Skip to main content

JEAP 6 - Web Service 安全性設定(登入)

當然開發完Web Service 也不能都不做一些安全性的防護吧?
Web Service 主要的安全性也不外乎兩種,加密跟使用者登入的身份認證。
這篇是之前Web Service 的延伸,可以參考先前建立Web Service 的方式。
但我認為Web Service 其實跟EJB 的Stateless Session Bean 結合的最好,
以後有機會再寫囉!

====================================================

這次的WSDL並沒有做加密或是保護,主要是Service 的認證。
要做認證,要先把Security Domain 建立起來,要先建立使用者的properties 的檔案。
所以請到之前WAR 檔下的Source 位置,建立兩個properties 檔案,一個放使用者與密碼,一個放使用者與使用者身份的對應檔。

A. jbossws-role.properties (使用者與使用者身份的對應檔)
admin=wsuser
B. jbossws-user.properties (使用者與密碼的對應檔)
admin=adminpwd
JBoss EAP 6 現在設定Security Domain也變得"灰熊"簡單拉!老樣子,一樣是兩種選擇

A. XML 設定,security-domains 之下

  
    
      
      
    
  
 
B. 從Console上設定,
1. 到Profile 下,選擇左邊選單的Security的Security Domains.

2. 按下Add, 新增一個JBoss Web Service 專用的Security Domain. Cache Type 請選擇Default.

3. 建立完成後,到剛剛建立的JBossWS上按View進入,

4. 新增一個UserRoles的Login模組UsersRoles. Flag 選required. (必要的)

5. 到下方的Detail 指定這個Security Domains 要去讀取剛建的properties 的使用檔案。


為了讓大家可讀到這個Security Domain, 所以請建立jboss-web.xml,讓其他程式可以很簡單的找到它。 在 WEB-INF 下建立 jboss-web.xml



接下來就要把Security Domain 與我們的WAR 檔連結,所以請在WEB-INF下建立web.xml.
內容如下

  hellows
    
    WebServiceSecurity  
      
      Authorized users for Web Service  
      /*  
      POST
      

           
       wsuser
      
  
 
  
    BASIC
    JBossWS
 
 
 
    wsuser
 


接下來就是重頭戲,把告訴Web Service 哪個角色可以使用它,所以回到我們pojo 的Web Service程式,加上簡單的Annotation @RolesAllowed 定義那個角色可以用就好了!

先用之前的Client 程式跑跑看,果然會出現Error, 因為我們完全沒有登入,沒有給他使用者與密碼,會過才有鬼哩~

Client端:



因此,加上登入的程式碼,(使用BindingProvider,加上之前設定在properties 的ID 與密碼)
必須在Service Port 執行之前設定進去。

再測一次,果然成功拉!

以上。

Comments

Popular posts from this blog

Red Hat JBoss Fuse/A-MQ - Fuse and A-MQ Version 6.3 GA is released!

Fuse and A-MQ 6.3 GA has just went out. Maybe, you would think this is just only a minor version release why should I care? Hold your thoughts on that! Because they have done a lot of improvements and also added many new features into this release.

Besides various bug fixes and making sure Fuse Fabric is much more stable. There are two major change in this version update:

New Tooling in JBoss Developer Studio (JBDS) 9.1 GA. Newer Apache Camel version – Camel v2.17. I was really impressed by the work put in to make developing Camel application much simpler. First is the installation of tooling itself. Now it has a all-in-one installer so you don't need to worry about which plugins you need to check. See the videos below to see the new "Getting Started" of Fuse 6.3.



And If you notice from the above video, the presentation of camel route in JBDS has also updated. It fixed some of the miss representation of logic and making it easier to read.

Old Camel Route
New Camel Route
On …

Fuse Integration Service - Setup JBDS and create first quickstart application

Before we go and start creating our first application, I want to show you how to setup your JBoss Developer Studio, create a small application from the quickstart example and then running it on Fuse Integration Service.

I am using JBoss Developer Studio version 9, you can find it here.
After download the

jboss-devstudio-9.0.0.GA-installer-eap.jar
double-click it, and start installing with default values.

After successful installation, we will need install the plugins for Fuse, on JBoss Central view, select software update, select enable early access.


And select JBoss Fuse Development for the plugin,


Click on install, and we are all set to go!

First thing first, we want to create a Fuse project to deploy on the base of Fuse Integration Service, which is OpenShift. If you have not installed it, please go back to my previous post for instructions. So on your JBDS, right click and start creating the project. Select new, maven project, if you have installed the plugin correctly, you should …

Red Hat JBoss Fuse - Getting Started with Fuse Integration Service 2.0 Tech preview

I just realized that I did not do a getting started for Fuse Integration Service 2.0 Tech preview before I did the pipeline demo, thanks for those of you who reminded me! :)

To get started with FIS 2.0, for people who has just getting to know the technology, here is how I interpret it. Basically, it's divide into two aspect,

1. Integration development, FIS uses Apache Camel as the core technology that creates, orchestrate, compose microservices into a super lightweight thin integration layer, and become the API provider and service orchestrator through exposing RESTful or messaging service endpoints. And you can choose to either package and run it with Spring-Boot or Karaf.


2. Application Deployment and Management, FIS takes advantages of OpenShift platform, and allows you to separately deploy the micro-integration service among distributed environment, at the same time takes care of the failover, high availability, load balancing and service lookup problem for you.


So, now we know …