Chapter WORKBOOK 14. Exercises for Chapter 17
This chapter implements the security changes to the EJBs discussed in Chapter 17 of the EJB book.
Exercise 17.1: Security
This exercise secures the Titan Cruises Reservation system introduced in Exercise 11.4 in Workbook 9. It modifies the ProcessPayment EJB so that only authorized merchant users can invoke payment operations.
Configure JBoss Security
If JBoss is running, shut it down. You will need to make some configuration modifications to enable security for this exercise.
To enable security in the JBoss application server, you need to create a security domain . A security domain is a repository for users, passwords, and the roles with which each user is associated. The EJB container delegates to the security domain when performing authentication and authorization. Each container can be associated with a different domain.
Out of the box, JBoss supports three types of domains:
relational databases, LDAP, and a flat file. For this example, we will use a
clear-text flat file to store our users, passwords, and role
associations. Security domains are configured in the
jboss-4.0.x/server/default/conf/login-config.xml
file. Open this file in your favorite editor and add the following
XML within the <policy>
element:
<application-policy name="TitanIdentityDB"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties"> users-titan.properties </module-option> ...
Get Enterprise JavaBeans 3.0, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.