Hi Karl,
I've looked at the ejb-jar.xml of atm. I saw that there is an role with the name
'users'.
Then I've looked at principals.xml and saw a group called 'users'. Do you have
to define roles with the same name as group name to map them or do you need
to map the roles to group names in orion-ejb-jar.xml? If I map roles to groups in
orion-ejb-jar.xml and I re-deploy or I re-start the application orion overwrites
the
changes i've made in orion-ejb-jar.
Where are you going to post the explanation ?
Thanks in advance
Karl Avedal wrote:
> Hello Dave and others,
>
> we'll post some better explanation on this soon, but until then, have
> you gotten the ATM to work with the user management? It is a good
> example of using roles and users in Orion
>
> Regards,
> Karl Avedal
>
> Dave Smith wrote:
>
> > This has been a long running problem that I never received an answer
> > to, despite much discussion on this list.
> >
> > wim veninga wrote:
> >
> >> Hi all,
> >>
> >> I have created an set of Enterprise beans and in the assembly
> >> descriptor I have
> >> defined a set of roles that have some permissions to run methods (
> >> in ejb-jar.xml).
> >> When I deploy the application and the modify orion-ejb-jar.xml to
> >> map the
> >> roles to different groups in the assembly descriptor and than
> >> re-start or re-deploy the application (using orionconsole.jar) orion
> >> overwrites the changes I've made in
> >> orion-ejb-jar.xml (see below for the deployment descriptors
> >> ejb-jar.xml, orion-ejb-jar.xml and orion-ejb-jar.xml after
> >> re-starting/re-deploying).
> >>
> >> Has anybody done this in orion (with ejb 2.0 on orion 1.2.0) ? If so
> >> can you sent me the deployment descriptors ?
> >>
> >> Have I made an error ? (The groups are defined in principals.xml and
> >> the role-mappings aren't being overwritten in
> >> orion-application.xml).
> >>
> >> Does the default-method-acces tag in orion-ejb-jar.xml means that
> >> all the methods that aren't tied to a method permission in
> >> ejb-jar.xml can
> >> be called by the group/user and that all the methods that are can't
> >> be called ?
> >>
> >> Thanks in advance,
> >> Greetings
> >> Wim Veninga
> >>
> >> In ejb-jar.xml:
> >> <?xml version="1.0"?>
> >> <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise
> >> JavaBeans 1.1//EN" "http://java.sun.com/j2ee/dtds/ejb-jar_2_0.dtd">
> >>
> >>
> >> <!-- KOZIJNCALC BEANS -->
> >>
> >> <ejb-jar>
> >> <description>The deployment descriptor for the com.fnv.kozijncalc
> >> beans</description>
> >> <enterprise-beans>
> >> <entity>
> >> <description></description>
> >> <ejb-name>Klant</ejb-name>
> >> <home>com.fnv.kozijncalc.entities.klanten.KlantHome</home>
> >> <remote>com.fnv.kozijncalc.entities.klanten.Klant</remote>
> >>
> >> <ejb-class>com.fnv.kozijncalc.entities.klanten.KlantEJB</ejb-class>
> >> <persistence-type>Container</persistence-type>
> >> <prim-key-class>java.lang.Integer</prim-key-class>
> >> <reentrant>False</reentrant>
> >> <cmp-field><field-name>klantNr</field-name></cmp-field>
> >> <cmp-field><field-name>klantNaam</field-name></cmp-field>
> >> <cmp-field><field-name>klantAdres</field-name></cmp-field>
> >> <cmp-field><field-name>klantPostcode</field-name></cmp-field>
> >>
> >> <cmp-field><field-name>klantPlaats</field-name></cmp-field>
> >> <cmp-field><field-name>klantLand</field-name></cmp-field>
> >> <cmp-field><field-name>klantTelefoon</field-name></cmp-field>
> >>
> >>
> >> <cmp-field><field-name>klantContactPersoon</field-name></cmp-field>
> >> <primkey-field>klantNr</primkey-field>
> >> </entity>
> >> <session>
> >> <ejb-name>KlantSession</ejb-name>
> >>
> >> <home>com.fnv.kozijncalc.sessions.klanten.KlantSessionHome</home>
> >>
> >> <remote>com.fnv.kozijncalc.sessions.klanten.KlantSession</remote>
> >>
> >> <ejb-class>com.fnv.kozijncalc.sessions.klanten.KlantSessionBean</ejb-class>
> >>
> >> <session-type>Stateless</session-type>
> >> <transaction-type>Container</transaction-type>
> >> <ejb-ref>
> >> <ejb-ref-name>kozijn/ejb/KlantHome</ejb-ref-name>
> >> <ejb-ref-type>Entity</ejb-ref-type>
> >> <home>com.fnv.kozijncalc.entities.klanten.KlantHome</home>
> >> <remote>com.fnv.kozijncalc.entities.klanten.Klant</remote>
> >> <ejb-link>Klant</ejb-link>
> >> </ejb-ref>
> >> </session>
> >> </enterprise-beans>
> >>
> >> <assembly-descriptor>
> >>
> >> <!-- Security roles -->
> >>
> >> <security-role>
> >> <role-name>calculator</role-name>
> >> </security-role>
> >> <security-role>
> >> <role-name>hoofd_calculator</role-name>
> >> </security-role>
> >> <security-role>
> >> <role-name>werkvoorbereiding</role-name>
> >> </security-role>
> >>
> >> <!-- The method permissions that the different roles have to call
> >> methods -->
> >>
> >> <!-- The method permissions for the werkvoorbereiding role,
> >> currently not any methods-->
> >> <method-permission>
> >> <role-name>werkvoorbereiding</role-name>
> >> </method-permission>
> >> <!-- The calculator method permissions -->
> >> <method-permission>
> >>
> >> <description>The permissions of the calculator
> >> role</description>
> >> <role-name>calculator</role-name>
> >>
> >> <method>
> >> <description>The permissions for the klant entity bean
> >> remote</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Remote</method-intf>
> >> <method-name>*</method-name>
> >> </method>
> >> <method>
> >> <description>A permission for the klant entity bean
> >> home</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Home</method-intf>
> >> <method-name>findAll</method-name>
> >> </method>
> >> <method>
> >> <description>A permission for the klant entity bean
> >> home</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Home</method-intf>
> >> <method-name>findByKlantNaam</method-name>
> >> <method-params>
> >> <method-param>java.lang.String</method-param>
> >> </method-params>
> >> </method>
> >> <method>
> >> <description>A permission for the klant entity bean
> >> home</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Home</method-intf>
> >> <method-name>findByPrimaryKey</method-name>
> >> <method-params>
> >> <method-param>java.lang.Integer</method-param>
> >> </method-params>
> >> </method>
> >> <method>
> >> <description>The permissions for the klant session bean
> >> </description>
> >> <ejb-name>KlantSession</ejb-name>
> >> <method-name>create</method-name>
> >> </method>
> >> <method>
> >> <description>The permissions for the klant session bean
> >> </description>
> >> <ejb-name>KlantSession</ejb-name>
> >> <method-name>findAllKlanten</method-name>
> >> </method>
> >> </method-permission>
> >>
> >> <!-- The hoofd calculator method permissions -->
> >> <method-permission>
> >> <description>The permissions of the hoofd calculator
> >> role</description>
> >> <role-name>hoofd_calculator</role-name>
> >> <method>
> >> <description>The permissions for the klant entity bean
> >> remote</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Remote</method-intf>
> >> <method-name>*</method-name>
> >> </method>
> >> <method>
> >> <description>A permission for the klant entity bean
> >> home</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Home</method-intf>
> >> <method-name>findAll</method-name>
> >> </method>
> >> <method>
> >> <description>A permission for the klant entity bean
> >> home</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Home</method-intf>
> >> <method-name>findByKlantNaam</method-name>
> >> <method-params>
> >> <method-param>java.lang.String</method-param>
> >> </method-params>
> >> </method>
> >> <method>
> >> <description>A permission for the klant entity bean
> >> home</description>
> >> <ejb-name>Klant</ejb-name>
> >> <method-intf>Home</method-intf>
> >> <method-name>findByPrimaryKey</method-name>
> >> <method-params>
> >> <method-param>java.lang.Integer</method-param>
> >> </method-params>
> >> </method>
> >> <method>
> >> <description>The permissions for the klant session bean
> >> </description>
> >> <ejb-name>KlantSession</ejb-name>
> >> <method-name>*</method-name>
> >> </method>
> >> </method-permission>
> >>
> >> <!-- The container transaction properties -->
> >> <container-transaction>
> >> <method>
> >> <ejb-name>Klant</ejb-name>
> >> <method-name>*</method-name>
> >> </method>
> >> <trans-attribute>Supports</trans-attribute>
> >> </container-transaction>
> >> <container-transaction>
> >> <method>
> >> <ejb-name>KlantSession</ejb-name>
> >> <method-name>*</method-name>
> >> </method>
> >> <trans-attribute>Supports</trans-attribute>
> >> </container-transaction>
> >>
> >> </assembly-descriptor>
> >>
> >> </ejb-jar>
> >>
> >> In orion-ejb-jar.xml after changes before re-start or re-deploy:
> >> <?xml version="1.0"?>
> >> <!DOCTYPE orion-ejb-jar PUBLIC "-//Evermind//DTD Enterprise
> >> JavaBeans 1.1 runtime//EN"
> >> "http://www.orionserver.com/dtds/orion-ejb-jar.dtd">
> >>
> >> <orion-ejb-jar deployment-version="1.2.0"
> >> deployment-time="e107600659">
> >> <enterprise-beans>
> >>
> >> <!-- THE KLANT ENTITY -->
> >> <entity-deployment name="Klant" location="kozijn/ejb/KlantHome"
> >> wrapper="KlantHome_EntityHomeWrapper177" table="klanten"
> >> data-source="jdbc/kozijn/KlantenDS">
> >> <primkey-mapping>
> >> <cmp-field-mapping name="klantNr" persistence-name="klantNr" />
> >> </primkey-mapping>
> >> <cmp-field-mapping name="klantNaam" persistence-name="klantNaam"
> >> />
> >> <cmp-field-mapping name="klantAdres"
> >> persistence-name="klantAdres" />
> >> <cmp-field-mapping name="klantPostcode"
> >> persistence-name="klantPostcode" />
> >> <cmp-field-mapping name="klantPlaats"
> >> persistence-name="klantPlaats" />
> >> <cmp-field-mapping name="klantLand" persistence-name="klantLand"
> >> />
> >> <cmp-field-mapping name="klantTelefoon"
> >> persistence-name="klantTelefoon" />
> >> <cmp-field-mapping name="klantContactPersoon"
> >> persistence-name="klantContactPersoon" />
> >> <finder-method query="">
> >> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
> >> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
> >> klanten.klantLand, klanten.klantTelefoon,
> >> klanten.klantContactPersoon from klanten" -->
> >> <method>
> >> <ejb-name>Klant</ejb-name>
> >> <method-name>findAll</method-name>
> >> <method-params>
> >> </method-params>
> >> </method>
> >> </finder-method>
> >> <finder-method query="$klantNaam = $1">
> >> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
> >> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
> >> klanten.klantLand, klanten.klantTelefoon,
> >> klanten.klantContactPersoon from klanten where klanten.klantNaam =
> >> ?" -->
> >> <method>
> >> <ejb-name>Klant</ejb-name>
> >> <method-name>findByKlantNaam</method-name>
> >> <method-params>
> >> <method-param>java.lang.String</method-param>
> >> </method-params>
> >> </method>
> >> </finder-method>
> >> </entity-deployment>
> >>
> >> <!-- THE KLANTSESSION BEAN -->
> >> <session-deployment name="KlantSession"
> >> location="kozijn/ejb/KlantSession"
> >> wrapper="KlantSessionHome_StatelessSessionHomeWrapper175"
> >> timeout="3600" persistence-filename="KlantSession">
> >> <ejb-ref-mapping name="kozijn/ejb/KlantHome" />
> >> </session-deployment>
> >> </enterprise-beans>
> >>
> >> <assembly-descriptor>
> >>
> >> <!-- THE ROLE-GROUP MAPPINGS -->
> >> <security-role-mapping name="calculator">
> >> <group name="calculatoren" />
> >> </security-role-mapping>
> >> <security-role-mapping name="hoofd_calculator">
> >> <group name="hoofd-calculatoren" />
> >> </security-role-mapping>
> >> <security-role-mapping name="werkvoorbereiding">
> >> <group name="werkvoorbereidingen" />
> >> </security-role-mapping>
> >>
> >> <!-- THE DEFAULT METHOD ACCESS -->
> >> <default-method-access>
> >> <security-role-mapping>
> >> <group name="administrators" />
> >> </security-role-mapping>
> >> </default-method-access>
> >> </assembly-descriptor>
> >> </orion-ejb-jar>
> >>
> >> orion-ejb-jar.xml after re-start or re-deploy:
> >> <?xml version="1.0"?>
> >> <!DOCTYPE orion-ejb-jar PUBLIC "-//Evermind//DTD Enterprise
> >> JavaBeans 1.1 runtime//EN"
> >> "http://www.orionserver.com/dtds/orion-ejb-jar.dtd">
> >>
> >> <orion-ejb-jar deployment-version="1.2.0"
> >> deployment-time="e107600659">
> >> <enterprise-beans>
> >>
> >> <!-- THE KLANT ENTITY -->
> >> <entity-deployment name="Klant" location="kozijn/ejb/KlantHome"
> >> wrapper="KlantHome_EntityHomeWrapper177" table="klanten"
> >> data-source="jdbc/kozijn/KlantenDS">
> >> <primkey-mapping>
> >> <cmp-field-mapping name="klantNr" persistence-name="klantNr" />
> >> </primkey-mapping>
> >> <cmp-field-mapping name="klantNaam" persistence-name="klantNaam"
> >> />
> >> <cmp-field-mapping name="klantAdres"
> >> persistence-name="klantAdres" />
> >> <cmp-field-mapping name="klantPostcode"
> >> persistence-name="klantPostcode" />
> >> <cmp-field-mapping name="klantPlaats"
> >> persistence-name="klantPlaats" />
> >> <cmp-field-mapping name="klantLand" persistence-name="klantLand"
> >> />
> >> <cmp-field-mapping name="klantTelefoon"
> >> persistence-name="klantTelefoon" />
> >> <cmp-field-mapping name="klantContactPersoon"
> >> persistence-name="klantContactPersoon" />
> >> <finder-method query="">
> >> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
> >> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
> >> klanten.klantLand, klanten.klantTelefoon,
> >> klanten.klantContactPersoon from klanten" -->
> >> <method>
> >> <ejb-name>Klant</ejb-name>
> >> <method-name>findAll</method-name>
> >> <method-params>
> >> </method-params>
> >> </method>
> >> </finder-method>
> >> <finder-method query="$klantNaam = $1">
> >> <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam,
> >> klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats,
> >> klanten.klantLand, klanten.klantTelefoon,
> >> klanten.klantContactPersoon from klanten where klanten.klantNaam =
> >> ?" -->
> >> <method>
> >> <ejb-name>Klant</ejb-name>
> >> <method-name>findByKlantNaam</method-name>
> >> <method-params>
> >> <method-param>java.lang.String</method-param>
> >> </method-params>
> >> </method>
> >> </finder-method>
> >> </entity-deployment>
> >>
> >> <!-- THE KLANTSESSION BEAN -->
> >> <session-deployment name="KlantSession"
> >> location="kozijn/ejb/KlantSession"
> >> wrapper="KlantSessionHome_StatelessSessionHomeWrapper175"
> >> timeout="3600" persistence-filename="KlantSession">
> >> <ejb-ref-mapping name="kozijn/ejb/KlantHome" />
> >> </session-deployment>
> >> </enterprise-beans>
> >>
> >> <assembly-descriptor>
> >>
> >> <!-- THE ROLE-GROUP MAPPINGS -->
> >> <security-role-mapping name="calculator">
> >> <group name="" />
> >> </security-role-mapping>
> >> <security-role-mapping name="">
> >> <group name="hoofd-calculatoren" />
> >> </security-role-mapping>
> >> <security-role-mapping name="">
> >> <group name="werkvoorbereidingen" />
> >> </security-role-mapping>
> >>
> >> <!-- THE DEFAULT METHOD ACCESS -->
> >> <default-method-access>
> >> <security-role-mapping>
> >> <group name="administrators" />
> >> </security-role-mapping>
> >> </default-method-access>
> >> </assembly-descriptor>
> >> </orion-ejb-jar>
> >>
> >
