I try declarative authorization limit but it doesn't work. JBOSS is 4.0.4.GA.
I use FORM authentification and call stateless sesssion bean via servlet.
The users and roles are set by DatabaseServerLoginModule.
The users are
mysql> select * from users;
+----------+----------+
| username | passwd |
+----------+----------+
| user1 | password |
| user2 | password |
| user3 | password |
| manager | password |
+----------+----------+
mysql> select * from userroles;
+----------+-----------+
| username | userRoles |
+----------+-----------+
| user1 | user |
| user2 | user |
| user3 | user |
| manager | admin |
+----------+-----------+
The propgram is tiny one.
The method multi is allowed only "user" role.
The method plus is allowed only "admin" role.
The method minus is allowed any role.
I executed program but manager is able to execute multi. And user1 is able to
execute plus.
No message comes from JBOSS.
| package security.sample;
|
| import java.security.Principal;
|
| import javax.annotation.Resource;
| import javax.annotation.security.PermitAll;
| import javax.annotation.security.RolesAllowed;
| import javax.ejb.SessionContext;
| import javax.ejb.Stateless;
|
|
| @Stateless
| public class CalculatorBean implements Calculator {
|
| @Resource SessionContext ctx;
|
| @RolesAllowed("user")
| public int multi(int value1, int value2) {
| checkUser("multi");
| return value1 * value2;
| }
|
| @RolesAllowed("admin")
| public int plus(int value1, int value2) {
| checkUser("plus");
| return value1 + value2;
| }
|
|
| @PermitAll
| public int minus(int value1, int value2) {
| checkUser("minus");
| return value1 - value2;
| }
|
| private void checkUser(String methodName) {
| System.out.println("method:" + methodName);
| Principal caller = ctx.getCallerPrincipal();
| String name = caller.getName();
| System.out.println("name:" + name);
|
|
| }
| }
|
|
Does anyone check declarative authorization ?
Could you give me advices?
Susumu
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953361#3953361
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3953361
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
