background image

Annotating the Service

<< Creating an Application | Adding Security Elements >>
<< Creating an Application | Adding Security Elements >>

Annotating the Service

7. Modify the runtime deployment descriptor, sun-web.xml, to map the role used in this
application (basicUser) to a group defined on the Application Server (user). This step is
discussed in
"Linking Roles to Groups" on page 889
.
8. Build, package, and deploy the web service. See
"Building and Deploying helloservice
with Basic Authentication Using NetBeans IDE" on page 890
or
"Building and Deploying
helloservice
with Basic Authentication Using Ant" on page 890
for the steps to accomplish
this.
9. Build and run the client application. See
"Building and Running the helloservice Client
Application with Basic Authentication Using NetBeans IDE" on page 891
or
"Building and
Running the helloservice Client Application with Basic Authentication Using Ant" on
page 892
for the steps to accomplish this.
Annotating the Service
In this example, annotations are used to specify which users are authorized to access which
methods of this service. In this simple example, the @RolesAllowed annotation is used to
specify that users in the application role of basicUser are authorized access to the
sayHello(String name)
method. This application role must be linked to a group of users on
the Application Server. Linking the roles to groups is discussed in
"Linking Roles to Groups" on
page 889
.
The source code for the original /helloservice application was modified as shown in the
following code snippet (modifications in bold). This file can be found in the following location:
tut-install/javaeetutorial5/examples/jaxws/helloservice-basicauth/src/java/helloservice/
basicauth/endpoint/Hello.java
The code snippet is as follows:
package helloservice.basicauth.endpoint;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.annotation.security.RolesAllowed;
@WebService()
public class Hello {
private String message = new String(
"Hello, ");
@WebMethod()
@RolesAllowed("basicUser")
public String sayHello(String name) {
return message + name +
".";
}
}
Examples: Securing Web Applications
Chapter 30 · Securing Web Applications
887