当前页面: 开发资料首页 → Netbeans 专题 → Building Secure Enterprise Beans in NetBeans IDE
Building Secure Enterprise Beans in NetBeans IDE
摘要: NetBeans IDE 4.1 does not contain support for the security features of the enterprise tier. This means that the deployment descriptor visual editors for enterprise applications do not contain fields to automatically configure security settings. These features are coming in future releases, but in the meantime you have to configure the deployment descriptors by hand. This is really not as complicated as it seems.
This tutorial shows you how to do the following:
- Create a security group on the application server and populate it with users.
- Create a simple EJB module with a web client.
- Set security for the EJB module's session bean.
- Set the web module to verify that the user belongs to the security group
before accessing the session bean.
Getting Started
Before you begin, you have to install Sun Java System (SJS) Application Server
Platform Edition 8.1 (download)
on your computer. You cannot deploy enterprise applications to the bundled Tomcat
server. You also have to register the application server in the IDE by choosing
Tools > Server Manager.
Configuring the User and Group on the Application Server
In our example, only users from the bank_users can access our enterprise
bean. We'll create the bank_users group's users in the file
security realm on the SJS Application server.
- Start the application server by right-clicking its node in the Runtime
window and choosing Start/Stop Server.
- Right-click the application server node and choose Show Admin Console.
Log into the admin console and select Configuration > Security > Realms
> file in the left navigation bar.
- Click the Manage Users button in the center frame of the admin console.
Under Current Users, click the New button.
- Type manager for the User ID, password for the Password,
and bank_users for the Group List. Then click OK.
Coding the Enterprise Application
Our enterprise application consists of a simple session bean and a web client
that attempts to access it.
Creating the Enterprise Application Project
- Choose File > New Project (Ctrl-Shift-N) and select the Enterprise
Application template from the Enterprise category. Click Next.
- Name the application Secure and specify a location for the project.
Leave the rest of the settings at their default values and click Finish.
Coding the Session Bean
Our session bean doesn't do anything fancy. It just takes a name and returns
it with a sample balance amount.
- In the Projects window, right-click the EJB module's node (Secure-EJBModule)
and choose New > Session Bean.
- Name the bean AccountStatus, name the package bean,
and set the bean to have local and remote interfaces. Then click Finish.
- Add the following field declaration to AccountStatusBean.java:
private String amount = "250";
- In the Source Editor, right-click anywhere inside AccountStatusBean.java
and choose EJB Methods > Add Business Method. Name the method getStatus,
set the return type to String, and add a String parameter
called user. Make sure you add the business method to both the
local and remote interfaces.
- In the Source Editor, add the following line in bold to the getStatus
method:
public String getStatus(String user) {
return "In account " + user + " is " + amount + "$";
}
Coding the Web Application Client
Now let's create a web application that will attempt to access the session
bean.
- In the Projects window, right-click the Secure-WebModule node and choose
New > Servlet. Name the servlet AccountState and put it in the
web package.
- In the Source Editor, right-click anywhere in the servlet class' body
and choose Enterprise Resources > Call Enterprise Bean. Select the AccountStatus
session bean, set the servlet to access the bean's local interfaces, and
click OK. The IDE inserts the lookup method.
- In the processRequest method, remove the lines that comment out
the body of the method and add the following line in bold:
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet customerDetail</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Servlet customerDetail at " + request.getContextPath () + "</h1>");
out.println(lookupAccountStatusBean().getStatus(request.getUserPrincipal().getName()));
out.println("</body>");
out.println("</html>");
out.close();
}
Configuring the Deployment Descriptors
Now we have to edit the deployment descriptors by hand to set up the enterprise
bean's security.
Configuring the EJB Module Deployment Descriptor
- In the Projects window, expand the Configuration Files node for the Secure-EJBModule
project, right-click ejb-jar.xml, and choose Edit.
- Add the following code in bold to the assembly-descriptor element:
...
<assembly-descriptor>
<security-role>
<role-name>USERS</role-name>
</security-role>
<method-permission>
<role-name>USERS</role-name>
<method>
<ejb-name>AccountStatusBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<container-transaction>
...
This code sets up a security role named USERS, then gives anyone
in the USERS role access to all of the methods in the bean whose
ejb-name is AccountStatusBean.
- Save the file.
Configuring the Web Module Deployment Descriptor
- In the Projects window, expand the Configuration Files node for the Secure-WebModule
project, right-click web.xml, and choose Edit.
- Add the following code in bold to the root web-app element:
...
</welcome-file-list>
<security-role>
<description>Bank's users</description>
<role-name>USERS</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Bank-security</web-resource-name>
<description>Account information</description>
<url-pattern>/AccountState</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<ejb-local-ref>
...
The security-role element declares a USERS security
role just like in the EJB deployment descriptor. The security-constraint
element limits access to the resources defined in web-resource-collection
(in this case, everything matching the URL pattern /AccountState)
to the group defined in auth-constraint (USERS). The
login-config element specifies that the user will be asked in
a standard dialog box to enter their user name and password.
- Save the file.
Configuring the Enterprise Application Deployment Descriptor
Now we just have to declare the USERS role in the enterprise application
and map it to the bank_users security group on the application server.
- In the Projects window, expand the Configuration Files node for the Secure
project, right-click application.xml, and choose Edit.
- Add the following code in bold to the root application element:
...
</module>
<security-role>
<role-name>USERS</role-name>
</security-role>
</application>
...
- Save the file.
- In the Projects window, right-click sun-application.xml and choose
Edit.
- Add the following code in bold to the root sun-application element:
...
</web>
<security-role-mapping>
<role-name>USERS</role-name>
<group-name>bank_users</group-name>
</security-role-mapping>
</sun-application>
...
- Save the file.
Running the Application
- Right-click the Secure project node and choose Properties. In the Run panel,
enter /AccountState in the Relative URL field and click Finish.
- Right-click the Secure project node and choose Run project. The IDE builds
the EAR file, starts the application server, deploys the EAR file to the application
server, and opens the AccountState servlet in the external web browser.
- Enter the user name (manager) and password (password)
in the dialog box and click OK. The servlet should return the following output:
In account manager is 250$