Java Developer's Journal

Listing 1: web.xml <security-constraint> <web-resource-collection> <web-resource-name>TradeApp</web-resource-name> <url-pattern>/trade/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <role-name>role-onlineinvestor</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <domain-name>JDJDomain</domain-name> <form-login-config> <form-login-page>/jsp/login.jsp</ form-login-page> <form-error-page>/jsp/loginerror.jsp</ form-error-page> </form-login-config> </login-config> <security-role> <description>the customer role</description> <role-name>role-onlineinvestor</role-name> </security-role> <security-role> <description>the customer role</description> <role-name>role-trader</role-name> </security-role> Listing 2: WebLogic.xml <security-role-assignment> <role-name>role-onlineinvestor</role-name> <principal-name>onlineinvestor</principal-name> </security-role-assignment> <security-role-assignment> <role-name>role-trader</role-name> <principal-name>trader</principal-name> </security-role-assignment> Listing 3: logic.jsp <HTML> <BODY> The page you're attempting to access is restricted, please login: <br> <FORM METHOD="post" ACTION="j_security_check"> Username: <INPUT TYPE="text" NAME="j_username"><br> Password: <INPUT TYPE="text" NAME="j_password"><br> <p> <INPUT TYPE="Submit" NAME="Submit" VALUE="Submit"> </FORM> </BODY> </HTML> Listing 4: WebLogic-ejb-jar.xml <security-role-assignment> <role-name>role-onlineinvestor</role-name> <principal-name>onlineinvestor</principal-name> </security-role-assignment> <security-role-assignment> <role-name>role-trader</role-name> <principal-name>trader</principal-name> </security-role-assignment> <security-role-assignment> <role-name>role-everyone</role-name> <principal-name>everyone</principal-name> </security-role-assignment> Listing 5: ejb-jar.xml <assembly-descriptor> <security-role> <description>Investor in the application</description> <role-name>role-onlineinvestor</role-name> </security-role> <security-role> <description>A stock broker, or trader</description> <role-name>role-trader</role-name> </security-role> <security-role> <description>Anyone in the RDBMSDomain</description> <role-name>role-everyone</role-name> </security-role> <method-permission> <description> This permission gives the right to purchase shares. </description> <role-name>role-onlineinvestor</role-name> <role-name>role-trader</role-name> <method> <ejb-name>jdj.security.SecureTradeMgr</ejb-name> <method-name>buy</method-name> </method> </method-permission> <method-permission> <description> This permission gives the right to sell shares. </description> <role-name>role-trader</role-name> <method> <ejb-name>jdj.security.SecureTradeMgr</ejb-name> <method-name>sell</method-name> </method> </method-permission> <method-permission> <description> This permission gives the right to view the list of securities. </description> <role-name>role-everyone</role-name> <method> <ejb-name>jdj.security.SecureTradeMgr</ejb-name> <method-name>getSecurities</method-name> </method> </method-permission> </assembly-descriptor>

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.