You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by bu...@apache.org on 2011/07/12 20:02:32 UTC
svn commit: r792600 [34/49] - /websites/staging/openejb/trunk/content/
Modified: websites/staging/openejb/trunk/content/securing-a-web-service.html
==============================================================================
--- websites/staging/openejb/trunk/content/securing-a-web-service.html (original)
+++ websites/staging/openejb/trunk/content/securing-a-web-service.html Tue Jul 12 18:02:27 2011
@@ -155,9 +155,9 @@
<p>Web Services are a very common way to implement a Service Oriented
Architecture (SOA).</p>
-<p>There are lots of web service standards/specifications (XML, SOAP, WSDL,
+<p>There are lots of web service standards<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">specifications (XML, SOAP, WSDL,
UUDI, WS-*, ...) coming from organizations like W3C, OASIS, WS-I, ...
-And there are java web service standards like JAX-WS 1.x (JSR 181), JAX-WS
+And there are java web service standards like JAX-WS 1.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"> (JSR 181), JAX-WS
2.0 (JSR 224). </p>
<p>OpenEJB provides a standard way to implement web services transport
@@ -178,7 +178,7 @@ It has no impact on developments. It all
<li># To identify the end user with SSLv3 with client certificate required</li>
<li># OpenEJB supports BASIC authentication over HTTP(S), using the configured
JAAS provider. This will honour any EJB security roles you have setup using
-@RolesAllowed. See the webservice-security example in the OpenEJB codebase <a href="http://svn.apache.org/repos/asf/openejb/trunk/openejb3/examples/">http://svn.apache.org/repos/asf/openejb/trunk/openejb3/examples/</a></li>
+@RolesAllowed. See the webservice-security e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ample in the OpenEJB codebase [http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">svn.apache.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">repos<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">asf<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16
" width="16" align="absmiddle" alt="" border="0">openejb<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">trunk<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">openejb3<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">amples<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">](http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align=
"absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">svn.apache.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">repos<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">asf<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">openejb<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">trunk<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt=""
border="0">openejb3<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">amples<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">)</li>
</ol></li>
</ul>
@@ -194,16 +194,16 @@ security,
Nowadays, SOAP implementations use other protocols than just HTTP so we
need to apply security to the message itself and not only at the transport
layer. Moreover, HTTPS can only be used for securing point-to-point
-services which tend to decrease with Enterprise Service Bus for example. </li>
+services which tend to decrease with Enterprise Service Bus for e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ample. </li>
</ul>
<p>The Oasis organization has defined a standard (part of well-known WS-*)
-which aims at providing high level features in the context of web services:
+which aims at providing high level features in the conte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t of web services:
WS-Security. It provides a standard way to secure your services above and
beyond transport level protocols such as HTTPS. WS-Security relies on other
standards like XML-Encryption. Main features are:
* Timestamp a message,
-* Pass credentials (plain text and/or ciphered) between services,
+* Pass credentials (plain te<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t and<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">or ciphered) between services,
* Sign messages,
* Encrypt messages or part of messages.</p>
@@ -212,7 +212,7 @@ provides a common and highly configurabl
association with the JAX-WS usage without vendor dependence. Internally,
OpenEJB integrates Apache WSS4J as the WS-Security implementation. To use
the integration, you will need to configure WSS4J using the
-<em>openejb-jar.xml</em>.</p>
+<em>openejb-jar.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml</em>.</p>
<p>{warning:title=Warning}
the proposed WS-Security integration is only used at server side.
@@ -227,14 +227,14 @@ can configure either one or the other or
client credentials for incoming messages and sign outgoing messages
(response).</p>
-<p><a name="SecuringaWebService-Configurationprinciples"></a></p>
+<p><a name="SecuringaWebService-Configurationprinciples"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h1>Configuration principles</h1>
-<p>The configuration is made in the <em>openejb-jar.xml</em>. Each endpoint web
+<p>The configuration is made in the <em>openejb-jar.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml</em>. Each endpoint web
service can provide a set of properties to customize WS-Security behavior
through the <properties> element. The content of this element is consistent
-with the overall structure of <em>openejb.xml</em>. The format for properties is
+with the overall structure of <em>openejb.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml</em>. The format for properties is
the same as if you would use a common java property file.</p>
<pre><code>[...]
@@ -242,7 +242,7 @@ the same as if you would use a common ja
wss4j.in.action = UsernameToken
wss4j.in.passwordType = PasswordDigest
wss4j.in.passwordCallbackClass=org.superbiz.calculator.CustomPasswordHandler
-</properties>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">properties>
[...]
</code></pre>
@@ -254,99 +254,99 @@ Each property is made of </p>
<p><em><wss4j>.<in|out>.<wss4j property name>=<wss4j property value></em></p>
</blockquote>
-<p>For example : <em>wss4j.in.action = UsernameToken</em></p>
+<p>For e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ample : <em>wss4j.in.action = UsernameToken</em></p>
-<p><a name="SecuringaWebService-UsernameToken(Passworddigest)example"></a></p>
+<p><a name="SecuringaWebService-UsernameToken(Passworddigest)e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ample"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
-<h1>Username Token (Password digest) example</h1>
+<h1>Username Token (Password digest) e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ample</h1>
-<p><a name="SecuringaWebService-Excerptfrom*openejb-jar.xml*."></a></p>
+<p><a name="SecuringaWebService-E<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">cerptfrom*openejb-jar.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml*."><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
-<h4>Excerpt from <em>openejb-jar.xml</em>.</h4>
+<h4>E<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">cerpt from <em>openejb-jar.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml</em>.</h4>
-<pre><code><openejb-jar xmlns="http://openejb.apache.org/xml/ns/openejb-jar-2.2">
+<pre><code><openejb-jar <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">openejb.apache.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16
" align="absmiddle" alt="" border="0">ns<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">openejb-jar-2.2">
<enterprise-beans>
...
<session>
- <ejb-name>CalculatorImpl</ejb-name>
+ <ejb-name>CalculatorImpl<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">ejb-name>
<web-service-security>
- <security-realm-name/>
- <transport-guarantee>NONE</transport-guarantee>
- <auth-method>WS-SECURITY</auth-method>
+ <security-realm-name<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">>
+ <transport-guarantee>NONE<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">transport-guarantee>
+ <auth-method>WS-SECURITY<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">auth-method>
<properties>
wss4j.in.action = UsernameToken
wss4j.in.passwordType = PasswordDigest
wss4j.in.passwordCallbackClass=org.superbiz.calculator.CustomPasswordHandler
- </properties>
- </web-service-security>
- </session>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">properties>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">web-service-security>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">session>
...
- </enterprise-beans>
-</openejb-jar>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">enterprise-beans>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">openejb-jar>
</code></pre>
-<p><a name="SecuringaWebService-Requestsentbytheclient."></a></p>
+<p><a name="SecuringaWebService-Requestsentbytheclient."><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h4>Request sent by the client.</h4>
<p>This request contains SOAP headers to manage security. You can see
<em>UsernameToken</em> tag from the WS-Security specification.</p>
-<pre><code>POST /CalculatorImplUsernameTokenHashedPassword HTTP/1.1
-Content-Type: text/xml; charset=UTF-8
+<pre><code>POST <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">CalculatorImplUsernameTokenHashedPassword HTTP<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">1.1
+Content-Type: te<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml; charset=UTF-8
SOAPAction: ""
Accept: *
Cache-Control: no-cache
Pragma: no-cache
-User-Agent: Java/1.5.0_05
+User-Agent: Java<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">1.5.0_05
Host: 127.0.0.1:8204
Connection: keep-alive
Transfer-Encoding: chunked
524
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+<soap:Envelope <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:soap="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">schemas.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlsoap.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">soap<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16"
align="absmiddle" alt="" border="0">envelope<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">">
<soap:Header>
- <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">
- <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ <wsse:Security <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:wsse="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" wid
th="16" align="absmiddle" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">oasis-200401-wss-wssecurity-sece<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t-1.0.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">sd" soap:mustUnderstand="1">
+ <wsse:UsernameToken <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:wsu="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="1
6" width="16" align="absmiddle" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">oasis-200401-wss-wssecurity-utility-1.0.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">sd"
wsu:Id="UsernameToken-22402238"
-xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
- <wsse:Username xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">jane</wsse:Username>
- <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
-xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">tf7k3a4GREIt1xec/KXVmBdRNIg=</wsse:Password>
- <wsse:Nonce xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">cKhUhmjQ1hGYPsdOLez5kA==</wsse:Nonce>
- <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-04-14T20:16:26.203Z</wsu:Created>
- </wsse:UsernameToken>
- </wsse:Security>
- </soap:Header>
+<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:wsse="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmidd
le" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">oasis-200401-wss-wssecurity-sece<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t-1.0.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">sd">
+ <wsse:Username <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:wsse="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16"
width="16" align="absmiddle" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">oasis-200401-wss-wssecurity-sece<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t-1.0.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">sd">jane<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsse:Username>
+ <wsse:Password Type="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" wi
dth="16" align="absmiddle" alt="" border="0">oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
+<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:wsse="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmidd
le" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">oasis-200401-wss-wssecurity-sece<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t-1.0.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">sd">tf7k3a4GREIt1<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ec<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">KXVmBdRNIg=<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icon
s/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsse:Password>
+ <wsse:Nonce <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:wsse="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" wi
dth="16" align="absmiddle" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">oasis-200401-wss-wssecurity-sece<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t-1.0.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">sd">cKhUhmjQ1hGYPsdOLez5kA==<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsse:Nonce>
+ <wsu:Created <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:wsu="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs.oasis-open.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wss<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">2004<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" wi
dth="16" align="absmiddle" alt="" border="0">01<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">oasis-200401-wss-wssecurity-utility-1.0.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">sd">2009-04-14T20:16:26.203Z<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsu:Created>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsse:UsernameToken>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsse:Security>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">soap:Header>
<soap:Body>
- <ns1:sum xmlns:ns1="http://superbiz.org/wsdl">
- <arg0>4</arg0>
- <arg1>6</arg1>
- </ns1:sum>
- </soap:Body>
-</soap:Envelope>
+ <ns1:sum <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:ns1="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">superbiz.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsdl">
+ <arg0>4<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">arg0>
+ <arg1>6<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">arg1>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">ns1:sum>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">soap:Body>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">soap:Envelope>
</code></pre>
-<p><a name="SecuringaWebService-Theresponsereturnedfromtheserver."></a></p>
+<p><a name="SecuringaWebService-Theresponsereturnedfromtheserver."><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h4>The response returned from the server.</h4>
-<pre><code>HTTP/1.1 200 OK
+<pre><code>HTTP<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">1.1 200 OK
Content-Length: 200
Connection: close
-Content-Type: text/xml; charset=UTF-8
-Server: OpenEJB/??? (unknown os)
+Content-Type: te<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml; charset=UTF-8
+Server: OpenEJB<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">??? (unknown os)
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+<soap:Envelope <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:soap="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">schemas.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlsoap.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">soap<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16"
align="absmiddle" alt="" border="0">envelope<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">">
<soap:Body>
- <ns1:sumResponse xmlns:ns1="http://superbiz.org/wsdl">
- <return>10</return>
- </ns1:sumResponse>
- </soap:Body>
-</soap:Envelope>
+ <ns1:sumResponse <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">mlns:ns1="http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">superbiz.org<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">wsdl">
+ <return>10<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">return>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">ns1:sumResponse>
+ <<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">soap:Body>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">soap:Envelope>
</code></pre>
-<p><a name="SecuringaWebService-JAASwithWS-Security"></a></p>
+<p><a name="SecuringaWebService-JAASwithWS-Security"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h1>JAAS with WS-Security</h1>
@@ -355,16 +355,16 @@ calls to the OpenEJB SecurityService to
CallbackHandler. Once you have done this, any permissions configured with
@RolesAllowed should be honoured.</p>
-<p>Here is a snippet from the webservice-ws-security example demonstrating
+<p>Here is a snippet from the webservice-ws-security e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ample demonstrating
this:</p>
<pre><code>public class CustomPasswordHandler implements CallbackHandler {
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ public void handle(Callback[] callbacks) throws IOE<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ception, UnsupportedCallbackE<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ception {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
- // TODO get the password from the users.properties if possible
+ <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> TODO get the password from the users.properties if possible
pc.setPassword("waterfall");
} else if (pc.getUsage() == WSPasswordCallback.DECRYPT) {
@@ -387,20 +387,20 @@ this:</p>
token = securityService.login(pc.getIdentifer(), pc.getPassword());
securityService.associate(token);
- } catch (LoginException e) {
+ } catch (LoginE<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ception e) {
e.printStackTrace();
- throw new SecurityException("wrong password");
+ throw new SecurityE<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ception("wrong password");
}
}
}
}
</code></pre>
-<p><a name="SecuringaWebService-Examples"></a></p>
+<p><a name="SecuringaWebService-E<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">amples"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
-<h1>Examples</h1>
+<h1>E<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">amples</h1>
-<p>A full example (webservice-ws-security) is available with OpenEJB Examples.</p>
+<p>A full e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ample (webservice-ws-security) is available with OpenEJB E<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">amples.</p>
</DIV>
</P>
Modified: websites/staging/openejb/trunk/content/security-annotations.html
==============================================================================
--- websites/staging/openejb/trunk/content/security-annotations.html (original)
+++ websites/staging/openejb/trunk/content/security-annotations.html Tue Jul 12 18:02:27 2011
@@ -155,14 +155,14 @@
<p>This page shows the correct usage of the security related annotations:</p>
<ul>
-<li>javax.annotation.security.RolesAllowed</li>
-<li>javax.annotation.security.PermitAll</li>
-<li>javax.annotation.security.DenyAll</li>
-<li>javax.annotation.security.RunAs</li>
-<li>javax.annotation.security.DeclareRoles</li>
+<li>java<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.annotation.security.RolesAllowed</li>
+<li>java<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.annotation.security.PermitAll</li>
+<li>java<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.annotation.security.DenyAll</li>
+<li>java<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.annotation.security.RunAs</li>
+<li>java<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.annotation.security.DeclareRoles</li>
</ul>
-<p><a name="SecurityAnnotations-Basicidea"></a></p>
+<p><a name="SecurityAnnotations-Basicidea"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>Basic idea</h2>
@@ -170,18 +170,18 @@
<li>By default all methods of a business interface are accessible, logged in
or not</li>
<li>The annotations go on the bean class, not the business interface</li>
-<li>Security annotations can be applied to entire class and/or individual
+<li>Security annotations can be applied to entire class and<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">or individual
methods</li>
<li>The names of any security roles used must be declared via @DeclareRoles</li>
</ul>
-<p><a name="SecurityAnnotations-Norestrictions"></a></p>
+<p><a name="SecurityAnnotations-Norestrictions"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>No restrictions</h2>
<p>Allow anyone logged in or not to invoke 'svnCheckout'.</p>
-<p>These three examples are all equivalent.</p>
+<p>These three e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">amples are all equivalent.</p>
<pre><code>@Stateless
public class OpenSourceProjectBean implements Project {
@@ -216,7 +216,7 @@ public class OpenSourceProjectBean imple
<li>Allow anyone logged in or not to invoke 'svnCheckout'.</li>
</ul>
-<p><a name="SecurityAnnotations-RestrictingaMethod"></a></p>
+<p><a name="SecurityAnnotations-RestrictingaMethod"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>Restricting a Method</h2>
@@ -244,7 +244,7 @@ public class OpenSourceProjectBean imple
<li>Allow anyone logged in or not to invoke 'svnCheckout'.</li>
</ul>
-<p><a name="SecurityAnnotations-DeclareRoles"></a></p>
+<p><a name="SecurityAnnotations-DeclareRoles"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>DeclareRoles</h2>
@@ -255,11 +255,11 @@ isCallerInRole(roleName).</p>
@DeclareRoles({"committer", "contributor"})
public class OpenSourceProjectBean implements Project {
- @Resource SessionContext ctx;
+ @Resource SessionConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t ct<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">;
@RolesAllowed({"committer"})
public String svnCommit(String s) {
- ctx.isCallerInRole("committer"); // Referencing a Role
+ ct<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.isCallerInRole("committer"); <IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> Referencing a Role
return s;
}
@@ -270,7 +270,7 @@ public class OpenSourceProjectBean imple
}
</code></pre>
-<p><a name="SecurityAnnotations-Restrictingallmethodsinaclass"></a></p>
+<p><a name="SecurityAnnotations-Restrictingallmethodsinaclass"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>Restricting all methods in a class</h2>
@@ -300,9 +300,9 @@ public class OpenSourceProjectBean imple
'svnCheckout' or 'submitPatch'.</li>
</ul>
-<p><a name="SecurityAnnotations-Mixingclassandmethodlevelrestrictions"></a></p>
+<p><a name="SecurityAnnotations-Mi<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ingclassandmethodlevelrestrictions"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
-<h2>Mixing class and method level restrictions</h2>
+<h2>Mi<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ing class and method level restrictions</h2>
<p>Security annotations can be used at the class level and method level at the
same time. These rules do not stack, so marking 'submitPatch' overrides
@@ -335,7 +335,7 @@ or 'svnCheckout'</li>
'submitPatch'. </li>
</ul>
-<p><a name="SecurityAnnotations-PermitAll"></a></p>
+<p><a name="SecurityAnnotations-PermitAll"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>PermitAll</h2>
@@ -371,7 +371,7 @@ public class OpenSourceProjectBean imple
<li>Allow anyone logged in or not to invoke 'svnCheckout'.</li>
</ul>
-<p><a name="SecurityAnnotations-DenyAll"></a></p>
+<p><a name="SecurityAnnotations-DenyAll"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>DenyAll</h2>
@@ -414,7 +414,7 @@ public class OpenSourceProjectBean imple
<li>Allow <em>no one</em> logged in or not to invoke 'deleteProject'.</li>
</ul>
-<p><a name="SecurityAnnotations-IllegalUsage"></a></p>
+<p><a name="SecurityAnnotations-IllegalUsage"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h1>Illegal Usage</h1>
@@ -441,11 +441,11 @@ public class MyStatefulBean implements
@AroundInvoke
@RolesAllowed({"committer"})
- public Object invoke(InvocationContext invocationContext) throws
+ public Object invoke(InvocationConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t invocationConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t) throws
</code></pre>
-<p>Exception {
- return invocationContext.proceed();
+<p>E<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ception {
+ return invocationConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t.proceed();
}</p>
<pre><code> @PostActivate
Modified: websites/staging/openejb/trunk/content/security.html
==============================================================================
--- websites/staging/openejb/trunk/content/security.html (original)
+++ websites/staging/openejb/trunk/content/security.html Tue Jul 12 18:02:27 2011
@@ -152,35 +152,35 @@
<P>
<!-- $BODY -->
<DIV id="PageContent">
- <p><a name="Security-Security-HowTo."></a></p>
+ <p><a name="Security-Security-HowTo."><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h1>Security - How To.</h1>
<p>We currently have two authentication mechanisms to choose from:
-* <em>PropertiesLoginModule</em> (a basic text file based login that looks up
+* <em>PropertiesLoginModule</em> (a basic te<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t file based login that looks up
users and groups from the specified properties files)
* <em>SQLLoginModule</em> (database based login that looks up users and groups
in a database through SQL queries)</p>
<p>To make your program authenticate itself to the server, simply construct
-your InitialContext with the standard javax.naming.Context properties for
-user/pass info, which is:</p>
+your InitialConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t with the standard java<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.naming.Conte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t properties for
+user<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">pass info, which is:</p>
<pre><code>Properties props = new Properties();
-props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.RemoteInitialContextFactory");
-props.setProperty(Context.PROVIDER_URL, "ejbd://localhost:4201");
-props.setProperty(Context.SECURITY_PRINCIPAL, "someuser");
-props.setProperty(Context.SECURITY_CREDENTIALS, "thepass");
+props.setProperty(Conte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.RemoteInitialConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">tFactory");
+props.setProperty(Conte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t.PROVIDER_URL, "ejbd:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">localhost:4201");
+props.setProperty(Conte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t.SECURITY_PRINCIPAL, "someuser");
+props.setProperty(Conte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t.SECURITY_CREDENTIALS, "thepass");
props.setProperty("openejb.authentication.realmName", "PropertiesLogin");
-// optional
-InitialContext ctx = new InitialContext(props);
-ctx.lookup(...);
+<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"> optional
+InitialConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t ct<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"> = new InitialConte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t(props);
+ct<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">.lookup(...);
</code></pre>
-<p>That will get you logged in and all your calls from that context should
-execute as you.</p>
+<p>That will get you logged in and all your calls from that conte<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">t should
+e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ecute as you.</p>
-<p><em>${openejb.base}/conf/login.config</em> is a standard JAAS config file.
+<p><em>${openejb.base}<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">conf<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">login.config</em> is a standard JAAS config file.
Here, you can configure any number of security realms to authenticate
against.
To specify which of the realms you want to authenticate against, you can
@@ -188,33 +188,32 @@ set the <em>openejb.authentication.realm
configured realm names in <em>login.config</em>.
If you don't speficy a realm name, the default (currently
<em>PropertiesLogin</em>) is used.
-For examples and more information on JAAS configuration, see the <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.html">JAAS Reference Guide</a>
+For e<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">amples and more information on JAAS configuration, see the [JAAS Reference Guide](http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">java.sun.com<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">javase<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">6<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" h
eight="16" width="16" align="absmiddle" alt="" border="0">docs<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">technotes<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">guides<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">security<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">jaas<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">JAASRefGuide.html)
.</p>
-<p><a name="Security-PropertiesLoginModule"></a></p>
+<p><a name="Security-PropertiesLoginModule"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>PropertiesLoginModule</h2>
-<p>Supported options:</p>
-
+<p>Supported options:
<table>
-<tr><th>Option</th><th>Description</th><th>Required</th></tr>
-<tr><td>UsersFile</td><td>name of the properties file that contains the users and their
-passwords</td><td>*yes*</td></tr>
-<tr><td>GroupsFile</td><td>name of the properties file that contains the groups and their
-member lists</td><td>*yes*</td></tr>
-</table>
+<tr><th>Option<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">th><th>Description<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">th><th>Required<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">th><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>UsersFile<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>name of the properties file that contains the users and their
+passwords<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td><em>yes</em><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>GroupsFile<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>name of the properties file that contains the groups and their
+member lists<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td><em>yes</em><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">table></p>
<p><em>UsersFile</em> and <em>GroupsFile</em> are read in on every login, so +you can
update them+ on a running system and those users will "show up" immediately
+without the need for a restart+ of any kind.</p>
-<p><a name="Security-SQLLoginModule"></a></p>
+<p><a name="Security-SQLLoginModule"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h2>SQLLoginModule</h2>
<p>You can either use a data source or configure the JDBC URL through which
-the user/group lookups will be made.</p>
+the user<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">group lookups will be made.</p>
<p>If you use a <em>DataSource</em>, you must specify its JNDI name with the
<em>dataSourceName</em> option.</p>
@@ -224,7 +223,7 @@ database.
The driver should be autodetected (provided the appropriate jar is on your
classpath), but if that fails for some reason, you can force a specific
driver using the <em>jdbcDriver</em> option.
-For more information on JDBC URLs, see the <a href="http://java.sun.com/javase/6/docs/technotes/guides/jdbc/">JDBC Guide</a></p>
+For more information on JDBC URLs, see the [JDBC Guide](http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">java.sun.com<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">javase<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">6<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align
="absmiddle" alt="" border="0">technotes<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">guides<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">jdbc<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">)</p>
<p>The <em>userSelect</em> query must return a two-column list of user names
(column 1) and passwords (column 2). This query should normally return a
@@ -235,27 +234,26 @@ that the client is trying to log in with
The <em>groupSelect</em> query must return a two-column list of user names and
their groups (or "roles" in the EJB world).</p>
-<p>Supported options:</p>
-
+<p>Supported options:
<table>
-<tr><th>Option</th><th>Description</th><th>Required</th></tr>
-<tr><td>dataSourceName</td><td>the name of a data source</td><td>*yes* (alternative 1)</td></tr>
-<tr><td>jdbcURL</td><td>a standard JDBC URL</td><td>*yes* (alternative 2)</td></tr>
-<tr><td>jdbcDriver</td><td>the fully qualified class name of the database driver</td><td>no</td></tr>
-<tr><td>jdbcUser</td><td>the user name for accessing the database</td><td>no</td></tr>
-<tr><td>jdbcPassword</td><td>the password for accessing the database</td><td>no</td></tr>
-<tr><td>userSelect</td><td>the SQL query that returns a list of users and their
-passwords</td><td>*yes*
-</tr>
-<tr><td>groupSelect</td><td>the SQL query that returns a list of users and groups
-(roles)</td><td>*yes*
-</tr>
-<tr><td>digest</td><td>the name of the digest algorithm (e.g. "MD5" or "SHA") for digest
-authentication</td><td>no</td></tr>
-<tr><td>encoding</td><td>the digest encoding, can be "hex" or "base64"</td><td>no</td></tr>
-</table>
+<tr><th>Option<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">th><th>Description<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">th><th>Required<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">th><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>dataSourceName<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the name of a data source<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td><em>yes</em> (alternative 1)<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>jdbcURL<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>a standard JDBC URL<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td><em>yes</em> (alternative 2)<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>jdbcDriver<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the fully qualified class name of the database driver<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>no<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>jdbcUser<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the user name for accessing the database<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>no<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>jdbcPassword<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the password for accessing the database<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>no<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>userSelect<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the SQL query that returns a list of users and their
+passwords<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td><em>yes</em>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>groupSelect<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the SQL query that returns a list of users and groups
+(roles)<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td><em>yes</em>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>digest<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the name of the digest algorithm (e.g. "MD5" or "SHA") for digest
+authentication<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>no<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<tr><td>encoding<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>the digest encoding, can be "he<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">" or "base64"<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><td>no<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">td><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">tr>
+<<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">table></p>
-<p><a name="Security-PLUGPOINTS"></a></p>
+<p><a name="Security-PLUGPOINTS"><<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">a></p>
<h1>PLUG POINTS</h1>
@@ -268,8 +266,8 @@ there" or need total control, this is wh
SecurityService should really be a last resort. We still have our "do
nothing" SecurityService implementation just as before, but it is no longer
the default. +You can add a new SecurityService impl by creating a
-service-jar.xml and packing it in your jar+. You can configure OpenEJB to
-use a different SecurityService via the openejb.xml.</p>
+service-jar.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml and packing it in your jar+. You can configure OpenEJB to
+use a different SecurityService via the openejb.<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0">ml.</p>
<ul>
<li><p><em>JaccProvider super class</em>: If you want to plug in your own JACC
@@ -284,14 +282,14 @@ things you have to do to create and plug
still plugin a JACC provider in the standard ways. Read the JACC spec for
that info.</p></li>
<li><p><em>JAAS LoginModule</em>. You can setup a different JAAS LoginModule to do all
-your authentication by simply editing the conf/login.config file which is a
-plain JAAS config file. At the moment we only support username/password
+your authentication by simply editing the conf<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">login.config file which is a
+plain JAAS config file. At the moment we only support username<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">password
based login modules. At some point it would be nice to support any kind of
-input for a JAAS LoginModule, but username/password at least covers the
+input for a JAAS LoginModule, but username<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">password at least covers the
majority. It actually <em>is</em> possible to support any LoginModule, but you
would have to supply your clients with your own way to authenticate to it
and write a strategy for telling the OpenEJB client what data to send to
-the server with each invocation request. See the <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/JAASLMDevGuide.html">JAAS LoginModule Developer's Guide</a>
+the server with each invocation request. See the [JAAS LoginModule Developer's Guide](http:<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"><IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">java.sun.com<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">javase<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">6<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">docs<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif
" height="16" width="16" align="absmiddle" alt="" border="0">technotes<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">guides<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">security<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">jaas<IMG class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0">JAASLMDevGuide.html)
for more information.</p></li>
<li><p><em>Client IdentityResolver</em>. This is the just mentioned interface you
would have to implement to supply the OpenEJB client with alternate data to