Java/EJB3/Security — различия между версиями
Admin (обсуждение | вклад) м (1 версия) |
|
(нет различий)
|
Текущая версия на 06:50, 1 июня 2010
Содержание
EJB Tutorial from JBoss: ejb security
File: Calculator.java
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.tutorial.security.bean;
public interface Calculator
{
int add(int x, int y);
int subtract(int x, int y);
int divide(int x, int y);
}
File: CalculatorBean.java
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.tutorial.security.bean;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import org.jboss.annotation.security.SecurityDomain;
import org.jboss.annotation.security.SecurityDomain;
@Stateless
@SecurityDomain("other")
@Remote(Calculator.class)
public class CalculatorBean implements Calculator
{
@PermitAll
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public int add(int x, int y)
{
return x + y;
}
@RolesAllowed({"student"})
public int subtract(int x, int y)
{
return x - y;
}
@RolesAllowed({"teacher"})
public int divide(int x, int y)
{
return x / y;
}
}
File: Client.java
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.tutorial.security.client;
import java.util.Properties;
import javax.ejb.EJBAccessException;
import javax.naming.Context;
import javax.naming.InitialContext;
import org.jboss.tutorial.security.bean.Calculator;
/**
* @version $Revision: 57207 $
*/
public class Client
{
public static void main(String[] args) throws Exception
{
// Establish the proxy with an incorrect security identity
Properties env = new Properties();
env.setProperty(Context.SECURITY_PRINCIPAL, "kabir");
env.setProperty(Context.SECURITY_CREDENTIALS, "invalidpassword");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
InitialContext ctx = new InitialContext(env);
Calculator calculator = (Calculator) ctx.lookup("CalculatorBean/remote");
System.out.println("Kabir is a student.");
System.out.println("Kabir types in the wrong password");
try
{
System.out.println("1 + 1 = " + calculator.add(1, 1));
}
catch (EJBAccessException ex)
{
System.out.println("Saw expected SecurityException: " + ex.getMessage());
}
System.out.println("Kabir types in correct password.");
System.out.println("Kabir does unchecked addition.");
// Re-establish the proxy with the correct security identity
env.setProperty(Context.SECURITY_CREDENTIALS, "validpassword");
ctx = new InitialContext(env);
calculator = (Calculator) ctx.lookup("CalculatorBean/remote");
System.out.println("1 + 1 = " + calculator.add(1, 1));
System.out.println("Kabir is not a teacher so he cannot do division");
try
{
calculator.divide(16, 4);
}
catch (javax.ejb.EJBAccessException ex)
{
System.out.println(ex.getMessage());
}
System.out.println("Students are allowed to do subtraction");
System.out.println("1 - 1 = " + calculator.subtract(1, 1));
}
}
File: users.properties
kabir=validpassword
EJB Tutorial from JBoss: entity security
File: AllEntity.java
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.tutorial.entity.security.bean;
import java.io.Serializable;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@Entity
public class AllEntity implements Serializable
{
@Id @GeneratedValue(strategy=GenerationType.AUTO)
public int id;
public String val;
}
File: SomeEntity.java
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.tutorial.entity.security.bean;
import java.io.Serializable;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@Entity
public class SomeEntity implements Serializable
{
@Id @GeneratedValue(strategy=GenerationType.AUTO)
public int id;
public String val;
}
File: StarEntity.java
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.tutorial.entity.security.bean;
import java.io.Serializable;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@Entity
public class StarEntity implements Serializable
{
@Id @GeneratedValue(strategy=GenerationType.AUTO)
public int id;
public String val;
}
File: Stateless.java
/*
* JBoss, Home of Professional Open Source.
* Copyright 2006, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.tutorial.entity.security.bean;
import org.jboss.tutorial.entity.security.bean.AllEntity;
import org.jboss.tutorial.entity.security.bean.SomeEntity;
import org.jboss.tutorial.entity.security.bean.StarEntity;
/**
*
* @author
== EJB Tutorial from JBoss: ssl service ==
<!-- start source code -->
<source lang="java">
File: ssl-service.xml
<?xml version="1.0" encoding="UTF-8"?>
<server>
<!-- The server socket factory mbean to be used as attribute to socket invoker -->
<!-- which uses the JaasSecurityDomain -->
<mbean code="org.jboss.remoting.security.domain.DomainServerSocketFactoryService"
name="jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced"
display-name="SecurityDomain Server Socket Factory">
<attribute name="SecurityDomain">java:/jaas/SSLAdvanced</attribute>
<depends>jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced</depends>
</mbean>
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=JaasSecurityDomain,domain=SSLAdvanced">
<!-- This must correlate with the java:/jaas/SSL above -->
<constructor>
<arg type="java.lang.String" value="SSLAdvanced"/>
</constructor>
<!-- The location of the keystore
resource: loads from the classloaders conf/ is the first classloader -->
<attribute name="KeyStoreURL">localhost.keystore</attribute>
<attribute name="KeyStorePass">opensource</attribute>
</mbean>
<!-- The Connector is the core component of the remoting server service. -->
<!-- It binds the remoting invoker (transport protocol, callback configuration, -->
<!-- data marshalling, etc.) with the invocation handlers. -->
<mbean code="org.jboss.remoting.transport.Connector"
xmbean-dd="org/jboss/remoting/transport/Connector.xml"
name="jboss.remoting:type=Connector,transport=socket3843,handler=ejb3">
display-name="Socket transport Connector">
<attribute name="Configuration">
<config>
<invoker transport="sslsocket">
<attribute name="dataType" isParam="true">invocation</attribute>
<attribute name="marshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>
<attribute name="unmarshaller" isParam="true">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>
<!-- The following is for setting the server socket factory. If want ssl support -->
<!-- use a server socket factory that supports ssl. The only requirement is that -->
<!-- the server socket factory value must be an ObjectName, meaning the -->
<!-- server socket factory implementation must be a MBean and also -->
<!-- MUST implement the org.jboss.remoting.security.ServerSocketFactoryMBean interface. -->
<attribute name="serverSocketFactory">jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</attribute>
<attribute name="serverBindAddress">${jboss.bind.address}</attribute>
<attribute name="serverBindPort">3843</attribute>
</invoker>
<handlers>
<handler subsystem="AOP">org.jboss.aspects.remoting.AOPRemotingInvocationHandler</handler>
</handlers>
</config>
</attribute>
<depends>jboss.remoting:service=ServerSocketFactory,type=SecurityDomainAdvanced</depends>
<depends>jboss.aop:service=AspectDeployer</depends>
</mbean>
</server>
security stateless ear
Setup security-domain For JBoss
File: Employee.java
import javax.persistence.Entity;
import javax.persistence.EntityListeners;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.PostRemove;
@Entity
public class Employee implements java.io.Serializable {
private int id;
private String firstName;
private String lastName;
@Id
@GeneratedValue
public int getId() {
return id;
}
@PostRemove
public void postRemove()
{
System.out.println("@PostRemove");
}
public void setId(int id) {
this.id = id;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String first) {
this.firstName = first;
}
public String getLastName() {
return lastName;
}
public void setLastName(String last) {
this.lastName = last;
}
}
File: EmployeeService.java
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateful;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.jboss.annotation.security.SecurityDomain;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
@Stateful
@SecurityDomain("EmployeeServiceDB")
@RolesAllowed("AUTHORIZED_MERCHANT")
public class EmployeeService implements EmployeeServiceLocal, EmployeeServiceRemote {
@PersistenceContext(unitName="EmployeeService")
private EntityManager entityManager;
public EmployeeService() {
}
@PermitAll
//@RolesAllowed("CHECK_FRAUD_ENABLED")
public void doAction() throws Exception {
Employee emp = new Employee();
emp.setId(1);
entityManager.merge(emp);
}
}
File: EmployeeServiceLocal.java
import java.util.Collection;
import javax.ejb.Local;
@Local
public interface EmployeeServiceLocal {
public void doAction() throws Exception;
}
File: EmployeeServiceRemote.java
import java.util.Collection;
import javax.ejb.Remote;
@Remote
public interface EmployeeServiceRemote{
public void doAction() throws Exception;
}
File: jndi.properties
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
java.naming.provider.url=localhost:1099
File: Main.java
import java.util.Date;
import javax.naming.InitialContext;
public class Main {
public static void main(String[] a) throws Exception {
EmployeeServiceRemote service = null;
// Context compEnv = (Context) new InitialContext().lookup("java:comp/env");
// service = (HelloService)new InitialContext().lookup("java:comp/env/ejb/HelloService");
service = (EmployeeServiceRemote) new InitialContext().lookup("EmployeeService/remote");
service.doAction();
}
}
File: roles.properties
user1=AUTHORIZED_MERCHANT
user2=UNAUTHORIZED_MERCHANT
File: users.properties
user1=password
user2=password
ssl jaxws
User Properties And Role Properties
File: Employee.java
import javax.persistence.Entity;
import javax.persistence.EntityListeners;
import javax.persistence.GeneratedValue;
import javax.persistence.Id;
import javax.persistence.PostRemove;
@Entity
public class Employee implements java.io.Serializable {
private int id;
private String firstName;
private String lastName;
@Id
@GeneratedValue
public int getId() {
return id;
}
@PostRemove
public void postRemove()
{
System.out.println("@PostRemove");
}
public void setId(int id) {
this.id = id;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String first) {
this.firstName = first;
}
public String getLastName() {
return lastName;
}
public void setLastName(String last) {
this.lastName = last;
}
}
File: EmployeeService.java
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateful;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.jboss.annotation.security.SecurityDomain;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
@Stateful
@SecurityDomain("EmployeeServiceDB")
@RolesAllowed("AUTHORIZED_MERCHANT")
public class EmployeeService implements EmployeeServiceLocal, EmployeeServiceRemote {
@PersistenceContext(unitName="EmployeeService")
private EntityManager entityManager;
public EmployeeService() {
}
@PermitAll
//@RolesAllowed("CHECK_FRAUD_ENABLED")
public void doAction() throws Exception {
Employee emp = new Employee();
emp.setId(1);
entityManager.merge(emp);
}
}
File: EmployeeServiceLocal.java
import java.util.Collection;
import javax.ejb.Local;
@Local
public interface EmployeeServiceLocal {
public void doAction() throws Exception;
}
File: EmployeeServiceRemote.java
import java.util.Collection;
import javax.ejb.Remote;
@Remote
public interface EmployeeServiceRemote{
public void doAction() throws Exception;
}
File: jndi.properties
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
java.naming.provider.url=localhost:1099
File: Main.java
import java.util.Date;
import javax.naming.InitialContext;
public class Main {
public static void main(String[] a) throws Exception {
EmployeeServiceRemote service = null;
// Context compEnv = (Context) new InitialContext().lookup("java:comp/env");
// service = (HelloService)new InitialContext().lookup("java:comp/env/ejb/HelloService");
service = (EmployeeServiceRemote) new InitialContext().lookup("EmployeeService/remote");
service.doAction();
}
}
File: roles.properties
user1=AUTHORIZED_MERCHANT
user2=UNAUTHORIZED_MERCHANT
File: users.properties
user1=password
user2=password