Getting Started with WebSphere Application Server
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 8 – Security 151<br />
<br />
<br />
Listing 8.6 - The equivalent deployment descriptor<br />
The benefit of using the deployment descriptors instead of the annotations is that the security definitions<br />
can be changed at deployment time, <strong>with</strong>out having to modify the source code. Deployment descriptors<br />
always supersede annotations.<br />
8.3.2.2 Programmatic security<br />
Programmatic security is implemented in the EJB’s program logic. It references the role definitions in the<br />
Geronimo deployment plan. Listing 8.7 shows an example where you define the roles before the EJB<br />
implementation class definition.<br />
@DeclareRoles( { "super_user", "general_user" })<br />
public class HelloBean implements HelloWorld {<br />
…<br />
Listing 8.7 - Declare the roles before EJB class definition<br />
Listing 8.8 provides an example of the class definition to insert the session context object that will be used<br />
to determine if the current user has the declared role.<br />
public class HelloBean implements HelloWorld {<br />
@Resource<br />
private SessionContext ctx;<br />
…<br />
Listing 8.8 - Inserting a session context<br />
Listing 8.9 provides an example of the logic required to perform access control in your program.<br />
System.out.println(ctx.getCallerPrincipal().getName());<br />
if (ctx.isCallerInRole("super_user")){<br />
//add any logic that is super user specific.<br />
}<br />
Listing 8.9 - Programmatic access control<br />
8.3.2.3 Testing EJB security in a standalone client<br />
To test EJB security in a standalone client, you first need to add the geronimo-security-2.1.4.jar<br />
located under<br />
\repository\org\apache\geronimo\framework\geronimosecurity\2.1.4\<br />
into your client project’s build path. This JAR file contains classes that are returned to the client when<br />
initializing to the server <strong>with</strong> a user ID identity. Without this JAR file, you will receive a<br />
ClassNotFoundException at runtime.<br />
For the initial context, use the properties as shown in Listing 8.10.<br />
Hashtable props = new Hashtable();