JBoss @SecurityDomain Anotasyonu

Giriş

Şu satırı dahil ederiz

import org.jboss.security.SecurityDomain;

EJB nesnesini çağıran kişinin belirtilen "security domain" ile doğrulanıp 

javax.annotation.security.RolesAllowed ile belirtilen role sahip olması gerekir.

security domain 4 farklı yere eklenir.

1. standalone-full.xml dosyasında undertow sistemine eklenir. Şöyle yaparız

<subsystem xmlns="urn:jboss:domain:undertow:12.0" 
  default-server="default-server" 
  default-virtual-host="default-host" 
  default-servlet-container="default" 
  default-security-domain="other" 
  statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
  ....
  <application-security-domains>
    <application-security-domain name="imixsrealm" security-domain="imixsrealm"/>
    <application-security-domain name="other" security-domain="ApplicationDomain"/>                                            
  </application-security-domains>
</subsystem>

2. standalone-full.xml dosyasında ejb3:9.0 sistemine eklenir. Şöyle yaparız

<subsystem xmlns="urn:jboss:domain:ejb3:9.0">
  ...
  <default-security-domain value="other"/>
  <application-security-domains>
    <application-security-domain name="imixsrealm" security-domain="imixsrealm"/>
    <application-security-domain name="other" security-domain="ApplicationDomain"/>                
  </application-security-domains>
  ...
</subsystem>

3. src/main/webapp/WEB-INF/jboss-web.xml dosyasına eklenir. Şöyle yaparız

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
  <context-root>/</context-root>	
  <security-domain>imixsrealm</security-domain>
</jboss-web>

4.  jboss-ejb3.xml dosyasına eklenir. Şöyle yaparız

<?xml version="1.1" encoding="UTF-8"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
  xmlns="http://java.sun.com/xml/ns/javaee" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:s="urn:security:1.1"
  xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee   http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"
  version="3.1" impl-version="2.0">

  <assembly-descriptor>
    <s:security>
      <ejb-name>*</ejb-name>			
      <s:security-domain>imixsrealm</s:security-domain>
      <!-- This configuration is necessary to enable @runAs for the AdminPService  -->
      <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
    </s:security>
  </assembly-descriptor>

</jboss:ejb-jar>

Örnek

src/main/webapp/WEB-INF/jboss-web.xml dosyasında şöyle yaparız

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE jboss-web>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.org/schema/jbossas
  http://www.jboss.org/schema/jbossas/jboss-web_7_2.xsd">

  <security-domain>legacy-domain</security-domain>

</jboss-web>

Kodda @SecurityDomain kullanarak şöyle yaparız

import java.security.Principal;

import javax.annotation.Resource;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;

import org.jboss.ejb3.annotation.SecurityDomain;

//Simple secured EJB using EJB security annotations.
@Stateless
@RolesAllowed({"guest"})
@SecurityDomain("legacy-domain")
@Remote(SecuredEJBRemote.class)
public class SecuredEJB implements SecuredEJBRemote {

  // Inject the Session Context
  @Resource
  private SessionContext ctx;

  //Secured EJB method using security annotations
  public String getSecurityInformation() {
    // Session context injected using the resource annotation
    Principal principal = ctx.getCallerPrincipal();
    return principal.toString();
  }

  @RolesAllowed("admin")
  public boolean administrativeMethod() {
    return true;
  }
}