Package examples.security.jaas
This package demonstrates use of the Java Authentication and Authorization Service by validating username and password, and then, if valid, executing the stateless session Trader EJB.See:
Class Summary
SampleAction SampleAction.java JAAS sample PrivilegedAction Implementation SampleCallbackHandler SampleCallbackHandler.java Implementation of the CallbackHandler Interface SampleClient SampleClient.java Sample client for JAAS user authentication. Package examples.security.jaas Description
This package demonstrates use of the Java Authentication and Authorization Service by validating username and password, and then, if valid, executing the stateless session Trader EJB.
The SampleClient creates a LoginContext which uses the WebLogic Server UsernamePasswordLoginModule and SampleCallbackHandler to validate the user. The example can be run with or without supplying the username and password as parameters. The URL of WebLogic Server is required as a parameter to access the Trader EJB. If username and password are not supplied, then SampleCallbackHandler prompts the user for both. The supplied URL will be used by SampleCallbackHandler as the location on WebLogic Server where the user's credentials are validated. If the user is valid, has provided the correct password, and has sufficient permissions to execute the EJB, then SampleClient uses the WebLogic Server Security class
weblogic.security.Security.runAs
to call SampleAction which handles the execution of the Trader EJB.NOTE: The
UsernamePasswordLoginModule
class is located on the WebLogic Server distribution in theweblogic.jar
file.The following table describes the files used in the JAAS example.
build.xml The build and execution scripts for the JAAS example. examples.ejb20.basic.statelessSession A stateless session bean included in the examples suite. sample_jaas.config A security configuration login module entry. Perform the following steps in order to build and run the example:
Build the Example
- Set up your development shell as described in Setting up your environment.
- Compile the example by executing an ant build script.
An ant build script is available in the WL_HOME\samples\server\examples\src\examples\security\jaas directory. Enter the following command to execute the build script:
antThe ant command builds and deploys the files in the JAAS example as follows:
- Sets global properties for this build.
- Compiles client classes into the
SAMPLES_HOME\domains\examples\clientclasses
directory.- Sets the CLASSPATH.
If the stateless session Trader EJB is not already compiled, compiles it.
- Manually copy the
sample_jaas.config
file toJAVA_HOME\jre\lib\security
.
- Edit the
JAVA_HOME\jre\lib\security\java.security
file and add the location of the login configuration file as follows:
login.config.url.1=file:${java.home}/lib/security/sample_jaas.config
Run the Example
- To run the JAAS sample with WebLogic Server, execute the following command:
ant run
- Here is an example of the output:
C:\bea\weblogic81\samples\server\examples\src\examples\security\jaas>ant run Buildfile: build.xml run: [java] username: weblogic [java] password: ******** [java] URL: t3://www.setgetweb.com:7001 [java] Creating a trader [java] Buying 100 shares of BEAS. [java] Buying 200 shares of MSFT. [java] Buying 300 shares of AMZN. [java] Buying 400 shares of HWP. [java] Selling 100 shares of BEAS. [java] Selling 200 shares of MSFT. [java] Selling 300 shares of AMZN. [java] Selling 400 shares of HWP. [java] Removing the trader BUILD SUCCESSFUL Total time: 6 secondsThere's more...
Read more about using the JAAS API to authenticate clients in Programming WebLogic Security .