|
|
在开发者角度来说,应用程序本身只需定义那些角色”role” 可访问哪些方法, 具体的角色与实际系统中用户的映射关系由deployer 来定义。
一. application.xml 定义需要用到的role
<?xml version="1.0" encoding="utf-8"?>
<!doctypeapplication public ´-//sun microsystems, inc.//dtd j2ee application1.3//en´ ´http://java.sun.com/dtd/application_1_3.dtd´>
<application>
<display-name>ejbtest</display-name>
<module>
<ejb>ejbtest.jar</ejb>
</module>
<security-role>
<description></description>
<role-name>myrole1</role-name>
</security-role>
</application>
二. weblogic-application.xml 把系统用户(springview)映射到role(myrole1)
<!doctypeweblogic-application public ´-//bea systems, inc.//dtd weblogicapplication 8.1.0//en´´http://www.bea.com/servers/wls810/dtd/weblogic-application_2_0.dtd´>
<weblogic-application>
<security>
<security-role-assignment>
<role-name>myrole1</role-name>
<principal-name> springview </principal-name>
</security-role-assignment>
</security>
<application-param>
<param-name>webapp.encoding.default</param-name>
<param-value>utf-8</param-value>
</application-param>
<classloader-structure>
</classloader-structure>
</weblogic-application>
三. ejb-jar.xml 定义了那些方法可被那些角色访问
<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>ses</ejb-name>
<home>src.seshome</home>
<remote>src.ses</remote>
<ejb-class>src.sesbean</ejb-class>
<session-type>stateless</session-type>
<transaction-type>container</transaction-type>
<security-role-ref>
<!-- 定义了可在程序中使用的不变的myrole映射名称 -->
<role-name>myrole1</role-name>
<role-link>myrole1</role-link>
</security-role-ref>
</session>
</enterprise-beans>
<assembly-descriptor>
<!-- 这一段必须要有,定义了在这个ejb 中要使用角色的logicname -->
<security-role>
<role-name>myrole1</role-name>
</security-role>
<method-permission>
<!-- 定义了method2 只能由myrole1 来访问,如果用户以springview名义通过jndi 来lookup 这个ejb 即具有myrole1 角色 -->
<role-name>myrole1</role-name>
<method>
<ejb-name>ses</ejb-name>
<method-intf>remote</method-intf>
<method-name>method2</method-name>
</method>
</method-permission>
<method-permission>
<role-name>myrole1</role-name>
<method>
<ejb-name>ses</ejb-name>
<method-intf>remote</method-intf>
<method-name>method1</method-name>
</method>
</method-permission>
</assembly-descriptor>
</ejb-jar>
四. 建立用springview用户登陆 jndi 的initialcontext, 通过该initialcontext 进行lookup 操作的资源或对象(如:ejb) 都具有springview用户身份
private static context getinitialcontext() throws exception {
string url = "t3://localhost:7001";
string user = " springview ";//"test";
string password = " springview1234";//"test";
properties properties = null;
try {
properties = new properties();
properties.put(context.initial_context_factory, "weblogic.jndi.wlinitialcontextfactory");
properties.put(context.provider_url, url);
if (user != null) {
properties.put(context.security_principal, user);
properties.put(context.security_credentials, password == null ? "" : password);
}
return new initialcontext(properties);
}
catch(exception e) {
//log("unable to connect to weblogic server at " + url);
//log("please make sure that the server is running.");
throw e;
//e.printstacktrace() ;
}
} |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-2-18 07:01:47
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡