How to distribute security to my independent web service?

Question

How to distribute security to my independent web service?

I created a simple web application that contains web pages and one enterprise application that contains web services and EJB for my web application. I was able to configure security for my web application. But how do I extend this security to my enterprise application to EJB method methods? so that I can use annotations like @RolesAllowed ("") etc.

+3

java security

TCM Mar 27 '10 at 8:15

source share

1 answer

ajuc · Answer 1 · 2011-02-20T11:51:40+0000

In your web application, when searching for beans using JNDI, you need to pass the user / password information to the InitialContext constructor (code from: http://schuchert.wikispaces.com/EJB3+Tutorial+6+-+Security )

public InitialContext getInitialContextFor(final String user,
            final String password) throws NamingException {
        final Properties p = new Properties();
        p.setProperty(Context.SECURITY_PRINCIPAL, user);
        p.setProperty(Context.SECURITY_CREDENTIALS, password);
        p.setProperty(Context.INITIAL_CONTEXT_FACTORY,
                "org.jboss.security.jndi.JndiLoginInitialContextFactory");
        return new InitialContext(p);
}

If you want your web application container to do this automatically for you, I don’t know how to do it.

By the way - are you using the same container for web applications and ejbs?

How to distribute security to my independent web service?

More articles: