Modifying ConverterBean
Modifying ConverterBean
3. If you have not already done so, set up a user on the Application Server in the file realm.
Make sure that the user is included in the group named user. For information on adding a
user to the file realm, read
4. Modify ConverterBean to add the getCallerPrincipal() and isCallerInRole(String
role)
methods. For this example, callers that are in the role of BeanUser will be able to
calculate the currency conversion. Callers not in the role of BeanUser will see a value of zero
for the conversion amount. Modifying the ConverterBean code is discussed in
5. Modify the sun-ejb-jar.xml file to specify a secure connection, username-password login,
and security role mapping. Modifying the sun-ejb-jar.xml file is discussed in
6. Build, package, deploy, and run the application. These steps are discussed in
and
7. If necessary, refer to the tips in
for tips on errors you might encounter and some possible solutions.
Modifying ConverterBean
The source code for the original converter application was modified as shown in the following
code snippet (modifications in bold) to add the if..else clause that tests if the caller is in the
role of BeanUser. If the user is in the correct role, the currency conversion is computed and
displayed. If the user is not in the correct role, the computation is not performed, and the
application displays the result as 0. The code example can be found in the following file:
tut-install/javaeetutorial5/examples/ejb/converter-secure/converter-secure-ejb/src/java/
converter/secure/ejb/ConverterBean.java
The code snippet is as follows:
package converter.secure.ejb;
import java.math.BigDecimal;
import javax.ejb.*;
import java.security.Principal;
import javax.annotation.Resource;
import javax.ejb.SessionContext;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
@Stateless()
@DeclareRoles("BeanUser")
public class ConverterBean implements converter.secure.ejb.Converter {
@Resource SessionContext ctx;
Enterprise Bean Example Applications
Chapter 29 · Securing Java EE Applications
827