HomeDigital EditionSys-Con RadioSearch Java Cd
Advanced Java AWT Book Reviews/Excerpts Client Server Corba Editorials Embedded Java Enterprise Java IDE's Industry Watch Integration Interviews Java Applet Java & Databases Java & Web Services Java Fundamentals Java Native Interface Java Servlets Java Beans J2ME Libraries .NET Object Orientation Observations/IMHO Product Reviews Scalability & Performance Security Server Side Source Code Straight Talking Swing Threads Using Java with others Wireless XML
 

"Implementing J2EE Security With WebLogic Server, by Jason Westra & Chris Siemback"
Vol. 6, Issue 5, p. 58

	


Listing 1: web.xml
 
 <security-constraint> 
    <web-resource-collection> 
      <web-resource-name>TradeApp</web-resource-name> 
            <url-pattern>/trade/*</url-pattern> 
      <http-method>POST</http-method> 
      <http-method>GET</http-method> 
    </web-resource-collection> 
    <auth-constraint> 
      <role-name>role-onlineinvestor</role-name> 

    </auth-constraint> 
  </security-constraint> 

   <login-config> 
        <auth-method>FORM</auth-method> 
        <domain-name>JDJDomain</domain-name> 
        <form-login-config> 
                <form-login-page>/jsp/login.jsp</ 
                   form-login-page> 
                <form-error-page>/jsp/loginerror.jsp</ 
                   form-error-page> 
        </form-login-config> 
  </login-config> 

  <security-role> 
       <description>the customer role</description> 
       <role-name>role-onlineinvestor</role-name> 
  </security-role> 

  <security-role> 
       <description>the customer role</description> 
       <role-name>role-trader</role-name> 
  </security-role> 
  
  

Listing 2: WebLogic.xml
 
<security-role-assignment> 
       <role-name>role-onlineinvestor</role-name> 
       <principal-name>onlineinvestor</principal-name> 
     </security-role-assignment> 

     <security-role-assignment> 
       <role-name>role-trader</role-name> 
       <principal-name>trader</principal-name> 
     </security-role-assignment> 
  

Listing 3: logic.jsp
<HTML>
<BODY> 
The page you're attempting to access is restricted, please login:
<br>
<FORM METHOD="post" ACTION="j_security_check"> 
Username: <INPUT TYPE="text" NAME="j_username"><br>
Password: <INPUT TYPE="text" NAME="j_password"><br>
<p> <INPUT TYPE="Submit" NAME="Submit" VALUE="Submit">
</FORM>
</BODY>
</HTML>  

Listing 4: WebLogic-ejb-jar.xml
 
                <security-role-assignment> 
         <role-name>role-onlineinvestor</role-name> 
         <principal-name>onlineinvestor</principal-name> 
   </security-role-assignment> 

   <security-role-assignment> 
         <role-name>role-trader</role-name> 
         <principal-name>trader</principal-name> 
   </security-role-assignment> 

   <security-role-assignment> 
         <role-name>role-everyone</role-name> 
         <principal-name>everyone</principal-name> 
   </security-role-assignment> 
  
  

Listing 5: ejb-jar.xml
 
<assembly-descriptor> 
     <security-role> 
         <description>Investor in the application</description> 
         <role-name>role-onlineinvestor</role-name> 
     </security-role> 
     <security-role> 
         <description>A stock broker, or trader</description> 
         <role-name>role-trader</role-name> 
     </security-role> 
     <security-role> 
         <description>Anyone in the RDBMSDomain</description> 
         <role-name>role-everyone</role-name> 
     </security-role> 
     <method-permission> 
         <description> 
         This permission gives the right to purchase shares. 
         </description> 
         <role-name>role-onlineinvestor</role-name> 
         <role-name>role-trader</role-name> 
         <method> 
              <ejb-name>jdj.security.SecureTradeMgr</ejb-name> 
              <method-name>buy</method-name> 
         </method> 
     </method-permission> 
     <method-permission> 
         <description> 
         This permission gives the right to sell shares. 
         </description> 
         <role-name>role-trader</role-name> 
         <method> 
              <ejb-name>jdj.security.SecureTradeMgr</ejb-name> 
              <method-name>sell</method-name> 
         </method> 
     </method-permission> 
     <method-permission> 
         <description> 
         This permission gives the right to view the list of 
         securities. 
         </description> 
         <role-name>role-everyone</role-name> 
         <method> 
              <ejb-name>jdj.security.SecureTradeMgr</ejb-name> 
              <method-name>getSecurities</method-name> 
         </method> 
     </method-permission> 
   </assembly-descriptor> 


  
 
 

All Rights Reserved
Copyright ©  2004 SYS-CON Media, Inc.
  E-mail: [email protected]

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.