1.定义安全域(两种方式)
a: define through jboss.xml ,the jboss.xml must put into META-INF in *.jar.
<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<!-- Bug in EJB3 of JBoss 4.0.4 GA
<security-domain>java:/jaas/other</security-domain>
-->
<security-domain>other</security-domain>
<unauthenticated-principal>AnonymousUser</unauthenticated-principal>
</jboss>
b: define through annotate @SecurityDomain
import org.jboss.annotation.security.SecurityDomain;
@Stateless
@Remote ({SecurityAccess.class})
@SecurityDomain("other")
public class SecurityAccessBean implements SecurityAccess{
2.定义用户名,密码及用户的角色 (users.properties , roles.properties,类路径下)
3。为业务方法定义访问角色
@Stateless
@Remote ({SecurityAccess.class})
public class SecurityAccessBean implements SecurityAccess{
@RolesAllowed({"AdminUser"})
public String AdminUserMethod() {
return "only admin can access!";
}
@RolesAllowed({"DepartmentUser"})
public String DepartmentUserMethod() {
return "only DepartmentUser can access!";
}
@PermitAll
public String AnonymousUserMethod() {
return "all use can access1";
}
}
test:
String user = request.getParameter("user");
String pwd = request.getParameter("pwd");
if (user!=null && !"".equals(user.trim())){
SecurityAssociation.setPrincipal(new SimplePrincipal(user.trim()));
SecurityAssociation.setCredential(pwd.trim().toCharArray());
}
4.扩展安全定义到数据库,安全域在/server/all/conf/login-config.xml中定义
<application-policy name="foshanshop">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/DefaultMySqlDS</module-option>
<module-option name="principalsQuery">
select password from sys_user where name=?
</module-option>
<module-option name="rolesQuery">
select rolename,'Roles' from sys_userrole where username=?
</module-option>
<module-option name = "unauthenticatedIdentity">AnonymousUser</module-option>
</login-module>
</authentication>
</application-policy>
这里使用了jboss数据库登录模块:org.jboss.security.auth.spi.DatabaseServerLoginModule 在jbossx.jar中
配置jboss.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<security-domain>youname</security-domain>
<unauthenticated-principal>AnonymousUser</unauthenticated-principal>
</jboss>