I'am using JBuilder 2008 and i choose to Create an EJB Modeling project for the servidor.jar. I only have 2 months programming in java maybe that's why i'm doing wrong usage of ejb with jsecurity.
Les Hazlewood wrote: > > Just out of curiosity, are you using EJB3? > > On Thu, Aug 14, 2008 at 10:08 AM, Les Hazlewood <[EMAIL PROTECTED]> wrote: > >> Ah, I see now. >> >> The default JSecurity SecurityManager implemenations are almost always >> intended to reside in the business tier, not in the client. In an EJB3 >> application, this means it should reside along side of (a peer to) your >> Stateless Session Bean - in the server, not in the client gui. >> >> So, if you want to secure a web service, JSecurity has to be configured >> to >> handle http communication - this is done by configuring JSecurity as a >> servlet filter in web.xml, to intercept the webservice Servlet Requests >> that >> will eventually call the underlying EJB. >> >> See this JavaDoc for how to configure the filter: >> http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html >> >> So, for example, if all of your web service calls go >> >> http://your.host.ip/myapp/webservices >> >> you would configure the JSecurity filter to intercept all the >> /webservices/** urls. For example: >> >> <filter> >> <filter-name>JSecurityFilter</filter-name> >> >> <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class> >> >> <init-param> >> <param-name>config</param-name> >> <param-value> >> # The JSecurityFilter configuration is very powerful and >> flexible, while still remaining succinct. >> # Please read the comprehensive example, with full >> comments >> and explanations, in the JavaDoc: >> # >> # >> http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html >> >> [filters] >> jsecurity.loginUrl = /s/login >> authc.successUrl = /s/index >> >> [urls] >> # specify any of the above filters here, depending on the >> type of security you want: >> /webservices/**=authc >> >> </param-value> >> </init-param> >> >> </filter> >> >> <filter-mapping> >> <filter-name>JSecurityFilter</filter-name> >> <url-pattern>*</url-pattern> >> </filter-mapping> >> >> Does this help? >> >> >> On Wed, Aug 13, 2008 at 6:54 PM, daniel_asv >> <[EMAIL PROTECTED]>wrote: >> >>> >>> Hi Les, i don´t use servlet and don´t configure web.xml. >>> >>> I have three jar: >>> 1. servidor.jar an ejb deployed in glassfish, this contain my stateless >>> session bean (god) which exposes all his methods as webservice and my >>> jpa >>> entitys (Cita, CitaDetalle, Clave, Direccion, Medico, Paciente, Permiso, >>> Persona, Rol, Tratamiento, Usuario). >>> 2. servicios.jar with the generated web service client from wsdl in >>> glassfish using JAX-WS and JAXB. >>> 3. cliente.jar the swing application that consumes the webservices (here >>> i >>> use JSecurity). >>> >>> My problem is in the webservices. I don´t know how to call them using a >>> user >>> and password. >>> >>> >>> Les Hazlewood wrote: >>> > >>> > Hi Daniel, >>> > >>> > Have you configured JSecurity via a servlet filter in web.xml? I'm >>> just >>> > trying to see what your runtime environment is like first before I >>> > recommend >>> > a solution. >>> > >>> > Les >>> > >>> > On Wed, Aug 13, 2008 at 5:38 PM, daniel_asv <[EMAIL PROTECTED]> >>> > wrote: >>> > >>> >> >>> >> I have implemented this class that inherited from AuthorizingRealm >>> >> >>> >> package presentacion; >>> >> >>> >> import java.util.LinkedHashSet; >>> >> import java.util.Set; >>> >> >>> >> import org.jsecurity.authc.AccountException; >>> >> import org.jsecurity.authc.AuthenticationException; >>> >> import org.jsecurity.authc.AuthenticationInfo; >>> >> import org.jsecurity.authc.AuthenticationToken; >>> >> import org.jsecurity.authc.SimpleAuthenticationInfo; >>> >> import org.jsecurity.authc.UnknownAccountException; >>> >> import org.jsecurity.authc.UsernamePasswordToken; >>> >> import org.jsecurity.authz.AuthorizationException; >>> >> import org.jsecurity.authz.AuthorizationInfo; >>> >> import org.jsecurity.authz.SimpleAuthorizationInfo; >>> >> import org.jsecurity.realm.AuthorizingRealm; >>> >> import org.jsecurity.subject.PrincipalCollection; >>> >> >>> >> import acciones.God; >>> >> import acciones.Permiso; >>> >> import acciones.Rol; >>> >> import acciones.Usuario; >>> >> >>> >> public class EjbRealm extends AuthorizingRealm { >>> >> private God servicios; >>> >> >>> >> public EjbRealm(God servicios) { >>> >> this.servicios = servicios; >>> >> } >>> >> >>> >> private Set<String> getRoles(Usuario u) { >>> >> Set<String> roles = new LinkedHashSet<String>(); >>> >> for (Rol rol : u.getRoles()) { >>> >> roles.add(rol.getNombre()); >>> >> } >>> >> return roles; >>> >> } >>> >> >>> >> private Set<String> getPermisos(Usuario u) { >>> >> Set<String> permisos = new LinkedHashSet<String>(); >>> >> for (Rol rol : u.getRoles()) { >>> >> for (Permiso p : rol.getPermisos()) { >>> >> permisos.add(p.getNombre()); >>> >> } >>> >> } >>> >> return permisos; >>> >> } >>> >> >>> >> @Override >>> >> protected AuthorizationInfo doGetAuthorizationInfo( >>> >> PrincipalCollection principals) { >>> >> if (principals == null) { >>> >> throw new AuthorizationException( >>> >> "El parametro >>> PrincipalCollection >>> >> no >>> >> puede ser null."); >>> >> } >>> >> String apodo = (String) >>> >> principals.fromRealm(getName()).iterator() >>> >> .next(); >>> >> Usuario u = servicios.consultarUsuario(apodo); >>> >> SimpleAuthorizationInfo info = new >>> >> SimpleAuthorizationInfo(getRoles(u)); >>> >> info.setStringPermissions(getPermisos(u)); >>> >> return info; >>> >> } >>> >> >>> >> @Override >>> >> protected AuthenticationInfo doGetAuthenticationInfo( >>> >> AuthenticationToken token) throws >>> >> AuthenticationException { >>> >> UsernamePasswordToken upToken = >>> (UsernamePasswordToken) >>> >> token; >>> >> String apodo = upToken.getUsername(); >>> >> if (apodo == null) { >>> >> throw new AccountException( >>> >> "No se permiten apodos Null en >>> >> este >>> >> realm."); >>> >> } >>> >> AuthenticationInfo info = null; >>> >> String contrasenia = >>> >> servicios.consultarContrasenia(apodo); >>> >> if (contrasenia == null) { >>> >> throw new UnknownAccountException("No se >>> encontro >>> >> el >>> >> usuario [" >>> >> + apodo + "]"); >>> >> } >>> >> info = new SimpleAuthenticationInfo(apodo, >>> contrasenia, >>> >> getName()); >>> >> return info; >>> >> } >>> >> >>> >> } >>> >> >>> >> And in my login window i have implemented in a button this code >>> >> private GodService god = new GodService(); >>> >> protected void button_actionPerformed(ActionEvent arg0) { >>> >> EjbRealm ejbRealm = new EjbRealm(god.getGodPort()); >>> >> ejbRealm.setCredentialsMatcher(new >>> >> Sha256CredentialsMatcher()); >>> >> DefaultSecurityManager securityManager = new >>> >> DefaultSecurityManager( >>> >> ejbRealm); >>> >> UsernamePasswordToken token = new >>> >> UsernamePasswordToken(apodoText >>> >> .getText(), >>> >> contraseniaText.getPassword()); >>> >> try { >>> >> Subject user = securityManager.login(token); >>> >> if (user.isAuthenticated()) { >>> >> MenuForm window = new MenuForm(god); >>> >> window.show(); >>> >> dispose(); >>> >> } >>> >> } catch (AuthenticationException e) { >>> >> mostrarMensaje("Usuario o contraseña >>> >> incorrectos"); >>> >> } finally { >>> >> securityManager.destroy(); >>> >> } >>> >> } >>> >> >>> >> But now i want to know how to secure my webservice (God) using >>> JSecurity. >>> >> What i need to do? >>> >> >>> >> >>> >> daniel_asv wrote: >>> >> > >>> >> > Hi, i have a webservice from a stateless session bean running in a >>> >> > GlassFish Application Server. The webservice is consumed by a swing >>> >> > application, i want to agregate a login to the swing application, >>> the >>> >> user >>> >> > and password will be stored in a SQL Server 2005 database managed >>> by >>> >> JPA >>> >> > (Hibernate). >>> >> > >>> >> > What i need to do for use JSecurity in my login window using the >>> >> > webservice? >>> >> > >>> >> >>> >> -- >>> >> View this message in context: >>> >> http://n2.nabble.com/How-to-use-JSecurity-tp679197p722874.html >>> >> Sent from the JSecurity User mailing list archive at Nabble.com. >>> >> >>> >> >>> > >>> > >>> >>> -- >>> View this message in context: >>> http://n2.nabble.com/How-to-use-JSecurity-tp679197p723001.html >>> Sent from the JSecurity User mailing list archive at Nabble.com. >>> >>> >> > > -- View this message in context: http://n2.nabble.com/How-to-use-JSecurity-tp679197p724494.html Sent from the JSecurity User mailing list archive at Nabble.com.
