Declaring Security Roles

<< Example of Basic Authentication | Specifying the Security Constraint >>

Declaring Security Roles

The following steps describe how to set up your system for running the example applications,
describe the sample application, and provide the steps for compiling, packaging, deploying, and
testing the example application.

1. If you have not already done so, set up your system so that the Ant tool and/or NetBeans

IDE will run properly. To do this, follow the instructions in

"Building the Examples" on

page 70

. This step is necessary to set the properties that are specific to your installation of the

Application Server and Java EE 5 Tutorial.

2. If you have not already done so, add an authorized user to the Application Server. For this

example, add users to the file realm of the Application Server and assign the user to the
group user. This topic is discussed more in

"Adding Authorized Roles and Users" on

page 881

3. Create a web module as described in

"Web Modules" on page 81

for the servlet example,

hello2

. The subsequent steps discuss adding security to this basic application. The files for

this example application are in
tut-install/javaeetutorial5/examples/web/hello2_basicauth/.

4. Declare the roles that will be used in this application. For this example, this is done by

adding the @DeclareRoles annotation to GreetingServlet.java. This code is shown in

"Declaring Security Roles" on page 878

5. Add the appropriate security elements to the web.xml deployment descriptor. The

deployment descriptor for the example application can be viewed at
tut-install/javaeetutorial5/examples/web/hello2_basicauth/web/WEB-INF/web.xml.
The security elements are described in

"Specifying the Security Constraint" on page 879

6. Map the role name defined for this resource (helloUser) to a group of users defined on the

Application Server. For more information on how to do this, read

"Mapping Application

Roles to Application Server Groups" on page 881

7. Build, package, and deploy the web application by following the steps in

"Building,

Packaging, and Deploying the Servlet Basic Authentication Example Using NetBeans IDE"
on page 882

"Building, Packaging, and Deploying the Servlet Basic Authentication

Example Using Ant" on page 882

8. Run the web application by following the steps described in

"Running the Basic

Authentication Servlet" on page 883

9. If you have any problems running this example, refer to the troubleshooting tips in

"Troubleshooting the Basic Authentication Example" on page 885

Declaring Security Roles

There are two annotations that can be used with servlets: @DeclareRoles and @RunAs. In this
example, the @DeclareRoles annotation is used to specify which roles are referenced in this
example.

Examples: Securing Web Applications

The Java EE 5 Tutorial · September 2007

878