No worries Daniel - its good to see that you're trying to get it all under control! Keep us posted with any questions along the way.
Cheers, Les On Thu, Aug 14, 2008 at 12:26 PM, daniel_asv <[EMAIL PROTECTED]> wrote: > > I'am using JBuilder 2008 and i choose to Create an EJB Modeling project for > the servidor.jar. I only have 2 months programming in java maybe that's why > i'm doing wrong usage of ejb with jsecurity. > > > Les Hazlewood wrote: > > > > Just out of curiosity, are you using EJB3? > > > > On Thu, Aug 14, 2008 at 10:08 AM, Les Hazlewood <[EMAIL PROTECTED]> > wrote: > > > >> Ah, I see now. > >> > >> The default JSecurity SecurityManager implemenations are almost always > >> intended to reside in the business tier, not in the client. In an EJB3 > >> application, this means it should reside along side of (a peer to) your > >> Stateless Session Bean - in the server, not in the client gui. > >> > >> So, if you want to secure a web service, JSecurity has to be configured > >> to > >> handle http communication - this is done by configuring JSecurity as a > >> servlet filter in web.xml, to intercept the webservice Servlet Requests > >> that > >> will eventually call the underlying EJB. > >> > >> See this JavaDoc for how to configure the filter: > >> > http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html > >> > >> So, for example, if all of your web service calls go > >> > >> http://your.host.ip/myapp/webservices > >> > >> you would configure the JSecurity filter to intercept all the > >> /webservices/** urls. For example: > >> > >> <filter> > >> <filter-name>JSecurityFilter</filter-name> > >> > >> <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class> > >> > >> <init-param> > >> <param-name>config</param-name> > >> <param-value> > >> # The JSecurityFilter configuration is very powerful and > >> flexible, while still remaining succinct. > >> # Please read the comprehensive example, with full > >> comments > >> and explanations, in the JavaDoc: > >> # > >> # > >> > http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html > >> > >> [filters] > >> jsecurity.loginUrl = /s/login > >> authc.successUrl = /s/index > >> > >> [urls] > >> # specify any of the above filters here, depending on > the > >> type of security you want: > >> /webservices/**=authc > >> > >> </param-value> > >> </init-param> > >> > >> </filter> > >> > >> <filter-mapping> > >> <filter-name>JSecurityFilter</filter-name> > >> <url-pattern>*</url-pattern> > >> </filter-mapping> > >> > >> Does this help? > >> > >> > >> On Wed, Aug 13, 2008 at 6:54 PM, daniel_asv > >> <[EMAIL PROTECTED]>wrote: > >> > >>> > >>> Hi Les, i don´t use servlet and don´t configure web.xml. > >>> > >>> I have three jar: > >>> 1. servidor.jar an ejb deployed in glassfish, this contain my stateless > >>> session bean (god) which exposes all his methods as webservice and my > >>> jpa > >>> entitys (Cita, CitaDetalle, Clave, Direccion, Medico, Paciente, > Permiso, > >>> Persona, Rol, Tratamiento, Usuario). > >>> 2. servicios.jar with the generated web service client from wsdl in > >>> glassfish using JAX-WS and JAXB. > >>> 3. cliente.jar the swing application that consumes the webservices > (here > >>> i > >>> use JSecurity). > >>> > >>> My problem is in the webservices. I don´t know how to call them using a > >>> user > >>> and password. > >>> > >>> > >>> Les Hazlewood wrote: > >>> > > >>> > Hi Daniel, > >>> > > >>> > Have you configured JSecurity via a servlet filter in web.xml? I'm > >>> just > >>> > trying to see what your runtime environment is like first before I > >>> > recommend > >>> > a solution. > >>> > > >>> > Les > >>> > > >>> > On Wed, Aug 13, 2008 at 5:38 PM, daniel_asv <[EMAIL PROTECTED]> > >>> > wrote: > >>> > > >>> >> > >>> >> I have implemented this class that inherited from AuthorizingRealm > >>> >> > >>> >> package presentacion; > >>> >> > >>> >> import java.util.LinkedHashSet; > >>> >> import java.util.Set; > >>> >> > >>> >> import org.jsecurity.authc.AccountException; > >>> >> import org.jsecurity.authc.AuthenticationException; > >>> >> import org.jsecurity.authc.AuthenticationInfo; > >>> >> import org.jsecurity.authc.AuthenticationToken; > >>> >> import org.jsecurity.authc.SimpleAuthenticationInfo; > >>> >> import org.jsecurity.authc.UnknownAccountException; > >>> >> import org.jsecurity.authc.UsernamePasswordToken; > >>> >> import org.jsecurity.authz.AuthorizationException; > >>> >> import org.jsecurity.authz.AuthorizationInfo; > >>> >> import org.jsecurity.authz.SimpleAuthorizationInfo; > >>> >> import org.jsecurity.realm.AuthorizingRealm; > >>> >> import org.jsecurity.subject.PrincipalCollection; > >>> >> > >>> >> import acciones.God; > >>> >> import acciones.Permiso; > >>> >> import acciones.Rol; > >>> >> import acciones.Usuario; > >>> >> > >>> >> public class EjbRealm extends AuthorizingRealm { > >>> >> private God servicios; > >>> >> > >>> >> public EjbRealm(God servicios) { > >>> >> this.servicios = servicios; > >>> >> } > >>> >> > >>> >> private Set<String> getRoles(Usuario u) { > >>> >> Set<String> roles = new LinkedHashSet<String>(); > >>> >> for (Rol rol : u.getRoles()) { > >>> >> roles.add(rol.getNombre()); > >>> >> } > >>> >> return roles; > >>> >> } > >>> >> > >>> >> private Set<String> getPermisos(Usuario u) { > >>> >> Set<String> permisos = new LinkedHashSet<String>(); > >>> >> for (Rol rol : u.getRoles()) { > >>> >> for (Permiso p : rol.getPermisos()) { > >>> >> permisos.add(p.getNombre()); > >>> >> } > >>> >> } > >>> >> return permisos; > >>> >> } > >>> >> > >>> >> @Override > >>> >> protected AuthorizationInfo doGetAuthorizationInfo( > >>> >> PrincipalCollection principals) { > >>> >> if (principals == null) { > >>> >> throw new AuthorizationException( > >>> >> "El parametro > >>> PrincipalCollection > >>> >> no > >>> >> puede ser null."); > >>> >> } > >>> >> String apodo = (String) > >>> >> principals.fromRealm(getName()).iterator() > >>> >> .next(); > >>> >> Usuario u = servicios.consultarUsuario(apodo); > >>> >> SimpleAuthorizationInfo info = new > >>> >> SimpleAuthorizationInfo(getRoles(u)); > >>> >> info.setStringPermissions(getPermisos(u)); > >>> >> return info; > >>> >> } > >>> >> > >>> >> @Override > >>> >> protected AuthenticationInfo doGetAuthenticationInfo( > >>> >> AuthenticationToken token) throws > >>> >> AuthenticationException { > >>> >> UsernamePasswordToken upToken = > >>> (UsernamePasswordToken) > >>> >> token; > >>> >> String apodo = upToken.getUsername(); > >>> >> if (apodo == null) { > >>> >> throw new AccountException( > >>> >> "No se permiten apodos Null > en > >>> >> este > >>> >> realm."); > >>> >> } > >>> >> AuthenticationInfo info = null; > >>> >> String contrasenia = > >>> >> servicios.consultarContrasenia(apodo); > >>> >> if (contrasenia == null) { > >>> >> throw new UnknownAccountException("No se > >>> encontro > >>> >> el > >>> >> usuario [" > >>> >> + apodo + "]"); > >>> >> } > >>> >> info = new SimpleAuthenticationInfo(apodo, > >>> contrasenia, > >>> >> getName()); > >>> >> return info; > >>> >> } > >>> >> > >>> >> } > >>> >> > >>> >> And in my login window i have implemented in a button this code > >>> >> private GodService god = new GodService(); > >>> >> protected void button_actionPerformed(ActionEvent arg0) { > >>> >> EjbRealm ejbRealm = new EjbRealm(god.getGodPort()); > >>> >> ejbRealm.setCredentialsMatcher(new > >>> >> Sha256CredentialsMatcher()); > >>> >> DefaultSecurityManager securityManager = new > >>> >> DefaultSecurityManager( > >>> >> ejbRealm); > >>> >> UsernamePasswordToken token = new > >>> >> UsernamePasswordToken(apodoText > >>> >> .getText(), > >>> >> contraseniaText.getPassword()); > >>> >> try { > >>> >> Subject user = securityManager.login(token); > >>> >> if (user.isAuthenticated()) { > >>> >> MenuForm window = new MenuForm(god); > >>> >> window.show(); > >>> >> dispose(); > >>> >> } > >>> >> } catch (AuthenticationException e) { > >>> >> mostrarMensaje("Usuario o contraseña > >>> >> incorrectos"); > >>> >> } finally { > >>> >> securityManager.destroy(); > >>> >> } > >>> >> } > >>> >> > >>> >> But now i want to know how to secure my webservice (God) using > >>> JSecurity. > >>> >> What i need to do? > >>> >> > >>> >> > >>> >> daniel_asv wrote: > >>> >> > > >>> >> > Hi, i have a webservice from a stateless session bean running in a > >>> >> > GlassFish Application Server. The webservice is consumed by a > swing > >>> >> > application, i want to agregate a login to the swing application, > >>> the > >>> >> user > >>> >> > and password will be stored in a SQL Server 2005 database managed > >>> by > >>> >> JPA > >>> >> > (Hibernate). > >>> >> > > >>> >> > What i need to do for use JSecurity in my login window using the > >>> >> > webservice? > >>> >> > > >>> >> > >>> >> -- > >>> >> View this message in context: > >>> >> http://n2.nabble.com/How-to-use-JSecurity-tp679197p722874.html > >>> >> Sent from the JSecurity User mailing list archive at Nabble.com. > >>> >> > >>> >> > >>> > > >>> > > >>> > >>> -- > >>> View this message in context: > >>> http://n2.nabble.com/How-to-use-JSecurity-tp679197p723001.html > >>> Sent from the JSecurity User mailing list archive at Nabble.com. > >>> > >>> > >> > > > > > > -- > View this message in context: > http://n2.nabble.com/How-to-use-JSecurity-tp679197p724494.html > Sent from the JSecurity User mailing list archive at Nabble.com. > >
