Hi,

Jay SenSharma

Jay SenSharma

Here is Simple demonstration of securing EJB2.x Stateless Session bean using the following Tags in “weblogic-ejb.jar.xml”…

if create-as-principal-name is set then use that principal
else If a run-as role has been specified for the bean in ejb-jar.xml then use a principal according to the rules for setting the run-as-role-assignment
else run ejbCreate as an anonymous principal.
The create-as-principal-name element only needs to be specified if operations within ejbCreate require more permissions than the anonymous principal would have.
This element effects the ejbCreate methods of stateless session beans and message-driven beans.

</span>
<pre><security-role-assignment>
<role-name>runAs_role_X</role-name>
<principal-name>jack</principal-name>
</security-role-assignment>
<run-as-role-assignment>
<role-name>runAs_role_X</role-name>
<run-as-principal-name>jack</run-as-principal-name>
</run-as-role-assignment>

Step1).Login to Admin Console and the “Security Realms”–>myRealm–>Users& Groups—>”

Here create a user with name = “jack” and password =”password”

Step2). Develop the Home Interface of our EJB…”IRemoteHome.java


package runassample;
import java.rmi.RemoteException;
import javax.ejb.CreateException;
import javax.ejb.EJBHome;
public interface IRemoteHome extends EJBHome {
public ITestRemote create() throws CreateException, RemoteException;
}

Step3). Now develope the Remote Intyerface…”ITestRemote.java


package runassample;
import java.rmi.Remote;
import java.rmi.RemoteException;
import javax.ejb.EJBObject;
public interface ITestRemote extends EJBObject{
public String display(String name,String password) throws RemoteException;
public String SayHello(String hell) throws RemoteException;
}

Step4). Now develop the Stateless bean Class… “TestRun.java

package runassample;
import java.util.Hashtable;
import javax.ejb.SessionBean;
import weblogic.ejb.GenericSessionBean;
public class TestRun extends GenericSessionBean implements SessionBean {
private static final long serialVersionUID = 1L;

public void ejbCreate() {
System.out.println("nnt ejbCreate() called on EJB TestRun.");
}

public String display(String name,String password){
System.out.println("nt executing display(String name) of TestRun Sessionean");
return "Hello Mr. "+name+"t your Password is : "+password;
}
public String SayHello(String hell){

return hell;
}
}

Step5).Provide the “ejb-jar.xml” inside “META-INF” directory

<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar id="ejb-jar_ID" version="2.1" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd">
<display-name>Test</display-name>

<enterprise-beans>
<session>
<ejb-name>TestRun</ejb-name>
<home>runassample.IRemoteHome</home>
<remote>runassample.ITestRemote</remote>
<ejb-class>runassample.TestRun</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-identity>
<run-as>
<role-name>runAs_role_X</role-name>
</run-as>
</security-identity>
</session>
</enterprise-beans>

<assembly-descriptor>
<security-role>
<role-name>runAs_role_X</role-name>
</security-role>
<method-permission>
<role-name>runAs_role_X</role-name>
<method>
<ejb-name>TestRun</ejb-name>
<method-name>display</method-name>
<method-params>
<method-param>java.lang.String</method-param>
<method-param>java.lang.String</method-param>
</method-params>
</method>
</method-permission>
</assembly-descriptor>
</ejb-jar>

Step6). Now Develope “weblogic-ejb-jar.xml” inside “META-INF” directory

<?xml version="1.0" encoding="UTF-8"?>
<weblogic-ejb-jar xmlns="http://www.bea.com/ns/weblogic/90"
xmlns:j2ee="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-ejb-jar.xsd">

<weblogic-enterprise-bean>
<ejb-name>TestRun</ejb-name>
<stateless-session-descriptor>
<pool></pool>
<stateless-clustering></stateless-clustering>
</stateless-session-descriptor>
<transaction-descriptor></transaction-descriptor>
<jndi-name>TestRun</jndi-name>
<remote-client-timeout>0</remote-client-timeout>
</weblogic-enterprise-bean>
<security-role-assignment>
<role-name>runAs_role_X</role-name>
<principal-name>jack</principal-name>
</security-role-assignment>

<run-as-role-assignment>
<role-name>runAs_role_X</role-name>
<run-as-principal-name>jack</run-as-principal-name>
</run-as-role-assignment>
</weblogic-ejb-jar>

Step7). Complie and Deploy the EJB on The Server.

Step8). Write the EJB Client to access the EJB…

import java.util.Hashtable;
import javax.naming.*;
import runassample.*;
public class RunAsEjbClient
{
public static void main(String ar[]) throws Exception
{
Context ctx = null;
java.sql.Connection conn = null;
Hashtable<String,String> ht = new Hashtable<String,String>();
ht.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
ht.put(Context.PROVIDER_URL,"t3://localhost:7001");
ht.put(Context.SECURITY_PRINCIPAL,ar[0]);
ht.put(Context.SECURITY_CREDENTIALS,ar[1]);

ctx = new InitialContext(ht);
runassample.IRemoteHome home = (runassample.IRemoteHome) ctx.lookup("TestRun");
runassample.ITestRemote remote=home.create();
System.out.println("ntremote.display("TestUser","password")"+remote.display(ar[0],ar[1]));
}
}

OUTPUT:

Run the client like:


<strong>C:DELETERUN_AS_EJB>java RunAsEjbClient jack <span style="color: green;">password</span></strong>

remote.display("TestUser","password")Hello Mr. jack      your Password is : password

<strong>C:DELETERUN_AS_EJB>java RunAsEjbClient jack <span style="color: red;">Wrongpassword</span></strong>
Exception in thread "main" javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User: jack, failed to be  authenticated.]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:783)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:677)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:468)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:375)
at weblogic.jndi.Environment.getContext(Environment.java:315)
at weblogic.jndi.Environment.getContext(Environment.java:285)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at RunAsEjbClient.main(RunAsEjbClient.java:16)
Caused by: java.lang.SecurityException: User: jack, failed to be authenticated.
at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

Thanks

Jay SenSharma

If you enjoyed this post, please considerleaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.