Sun Java System Application Server 

Samples Index

The EJB 3.0 Security Stateless Session Bean Sample Application

This is a simple security sample of EJB 3.0 Stateless Session Bean with a Remote business interface.
This example uses annotations to specify authorization for the given EJB.

Business Interface

The Stateless Session bean has a Remote business interface with four business methods, two for positive test cases, two for negative test cases. 

import javax.ejb.Remote;

@Remote
public interface Sless {

    public String helloRolesAllowed();
    public String helloRolesAllowed2();
    public String helloPermitAll();
    public String helloDenyAll();
}

Unlike prior versions of EJB, the remote interface is not required to extend java.rmi.Remote and its business methods are not required to throw java.rmi.RemoteException.

The business interface is designated as a remote business interface via the @javax.ejb.Remote annotation.

Stateless Session Bean Class

The bean implementation is: 

@Stateless
public class SlessEJB implements Sless {

   @RolesAllowed("javaee")
    public String helloRolesAllowed() {
        return "SlessEJB.helloRolesAllowed(): Hello World";
    }

   @RolesAllowed("noauthuser")
    public String helloRolesAllowed2() {
        return "SlessEJB.helloRolesAllowed2(): Hello World";
    }

   @PermitAll
    public String helloPermitAll() {
        return "SlessEJB.helloPermitAll(): Hello World";
    }

   @DenyAll
    public String helloDenyAll() {
        return "SlessEJB.helloDenyAll(): Hello World";
    }

}

@javax.ejb.Stateless is a component-defining annotation that designates this class as the bean class for a Stateless Session Bean.  
@javax.annotation.security.DenyAll is a an annotation indicating that the given method is not accessible by everyone.
@javax.annotation.security.PermitAll is an annotation indicating that the given method or all business methods of the given class is/are accessbile by everyone.
@javax.annotation.security.RolesAllowed is an annotation indicating that the given method is only accessible for given list of roles.

Deployment Descriptor

The good news is that standard deployment descriptor is no longer required! The two Java files above are sufficient to completely describe this stateless session bean.

Sun-Specific Deployment Configuration

You only need security-role-mapping in the sun-application.xml file. The JNDI name for the Remote Stateless Session bean will default to the class name of its Remote business interface  .

Building, Deploying, and Running the Application

Follow these instructions to build, deploy, and run this sample application.

  1. Setup your build environment and Configure the application server with which the build system has to work by following the common build instructions.
  2. app_dir is the sample application base directory: samples_install_dir/javaee5/enterprise/security-stateless-ear.
  3. Change directory to app_dir.
  4. Build, Deploy and Run the sample application using the target all

    5. app_dir> ant all

    One will expect the following output:
    bpp-run-secure-app-client:
    [echo] running application client container.
    [exec] SlessEJB.helloRolesAllowed(): Hello World
    [exec] Expected Exception for sless.helloRolesAllowed2()
    [exec] SlessEJB.helloPermitAll(): Hello World
    [exec] Expected Exception for sless.helloDenyAll()

    Note that the following exception would be seen in $javaee.domaindir/logs/server.log for negative tests: helloRolesAllowed2() and helloDenyAll().

    javax.ejb.AccessLocalException: Client not authorized for this invocation.

  5. It is possible to do the above separately by issuing separate commands as given below.

    6. app_dir> ant ear compiles and packages the application

    app_dir> ant deploy deploys it to application server

    app_dir> ant create-file-user creates a file realm user javaee

    app_dir> ant run runs the test java client

    app_dir> ant delete-file-user deletes a file realm user javaee

  6. Use the target clean to remove the temporary directories like build and dist.

    app_dir> ant clean

  7. Use the target undeploy to undeploy the application.

    app_dir> ant undeploy

Building, Deploying, and Running the Application in NetBeans IDE

Follow these instructions to build, deploy, and run this sample application using NetBeans IDE.

  1. Refer to common build instructions. for setting up NetBeans IDE and the application server with which the IDE will use.
  2. Refer to instructions above to create-file-user which is a pre-requisite for running this sample using NetBeans IDE.
  3. In NetBeans IDE, select File->OpenProject and select samples_install_dir/javaee5/enterprise/security-stateless-ear as the project.
  4. Right click on security-stateless-ear and select Run Project which will build, deploy and run the project. As part of running the sample, it will popup a dialog box for user name and password. Enter javaee for both user name and password, then it will continue with execution and display the output. Sample output is given below. 
    5.   Copying 1 file to /home/sreeni/IAS/SAMPLES/WS/glassfish-samples/ws/javaee5/enterprise/security-stateless-ear/dist
  SlessEJB.helloRolesAllowed(): Hello World
  Expected Exception for sless.helloRolesAllowed2()
  SlessEJB.helloPermitAll(): Hello World
  Expected Exception for sless.helloDenyAll()
  run-security-stateless-appclient:
  BUILD SUCCESSFUL (total time: 10 minutes 11 seconds)

Troubleshooting

If you have problems when running the application, refer to troubleshooting document.

 

Copyright © 2006 Sun Microsystems, Inc. All rights reserved.