Tag: Text otherwise start logger less LDB IPA exception resource
Serverauthmodule here does not elaborate, can own Baidu.
Focus on the notes:
<!--to divide the role of Web-app - <Security-role> <Role-name>Spx.main</Role-name> </Security-role> <Security-role> <Role-name>Spx.user</Role-name> </Security-role> <!--only configuration security-constraint will be Serverauthmodule module. - <Security-constraint> <web-resource-collection> <!--This name is mandatory, custom, used by tools, not used elsewhere - <Web-resource-name>All</Web-resource-name> <!--specify the resources to be constrained, at least one. Can have more than one. - <Url-pattern>/*</Url-pattern> <!--specifies a constrained method if there is no - <Http-method>POST</Http-method> </web-resource-collection> <!--Auth-constraint as an optional - <!--If no <auth-constraint> indicates that all roles have access to the Post method, if it is <auth-constraint/> means that no role can access the Post method - <Auth-constraint> <!--Optional. Indicates which roles can invoke a constrained method on a specified resource. This means that only the person with the Spx.user role can access the Post method role with <role-name> corresponding to the above <security-role> - <Role-name>Spx.user</Role-name> </Auth-constraint> </Security-constraint>
Import the SAM module's jar package into the project, make the project into a war package, put it into a Java EE container, start the service, and implement a URL-level permission control.
Assuming that the above verification has entered into the Verifyauthmoduleservlet Dopost method,
You can add the following in the Dopost
UserInfo UserInfo = (UserInfo) req.getuserprincipal ();
To obtain the user information.
You can also add the following to determine if the user has another role:
if (Req.isuserinrole ("Spx.admin")) { res.setstatus (); Res.getwriter (). print (hello); return ; }
Note: "Spx.admin" must be one of the roles that the web-app divides, otherwise it's always false
Method-level permission judgments in EJBS
such as the following stateless session bean
@Stateless Public classHelloworldbeanImplementshelloworldlocal {PrivateLogger Logger = Logger.getlogger (Helloworldbean.class. GetName ()); @EJB//Use annotation method PrivateOther ; @ResourcePrivateSessioncontext Sessioncontext; @RolesAllowed ("Spx.user") Publicstring SayHello (string name) {Principal Principal=Sessioncontext.getcallerprincipal (); Logger.info ("==========ejb=============" +principal.getname ()); returnName+ "said: Hello World! "+Other.sayme (); }}
@RolesAllowed determine whether the requested user has this permission, and if they have permission, they can enter the method body, and do not have the ejbaccessexception exception thrown.
Try { = Helloworldlocal.sayhello ("Jiangmeng");} Catch (ejbaccessexception e) { res.setstatus (403); Res.getwriter (). Write ("{\" err\ ": \" 403 forbidden\ "}"); }
We can give the client the appropriate hint by capturing the exception.
And we noticed that the above can be sessioncontext through the EJB . Getcallerprincipal () to get the user information.
Use Java EE's Serverauthmodule module and Web. XML to configure the user's rights control