The JNDI name is jdbc/mysql
Start Glassfish, go to Admin Console, http://localhost:4848
Configurations -> server-config -> Security -> Realms
Click on 'New' button
Name: jdbcRealm
Class Name: Select com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
JAAS Context: jdbcRealm
JNDI: jdbc/mysql
User Table: T_USER
User Name Column: username
Password Column: password
Group Table: T_GROUP
Group Name Column: groupname
Digest Algorithm: none
In the MySQL data source, create two tables: T_USER and T_GROUP
CREATE TABLE T_USER ( `username` VARCHAR(30) NOT NULL, `password` VARCHAR(30) NOT NULL, PRIMARY KEY (`username`) ) CREATE TABLE T_GROUP ( `username` VARCHAR(30) NOT NULL, `groupname` VARCHAR(30) NOT NULL, PRIMARY KEY (`username`) )
Insert data
insert into T_USER values (‘sun’, ‘123’); insert into T_USER values (‘ming’, ‘456’); insert into T_GROUP values (‘sun’, ‘adminGroup’); insert into T_GROUP values (‘ming’, ‘userGroup’);
Create a stateless session bean
@Stateless(name="securityManager")
@Local(SecurityManager.class)
public class SecurityManagerBean implements SecurityManager {
@Resource
private EJBContext context;
@RolesAllowed({"admin"})
public void save() {
System.out.println("User: "
+context.getCallerPrincipal().getName());
System.out.println("Save");
}
}
Create a servlet
public class SecurityServlet extends HttpServlet {
@EJB(beanName="securityManager")
private SecurityManager securityManager;
@Override
protected void doGet(HttpServletRequest req,
HttpServletResponse resp)
throws ServletException, IOException {
securityManager.save();
}
}
Edit web.xml under WEB-INF
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <security-role> <role-name>user</role-name> </security-role> <security-role> <role-name>admin</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>all resources</web-resource-name> <url-pattern>/se</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>HEAD</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>jdbcRealm</realm-name> </login-config> <servlet> <servlet-name>se</servlet-name> <servlet-class>web.SecurityServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>se</servlet-name> <url-pattern>/se</url-pattern> </servlet-mapping> </web-app>
Note: The value of <realm-name> (jdbcRealm) must match the Name field in Admin Console.
Edit sun-web.xml under WEB-INF
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd"> <sun-web-app> <security-role-mapping> <role-name>user</role-name> <group-name>userGroup</group-name> </security-role-mapping> <security-role-mapping> <role-name>admin</role-name> <group-name>adminGroup</group-name> </security-role-mapping> </sun-web-app>
Note: The value of <role-name> must match the value of <role-name> under <security-role> in web.xml. The value of <group-name> must match the value of groupname column in T_GROUP table.
Test the servlet
http://localhost:8080/security-web/se
The console prints
User: sun
Saved
Close and open the browser again, login with the user 'ming'
The console prints
javax.ejb.EJBAccessException
Then try to login with an nonexistent user
The console prints
java.lang.SecurityException
No comments:
Post a Comment