Adding users in EJB

All

Intro

I did in another post about a simple Remote Sum EJB  and client. The scheme is pretty straight forward and I will do the opposite of what usually someone do (tutorial then set the user) let’s do the opposite:

Adding the users/roles

Both two steps below can be done with:

$JBOSS_HOME/bin/add-user.sh -a -u 'testUserOne' -p 'testPasswordOne' -g 'guest'
  1. Add the user you will test in the application-users.properties:

testUserOne=cf8f98f5b90ccc568e1ffc7767ac9d8b

2. Add the roles (either guest and/or admin) in the application-roles.properties:

testUserOne=guest

#testUserOne=guest, admin

3. Add Application in the security domain:

<application-security-domains>
<application-security-domain name=”other” security-domain=”ApplicationDomain”/>
</application-security-domains>

4. And add the connector:

<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm" sasl-authentication-factory="application-sasl-authentication"/>

Maven is a friend

Maven is always a friend an helps organize the project in the pom.xml. On this case though, I will go step by step ~ thoroughly ~ so won’t use mvn.

So just do jar -cvf EjbSecure.jar SecureSum.class SecureSumRemote.class resources/

Code

1. Besides what was already there, we just need to add the annotation for the RolesAllowed and the SecurityDomain allowed, as follows:

@Stateless
@RolesAllowed({ “guest” }) //Added
@SecurityDomain(“other“) //Added
public class SecureSum implements SecureSumRemote
{
public int add(int a, int b){
return a+b;
}
}

2. Add the wildfly-config.xml (Jakarta 8 specially) for the security validation, setting up the actually user you want

<set-user-name name=”testUserOne”/>
<credentials>
<clear-password password=”testPasswordOne”/>

Testing

  1. Create a Client passing the password that you added on wildfly-config.xml:

if(username != null && password != null) {
props.put(Context.SECURITY_PRINCIPAL, username);
props.put(Context.SECURITY_CREDENTIALS, password);
}

2. Compile it with jboss-annotations-ejb3-4.2.2.GA.jar, run it:

#java StandaloneSecure
Getting the Remote
…More several
Got the remote InterfaceProxy for remote EJB StatelessEJBLocator for “/EjbSecure/SecureSum”, view is interface SecureSumRemote, affinity is None
20

Interesting

1. Not using password (or using a wrong password) there will be a Not Allowed:

02:19:47,143 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: EJB Invocation failed on component SecureSum for method public abstract int SecureSumRemote.add(int,int): javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public abstract int SecureSumRemote.add(int,int) of bean: SecureSum is not allowed

2. To add the admin feature specific, just add:

@RolesAllowed(admin) some function, like in [dont forget to add admin role for the user in application-roles.properties]:

@RolesAllowed(“admin”)
public int minus(int a, int b){ return a – b; }

Result:

Got the remote InterfaceProxy for remote EJB StatelessEJBLocator for “/EjbSecure/SecureSum”, view is interface SecureSumRemote, affinity is None
Sum:20
Minus:0

Otherwise, you get an exception: WFLYEJB0364: Invocation on method: public abstract int SecureSumRemote.minus(int,int) of bean: SecureSum is not allowed

3. The lookup get’s the remote, so cast to Remote. And to add another method, the method must be on the remote.

Reference

Of course the quickstart security. Very well done, it is a bit of an overkill at first but later understanding the basics you can add more on top of it no problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s