Hi Les, i don´t use servlet and don´t configure web.xml.
I have three jar:
1. servidor.jar an ejb deployed in glassfish, this contain my stateless
session bean (god) which exposes all his methods as webservice and my jpa
entitys (Cita, CitaDetalle, Clave, Direccion, Medico, Paciente, Permiso,
Persona, Rol, Tratamiento, Usuario).
2. servicios.jar with the generated web service client from wsdl in
glassfish using JAX-WS and JAXB.
3. cliente.jar the swing application that consumes the webservices (here i
use JSecurity).
My problem is in the webservices. I don´t know how to call them using a user
and password.
Les Hazlewood wrote:
>
> Hi Daniel,
>
> Have you configured JSecurity via a servlet filter in web.xml? I'm just
> trying to see what your runtime environment is like first before I
> recommend
> a solution.
>
> Les
>
> On Wed, Aug 13, 2008 at 5:38 PM, daniel_asv <[EMAIL PROTECTED]>
> wrote:
>
>>
>> I have implemented this class that inherited from AuthorizingRealm
>>
>> package presentacion;
>>
>> import java.util.LinkedHashSet;
>> import java.util.Set;
>>
>> import org.jsecurity.authc.AccountException;
>> import org.jsecurity.authc.AuthenticationException;
>> import org.jsecurity.authc.AuthenticationInfo;
>> import org.jsecurity.authc.AuthenticationToken;
>> import org.jsecurity.authc.SimpleAuthenticationInfo;
>> import org.jsecurity.authc.UnknownAccountException;
>> import org.jsecurity.authc.UsernamePasswordToken;
>> import org.jsecurity.authz.AuthorizationException;
>> import org.jsecurity.authz.AuthorizationInfo;
>> import org.jsecurity.authz.SimpleAuthorizationInfo;
>> import org.jsecurity.realm.AuthorizingRealm;
>> import org.jsecurity.subject.PrincipalCollection;
>>
>> import acciones.God;
>> import acciones.Permiso;
>> import acciones.Rol;
>> import acciones.Usuario;
>>
>> public class EjbRealm extends AuthorizingRealm {
>> private God servicios;
>>
>> public EjbRealm(God servicios) {
>> this.servicios = servicios;
>> }
>>
>> private Set<String> getRoles(Usuario u) {
>> Set<String> roles = new LinkedHashSet<String>();
>> for (Rol rol : u.getRoles()) {
>> roles.add(rol.getNombre());
>> }
>> return roles;
>> }
>>
>> private Set<String> getPermisos(Usuario u) {
>> Set<String> permisos = new LinkedHashSet<String>();
>> for (Rol rol : u.getRoles()) {
>> for (Permiso p : rol.getPermisos()) {
>> permisos.add(p.getNombre());
>> }
>> }
>> return permisos;
>> }
>>
>> @Override
>> protected AuthorizationInfo doGetAuthorizationInfo(
>> PrincipalCollection principals) {
>> if (principals == null) {
>> throw new AuthorizationException(
>> "El parametro PrincipalCollection
>> no
>> puede ser null.");
>> }
>> String apodo = (String)
>> principals.fromRealm(getName()).iterator()
>> .next();
>> Usuario u = servicios.consultarUsuario(apodo);
>> SimpleAuthorizationInfo info = new
>> SimpleAuthorizationInfo(getRoles(u));
>> info.setStringPermissions(getPermisos(u));
>> return info;
>> }
>>
>> @Override
>> protected AuthenticationInfo doGetAuthenticationInfo(
>> AuthenticationToken token) throws
>> AuthenticationException {
>> UsernamePasswordToken upToken = (UsernamePasswordToken)
>> token;
>> String apodo = upToken.getUsername();
>> if (apodo == null) {
>> throw new AccountException(
>> "No se permiten apodos Null en
>> este
>> realm.");
>> }
>> AuthenticationInfo info = null;
>> String contrasenia =
>> servicios.consultarContrasenia(apodo);
>> if (contrasenia == null) {
>> throw new UnknownAccountException("No se encontro
>> el
>> usuario ["
>> + apodo + "]");
>> }
>> info = new SimpleAuthenticationInfo(apodo, contrasenia,
>> getName());
>> return info;
>> }
>>
>> }
>>
>> And in my login window i have implemented in a button this code
>> private GodService god = new GodService();
>> protected void button_actionPerformed(ActionEvent arg0) {
>> EjbRealm ejbRealm = new EjbRealm(god.getGodPort());
>> ejbRealm.setCredentialsMatcher(new
>> Sha256CredentialsMatcher());
>> DefaultSecurityManager securityManager = new
>> DefaultSecurityManager(
>> ejbRealm);
>> UsernamePasswordToken token = new
>> UsernamePasswordToken(apodoText
>> .getText(),
>> contraseniaText.getPassword());
>> try {
>> Subject user = securityManager.login(token);
>> if (user.isAuthenticated()) {
>> MenuForm window = new MenuForm(god);
>> window.show();
>> dispose();
>> }
>> } catch (AuthenticationException e) {
>> mostrarMensaje("Usuario o contraseña
>> incorrectos");
>> } finally {
>> securityManager.destroy();
>> }
>> }
>>
>> But now i want to know how to secure my webservice (God) using JSecurity.
>> What i need to do?
>>
>>
>> daniel_asv wrote:
>> >
>> > Hi, i have a webservice from a stateless session bean running in a
>> > GlassFish Application Server. The webservice is consumed by a swing
>> > application, i want to agregate a login to the swing application, the
>> user
>> > and password will be stored in a SQL Server 2005 database managed by
>> JPA
>> > (Hibernate).
>> >
>> > What i need to do for use JSecurity in my login window using the
>> > webservice?
>> >
>>
>> --
>> View this message in context:
>> http://n2.nabble.com/How-to-use-JSecurity-tp679197p722874.html
>> Sent from the JSecurity User mailing list archive at Nabble.com.
>>
>>
>
>
--
View this message in context:
http://n2.nabble.com/How-to-use-JSecurity-tp679197p723001.html
Sent from the JSecurity User mailing list archive at Nabble.com.
