0. Prerequisite
It is pity that this chapter has no sample, I add one by myself, just for security.
Firstly from domain console, a new user call "deploy" should be added to group "Deployers" in "myrealm".
1. Customize code in chapter6
This sample is customized from chapter5's:
$ cd $HOME/student/ejbAction
$ cp -r chapter5 chapter6 # Then change the codes
$ diff -ru chapter5 chapter6
diff -ru chapter5/build.xml chapter6/build.xml
...
-<project name="chapter5" default="all" basedir=".">
+<project name="chapter6" default="all" basedir=".">
...
- <property name="app.name" value="chapter5"/>
+ <property name="app.name" value="chapter6"/>
...
<target name="package-app" depends="package-ejb,package-client">
- <copy todir="${bld.ear.dir}/META-INF">
- <fileset dir="${etc.dir}" includes="application.xml"/>
- </copy>
...
<targetname="ejb-descriptor" depends="setup">
<copytodir="${bld.ejb.dir}/META-INF">
- <fileset dir="${etc.dir}" includes="ejb-jar.xml,persistence.xml"/>
+ <fileset dir="${etc.dir}" includes="weblogic-ejb-jar.xml"/>
</copy>
</target>
diff -ru chapter5/etc/application.xml chapter6/etc/application.xml
...
<application>
- <display-name>Interceptors, Timers, Injection</display-name>
+ <display-name>Security</display-name>
<module>
- <ejb>chapter5-ejb.jar</ejb>
+ <ejb>chapter6-ejb.jar</ejb>
</module>
</application>
diff -ru chapter5/etc/jndi.properties chapter6/etc/jndi.properties
...
#Set required appropriate for your environment
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
java.naming.provider.url=t3://localhost:8001
+# java.naming.security.principal=scott
+# java.naming.security.credentials=tiger000
+java.naming.security.principal=deploy
+java.naming.security.credentials=deploy00
diff -ru chapter5/etc/Manifest.mf chapter6/etc/Manifest.mf
...
Main-Class: actionbazaar.buslogic.PlaceBidClient
-Class-path: ../build/chapter5/chapter5-ejb.jar
+Class-path: ../build/chapter6/chapter6-ejb.jar
Only in chapter6/etc: weblogic-ejb-jar.xml
Only in chapter5/src/ejb/bean/actionbazaar/buslogic: ActionBazaarProfilingInterceptor.java
Only in chapter5/src/ejb/bean/actionbazaar/buslogic: DiscountVerifierInterceptor.java
diff -ru chapter5/src/ejb/bean/actionbazaar/buslogic/PlaceBidBean.java chapter6/src/ejb/bean/actionbazaar/buslogic/PlaceBidBean.java
import javax.ejb.Stateless;
-import javax.ejb.Timeout;
-import javax.ejb.Timer;
-import javax.ejb.TimerService;
-import javax.interceptor.Interceptors;
import javax.sql.DataSource;
+// import javax.annotation.security.DeclareRoles;
+importjavax.annotation.security.RolesAllowed;
-@Interceptors({ actionbazaar.buslogic.ActionBazaarProfilingInterceptor.class })
-@Stateless(mappedName="PlaceBid")
+
+// @DeclareRoles({"Admin", "Deploy"})
+@Stateless(mappedName="PlaceBidSec")
public class PlaceBidBean implements PlaceBid {
private DataSource ds;
...
- @Interceptors(actionbazaar.buslogic.DiscountVerifierInterceptor.class)
+ @RolesAllowed("Admin")
public Long addBid(String userId, Long itemId, Double bidPrice) {
...
+ "," +bidPrice + ")");
- TimerService ts = sc.getTimerService();
- // Created a single event timer that expires after half hour
- Timer timer = ts.createTimer(3000, bidId);
} catch (Exception e) {
...
- @Timeout
- public void sendBidInfo(Timer timer) {
- System.out.println("BidManager EJB: Monitor status of BidId:"
- + timer.getInfo());
- // Implement Your Business Logic Here to monitor the statusfor bidId
- // and send email to the bidder
- return;
- }
}
diff -ru chapter5/src/ejb/client/actionbazaar/buslogic/PlaceBidClient.java
chapter6/src/ejb/client/actionbazaar/buslogic/PlaceBidClient.java
...
public static void main(String[] args) {
try {
Contextcontext = new InitialContext();
- PlaceBid placeBid =(PlaceBid)context.lookup("PlaceBid#actionbazaar.buslogic.PlaceBid");
+ PlaceBid placeBid =(PlaceBid)context.lookup("PlaceBidSec#actionbazaar.buslogic.PlaceBid");
System.out.println("BidPrice Sent to the bean is:" + 20000.5);
$ cd chapter6
$ cat etc/weblogic-ejb-jar.xml
<?xml version="1.0"?>
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/90" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90http://www.bea.com/ns/weblogic/90/weblogic-ejb-jar.xsd">
<security-role-assignment>
<role-name>Admin</role-name>
<principal-name>scott</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
2. Build, deploy and run
$ cd $ORACLE_HOME/wlserver/samples/server
$ . ./setExamplesEnv.sh # set environment variables
$ cd $HOME/student/ejbAction/chapter4
$ ant undeploy # if need
$ ant clean
$ ant db-setup # create db tables
$ ant # build and deploy
$ ant run # run the case, first time it will fails with security violation issue
…
[java] Bid Price Sent to the bean is:20000.5
[java] javax.ejb.EJBAccessException: [EJB:010160] Security violation: User deploy has insufficient permission to access EJB type=<ejb>, application=chapter6, module=chapter6-ejb.jar, ejb=PlaceBidBean, method=addBid, methodInterface=Remote, signature={java.lang.String,java.lang.Long,java.lang.Double}.
Next we modify jndi.properties as following:
$ cat etc/jndi.properties
…
java.naming.security.principal=scott
java.naming.security.credentials=tiger000
# java.naming.security.principal=deploy
# java.naming.security.credentials=deploy00
$ ant build # rebuild client package
$ ant run
...
[java] Bid Price Sent to the bean is:20000.5
[java] Bid Successful, BidId Received is:1002
In console, we can see following messages:
Bid for 403 received with price20000.5
The result can be observed from ij tool as well:
$ ../ij.sh
ij version 10.11
CONNECTION0* - jdbc:derby://localhost:1527/examples
* = current connection
ij> select * from BIDS;
BID_ID |BID_DATE |BID_STATUS |BID_PRICE |BID_ITEM_ID |BID_BIDDER
------------------------------------------------------------------------------------------------------------------------------
1002 |NULL |NULL |20000.5 |403 |dpanda
1 row selected
ij> disconnect;
ij> exit;