In this post I describe the conversion of examples of chapter 12, which deals with EJB 3 Security, from Glassfish to Weblogic 10.3. No source code changes were required, only deployment and configuration of users and assigned roles was different.
In Glassfish we used the asadmin utility to create a user and associated role as a task in the build.xml file as follows: <target name="create-file-user"> <exec executable="${glassfish.home}/bin/asadmin" failonerror="true" vmlauncher="false"> <arg line="create-file-user --user admin --passwordfile userpassword --groups bankemployee scott"/> </exec> </target> In Weblogic users and corresponding passwords were created using the administrator console. If an ejb is invoked by a Java client, users cannot be assigned to a role or roles in the administrator console. Instead user/role assignment is done at deployment. We need to create the weblogic-ejb-jar.xml file as follows:
<security-role-assignment>
<role-name>bankemployee</role-name>
<principal-name>scott</principal-name>
</security-role-assignment>
<security-role-assignment>
<role-name>bankcustomer</role-name>
<principal-name>ramon</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
In the wldeploy ant task we need to add the line securityModel="DDOnly" to indicate security role assignment is done at deployment:
<wldeploy
user="${admin.username}"
password="${admin.password}"
adminurl="t3://${weblogic.hostname}:${weblogic.port}"
securityModel="DDOnly"
debug="true"
action="deploy"
name="BankService"
source="${build.dir}/BankService.ear"
failonerror="${failondeploy}"/>
Rather than use a JAAS login which would entail creating additional source code such as a CallBackHandler, JNDI login was used instead. This entailed creating a jndi.properties file for each user with the username and password included. So for user scott the corresponding jndi.properties file is:
java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
java.naming.provider.url=t3://localhost:7001
java.naming.security.principal=scott
java.naming.security.credentials=xyz12345
In lab4 we invoke an ejb from a servlet so we use web-tier authentication. In this case we can specify user/role assignments in the administrator console. Then we need to set the Security Model default flag in the administrator console as follows:
Select security realm in navigation pane, then select myrealm (this is the default realm). For the "Security Model default" select "Custom Roles and Policies" from drop down list.
This is the last in the migrating EJB3 to Weblogic 10.3 series. All the source code should shortly be available for download from the book's website.