Learn how to deploy a secure application with protected methods on Oracle-Sun GlassFish Enterprise Server Version 3. Nithya Subramanian shows how to provide authentication credentials to the embedded server - a key new feature offered by this version of GlassFish - before invoking the protected methods in a recent blog entry.
In setting the backdrop to this tech tip, Subramanian invokes readers to "consider a secure EJB, whose methods are protected by the RolesAllowed annotation - allowing access to users with role 'admin'". He assumes this role is mapped to the group admin using the sun-ejb-jar.xml. If it is not, he offers that the default principal-role-mapping could be enabled in the embedded server. In order to run the application, Subramanian suggests that the ProgrammaticLogin API could be used to provide authentication credentials.
Subramanian offers two approaches to access the file realm users and accomplish the task of running a secure application in the GlassFish Embedded Server.
In the first example, Subramanian works through using an existing instance of GlassFish. This is an existing non-embedded instance with existing file users and set as the embedded server's file system. This four-step process entails:
- 1. Creating a file user (embedtester) belonging to the specified group (admin) in an existing non-embedded Glassfish server instance using the admin console or the CLI.
- 2. Turning on the default principal-role mapping for the instance (through the admin-console or CLI) when no principal-role mapping is provided in the application's sun-ejb-jar.xml
- 3. Using a code snippet he provides so the instance can be set as the Embedded Server's instance root.
- 4. Calling the ProgrammaticLogin's login method to authenticate the user. Subramanian provides another code snippet for readers. He also notes this step follows the deployment of the embedded ejb and before invoking the protected method on the ejb.
His second approach calls for the creation of file users using the asadmin command in the Embedded Server. This method works if the default Embedded Server has to be used without setting an existing configuration or instanceRoot. In three steps, Subramania explains, accessing the file realm users can be done by:
- 1. Creating the Embedded Server and starting it.
- 2. Running the asadmin create-file-user command, which he provides.
- 3. Deploying the application and invoking ProgrammaticLogin.login() before calling the protected method. Again, he offers code.
Subramania supplies links to a sample test client and the ejb that invokes a protected method of the ejb. Additionally, he suggests those that may need more information on the GlassFish Embedded Server peruse the document "Introduction to Embedded Enterprise Server" to learn more about deploying and running applications on it as well as information on the embedded API.
Running a secure application in Glassfish Embedded Server - Subramanian's blog entry
Introduction to Embedded Enterprise Server - part of the Oracle-Sun GlassFish Enterprise Server v3 Embedded Server Guide
Oracle GlassFish Server 3
Read More ...