <attribute name="serverBindAddress">${jboss.bind.address}</attribute> <attribute name="serverBindPort">3843</attribute> </invoker> <handlers> <handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler> </handlers> </config> </attribute> <depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends> <depends>jboss.aop:service=AspectDeployer</depends> </mbean>
</server>
</source>
security stateless ear
Setup security-domain For JBoss
<source lang="java">
File: Employee.java import javax.persistence.Entity; import javax.persistence.EntityListeners; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.PostRemove; @Entity public class Employee implements java.io.Serializable {
private int id; private String firstName; private String lastName; @Id @GeneratedValue public int getId() { return id; }
@PostRemove public void postRemove() { System.out.println("@PostRemove"); } public void setId(int id) { this.id = id; } public String getFirstName() { return firstName; } public void setFirstName(String first) { this.firstName = first; } public String getLastName() { return lastName; } public void setLastName(String last) { this.lastName = last; }
}
File: EmployeeService.java
import javax.annotation.security.RolesAllowed; import javax.ejb.Stateful; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import org.jboss.annotation.security.SecurityDomain; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; @Stateful @SecurityDomain("EmployeeServiceDB") @RolesAllowed("AUTHORIZED_MERCHANT") public class EmployeeService implements EmployeeServiceLocal, EmployeeServiceRemote {
@PersistenceContext(unitName="EmployeeService") private EntityManager entityManager; public EmployeeService() { } @PermitAll //@RolesAllowed("CHECK_FRAUD_ENABLED") public void doAction() throws Exception { Employee emp = new Employee(); emp.setId(1); entityManager.merge(emp); }
}
File: EmployeeServiceLocal.java
import java.util.Collection; import javax.ejb.Local; @Local public interface EmployeeServiceLocal {
public void doAction() throws Exception;
}
File: EmployeeServiceRemote.java
import java.util.Collection;
import javax.ejb.Remote;
@Remote
public interface EmployeeServiceRemote{
public void doAction() throws Exception;
}
File: jndi.properties java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces java.naming.provider.url=localhost:1099
File: Main.java import java.util.Date; import javax.naming.InitialContext;
public class Main {
public static void main(String[] a) throws Exception { EmployeeServiceRemote service = null; // Context compEnv = (Context) new InitialContext().lookup("java:comp/env"); // service = (HelloService)new InitialContext().lookup("java:comp/env/ejb/HelloService"); service = (EmployeeServiceRemote) new InitialContext().lookup("EmployeeService/remote");
service.doAction(); }
}
File: roles.properties user1=AUTHORIZED_MERCHANT user2=UNAUTHORIZED_MERCHANT
File: users.properties user1=password user2=password
</source>
ssl jaxws
User Properties And Role Properties
<source lang="java">
File: Employee.java import javax.persistence.Entity; import javax.persistence.EntityListeners; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.PostRemove; @Entity public class Employee implements java.io.Serializable {
private int id; private String firstName; private String lastName; @Id @GeneratedValue public int getId() { return id; }
@PostRemove public void postRemove() { System.out.println("@PostRemove"); } public void setId(int id) { this.id = id; } public String getFirstName() { return firstName; } public void setFirstName(String first) { this.firstName = first; } public String getLastName() { return lastName; } public void setLastName(String last) { this.lastName = last; }
}
File: EmployeeService.java
import javax.annotation.security.RolesAllowed; import javax.ejb.Stateful; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import org.jboss.annotation.security.SecurityDomain; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; @Stateful @SecurityDomain("EmployeeServiceDB") @RolesAllowed("AUTHORIZED_MERCHANT") public class EmployeeService implements EmployeeServiceLocal, EmployeeServiceRemote {
@PersistenceContext(unitName="EmployeeService") private EntityManager entityManager; public EmployeeService() { } @PermitAll //@RolesAllowed("CHECK_FRAUD_ENABLED") public void doAction() throws Exception { Employee emp = new Employee(); emp.setId(1); entityManager.merge(emp); }
}
File: EmployeeServiceLocal.java
import java.util.Collection; import javax.ejb.Local; @Local public interface EmployeeServiceLocal {
public void doAction() throws Exception;
}
File: EmployeeServiceRemote.java
import java.util.Collection;
import javax.ejb.Remote;
@Remote
public interface EmployeeServiceRemote{
public void doAction() throws Exception;
}
File: jndi.properties java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces java.naming.provider.url=localhost:1099
File: Main.java import java.util.Date; import javax.naming.InitialContext;
public class Main {
public static void main(String[] a) throws Exception { EmployeeServiceRemote service = null; // Context compEnv = (Context) new InitialContext().lookup("java:comp/env"); // service = (HelloService)new InitialContext().lookup("java:comp/env/ejb/HelloService"); service = (EmployeeServiceRemote) new InitialContext().lookup("EmployeeService/remote");
service.doAction(); }
}
File: roles.properties user1=AUTHORIZED_MERCHANT user2=UNAUTHORIZED_MERCHANT
File: users.properties user1=password user2=password
</source>