Hello Dave and others,
we'll post some better explanation on this soon, but until then, have
you gotten the ATM to work with the user management? It is a good
example of using roles and users in Orion
Regards,
Karl Avedal
Dave Smith wrote:
> This has been a long running problem that I never received an answer
> to, despite much discussion on this list.
>
> wim veninga wrote:
>
>> Hi all,
>>
>> I have created an set of Enterprise beans and in the assembly
>> descriptor I have
>> defined a set of roles that have some permissions to run methods (
>> in ejb-jar.xml).
>> When I deploy the application and the modify orion-ejb-jar.xml to
>> map the
>> roles to different groups in the assembly descriptor and than
>> re-start or re-deploy the application (using orionconsole.jar) orion
>> overwrites the changes I've made in
>> orion-ejb-jar.xml (see below for the deployment descriptors
>> ejb-jar.xml, orion-ejb-jar.xml and orion-ejb-jar.xml after
>> re-starting/re-deploying).
>>
>> Has anybody done this in orion (with ejb 2.0 on orion 1.2.0) ? If so
>> can you sent me the deployment descriptors ?
>>
>> Have I made an error ? (The groups are defined in principals.xml and
>> the role-mappings aren't being overwritten in
>> orion-application.xml).
>>
>> Does the default-method-acces tag in orion-ejb-jar.xml means that
>> all the methods that aren't tied to a method permission in
>> ejb-jar.xml can
>> be called by the group/user and that all the methods that are can't
>> be called ?
>>
>> Thanks in advance,
>> Greetings
>> Wim Veninga
>>
>> In ejb-jar.xml:
>> <?xml version="1.0"?>
>> <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise
>> JavaBeans 1.1//EN" "http://java.sun.com/j2ee/dtds/ejb-jar_2_0.dtd">
>>
>>
>> <!-- KOZIJNCALC BEANS -->
>>
>> <ejb-jar>
>> <description>The deployment descriptor for the com.fnv.kozijncalc
>> beans</description>
>> <enterprise-beans>
>> <entity>
>> <description></description>
>> <ejb-name>Klant</ejb-name>
>> <home>com.fnv.kozijncalc.entities.klanten.KlantHome</home>
>> <remote>com.fnv.kozijncalc.entities.klanten.Klant</remote>
>>
>> <ejb-class>com.fnv.kozijncalc.entities.klanten.KlantEJB</ejb-class>
>> <persistence-type>Container</persistence-type>
>> <prim-key-class>java.lang.Integer</prim-key-class>
>> <reentrant>False</reentrant>
>> <cmp-field><field-name>klantNr</field-name></cmp-field>
>> <cmp-field><field-name>klantNaam</field-name></cmp-field>
>> <cmp-field><field-name>klantAdres</field-name></cmp-field>
>> <cmp-field><field-name>klantPostcode</field-name></cmp-field>
>>
>> <cmp-field><field-name>klantPlaats</field-name></cmp-field>
>> <cmp-field><field-name>klantLand</field-name></cmp-field>
>> <cmp-field><field-name>klantTelefoon</field-name></cmp-field>
>>
>>
>> <cmp-field><field-name>klantContactPersoon</field-name></cmp-field>
>> <primkey-field>klantNr</primkey-field>
>> </entity>
>> <session>
>> <ejb-name>KlantSession</ejb-name>
>>
>> <home>com.fnv.kozijncalc.sessions.klanten.KlantSessionHome</home>
>>
>> <remote>com.fnv.kozijncalc.sessions.klanten.KlantSession</remote>
>>
>> <ejb-class>com.fnv.kozijncalc.sessions.klanten.KlantSessionBean</ejb-class>
>>
>> <session-type>Stateless</session-type>
>> <transaction-type>Container</transaction-type>
>> <ejb-ref>
>> <ejb-ref-name>kozijn/ejb/KlantHome</ejb-ref-name>
>> <ejb-ref-type>Entity</ejb-ref-type>
>> <home>com.fnv.kozijncalc.entities.klanten.KlantHome</home>
>> <remote>com.fnv.kozijncalc.entities.klanten.Klant</remote>
>> <ejb-link>Klant</ejb-link>
>> </ejb-ref>
>> </session>
>> </enterprise-beans>
>>
>> <assembly-descriptor>
>>
>> <!-- Security roles -->
>>
>> <security-role>
>> <role-name>calculator</role-name>
>> </security-role>
>> <security-role>
>> <role-name>hoofd_calculator</role-name>
>> </security-role>
>> <security-role>
>> <role-name>werkvoorbereiding</role-name>
>> </security-role>
>>
>> <!-- The method permissions that the different roles have to call
>> methods -->
>>
>> <!-- The method permissions for the werkvoorbereiding role,
>> currently not any methods-->
>> <method-permission>
>> <role-name>werkvoorbereiding</role-name>
>> </method-permission>
>> <!-- The calculator method permissions -->
>> <method-permission>
>>
>> <description>The permissions of the calculator
>> role</description>
>> <role-name>calculator</role-name>
>>
>> <method>
>> <description>The permissions for the klant entity bean
>> remote</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Remote</method-intf>
>> <method-name>*</method-name>
>> </method>
>> <method>
>> <description>A permission for the klant entity bean
>> home</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Home</method-intf>
>> <method-name>findAll</method-name>
>> </method>
>> <method>
>> <description>A permission for the klant entity bean
>> home</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Home</method-intf>
>> <method-name>findByKlantNaam</method-name>
>> <method-params>
>> <method-param>java.lang.String</method-param>
>> </method-params>
>> </method>
>> <method>
>> <description>A permission for the klant entity bean
>> home</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Home</method-intf>
>> <method-name>findByPrimaryKey</method-name>
>> <method-params>
>> <method-param>java.lang.Integer</method-param>
>> </method-params>
>> </method>
>> <method>
>> <description>The permissions for the klant session bean
>> </description>
>> <ejb-name>KlantSession</ejb-name>
>> <method-name>create</method-name>
>> </method>
>> <method>
>> <description>The permissions for the klant session bean
>> </description>
>> <ejb-name>KlantSession</ejb-name>
>> <method-name>findAllKlanten</method-name>
>> </method>
>> </method-permission>
>>
>> <!-- The hoofd calculator method permissions -->
>> <method-permission>
>> <description>The permissions of the hoofd calculator
>> role</description>
>> <role-name>hoofd_calculator</role-name>
>> <method>
>> <description>The permissions for the klant entity bean
>> remote</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Remote</method-intf>
>> <method-name>*</method-name>
>> </method>
>> <method>
>> <description>A permission for the klant entity bean
>> home</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Home</method-intf>
>> <method-name>findAll</method-name>
>> </method>
>> <method>
>> <description>A permission for the klant entity bean
>> home</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Home</method-intf>
>> <method-name>findByKlantNaam</method-name>
>> <method-params>
>> <method-param>java.lang.String</method-param>
>> </method-params>
>> </method>
>> <method>
>> <description>A permission for the klant entity bean
>> home</description>
>> <ejb-name>Klant</ejb-name>
>> <method-intf>Home</method-intf>
>> <method-name>findByPrimaryKey</method-name>
>> <method-params>
>> <method-param>java.lang.Integer</method-param>
>> </method-params>
>> </method>
>> <method>
>> <description>The permissions for the klant session bean
>> </description>
>> <ejb-name>KlantSession</ejb-name>
>> <method-name>*</method-name>
>> </method>
>> </method-permission>
>>
>> <!-- The container transaction properties -->
>> <container-transaction>
>> <method>
>> <ejb-name>Klant</ejb-name>
>> <method-name>*</method-name>
>> </method>
>> <trans-attribute>Supports</trans-attribute>
>> </container-transaction>
>> <container-transaction>
>> <method>
>> <ejb-name>KlantSession</ejb-name>
>> <method-name>*</method-name>
>> </method>
>> <trans-attribute>Supports</trans-attribute>
>> </container-transaction>
>>
>> </assembly-descriptor>
>>
>> </ejb-jar>
>>
>> In orion-ejb-jar.xml after changes before re-start or re-deploy:
>> <?xml version="1.0"?>
>> <!DOCTYPE orion-ejb-jar PUBLIC "-//Evermind//DTD Enterprise
>> JavaBeans 1.1 runtime//EN"
>> "http://www.orionserver.com/dtds/orion-ejb-jar.dtd">
>>
>> <orion-ejb-jar deployment-version="1.2.0"
>> deployment-time="e107600659">
>> <enterprise-beans>
>>
>> <!-- THE KLANT ENTITY -->
>> <entity-deployment name="Klant" location="kozijn/ejb/KlantHome"
>> wrapper="KlantHome_EntityHomeWrapper177" table="klanten"
>> data-source="jdbc/kozijn/KlantenDS">
>> <primkey-mapping>
>> <cmp-field-mapping name="klantNr" persistence-name="klantNr" />
>> </primkey-mapping>
>> <cmp-field-mapping name="klantNaam" persistence-name="klantNaam"
>> />
>> <cmp-field-mapping name="klantAdres"
>> persistence-name="klantAdres" />
>> <cmp-field-mapping name="klantPostcode"
>> persistence-name="klantPostcode" />
>> <cmp-field-mapping name="klantPlaats"
>> persistence-name="klantPlaats" />
>> <cmp-field-mapping name="klantLand" persistence-name="klantLand"
>> />
>> <cmp-field-mapping name="klantTelefoon"
>> persistence-name="klantTelefoon" />
>> <cmp-field-mapping name="klantContactPersoon"
>> persistence-name="klantContactPersoon" />
>> <finder-method query="">
>> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
>> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
>> klanten.klantLand, klanten.klantTelefoon,
>> klanten.klantContactPersoon from klanten" -->
>> <method>
>> <ejb-name>Klant</ejb-name>
>> <method-name>findAll</method-name>
>> <method-params>
>> </method-params>
>> </method>
>> </finder-method>
>> <finder-method query="$klantNaam = $1">
>> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
>> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
>> klanten.klantLand, klanten.klantTelefoon,
>> klanten.klantContactPersoon from klanten where klanten.klantNaam =
>> ?" -->
>> <method>
>> <ejb-name>Klant</ejb-name>
>> <method-name>findByKlantNaam</method-name>
>> <method-params>
>> <method-param>java.lang.String</method-param>
>> </method-params>
>> </method>
>> </finder-method>
>> </entity-deployment>
>>
>> <!-- THE KLANTSESSION BEAN -->
>> <session-deployment name="KlantSession"
>> location="kozijn/ejb/KlantSession"
>> wrapper="KlantSessionHome_StatelessSessionHomeWrapper175"
>> timeout="3600" persistence-filename="KlantSession">
>> <ejb-ref-mapping name="kozijn/ejb/KlantHome" />
>> </session-deployment>
>> </enterprise-beans>
>>
>> <assembly-descriptor>
>>
>> <!-- THE ROLE-GROUP MAPPINGS -->
>> <security-role-mapping name="calculator">
>> <group name="calculatoren" />
>> </security-role-mapping>
>> <security-role-mapping name="hoofd_calculator">
>> <group name="hoofd-calculatoren" />
>> </security-role-mapping>
>> <security-role-mapping name="werkvoorbereiding">
>> <group name="werkvoorbereidingen" />
>> </security-role-mapping>
>>
>> <!-- THE DEFAULT METHOD ACCESS -->
>> <default-method-access>
>> <security-role-mapping>
>> <group name="administrators" />
>> </security-role-mapping>
>> </default-method-access>
>> </assembly-descriptor>
>> </orion-ejb-jar>
>>
>> orion-ejb-jar.xml after re-start or re-deploy:
>> <?xml version="1.0"?>
>> <!DOCTYPE orion-ejb-jar PUBLIC "-//Evermind//DTD Enterprise
>> JavaBeans 1.1 runtime//EN"
>> "http://www.orionserver.com/dtds/orion-ejb-jar.dtd">
>>
>> <orion-ejb-jar deployment-version="1.2.0"
>> deployment-time="e107600659">
>> <enterprise-beans>
>>
>> <!-- THE KLANT ENTITY -->
>> <entity-deployment name="Klant" location="kozijn/ejb/KlantHome"
>> wrapper="KlantHome_EntityHomeWrapper177" table="klanten"
>> data-source="jdbc/kozijn/KlantenDS">
>> <primkey-mapping>
>> <cmp-field-mapping name="klantNr" persistence-name="klantNr" />
>> </primkey-mapping>
>> <cmp-field-mapping name="klantNaam" persistence-name="klantNaam"
>> />
>> <cmp-field-mapping name="klantAdres"
>> persistence-name="klantAdres" />
>> <cmp-field-mapping name="klantPostcode"
>> persistence-name="klantPostcode" />
>> <cmp-field-mapping name="klantPlaats"
>> persistence-name="klantPlaats" />
>> <cmp-field-mapping name="klantLand" persistence-name="klantLand"
>> />
>> <cmp-field-mapping name="klantTelefoon"
>> persistence-name="klantTelefoon" />
>> <cmp-field-mapping name="klantContactPersoon"
>> persistence-name="klantContactPersoon" />
>> <finder-method query="">
>> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
>> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
>> klanten.klantLand, klanten.klantTelefoon,
>> klanten.klantContactPersoon from klanten" -->
>> <method>
>> <ejb-name>Klant</ejb-name>
>> <method-name>findAll</method-name>
>> <method-params>
>> </method-params>
>> </method>
>> </finder-method>
>> <finder-method query="$klantNaam = $1">
>> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
>> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
>> klanten.klantLand, klanten.klantTelefoon,
>> klanten.klantContactPersoon from klanten where klanten.klantNaam =
>> ?" -->
>> <method>
>> <ejb-name>Klant</ejb-name>
>> <method-name>findByKlantNaam</method-name>
>> <method-params>
>> <method-param>java.lang.String</method-param>
>> </method-params>
>> </method>
>> </finder-method>
>> </entity-deployment>
>>
>> <!-- THE KLANTSESSION BEAN -->
>> <session-deployment name="KlantSession"
>> location="kozijn/ejb/KlantSession"
>> wrapper="KlantSessionHome_StatelessSessionHomeWrapper175"
>> timeout="3600" persistence-filename="KlantSession">
>> <ejb-ref-mapping name="kozijn/ejb/KlantHome" />
>> </session-deployment>
>> </enterprise-beans>
>>
>> <assembly-descriptor>
>>
>> <!-- THE ROLE-GROUP MAPPINGS -->
>> <security-role-mapping name="calculator">
>> <group name="" />
>> </security-role-mapping>
>> <security-role-mapping name="">
>> <group name="hoofd-calculatoren" />
>> </security-role-mapping>
>> <security-role-mapping name="">
>> <group name="werkvoorbereidingen" />
>> </security-role-mapping>
>>
>> <!-- THE DEFAULT METHOD ACCESS -->
>> <default-method-access>
>> <security-role-mapping>
>> <group name="administrators" />
>> </security-role-mapping>
>> </default-method-access>
>> </assembly-descriptor>
>> </orion-ejb-jar>
>>
>