jbossws-native-3.1.1下，使用annotation管理webservice權限

Below is the steps that deploy the security in our recent projects:

1.Download 'jbossws-native-3.1.1.GA.zip' from 'http://www.jboss.org/jbossws/downloads/'

2.Install jbossws-native-3.1.1.GA

   unzip jbossws-native-3.1.1.GA.zip

   Copy \jbossws-native-bin-dist\ant.properties.example to a new file named ant.properties

   Modify the ant.properties as follows:

    [email protected]@ -> jboss423.home=C:/usr/local/jboss-4.2.3.GA

    jbossws.integration.target=jboss500 -> jbossws.integration.target=jboss423

    run->cmd under path \jbossws-native-bin-dist\ run "ant deploy-jboss423"

3.Annotations can be used on the Java Jboss server in the following way to secure access to the operations of a webservice:

    package nl.ontraq.jobboard.authentication;

    import javax.annotation.security.RolesAllowed;
    import javax.ejb.Stateless;

    import nl.ontraq.jobboard.util.Constants;

    import org.jboss.annotation.security.SecurityDomain;
    import org.jboss.ws.annotation.EndpointConfig;
    import org.jboss.wsf.spi.annotation.WebContext;

    @javax.jws.WebService(name = "Authentication",
                          serviceName = "Authentication",
                          portName = "AuthenticationSOAP",
                          targetNamespace = "http://jobboard.ontraq.nl/Authentication/",
                          endpointInterface = "nl.ontraq.jobboard.authentication.Authentication")
                     
    @WebContext(contextRoot="/ojbservices/authentication", urlPattern="/Authentication")
    @Stateless
    @EndpointConfig(configName="Standard WSSecurity Endpoint")
    @SecurityDomain("ojbpolicy")        
    public class AuthenticationImpl implements Authentication {

        ...

     @RolesAllowed({Constants.OJB_ROLES_ADMIN, Constants.OJB_ROLES_CANDIDATE})
 public int saveSetting(EditSettings parameters) {

     ...
       
    }
  }

    The Role constants were defined in the CLass nl.ontraq.jobboard.util.Constants.

    package nl.ontraq.jobboard.util;

    public class Constants {
     public static final String OJB_ID_OWNER = "OJB";
     public static final String OJB_USERNAME = "username";
     public static final String OJB_CANDIDATE_UID = "CandidateUID";

     public static final String OJB_ROLES_GUEST = "guest";
     public static final String OJB_ROLES_CANDIDATE = "candidate";
     public static final String OJB_ROLES_EMPLOYER = "employer";
     public static final String OJB_ROLES_ADMIN = "admin";
 
    }

4.Init roles data into table 'ojb.role'

    INSERT INTO ojb."role"("idRole", rolename, roledescription) VALUES (1,"guest","Guest role");
    INSERT INTO ojb."role"("idRole", rolename, roledescription) VALUES (2,"candidate","Candidate role");
    INSERT INTO ojb."role"("idRole", rolename, roledescription) VALUES (3,"employer","Employer role");
    INSERT INTO ojb."role"("idRole", rolename, roledescription) VALUES (9,"admin","Admin role");

5.The user role information is in the table ojb.user_has_role

6.The securitydomain 'ojbpolicy' must have been defined in the file 'login-config.xml' present in the Jboss 'conf' directory:

    <application-policy name="ojbpolicy">
      <authentication>
        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
           flag="required">
          <module-option name="dsJndiName">java:/LoginDS</module-option>
          <module-option name="principalsQuery">
            select password from ojb.ojbuser where username=?
          </module-option>
          <!-- NOTE: make sure you use double quotes for fieldnames !! -->
          <module-option name="rolesQuery">
            select c."rolename",'Roles' from ojb.user_has_role a, ojb.ojbuser b, ojb.role c
   where a."User_idUser" = b."idUser" and a."Role_idRole" = c."idRole" and b."username"=?
          </module-option>
    <module-option name="unauthenticatedIdentity">guest</module-option>
        </login-module>
      </authentication>
    </application-policy>

7.A datasource 'LoginDS' needs to be defined in the deploy directory, file 'postgresql-ds.xml':

    <?xml version="1.0" encoding="UTF-8"?>
    <datasources>
            <local-tx-datasource>
                    <jndi-name>LoginDS</jndi-name>
                    <connection-url>jdbc:postgresql://localhost/ojb</connection-url>
                    <driver-class>org.postgresql.Driver</driver-class>
                    <user-name>ojb_owner</user-name>
                    <password>ojb_owner</password>
            </local-tx-datasource>
    </datasources>

8.Copy postgress database driver 'postgresql-8.3-603.jdbc3.jar' needs to be available in the 'lib' directory of Jboss ('.../server/default/lib').

9.Create jboss-wsse-server.xml and save in META-INF folder based on the EJB (OJBAuthenticationEJB)

  Sample file:

    <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.jboss.com/ws-security/config
              http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

    </jboss-ws-security>

10.Create jboss-wsse-client.xml and and save in META-INF folder based on the EJB (OJBAuthenticationEJB)

  Sample file:

    <jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.jboss.com/ws-security/config
            http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">

    </jboss-ws-security>

11.Deploy the EAR, then the security base on the role can be used then.