EJB Security Sample

In this EJB sample two session beans are used to demonstrate various uses of role-based security. Specifically, this sample shows how a certain security role can be assumed when executing code and how to use a security role to grant or block access to the execution of certain methods.

In the example, a RoleCheckerBean EJB, running under the security role engineer, is called by a web service RoleCheckerControlTest.jws, running under the security role manager. A third EJB, InvokedBean, is in turn invoked by the RoleCheckerBean EJB. The RoleCheckerBean EJB has the following methods:

Concepts Demonstrated by this Sample

Location of Sample Files

The code of the EJBs is located in the security folder of the EJBs project in the SamplesApp sample application. In the file system the location is:

BEA_HOME\weblogic81\samples\workshop\SamplesApp\EJBs\security

The web service that you run as a client application to test the EJBs and the EJB control that you use to locate and reference the RoleCheckerBean EJB are located in the security folder of the EJBs_ClientApps project in the SamplesApp sample application. In the file system the location is:

BEA_HOME\weblogic81\samples\workshop\SamplesApp\EJBs_ClientApps\security

To Run the Sample

  1. Start WebLogic Server in the appropriate domain.
  1. Launch the RoleCheckerControlTest web service either by opening it in WebLogic Workshop and selecting the Start operation or by entering http://localhost:7001/EJBs_ClientApps/security/RoleCheckerControlTest.jws in the address bar of your browser. If WebLogic Server is running in the appropriate domain on this machine, you may click here to run the sample.
  2. Navigate to the Test Form tab of Test View, if necessary.
  3. Invoke the ceoOnly method on the web service, which will invoke the corresponding method on the EJB. The EJB's ceoOnly method can only be invoked by the ceo security role. Because the web service runs under the manager role, a javax.ejb.AccessLocalException security violation exception is thrown.
  4. Click the Test operations link.
  5. Invoke the managerOnly method on the web service, which will invoke the corresponding method on the EJB. The EJB's managerOnly method can only be invoked by the manager security role. Because the web service runs under the manager role, the method executes normally.
  6. Click the Test operations link.
  7. Invoke the discoverCallerRole method on the web service, which will invoke the corresponding method on the EJB. The EJB's discoverCallerRole method checks the security role of the invoking client and determines that the web service runs under the manager role.
  8. Click the Test operations link.
  9. Invoke the discoverRoleCheckersRole method on the web service, which will invoke the corresponding method on the EJB. The EJB's discoverRoleCheckersRole method checks the security role of the EJB itself and determines that it runs under the engineer role.
  10. Return to WebLogic Workshop and press the Stop button to close the Test Browser.

Related Topics

Role-Based Security