6,787
社区成员
发帖
与我相关
我的任务
分享@RolesAllowed 在jboss6.0中不起作用
package com.jaas;
public interface SecurityAccess {
public String AdminUserMethod();
public String DepartmentUserMethod();
public String AnonymousUserMethod();
}
package com.jaas;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.Stateless;
@Stateless
@Remote ({SecurityAccess.class})
public class SecurityAccessBean implements SecurityAccess{
@RolesAllowed({"AdminUser","DepartmentUser"})
public String AdminUserMethod() {
return "管理员角色访问AdminUserMethod()方法";
}
@RolesAllowed({"DepartmentUser"})
public String DepartmentUserMethod() {
return "事业部门角色的用户访问DepartmentUserMethod()方法";
}
@PermitAll
public String AnonymousUserMethod() {
return "任何角色的用户都可以访问AnonymousUserMethod()方法";
}
}
//jboss.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<security-domain>other</security-domain>
<unauthenticated-principal>AnonymousUser</unauthenticated-principal>
</jboss>
//roles.properties
lisi=AdminUser,DepartmentUser
wangwu=DepartmentUser
//users.properties
lisi=123456
wangwu=123456
//jsp页面
<%@ page contentType="text/html; charset=GBK"%>
<%@ page import="com.jaas.SecurityAccess,
javax.naming.*,
org.jboss.security.*,
java.util.*"%>
<%
Properties props = new Properties();
props.setProperty("java.naming.factory.initial",
"org.jnp.interfaces.NamingContextFactory");
props.setProperty("java.naming.provider.url", "localhost:1099");
props.setProperty("java.naming.factory.url.pkgs", "org.jboss.naming");
InitialContext ctx = new InitialContext(props);
String user = request.getParameter("user");
String pwd = request.getParameter("pwd");
if (user!=null && !"".equals(user.trim())){
SecurityAssociation.setPrincipal(new SimplePrincipal(user.trim()));
SecurityAssociation.setCredential(pwd.trim().toCharArray());
}
SecurityAccess securityaccess = (SecurityAccess)
ctx.lookup("SecurityAccessBean/remote");
try{
out.println("<font color=green>调用结果:</font>"+
securityaccess.AdminUserMethod()+ "<br>");
}catch(Exception e){
out.println(user+ "没有权限访问AdminUserMethod方法<BR>");
}
out.println("==========================<BR>");
try{
out.println("<font color=green>调用结果:</font>"+
securityaccess.DepartmentUserMethod()+ "<br>");
}catch(Exception e){
out.println(user+ "没有权限访问DepartmentUserMethod方法<BR>");
}
out.println("==========================<BR>");
try{
out.println("<font color=green>调用结果:</font>"+
securityaccess.AnonymousUserMethod()+ "<br>");
}catch(Exception e){
out.println(user+ "没有权限访问AnonymousUserMethod方法<BR>");
}
SecurityAssociation.clear();
%>
为什么@RolesAllowed({"AdminUser","DepartmentUser"}) 不起作用?
public interface SecurityAccess {
public String AdminUserMethod();
public String DepartmentUserMethod();
public String AnonymousUserMethod();
}
package com.jaas;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.Stateless;
@Stateless
@Remote ({SecurityAccess.class})
public class SecurityAccessBean implements SecurityAccess{
@RolesAllowed({"AdminUser","DepartmentUser"})
public String AdminUserMethod() {
return "管理员角色访问AdminUserMethod()方法";
}
@RolesAllowed({"DepartmentUser"})
public String DepartmentUserMethod() {
return "事业部门角色的用户访问DepartmentUserMethod()方法";
}
@PermitAll
public String AnonymousUserMethod() {
return "任何角色的用户都可以访问AnonymousUserMethod()方法";
}
}
//jboss.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<security-domain>other</security-domain>
<unauthenticated-principal>AnonymousUser</unauthenticated-principal>
</jboss>
//roles.properties
lisi=AdminUser,DepartmentUser
wangwu=DepartmentUser
//users.properties
lisi=123456
wangwu=123456
//jsp页面
<%@ page contentType="text/html; charset=GBK"%>
<%@ page import="com.jaas.SecurityAccess,
javax.naming.*,
org.jboss.security.*,
java.util.*"%>
<%
Properties props = new Properties();
props.setProperty("java.naming.factory.initial",
"org.jnp.interfaces.NamingContextFactory");
props.setProperty("java.naming.provider.url", "localhost:1099");
props.setProperty("java.naming.factory.url.pkgs", "org.jboss.naming");
InitialContext ctx = new InitialContext(props);
String user = request.getParameter("user");
String pwd = request.getParameter("pwd");
if (user!=null && !"".equals(user.trim())){
SecurityAssociation.setPrincipal(new SimplePrincipal(user.trim()));
SecurityAssociation.setCredential(pwd.trim().toCharArray());
}
SecurityAccess securityaccess = (SecurityAccess)
ctx.lookup("SecurityAccessBean/remote");
try{
out.println("<font color=green>调用结果:</font>"+
securityaccess.AdminUserMethod()+ "<br>");
}catch(Exception e){
out.println(user+ "没有权限访问AdminUserMethod方法<BR>");
}
out.println("==========================<BR>");
try{
out.println("<font color=green>调用结果:</font>"+
securityaccess.DepartmentUserMethod()+ "<br>");
}catch(Exception e){
out.println(user+ "没有权限访问DepartmentUserMethod方法<BR>");
}
out.println("==========================<BR>");
try{
out.println("<font color=green>调用结果:</font>"+
securityaccess.AnonymousUserMethod()+ "<br>");
}catch(Exception e){
out.println(user+ "没有权限访问AnonymousUserMethod方法<BR>");
}
SecurityAssociation.clear();
%>
为什么@RolesAllowed({"AdminUser","DepartmentUser"}) 不起作用?
...全文
请发表友善的回复…
发表回复
xiaobeibeinihao 2011-07-21
- 打赏
- 举报
你这个问题解决了吗
我好想也碰到类似的问题了。是不是jboss 6.0 中的spring版本较低?
我好想也碰到类似的问题了。是不是jboss 6.0 中的spring版本较低?
