Volume 6, Issue 5
Implementing J2EE Security With WebLogic Server, by Jason Westra and Chris Siemback

Download Assoicated Source Files (Zip format ~ 9.57 KB)

 Listing 1: web.xml
 <security-constraint>
    <web-resource-collection>
      <web-resource-name>TradeApp</web-resource-name>
            <url-pattern>/trade/*</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>role-onlineinvestor</role-name>

    </auth-constraint>
  </security-constraint>

   <login-config>
        <auth-method>FORM</auth-method>
        <domain-name>JDJDomain</domain-name>
        <form-login-config>
                <form-login-page>/jsp/login.jsp</
                   form-login-page>
                <form-error-page>/jsp/loginerror.jsp</
                   form-error-page>
        </form-login-config>
  </login-config>

  <security-role>
       <description>the customer role</description>
       <role-name>role-onlineinvestor</role-name>
  </security-role>

  <security-role>
       <description>the customer role</description>
       <role-name>role-trader</role-name>
  </security-role>
 
 

Listing 2: WebLogic.xml
<security-role-assignment>
       <role-name>role-onlineinvestor</role-name>
       <principal-name>onlineinvestor</principal-name>
     </security-role-assignment>

     <security-role-assignment>
       <role-name>role-trader</role-name>
       <principal-name>trader</principal-name>
     </security-role-assignment>
 

Listing 3: logic.jsp
The page you're attempting to access is restricted, please login:
Username:
Password:
 

   Listing 4: WebLogic-ejb-jar.xml
                <security-role-assignment>
         <role-name>role-onlineinvestor</role-name>
         <principal-name>onlineinvestor</principal-name>
   </security-role-assignment>

   <security-role-assignment>
         <role-name>role-trader</role-name>
         <principal-name>trader</principal-name>
   </security-role-assignment>

   <security-role-assignment>
         <role-name>role-everyone</role-name>
         <principal-name>everyone</principal-name>
   </security-role-assignment>
 
 

Listing 5: ejb-jar.xml
<assembly-descriptor>
     <security-role>
         <description>Investor in the application</description>
         <role-name>role-onlineinvestor</role-name>
     </security-role>
     <security-role>
         <description>A stock broker, or trader</description>
         <role-name>role-trader</role-name>
     </security-role>
     <security-role>
         <description>Anyone in the RDBMSDomain</description>
         <role-name>role-everyone</role-name>
     </security-role>
     <method-permission>
         <description>
         This permission gives the right to purchase shares.
         </description>
         <role-name>role-onlineinvestor</role-name>
         <role-name>role-trader</role-name>
         <method>
              <ejb-name>jdj.security.SecureTradeMgr</ejb-name>
              <method-name>buy</method-name>
         </method>
     </method-permission>
     <method-permission>
         <description>
         This permission gives the right to sell shares.
         </description>
         <role-name>role-trader</role-name>
         <method>
              <ejb-name>jdj.security.SecureTradeMgr</ejb-name>
              <method-name>sell</method-name>
         </method>
     </method-permission>
     <method-permission>
         <description>
         This permission gives the right to view the list of
         securities.
         </description>
         <role-name>role-everyone</role-name>
         <method>
              <ejb-name>jdj.security.SecureTradeMgr</ejb-name>
              <method-name>getSecurities</method-name>
         </method>
     </method-permission>
   </assembly-descriptor>