I created a simple web application which contains web pages and one enterprise application which contains web services and EJBs fo开发者_开发知识库r my web application. I managed to configure security for my web application. But now how do i propagate this security to my enterprise application on my EJB method methods? so that i can use annotations like @RolesAllowed("") etc?
In your web application when you search for beans by JNDI, you have to pass user/password information to the InitialContext constructor (code from there: http://schuchert.wikispaces.com/EJB3+Tutorial+6+-+Security)
public InitialContext getInitialContextFor(final String user,
final String password) throws NamingException {
final Properties p = new Properties();
p.setProperty(Context.SECURITY_PRINCIPAL, user);
p.setProperty(Context.SECURITY_CREDENTIALS, password);
p.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
return new InitialContext(p);
}
If you wanted your web app container to do it automatically for you - I don't know how to do it.
BTW - are you using the same container for both web app and ejbs?
精彩评论