IDC资讯中心
calculator.java
package org.jboss.tutorial.security.bean;
import javax.ejb.remote;
@remote
public interface calculator
{
int add(int x, int y);
int subtract(int x, int y);
int divide(int x, int y);
}
calculatorbean.java
package org.jboss.tutorial.security.bean;
import org.jboss.ejb3.security.securitydomain;
import javax.ejb.methodpermissions;
import javax.ejb.stateless;
import javax.ejb.transactionattribute;
import javax.ejb.transactionattributetype;
import javax.ejb.unchecked;
@stateless
@securitydomain("other")
public class calculatorbean implements calculator
{
@unchecked //its ok to delete this line,it means to use this method without checked
@transactionattribute(transactionattributetype.requires_new)
public int add(int x, int y)
{
return x + y;
}
@methodpermissions({"student","teacher"}) //note that we can more role here
public int subtract(int x, int y)
{
return x – y;
}
@methodpermissions({"teacher"})
public int divide(int x, int y)
{
return x / y;
}
}
这里substract方法定义了访问对象:student和teacher ; divide 方法定义了访问对象为: teacher .可以看role.properties,当然也可以加入些自定义对象。
client.java
package org.jboss.tutorial.security.client;
import org.jboss.security.securityassociation;
import org.jboss.security.simpleprincipal;
import org.jboss.tutorial.security.bean.calculator;
import javax.naming.initialcontext;
public class client
{
public static void main(string[] args) throws exception
{
initialcontext ctx = new initialcontext();
calculator calculator = (calculator) ctx.lookup(calculator.class.getname());
system.out.println("everybody can add");
system.out.println("1 + 1 = " + calculator.add(1, 1));
system.out.println("change role:kabir is a student");
securityassociation.setprincipal(new simpleprincipal("kabir"));
securityassociation.setcredential("validpassword".tochararray());
system.out.println("students are allowed to do subtraction but division");
system.out.println("1 – 1 = " + calculator.subtract(1, 1));
try
{
system.out.println("16/4="+calculator.divide(16, 4));
}
catch (securityexception ex)
{
system.out.println("kabir try to do division:"+ex.getmessage());
}
system.out.println("change role:roson is a teacher");
securityassociation.setprincipal(new simpleprincipal("roson"));
securityassociation.setcredential("sandy".tochararray());
system.out.println("teacher are allowed do substraction and division");
system.out.println("2 – 1 = " + calculator.subtract(2, 1));
system.out.println("16/4 = "+calculator.divide(16, 4));
}
}
这里有两个人物分别为: kabir 是student 密码为 validpassword ; roson 是 teacher 密码为 sandy。
这两个人调用了减、除这两个方法程序将根据访问权限做相应的处理。
users.properties
kabir=validpassword
roson=sandy
里面是username=password这样的格式,一行一个用户。
roles.properties
kabir=student
roson=teacher
里面是username=role1,role2,role3,即用户和该用户所属的所有角色。
这里附上log4j.properties 在jboss-ejb-3.0_preview_5.zip 里面没有这个老是显示缺少appender。有了这个将在该目录下生成个record.log日志文件
log4j.properties
log4j.appender.r=org.apache.log4j.rollingfileappender
log4j.appender.r.file=record.log
log4j.appender.r.layout=org.apache.log4j.patternlayout
log4j.appender.r.layout.conversionpattern=%p %d{hh:mm:ss} %t %c{1} -%m%n
log4j.appender.r.maxbackupindex=1
log4j.appender.r.maxfilesize=100kb
log4j.appender.stdout.layout=org.apache.log4j.patternlayout
log4j.appender.stdout.layout.conversionpattern=%5p [%t] (%f:%l) -%m%n
log4j.appender.stdout=org.apache.log4j.consoleappender
log4j.rootlogger=stdout,r
运行:参考installing.html
windows下
打开命令提示符cmd,到 jboss_home/bin
run.bat –c all
用ant
先build后run 就行了。
讨论:
由于对jaas接触的不多,只能尽力说说自己的一些想法和改过的地方。
