I have implemented this class that inherited from AuthorizingRealm
package presentacion;
import java.util.LinkedHashSet;
import java.util.Set;
import org.jsecurity.authc.AccountException;
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.AuthenticationInfo;
import org.jsecurity.authc.AuthenticationToken;
import org.jsecurity.authc.SimpleAuthenticationInfo;
import org.jsecurity.authc.UnknownAccountException;
import org.jsecurity.authc.UsernamePasswordToken;
import org.jsecurity.authz.AuthorizationException;
import org.jsecurity.authz.AuthorizationInfo;
import org.jsecurity.authz.SimpleAuthorizationInfo;
import org.jsecurity.realm.AuthorizingRealm;
import org.jsecurity.subject.PrincipalCollection;
import acciones.God;
import acciones.Permiso;
import acciones.Rol;
import acciones.Usuario;
public class EjbRealm extends AuthorizingRealm {
private God servicios;
public EjbRealm(God servicios) {
this.servicios = servicios;
}
private Set<String> getRoles(Usuario u) {
Set<String> roles = new LinkedHashSet<String>();
for (Rol rol : u.getRoles()) {
roles.add(rol.getNombre());
}
return roles;
}
private Set<String> getPermisos(Usuario u) {
Set<String> permisos = new LinkedHashSet<String>();
for (Rol rol : u.getRoles()) {
for (Permiso p : rol.getPermisos()) {
permisos.add(p.getNombre());
}
}
return permisos;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
PrincipalCollection principals) {
if (principals == null) {
throw new AuthorizationException(
"El parametro PrincipalCollection no
puede ser null.");
}
String apodo = (String)
principals.fromRealm(getName()).iterator()
.next();
Usuario u = servicios.consultarUsuario(apodo);
SimpleAuthorizationInfo info = new
SimpleAuthorizationInfo(getRoles(u));
info.setStringPermissions(getPermisos(u));
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
AuthenticationToken token) throws
AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
String apodo = upToken.getUsername();
if (apodo == null) {
throw new AccountException(
"No se permiten apodos Null en este
realm.");
}
AuthenticationInfo info = null;
String contrasenia = servicios.consultarContrasenia(apodo);
if (contrasenia == null) {
throw new UnknownAccountException("No se encontro el
usuario ["
+ apodo + "]");
}
info = new SimpleAuthenticationInfo(apodo, contrasenia,
getName());
return info;
}
}
And in my login window i have implemented in a button this code
private GodService god = new GodService();
protected void button_actionPerformed(ActionEvent arg0) {
EjbRealm ejbRealm = new EjbRealm(god.getGodPort());
ejbRealm.setCredentialsMatcher(new Sha256CredentialsMatcher());
DefaultSecurityManager securityManager = new
DefaultSecurityManager(
ejbRealm);
UsernamePasswordToken token = new
UsernamePasswordToken(apodoText
.getText(), contraseniaText.getPassword());
try {
Subject user = securityManager.login(token);
if (user.isAuthenticated()) {
MenuForm window = new MenuForm(god);
window.show();
dispose();
}
} catch (AuthenticationException e) {
mostrarMensaje("Usuario o contraseƱa incorrectos");
} finally {
securityManager.destroy();
}
}
But now i want to know how to secure my webservice (God) using JSecurity.
What i need to do?
daniel_asv wrote:
>
> Hi, i have a webservice from a stateless session bean running in a
> GlassFish Application Server. The webservice is consumed by a swing
> application, i want to agregate a login to the swing application, the user
> and password will be stored in a SQL Server 2005 database managed by JPA
> (Hibernate).
>
> What i need to do for use JSecurity in my login window using the
> webservice?
>
--
View this message in context:
http://n2.nabble.com/How-to-use-JSecurity-tp679197p722874.html
Sent from the JSecurity User mailing list archive at Nabble.com.
