当前页面: 开发资料首页 → Netbeans 专题 → Building Secure Enterprise Beans in NetBeans IDE
Building Secure Enterprise Beans in NetBeans IDE
摘要: NetBeans IDE 4.1 does not contain support for the security features of the enterprise tier. This means that the deployment descriptor visual editors for enterprise applications do not contain fields to automatically configure security settings. These features are coming in future releases, but in the meantime you have to configure the deployment descriptors by hand. This is really not as complicated as it seems.
This tutorial shows you how to do the following:
- Create a security group on the application server and populate it with users.
- Create a simple EJB module with a web client.
- Set security for the EJB module's session bean.
- Set the web module to verify that the user belongs to the security group before accessing the session bean.
Getting Started
Before you begin, you have to install Sun Java System (SJS) Application Server Platform Edition 8.1 (download) on your computer. You cannot deploy enterprise applications to the bundled Tomcat server. You also have to register the application server in the IDE by choosing Tools > Server Manager.
Configuring the User and Group on the Application Server
In our example, only users from the bank_users can access our enterprise bean. We'll create the bank_users group's users in the file security realm on the SJS Application server.
- Start the application server by right-clicking its node in the Runtime window and choosing Start/Stop Server.
- Right-click the application server node and choose Show Admin Console. Log into the admin console and select Configuration > Security > Realms > file in the left navigation bar.
- Click the Manage Users button in the center frame of the admin console. Under Current Users, click the New button.
- Type manager for the User ID, password for the Password, and bank_users for the Group List. Then click OK.
Coding the Enterprise Application
Our enterprise application consists of a simple session bean and a web client that attempts to access it.
Creating the Enterprise Application Project
- Choose File > New Project (Ctrl-Shift-N) and select the Enterprise Application template from the Enterprise category. Click Next.
- Name the application Secure and specify a location for the project. Leave the rest of the settings at their default values and click Finish.
Coding the Session Bean
Our session bean doesn't do anything fancy. It just takes a name and returns it with a sample balance amount.
- In the Projects window, right-click the EJB module's node (Secure-EJBModule) and choose New > Session Bean.
- Name the bean AccountStatus, name the package bean, and set the bean to have local and remote interfaces. Then click Finish.
- Add the following field declaration to AccountStatusBean.java:
private String amount = "250";
- In the Source Editor, right-click anywhere inside AccountStatusBean.java and choose EJB Methods > Add Business Method. Name the method getStatus, set the return type to String, and add a String parameter called user. Make sure you add the business method to both the local and remote interfaces.
- In the Source Editor, add the following line in bold to the getStatus
method:
public String getStatus(String user) { return "In account " + user + " is " + amount + "$"; }
Coding the Web Application Client
Now let's create a web application that will attempt to access the session bean.
- In the Projects window, right-click the Secure-WebModule node and choose New > Servlet. Name the servlet AccountState and put it in the web package.
- In the Source Editor, right-click anywhere in the servlet class' body and choose Enterprise Resources > Call Enterprise Bean. Select the AccountStatus session bean, set the servlet to access the bean's local interfaces, and click OK. The IDE inserts the lookup method.
- In the processRequest method, remove the lines that comment out
the body of the method and add the following line in bold:
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<head>"); out.println("<title>Servlet customerDetail</title>"); out.println("</head>"); out.println("<body>"); out.println("<h1>Servlet customerDetail at " + request.getContextPath () + "</h1>"); out.println(lookupAccountStatusBean().getStatus(request.getUserPrincipal().getName())); out.println("</body>"); out.println("</html>"); out.close(); }
Configuring the Deployment Descriptors
Now we have to edit the deployment descriptors by hand to set up the enterprise bean's security.
Configuring the EJB Module Deployment Descriptor
- In the Projects window, expand the Configuration Files node for the Secure-EJBModule project, right-click ejb-jar.xml, and choose Edit.
- Add the following code in bold to the assembly-descriptor element:
... <assembly-descriptor> <security-role> <role-name>USERS</role-name> </security-role> <method-permission> <role-name>USERS</role-name> <method> <ejb-name>AccountStatusBean</ejb-name> <method-name>*</method-name> </method> </method-permission> <container-transaction> ...This code sets up a security role named USERS, then gives anyone in the USERS role access to all of the methods in the bean whose ejb-name is AccountStatusBean.
- Save the file.
Configuring the Web Module Deployment Descriptor
- In the Projects window, expand the Configuration Files node for the Secure-WebModule project, right-click web.xml, and choose Edit.
- Add the following code in bold to the root web-app element:
... </welcome-file-list> <security-role> <description>Bank's users</description> <role-name>USERS</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Bank-security</web-resource-name> <description>Account information</description> <url-pattern>/AccountState</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>USERS</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <ejb-local-ref> ...The security-role element declares a USERS security role just like in the EJB deployment descriptor. The security-constraint element limits access to the resources defined in web-resource-collection (in this case, everything matching the URL pattern /AccountState) to the group defined in auth-constraint (USERS). The login-config element specifies that the user will be asked in a standard dialog box to enter their user name and password.
- Save the file.
Configuring the Enterprise Application Deployment Descriptor
Now we just have to declare the USERS role in the enterprise application and map it to the bank_users security group on the application server.
- In the Projects window, expand the Configuration Files node for the Secure project, right-click application.xml, and choose Edit.
- Add the following code in bold to the root application element:
... </module> <security-role> <role-name>USERS</role-name> </security-role> </application> ... - Save the file.
- In the Projects window, right-click sun-application.xml and choose Edit.
- Add the following code in bold to the root sun-application element:
... </web> <security-role-mapping> <role-name>USERS</role-name> <group-name>bank_users</group-name> </security-role-mapping> </sun-application> ... - Save the file.
Running the Application
- Right-click the Secure project node and choose Properties. In the Run panel, enter /AccountState in the Relative URL field and click Finish.
- Right-click the Secure project node and choose Run project. The IDE builds the EAR file, starts the application server, deploys the EAR file to the application server, and opens the AccountState servlet in the external web browser.
- Enter the user name (manager) and password (password)
in the dialog box and click OK. The servlet should return the following output:
In account manager is 250$