java 如何向 EJB 3.0 服务器验证应用程序客户端
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/700529/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I authenticate an application client to EJB 3.0 server
提问by pitr
I am very new to the whole J2EE architecture. Could somebody help me out?
我对整个 J2EE 架构很陌生。有人可以帮我吗?
I have a Swing client with Login, Password fields on machine A.
我在机器 A 上有一个带有登录名、密码字段的 Swing 客户端。
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
p.put(Context.PROVIDER_URL, "jnp://localhost:1099/");
InitialContext ctx = new InitialContext(p);
ejb = (MyBeanRemote) ctx.lookup("DemoServer/MyBean/remote");
I have an EJB 3.0 on JBoss5 on machine B:
我在机器 B 上的 JBoss5 上有一个 EJB 3.0:
@Stateful
@DeclareRoles({"editor", "viewer"})
public class MyBean implements MyBeanRemote, Serializable {
@RolesAllowed({"editor"})
public boolean modify() throws Exception {
if(!ctx.isCallerInRole("editor")) throw new SecurityException("Can't modify");
return true;
}
@RolesAllowed({"viewer","editor"})
public boolean view() throws Exception {
if(!ctx.isCallerInRole("viewer")) throw new SecurityException("Can't view");
return true;
}
}
I have a DB with users and roles on server (conf/login-conf.xml):
我在服务器上有一个包含用户和角色的数据库(conf/login-conf.xml):
<application-policy name="jboss-secure">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName">java:/MyDerby</module-option>
<module-option name="principalsQuery">SELECT Password FROM Users WHERE Username=?</module-option>
<module-option name="rolesQuery">SELECT Role, 'Roles' FROM Users WHERE Username=?</module-option>
</login-module>
</authentication>
</application-policy>
META-INF/jboss.xml:
META-INF/jboss.xml:
<jboss>
<security-domain>java:/jaas/jboss-secure</security-domain>
</jboss>
As I understand, I shouldn't get ejb reference until client is authenticated properly. How do I use LoginContext, and do I use it at all? Can/should I use @EJB private MyBeanRemote ejb? And how do I make the whole thing work?
据我了解,在正确验证客户端之前,我不应该获得 ejb 引用。我如何使用 LoginContext,我到底要不要使用它?我可以/应该使用@EJB private MyBeanRemote ejb吗?我如何让整个事情发挥作用?
I am just trying to build a seemingly trivial thing: authorization of application client. I feel stupid.
我只是想构建一个看似微不足道的东西:应用程序客户端的授权。我觉得我好笨。
Thank you very much.
非常感谢你。
采纳答案by Mark Davidson
I did some work with JAAS recentely and found it can be quite tricky. Check out these two resources I found them very useful http://www.jaasbook.com/and http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html
我最近用 JAAS 做了一些工作,发现它可能非常棘手。查看这两个资源,我发现它们非常有用http://www.jaasbook.com/和http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html
I've also got a load of other JAAS resources book marked at http://delicious.com/chronosMark/JAAShopefully one of them will help you out if the other two don't.
我还在http://delicious.com/chronosMark/JAAS 上标记了许多其他 JAAS 资源书,希望其中一个可以帮助您,如果其他两个没有。
