如何保护GlassFish 2上的Web服务? [英] Howto secure webservices on GlassFish 2?
问题描述
我们在GlassFish 2服务器上部署了一些无用的EJB(EJB3),通过@Webmethod注释将它们的一些方法公开为webservices。
现在我们要保护这些webservice方法,以便只有经过身份验证的客户端才能调用它。什么是实现这一目标的好方法?
解决方案以下示例使用文件领域进行身份验证。
@Stateless
@WebService(name =MyAppServices)
@RolesAllowed({user})
public class ItemEJB {
...
}
您还需要 sun-ejb-jar.xml 例如
<太阳EJB-JAR>
< security-role-mapping>
<! - 如@RolesAllowed中所定义 - >
<角色名称>用户< /角色名称>
<! - 在文件领域创建的glassfish组 - >>
< group-name>使用者< / group-name>
< / security-role-mapping>
< enterprise-beans>
< ejb>
< ejb-name> ItemEJB< / ejb-name>
< webservice-endpoint>
<! - 相当于@WebService的名称属性 - >
< port-component-name> MyAppServices< / port-component-name>
< login-config>
< auth-method> BASIC< / auth-method>
< realm>档案< / realm>
< / login-config>
< / webservice-endpoint>
< / ejb>
< / enterprise-beans>
在glassfish中的文件领域是微不足道的(管理控制台)。您可以创建自己的自定义领域和登录模块
We have some staleless EJBs (EJB3) deployed on a GlassFish 2 server that expose some of their methods as webservices via the @Webmethod annotation.
Now we want to secure these webservice methods so that only authenticated clients can call it. What would be a good way to achieve this?
Like the good reverend said. Example below uses a file realm for authentication.
@Stateless
@WebService(name = "MyAppServices")
@RolesAllowed({"user"})
public class ItemEJB {
...
}
You will also need sun-ejb-jar.xml e.g.
<sun-ejb-jar>
<security-role-mapping>
<!-- as defined in @RolesAllowed -->
<role-name>user</role-name>
<!-- glassfish group created in file realm -->
<group-name>user</group-name>
</security-role-mapping>
<enterprise-beans>
<ejb>
<ejb-name>ItemEJB</ejb-name>
<webservice-endpoint>
<!-- equivalent to name attribute of @WebService -->
<port-component-name>MyAppServices</port-component-name>
<login-config>
<auth-method>BASIC</auth-method>
<realm>file</realm>
</login-config>
</webservice-endpoint>
</ejb>
</enterprise-beans>
Creation of a group in the file realm in glassfish is trivial (admin console). you can however create your own custom realm and login module
这篇关于如何保护GlassFish 2上的Web服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
