Declaring Security Roles
Declaring Security Roles
The following steps describe how to set up your system for running the example applications,
describe the sample application, and provide the steps for compiling, packaging, deploying, and
testing the example application.
1. If you have not already done so, set up your system so that the Ant tool and/or NetBeans
IDE will run properly. To do this, follow the instructions in
. This step is necessary to set the properties that are specific to your installation of the
Application Server and Java EE 5 Tutorial.
2. If you have not already done so, add an authorized user to the Application Server. For this
example, add users to the file realm of the Application Server and assign the user to the
group user. This topic is discussed more in
3. Create a web module as described in
for the servlet example,
hello2
. The subsequent steps discuss adding security to this basic application. The files for
this example application are in
tut-install/javaeetutorial5/examples/web/hello2_basicauth/.
4. Declare the roles that will be used in this application. For this example, this is done by
adding the @DeclareRoles annotation to GreetingServlet.java. This code is shown in
5. Add the appropriate security elements to the web.xml deployment descriptor. The
deployment descriptor for the example application can be viewed at
tut-install/javaeetutorial5/examples/web/hello2_basicauth/web/WEB-INF/web.xml.
The security elements are described in
6. Map the role name defined for this resource (helloUser) to a group of users defined on the
Application Server. For more information on how to do this, read
7. Build, package, and deploy the web application by following the steps in
or
8. Run the web application by following the steps described in
9. If you have any problems running this example, refer to the troubleshooting tips in
Declaring Security Roles
There are two annotations that can be used with servlets: @DeclareRoles and @RunAs. In this
example, the @DeclareRoles annotation is used to specify which roles are referenced in this
example.
Examples: Securing Web Applications
The Java EE 5 Tutorial · September 2007
878