Securing Ejb Using JBOSS
EJB Security in JBOSS or securing Web Application in JBOSS
Setup security-domain For JBoss
=============================================================
=============================================================
To enable security in the JBoss application server, you need to create a security domain .
A security domain is a repository for users, passwords, and the roles with which each user is associated.
The EJB container delegates to the security domain when performing authentication and authorization
============================================================
Security domains are configured in the
jboss/server/default/conf/login-config.xml
Add the following entry in under the Poplict Tag
<application-policy name="testSecurityDomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
<module-option name="usersProperties">
users.properties
</module-option>
<module-option name="rolesProperties">
roles.properties
</module-option>
</login-module>
</authentication>
</application-policy>
The user-test.properties files
users.properties
anish=anish
nath=nath
roles-test.properties
wburke=AUTHORIZED
richard=UNAUTHORIZED
-----
The Bean Class
@Stateless
@SecurityDomain("testSecurityDomain") //Configured in login-config.xml
@RolesAllowed("AUTHORIZED")
public class TestBean implements TestBeanRemote,
TestBeanLocal
{
@RolesAllowed({"AUTHORIZED", "CHECK_FRAUD_ENABLED"})
public voidsayHello(){}
}
@PermitAll
public voidsayHelloWorld(){}
}
}
}
=====================================
The client Class will hold the following information
Properties env = new Properties( );---------------------------------------
env.setProperty(Context.SECURITY_PRINCIPAL, "anish");
env.setProperty(Context.SECURITY_CREDENTIALS, "anish");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
Configure JBoss Security
------------------------------------
ANish