security3.html

j2eePDF格式的电子书

<a name="wp298621"> </a><div class="pSmartList1"><li>Select an application.</li></div>
<a name="wp298622"> </a><div class="pSmartList1"><li>In the Roles tabbed pane, click Add to add a row to the table.</li></div>
<a name="wp298623"> </a><div class="pSmartList1"><li>In the Name column, enter the security role name, <code class="cCode">bankCustomer</code> for example.</li></div>
<a name="wp298624"> </a><div class="pSmartList1"><li>Click the folded-paper icon to add a description of the security role, Customer-of-Bank for example.</li></div>
<a name="wp298625"> </a><div class="pSmartList1"><li>Click OK.</li></div>
<a name="wp441519"> </a><p class="pBodyRelative">
Before you can map the role to users or groups (see <a  href="Security3.html#wp298631">Mapping Roles to Users and Groups</a>), you must first create those users or groups (see <a  href="Security3.html#wp299910">Managing Users</a>).
</p>
</ol></div>
<a name="wp299910"> </a><h4 class="pHeading3">
Managing Users
</h4>
<a name="wp299913"> </a><p class="pBody">
To add authorized users to the Application Server, 
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp407367"> </a><div class="pSmartList1"><li>Start the Application Server if you haven't already done so. Information on starting the Application Server is available at <a  href="WebApp3.html#wp213803">Starting and Stopping the J2EE Application Server</a>.</li></div>
<a name="wp407368"> </a><div class="pSmartList1"><li>Start the Admin Console if you haven't already done so. You can start the Admin Console by starting a Web browser and browsing to <code class="cCode">http://localhost:4848/asadmin</code>. If you changed the default Admin port during installation, enter the correct port number in place of <code class="cCode">4848</code>.</li></div>
<a name="wp299916"> </a><div class="pSmartList1"><li>Enter the user name and password provided during installation.</li></div>
<a name="wp299917"> </a><div class="pSmartList1"><li>Expand the Security node in the Admin Console tree. </li></div>
<a name="wp299923"> </a><div class="pSmartList1"><li>Expand the Realms node.</li></div>
<a name="wp299924"> </a><div class="pSmartList1"><li>Select the <code class="cCode">file</code> realm.</li></div>
<a name="wp299925"> </a><div class="pSmartList1"><li>Click the Manage Users button.</li></div>
<a name="wp299926"> </a><div class="pSmartList1"><li>Click New to add a new user to the <code class="cCode">file</code> realm.</li></div>
<a name="wp299927"> </a><div class="pSmartList1"><li>Enter the user's name, password, and the group(s) to which this user will belong. Click OK to add this user to the list of users in the <code class="cCode">file</code> realm.</li></div>
<a name="wp299928"> </a><div class="pSmartList1"><li>Click Logout when you have completed this task.</li></div>
</ol></div>
<a name="wp298631"> </a><h4 class="pHeading3">
Mapping Roles to Users and Groups
</h4>
<a name="wp298632"> </a><p class="pBody">
When you are developing a J2EE application, you don't need to know what categories of users have been defined for the realm in which the application will be run. In the J2EE platform, the security architecture provides a mechanism for automatically mapping the roles defined in the application to the users or groups defined in the runtime realm. After your application has been deployed, the administrator of the J2EE server will map the roles of the application to the users or groups of the <code class="cCode">file</code> realm. 
</p>
<a name="wp299866"> </a><p class="pBody">
Use <code class="cCode">deploytool</code> to map roles defined for an application to J2EE users and/or groups:
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp299877"> </a><div class="pSmartList1"><li>Add authorized users and/or groups to the <code class="cCode">file</code> realm using the Admin Console as discussed in <a  href="Security3.html#wp299910">Managing Users</a>. You must define the users and groups for the Application Server before you can map them to application security roles.</li></div>
<a name="wp299878"> </a><div class="pSmartList1"><li>Create or open the Web Application in <code class="cCode">deploytool</code>. Creating an application using <code class="cCode">deploytool</code> is discussed in <a  href="WebApp5.html#wp115753">Packaging Web Modules</a>.</li></div>
<a name="wp299879"> </a><div class="pSmartList1"><li>Select the Web application in the <code class="cCode">deploytool</code> tree. Select the Security tabbed pane. We use the Security tabbed pane to add a security constraint to the Web application. If you would like more information on security constraints, read <a  href="Security4.html#wp298689">Protecting Web Resources</a>. Click Add Constraint to add a security constraint to this application.</li></div>
<a name="wp299883"> </a><div class="pSmartList1"><li>Click Add Collections to add a Web Resource Collection to this application.</li></div>
<a name="wp299884"> </a><div class="pSmartList1"><li>Click Edit Roles to select which roles are authorized to access restricted parts of this application.</li></div>
<a name="wp299885"> </a><div class="pSmartList1"><li>Click Edit Roles in the Authorized Roles for Security Constraint dialog.</li></div>
<a name="wp299886"> </a><div class="pSmartList1"><li>Click Add to add a new role. Click in the cell that is created under Name. For this example, add the roles of <code class="cCode">CUSTOMER</code> and <code class="cCode">MANAGER</code>. Click OK to exit this dialog.</li></div>
<a name="wp299887"> </a><div class="pSmartList1"><li>Add both roles to the list of authorized roles by selecting each in turning and clicking Add.</li></div>
<a name="wp299888"> </a><div class="pSmartList1"><li>Click OK to exit the Authorized Roles dialog.</li></div>
<a name="wp299889"> </a><div class="pSmartList1"><li>Select the Security Role Mapping tabbed pane to map the users defined for the Application Server to roles defined for this application. </li></div>
<a name="wp299890"> </a><div class="pSmartList1"><li>Select a Role Name, for example, <code class="cCode">MANAGER</code>, in the Role Name pane. These are the role names we defined in the Authorized Roles for Security Constraint dialog.</li></div>
<a name="wp299870"> </a><div class="pSmartList1"><li>Click Add User/Group to Role. (If this button is grayed out, log on to the Admin Server before continuing.) Use this dialog to select a specific user or group to map to the <code class="cCode">MANAGER</code> role. Then click Map to Role. If you selected a user, the name of the user will display in the User name pane when the MANAGER role is selected in the Role Name pane. If you selected a group, the name of the group will display in the Group name pane when the MANAGER role is selected. When you defined users using the Admin Console, you provided them with a name, password, and group. Any users assigned to the group selected in this step will have access to the restricted Web application. </li></div>
</ol></div>
    </blockquote>

   <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">


    <table width="550" summary="layout" id="SummaryNotReq1">
      <tr>
	<td align="left" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/download.html#tutorial" target="_blank">Download</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/faq.html" target="_blank">FAQ</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/history.html" target="_blank">History</a>
	</td>
        <td align="center" valign="center">
<a accesskey="p" href="Security2.html"><img id="LongDescNotReq1" src="images/PrevArrow.gif" width="26" height="26" border="0" alt="Prev" /></a><a accesskey="c" href="J2EETutorialFront.html"><img id="LongDescNotReq1" src="images/UpArrow.gif" width="26" height="26" border="0" alt="Home" /></a><a accesskey="n" href="Security4.html"><img id="LongDescNotReq3" src="images/NextArrow.gif" width="26" height="26" border="0" alt="Next" /></a><a accesskey="i" href="J2EETutorialIX.html"></a>
        </td>
	<td align="right" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/docs/api/index.html" target="_blank">API</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/search.html" target="_blank">Search</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/sendusmail.html" target="_blank">Feedback</a></font>
	</font>
	</td>
      </tr>
    </table>

    <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">

<p><font size="-1">All of the material in <em>The J2EE(TM) 1.4 Tutorial</em> is 
<a href="J2EETutorialFront2.html">copyright</a>-protected and may not be published in other works
without express written permission from Sun Microsystems.</font>

  </body>
</html>