First thing to do is create three users in Glassfish:
asadmin create-file-user --groups myusergrp myuser1
asadmin create-file-user --groups myusergrp myuser2
asadmin create-file-user myadmin
We now created two users that have the group myusergrp and a myadmin user with no group.
After this we can create the secure bean:
/home/broersa/work/HelloApp/HelloSecurity/src/com/bekijkhet/Hello.java
[sourcecode language="java"]
package com.bekijkhet;
public interface Hello {
public String sayHellosuperuser();
public String sayHellousersuperuser();
public String sayHellouser();
public String sayHelloPermitAll();
public String sayHelloDenyAll();
}
[/sourcecode]
/home/broersa/work/HelloApp/HelloSecurity/src/com/bekijkhet/HelloBean.java
[sourcecode language="java"]
package com.bekijkhet;
import javax.ejb.Stateless;
import javax.ejb.Remote;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
@Stateless
@Remote(Hello.class)
public class HelloBean implements Hello {
@RolesAllowed("superuser")
public String sayHellosuperuser() {
return "sayHellosuperuser";
}
@RolesAllowed({"user","superuser"})
public String sayHellousersuperuser() {
return "sayHellousersuperuser";
}
@RolesAllowed("user")
public String sayHellouser() {
return "sayHellouser";
}
@PermitAll
public String sayHelloPermitAll() {
return "sayHelloPermitAll";
}
@DenyAll
public String sayHelloDenyAll() {
return "sayHelloDenyAll";
}
}
[/sourcecode]
Next we create the mapping wherein we map the application roles to the applicationserver users and groups./home/broersa/work/HelloApp/HelloSecurity/META-INF/sun-ejb-jar.xml
[sourcecode language="XML"]
and the buil.xml file/home/broersa/work/HelloApp/HelloSecurity/build.xml
[sourcecode language="java"]
simple example build file
build the ejb with:asant distdeploy:asadmin deploy dist/HelloSecurity.jar
Now we must create the client:
/home/broersa/work/HelloApp/HelloClient/src/com/bekijkhet/helloclient/HelloClient.java
[sourcecode language="java"]
package com.bekijkhet.helloclient;
import javax.naming.*;
import com.bekijkhet.Hello;
import com.sun.appserv.security.ProgrammaticLogin;
public class HelloClient {
public static void main(String[] args) {
try {
ProgrammaticLogin login = new ProgrammaticLogin();
login.login(args[0],args[1]);
System.out.println("1");
InitialContext ctx = new InitialContext();
System.out.println("2");
Hello n = (Hello)ctx.lookup("com.bekijkhet.Hello");
System.out.println("3");
try {
System.out.print("sayHellosuperuser: ");
System.out.println(n.sayHellosuperuser());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHellousersuperuser: ");
System.out.println(n.sayHellousersuperuser());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHellouser: ");
System.out.println(n.sayHellouser());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHelloPermitAll: ");
System.out.println(n.sayHelloPermitAll());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
try {
System.out.print("sayHelloDenyAll: ");
System.out.println(n.sayHelloDenyAll());
} catch (javax.ejb.EJBException t) { System.out.println("No Permission"); }
}
catch (Exception x) {
System.out.println("Invalid Username Password");
}
}
}
[/sourcecode]
Compile the code:javac -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -d . HelloClient.java
Run the code with different users:
as myadmin which is in the superuser role:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myadmin myadmin
1
2
3
sayHellosuperuser: sayHellosuperuser
sayHellousersuperuser: sayHellousersuperuser
sayHellouser: No Permission
sayHelloPermitAll: sayHelloPermitAll
sayHelloDenyAll: No Permission
as myuser1 which is in the myusergrp which has the user role:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myuser1 myuser1
1
2
3
sayHellosuperuser: No Permission
sayHellousersuperuser: sayHellousersuperuser
sayHellouser: sayHellouser
sayHelloPermitAll: sayHelloPermitAll
sayHelloDenyAll: No Permission
as myuser2 which is also in the myusergrp which has the user role:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myuser2 myuser2
1
2
3
sayHellosuperuser: No Permission
sayHellousersuperuser: sayHellousersuperuser
sayHellouser: sayHellouser
sayHelloPermitAll: sayHelloPermitAll
sayHelloDenyAll: No Permission
When you call the client with an invalid username password combination you get an exception on the call to the Lookup of the bean. This is catched in the last catch in the client main method:
java -cp $GLASSFISH_HOME/lib/appserv-rt.jar:$GLASSFISH_HOME/lib/appserv-admin.jar:$GLASSFISH_HOME/lib/javaee.jar:$HOME/work/HelloApp/HelloSecurity/dist/HelloSecurity.jar:. -Djava.security.auth.login.config=$GLASSFISH_HOME/lib/appclient/appclientlogin.conf com.bekijkhet.helloclient.HelloClient myuser1 myuser
1
2
Invalid Username Password