First thing to do is create three users in Glassfish:
asadmin create-file-user --groups myusergrp myuser1
asadmin create-file-user --groups myusergrp myuser2
asadmin create-file-user myadmin
We now created two users that have the group myusergrp and a myadmin user with no group.
After this we can create the secure bean:
/home/broersa/work/HelloApp/HelloSecurity/src/com/bekijkhet/Hello.java
[sourcecode language="java"]
package com.bekijkhet;
public interface Hello {
public String sayHellosuperuser();
public String sayHellousersuperuser();
public String sayHellouser();
public String sayHelloPermitAll();
public String sayHelloDenyAll();
}
[/sourcecode]
/home/broersa/work/HelloApp/HelloSecurity/src/com/bekijkhet/HelloBean.java
[sourcecode language="java"]
package com.bekijkhet;
import javax.ejb.Stateless;
import javax.ejb.Remote;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
@Stateless
@Remote(Hello.class)
public class HelloBean implements Hello {
@RolesAllowed("superuser")
public String sayHellosuperuser() {
return "sayHellosuperuser";
}
@RolesAllowed({"user","superuser"})
public String sayHellousersuperuser() {
return "sayHellousersuperuser";
}
@RolesAllowed("user")
public String sayHellouser() {
return "sayHellouser";
}
@PermitAll
public String sayHelloPermitAll() {
return "sayHelloPermitAll";
}
@DenyAll
public String sayHelloDenyAll() {
return "sayHelloDenyAll";
}
}
[/sourcecode]
Next we create the mapping wherein we map the application roles to the applicationserver users and groups./home/broersa/work/HelloApp/HelloSecurity/META-INF/sun-ejb-jar.xml
[sourcecode language="XML"]
and the buil.xml file/home/broersa/work/HelloApp/HelloSecurity/build.xml
[sourcecode language="java"]
simple example build file
build the ejb with:asant distdeploy:asadmin deploy dist/HelloSecurity.jar
Now we must create the client:
/home/broersa/work/HelloApp/HelloClient/src/com/bekijkhet/helloclient/HelloClient.java
[sourcecode language="java"]
package com.bekijkhet.helloclient;
import javax.naming.*;
import com.bekijkhet.Hello;
import com.sun.appserv.security.ProgrammaticLogin;
public class HelloClient {
public static void main(String[] args) {
try {
ProgrammaticLogin login = new ProgrammaticLogin();
login.login(args[0],args[1]);
System.out.println("1");
InitialContext ctx = new InitialContext();
System.out.println("2");
Hello n = (Hello)ctx.lookup("com.bekijkhet.Hello");
System.out.println("3");
try {
System.out.print("sayHellosuperuser: ");
System.out.println(n.sayHellosuperuser());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHellousersuperuser: ");
System.out.println(n.sayHellousersuperuser());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHellouser: ");
System.out.println(n.sayHellouser());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHelloPermitAll: ");
System.out.println(n.sayHelloPermitAll());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHelloDenyAll: ");
System.out.println(n.sayHelloDenyAll());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
}
catch (Exception x) {
System.out.println("Invalid Username Password");
}
}
}
[/sourcecode]
Compile the code:javac -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -d . HelloClient.java
Run the code with different users:
as myadmin which is in the superuser role:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myadmin myadmin
1
2
3
sayHellosuperuser: sayHellosuperuser
sayHellousersuperuser: sayHellousersuperuser
sayHellouser: No Permission
sayHelloPermitAll: sayHelloPermitAll
sayHelloDenyAll: No Permission
as myuser1 which is in the myusergrp which has the user role:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myuser1 myuser1
1
2
3
sayHellosuperuser: No Permission
sayHellousersuperuser: sayHellousersuperuser
sayHellouser: sayHellouser
sayHelloPermitAll: sayHelloPermitAll
sayHelloDenyAll: No Permission
as myuser2 which is also in the myusergrp which has the user role:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myuser2 myuser2
1
2
3
sayHellosuperuser: No Permission
sayHellousersuperuser: sayHellousersuperuser
sayHellouser: sayHellouser
sayHelloPermitAll: sayHelloPermitAll
sayHelloDenyAll: No Permission
When you call the client with an invalid username password combination you get an exception on the call to the Lookup of the bean. This is catched in the last catch in the client main method:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myuser1 myuser
1
2
Invalid Username Password
[...] view plaincopy to [...]
ReplyDeleteGreat post!
ReplyDeleteWhat is this -> build the ejb with:asant distdeploy:asadmin deploy dist/HelloSecurity.jar
ReplyDeleteWhen I run that command I get the following. "Target `distdeploy:asadmin' does not exist in this project."
How do I build the ejb? Thanks!
Oggie:
ReplyDeleteyou run:
asant dist
and
asadmin deploy dist/HelloSecurity.jar
Somehow wordpress (or i) won't do the cr/lf in a correct way.. Sorry..
zhengjx20160603
ReplyDeletenike blazers uk
louis vuitton handbags
louis vuitton
lebron 12
coach factory outlet
michael kors outlet
michael kors outlet clearance
coach factory outlet online
cheap oakley sunglasses
cheap toms shoes
louis vuitton outlet
tory burch shoes
louis vuitton outlet stores
toms outlet
polo ralph lauren outlet
cheap ray ban sunglasses
ray ban sunglasses
christian louboutin outlet
timberlands
jordan 6s
ralph lauren
coach outlet canada
kate spade handbags
oakley outlet
true religion outlet
gucci outlet online
true religion jeans
adidas superstar
louis vuitton purses
ralph lauren
replica rolex watches
michael kors handbags
ralph lauren outlet
longchamp le pliage
ralph lauren outlet
coach outlet clearance
coach outlet online
kate spade
vans sneakers
polo ralph lauren
mlb jerseys
ReplyDeletelongchamp outlet
coach outlet online
lululemon outlet
michael kors outlet online
louis vuitton outlet store
ralph lauren uk
christian louboutin uk
michael kors wholesale
louis vuitton outlet stores
nike roshe run
louis vuitton bags
cheap oakley sunglasses
soccer jerseys wholesale
oakley sunglasses
celine outlet online
michael kors outlet store
true religion jeans
air force 1 shoes
louis vuitton outlet online
lululemon outlet
tory burch outlet
oakley sunglasses
burberry outlet
ferragamo shoes
michael kors outlet
ferragamo outlet
air max 90
michael kors uk outlet
cartier outlet store
christian louboutin uk
fitflops sale
oakley sunglasses wholesale
louboutin pas cher
louis vuitton neverfull sale
16.6.4qqqqqing