Annotating the Bean
Annotating the Bean
For this tutorial, you will add the security elements to an enterprise bean; add security elements
to the deployment descriptors; build, package, and deploy the application; and then build and
run the client application.
The completed version of this example can be found at
tut-install/javaeetutorial5/examples/ejb/cart-secure/. This example was developed by
starting with the unsecured enterprise bean application, cart, which is found in the directory
tut-install/javaeetutorial5/examples/ejb/cart/ and is discussed in
. You build on this example by adding the necessary elements to secure the
application using username-password authentication.
In general, the following steps are necessary to add username-password authentication to an
enterprise bean. In the example application included with this tutorial, many of these steps have
been completed for you and are listed here simply to show what needs to be done should you
wish to create a similar application.
1. Create an application like the one in
tutorial starts with this example and demonstrates adding basic authentication of the client
to this application. The example application discussed in this section can be found at
tut-install/javaeetutorial5/examples/ejb/cart-secure/.
2. If you have not already done so, complete the steps in
to
configure your system properly for running the tutorial applications.
3. If you have not already done so, add a user to the file realm and specify user for the group
of this new user. Write down the user name and password so that you can use them for
testing this application in a later step. Refer to the section
for instructions on completing this step.
4. Modify the source code for the enterprise bean, CartBean.java, to specify which roles are
authorized to access which protected methods. This step is discussed in
5. Modify the runtime deployment descriptor, sun-ejb-jar.xml, to map the role used in this
application (CartUser) to a group defined on the Application Server (user) and to add
security elements that specify that username-password authentication is to be performed.
This step is discussed in
6. Build, package, and deploy the enterprise bean, then build and run the client application by
following the steps in
or
Annotating the Bean
The source code for the original cart application was modified as shown in the following code
snippet (modifications in bold, method details removed to save space). The resulting file can be
found in the following location:
Enterprise Bean Example Applications
Chapter 29 · Securing Java EE Applications
821
