Java/EJB3/Security
Содержание
EJB Tutorial from JBoss: ejb security
<source lang="java">
File: Calculator.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.security.bean;
public interface Calculator {
int add(int x, int y); int subtract(int x, int y); int divide(int x, int y);
}
File: CalculatorBean.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.security.bean; import javax.annotation.security.RolesAllowed; import javax.ejb.Stateless; import javax.ejb.TransactionAttribute; import javax.ejb.TransactionAttributeType; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; import javax.ejb.Remote; import org.jboss.annotation.security.SecurityDomain; import org.jboss.annotation.security.SecurityDomain; @Stateless @SecurityDomain("other") @Remote(Calculator.class) public class CalculatorBean implements Calculator {
@PermitAll
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public int add(int x, int y)
{
return x + y;
}
@RolesAllowed({"student"})
public int subtract(int x, int y)
{
return x - y;
}
@RolesAllowed({"teacher"})
public int divide(int x, int y)
{
return x / y;
}
}
File: Client.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.security.client; import java.util.Properties; import javax.ejb.EJBAccessException; import javax.naming.Context; import javax.naming.InitialContext; import org.jboss.tutorial.security.bean.Calculator; /**
* @version $Revision: 57207 $ */
public class Client {
public static void main(String[] args) throws Exception
{
// Establish the proxy with an incorrect security identity
Properties env = new Properties();
env.setProperty(Context.SECURITY_PRINCIPAL, "kabir");
env.setProperty(Context.SECURITY_CREDENTIALS, "invalidpassword");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
InitialContext ctx = new InitialContext(env);
Calculator calculator = (Calculator) ctx.lookup("CalculatorBean/remote");
System.out.println("Kabir is a student.");
System.out.println("Kabir types in the wrong password");
try
{
System.out.println("1 + 1 = " + calculator.add(1, 1));
}
catch (EJBAccessException ex)
{
System.out.println("Saw expected SecurityException: " + ex.getMessage());
}
System.out.println("Kabir types in correct password.");
System.out.println("Kabir does unchecked addition.");
// Re-establish the proxy with the correct security identity
env.setProperty(Context.SECURITY_CREDENTIALS, "validpassword");
ctx = new InitialContext(env);
calculator = (Calculator) ctx.lookup("CalculatorBean/remote");
System.out.println("1 + 1 = " + calculator.add(1, 1));
System.out.println("Kabir is not a teacher so he cannot do division");
try
{
calculator.divide(16, 4);
}
catch (javax.ejb.EJBAccessException ex)
{
System.out.println(ex.getMessage());
}
System.out.println("Students are allowed to do subtraction");
System.out.println("1 - 1 = " + calculator.subtract(1, 1));
}
} File: users.properties kabir=validpassword
</source>
EJB Tutorial from JBoss: entity security
<source lang="java">
File: AllEntity.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import java.io.Serializable; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @Entity public class AllEntity implements Serializable {
@Id @GeneratedValue(strategy=GenerationType.AUTO) public int id; public String val;
}
File: SomeEntity.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import java.io.Serializable; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @Entity public class SomeEntity implements Serializable {
@Id @GeneratedValue(strategy=GenerationType.AUTO) public int id; public String val;
}
File: StarEntity.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import java.io.Serializable; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @Entity public class StarEntity implements Serializable {
@Id @GeneratedValue(strategy=GenerationType.AUTO) public int id; public String val;
}
File: Stateless.java /*
* JBoss, Home of Professional Open Source. * Copyright 2006, Red Hat Middleware LLC, and individual contributors * as indicated by the @author tags. See the copyright.txt file in the * distribution for a full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */
package org.jboss.tutorial.entity.security.bean; import org.jboss.tutorial.entity.security.bean.AllEntity; import org.jboss.tutorial.entity.security.bean.SomeEntity; import org.jboss.tutorial.entity.security.bean.StarEntity; /**
* * @author
EJB Tutorial from JBoss: ssl service
<source lang="java">
File: ssl-service.xml <?xml version="1.0" encoding="UTF-8"?> <server>
<mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced"
display-name="SecurityDomain Server Socket Factory">
<attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
<depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends>
</mbean>
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced">
<constructor>
<arg type="java.lang.String" value="SSLAdvanced"/>
</constructor>
<attribute name="KeyStoreURL">localhost.keystore</attribute>
<attribute name="KeyStorePass">opensource</attribute>
</mbean>
<mbean code="org.jboss.remoting.transport.Connector"
xmbean-dd="org/jboss/remoting/transport/Connector.xml"
name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
display-name="Socket transport Connector">
<attribute name="Configuration">
<config>
<invoker transport="sslsocket">
<attribute name="dataType" isParam="true">invocation</attribute>
<attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
<attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
<attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute>
<attribute name="serverBindAddress">${jboss.bind.address}</attribute>
<attribute name="serverBindPort">3843</attribute>
</invoker>
<handlers>
<handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
</handlers>
</config>
</attribute>
<depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends>
<depends>jboss.aop:service=AspectDeployer</depends>
</mbean>
</server>
</source>
security stateless ear
Setup security-domain For JBoss
<source lang="java">
File: Employee.java import javax.persistence.Entity; import javax.persistence.EntityListeners; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.PostRemove; @Entity public class Employee implements java.io.Serializable {
private int id;
private String firstName;
private String lastName;
@Id
@GeneratedValue
public int getId() {
return id;
}
@PostRemove
public void postRemove()
{
System.out.println("@PostRemove");
}
public void setId(int id) {
this.id = id;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String first) {
this.firstName = first;
}
public String getLastName() {
return lastName;
}
public void setLastName(String last) {
this.lastName = last;
}
}
File: EmployeeService.java
import javax.annotation.security.RolesAllowed; import javax.ejb.Stateful; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import org.jboss.annotation.security.SecurityDomain; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; @Stateful @SecurityDomain("EmployeeServiceDB") @RolesAllowed("AUTHORIZED_MERCHANT") public class EmployeeService implements EmployeeServiceLocal, EmployeeServiceRemote {
@PersistenceContext(unitName="EmployeeService")
private EntityManager entityManager;
public EmployeeService() {
}
@PermitAll
//@RolesAllowed("CHECK_FRAUD_ENABLED")
public void doAction() throws Exception {
Employee emp = new Employee();
emp.setId(1);
entityManager.merge(emp);
}
}
File: EmployeeServiceLocal.java
import java.util.Collection; import javax.ejb.Local; @Local public interface EmployeeServiceLocal {
public void doAction() throws Exception;
}
File: EmployeeServiceRemote.java
import java.util.Collection;
import javax.ejb.Remote;
@Remote
public interface EmployeeServiceRemote{
public void doAction() throws Exception;
}
File: jndi.properties java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces java.naming.provider.url=localhost:1099
File: Main.java import java.util.Date; import javax.naming.InitialContext;
public class Main {
public static void main(String[] a) throws Exception {
EmployeeServiceRemote service = null;
// Context compEnv = (Context) new InitialContext().lookup("java:comp/env");
// service = (HelloService)new InitialContext().lookup("java:comp/env/ejb/HelloService");
service = (EmployeeServiceRemote) new InitialContext().lookup("EmployeeService/remote");
service.doAction(); }
}
File: roles.properties user1=AUTHORIZED_MERCHANT user2=UNAUTHORIZED_MERCHANT
File: users.properties user1=password user2=password
</source>
ssl jaxws
User Properties And Role Properties
<source lang="java">
File: Employee.java import javax.persistence.Entity; import javax.persistence.EntityListeners; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.PostRemove; @Entity public class Employee implements java.io.Serializable {
private int id;
private String firstName;
private String lastName;
@Id
@GeneratedValue
public int getId() {
return id;
}
@PostRemove
public void postRemove()
{
System.out.println("@PostRemove");
}
public void setId(int id) {
this.id = id;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String first) {
this.firstName = first;
}
public String getLastName() {
return lastName;
}
public void setLastName(String last) {
this.lastName = last;
}
}
File: EmployeeService.java
import javax.annotation.security.RolesAllowed; import javax.ejb.Stateful; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import org.jboss.annotation.security.SecurityDomain; import javax.annotation.security.PermitAll; import javax.annotation.security.RolesAllowed; @Stateful @SecurityDomain("EmployeeServiceDB") @RolesAllowed("AUTHORIZED_MERCHANT") public class EmployeeService implements EmployeeServiceLocal, EmployeeServiceRemote {
@PersistenceContext(unitName="EmployeeService")
private EntityManager entityManager;
public EmployeeService() {
}
@PermitAll
//@RolesAllowed("CHECK_FRAUD_ENABLED")
public void doAction() throws Exception {
Employee emp = new Employee();
emp.setId(1);
entityManager.merge(emp);
}
}
File: EmployeeServiceLocal.java
import java.util.Collection; import javax.ejb.Local; @Local public interface EmployeeServiceLocal {
public void doAction() throws Exception;
}
File: EmployeeServiceRemote.java
import java.util.Collection;
import javax.ejb.Remote;
@Remote
public interface EmployeeServiceRemote{
public void doAction() throws Exception;
}
File: jndi.properties java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces java.naming.provider.url=localhost:1099
File: Main.java import java.util.Date; import javax.naming.InitialContext;
public class Main {
public static void main(String[] a) throws Exception {
EmployeeServiceRemote service = null;
// Context compEnv = (Context) new InitialContext().lookup("java:comp/env");
// service = (HelloService)new InitialContext().lookup("java:comp/env/ejb/HelloService");
service = (EmployeeServiceRemote) new InitialContext().lookup("EmployeeService/remote");
service.doAction(); }
}
File: roles.properties user1=AUTHORIZED_MERCHANT user2=UNAUTHORIZED_MERCHANT
File: users.properties user1=password user2=password
</source>
