security5.html

j2eePDF格式的电子书

Running the Web Application
</h5>
<a name="wp279643"> </a><p class="pBody">
Run the Web client by entering the following URL in your Web browser:
</p>
<a name="wp279644"> </a><p class="pBody">
<code class="cCode">&nbsp;&nbsp;http://localhost:8080/formbasedauth</code>
</p>
<a name="wp279771"> </a><p class="pBody">
The login form displays in the browser, as shown in <a  href="Security5.html#wp279775">Figure 27-1</a>. Enter a user name and password combination that corresponds to the role of <code class="cCode">loginUser</code>, then click the Submit button.
</p>
<a name="wp298489"> </a><p class="pBody">
</p><div align="left"><img src="images/form-login2.gif" height="335" width="413" alt="Form-based Login Page" border="0" hspace="0" vspace="0"/>
</div><p class="pBody">
</p>

<p>
  <a name="279775"> </a><strong><font >Figure 27-1    Form-Based Login Page</font></strong>
</p>

<a name="wp279744"> </a><p class="pBodyRelative">
If you entered <code class="cCode">Debbie</code> as the name, and there is a user defined for the J2EE 1.4 Application Server with the user name of <code class="cCode">Debbie</code> that also matches the password you entered and which is assigned to the group of <code class="cCode">loginUser</code> which we mapped to the role of <code class="cCode">loginUser</code>, the display will appear as in <a  href="Security5.html#wp295013">Figure 27-2</a> after you click the Submit button.
</p>
<a name="wp294988"> </a><p class="pBody">
</p><div align="left"><img src="images/form_login_display3.gif" height="329" width="422" alt="Image of running form-based login authentication example, shows Duke waving, and the text &quot;My name is Duke, Hello your name!&quot;" border="0" hspace="0" vspace="0"/>
</div><p class="pBody">
</p>

<p>
  <a name="295013"> </a><strong><font >Figure 27-2    The Running Form-Based Authentication Example</font></strong>
</p>

<a name="wp294977"> </a><h4 class="pHeading3">
Using Authentication with SSL
</h4>
<a name="wp159168"> </a><p class="pBody">
Passwords are not protected for confidentiality with HTTP basic or form-based authentication, meaning that passwords sent between a client and a server on a non-protected session can be viewed and intercepted by third parties. To overcome this limitation, you can run these authentication protocols over an SSL-protected session and ensure that all message content is protected for confidentiality. To configure HTTP basic or form-based authentication over SSL, specify <code class="cCode">CONFIDENTIAL</code> or <code class="cCode">INTEGRAL</code> as the Network Security Requirement on the WAR's Security page in <code class="cCode">deploytool</code>. Read the section <a  href="Security4.html#wp159100">Specifying a Secure Connection</a> for more information.
</p>
<a name="wp298957"> </a><h3 class="pHeading2">
Using Programmatic Security in the Web Tier
</h3>
<a name="wp80671"> </a><p class="pBody">
Programmatic security is used by security-aware applications when declarative security alone is not sufficient to express the security model of the application. Programmatic security consists of the following methods of the <code class="cCode">HttpServletRequest</code> interface:
</p>
<div class="pSmartList1"><ul class="pSmartList1">
<a name="wp80674"> </a><div class="pSmartList1"><li><code class="cCode">getRemoteUser</code> - used to determine the user name with which the client authenticated.</li></div>
<a name="wp80676"> </a><div class="pSmartList1"><li><code class="cCode">isUserInRole</code> - used to determine if a user is in a specific security role.</li></div>
<a name="wp80678"> </a><div class="pSmartList1"><li><code class="cCode">getUserPrincipal</code> - returns a <code class="cCode">java.security.Principal</code> object.</li></div>
</ul></div>
<a name="wp80679"> </a><p class="pBody">
These APIs allow servlets to make business logic decisions based on the logical role of the remote user. They also allow the servlet to determine the principal name of the current user.
</p>
<a name="wp298963"> </a><h4 class="pHeading3">
Declaring and Linking Role References
</h4>
<a name="wp158673"> </a><p class="pBody">
A <span style="font-style: italic">security role reference</span> allows a Web component to reference an existing security role. A security role is an application-specific logical grouping of users, classified by common traits such as customer profile or job title. When an application is deployed, roles are mapped to security identities, such as <span style="font-style: italic">principals</span> (identities assigned to users as a result of authentication) or groups, in the operational environment. Based on this, a user with a certain security role has associated access rights to a Web application. The link is the actual name of the security role that is being referenced.
</p>
<a name="wp158674"> </a><p class="pBody">
During application assembly, the assembler creates security roles for the application and associates these roles with available security mechanisms. The assembler then resolves the security role references in individual servlets and JSP pages by linking them to roles defined for the application. 
</p>
<a name="wp158675"> </a><p class="pBody">
The security role reference defines a mapping between the name of a role that is called from a Web component using <code class="cCode">isUserInRole(String name)</code> and the name of a security role that has been defined for the application. 
</p>
<a name="wp166006"> </a><p class="pBody">
For example, the mapping of the security role reference <code class="cCode">cust</code> to the security role with role name <code class="cCode">bankCustomer</code>, is shown in the example below.
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp298973"> </a><div class="pSmartList1"><li>Select the Web component in the <code class="cCode">deploytool</code> tree.</li></div>
<a name="wp298974"> </a><div class="pSmartList1"><li>Select the Security tab.</li></div>
<a name="wp304813"> </a><div class="pSmartList1"><li>Select Add Constraints and Add Collections to add a security constraint and Web resource collection. Adding a security constraint enables the Edit Roles button.</li></div>
<a name="wp304817"> </a><div class="pSmartList1"><li>Select the Edit Roles button to open the Authorized Roles dialog. Click the Edit Roles button to open the Edit Roles dialog. Click Add to add an authorized role to this application.</li></div>
<a name="wp304818"> </a><div class="pSmartList1"><li>Click in the edit box and enter a role, for example, <code class="cCode">admin</code> or <code class="cCode">loginUser</code>. If you haven't added any users, refer to <a  href="Security3.html#wp299910">Managing Users</a> for information on how to do so. Select OK to close this dialog.</li></div>
<a name="wp304825"> </a><div class="pSmartList1"><li>Select the role you just added in the left pane, click Add to add it to the list of authorized roles for this application. Click OK to close this dialog. The role you added displays in the list of Authorized Roles on the Security tabbed pane.</li></div>
</ol></div>
<a name="wp304827"> </a><p class="pBody">
Now that you've set up a role for this application, you need to map it the list of users and groups set up for the Application Server. To do this,
</p>
<div class="pSmartList1"><ol type="1" class="pSmartList1">
<a name="wp298977"> </a><div class="pSmartList1"><li>Log onto the <code class="cCode">localhost:4848</code> by double-clicking it in the <code class="cCode">deploytool</code> tree. If you skip this step, the roles defined for the Application Server will not be displayed in subsequent steps.</li></div>
<a name="wp304841"> </a><div class="pSmartList1"><li>Select the Security Role Mapping tabbed pane.</li></div>
<a name="wp304848"> </a><div class="pSmartList1"><li>Select the Role Name you entered. Select Add User/Groups to Role.</li></div>
<a name="wp304851"> </a><div class="pSmartList1"><li>Select the User or Group Name that you want to map to this security role, then select Map to Role.</li></div>
<a name="wp304852"> </a><div class="pSmartList1"><li>Select Save from the File menu to save these changes.</li></div>
</ol></div>
<a name="wp192082"> </a><p class="pBody">
When you use the <code class="cCode">isUserInRole(String role)</code> method, the String <code class="cCode">role</code> is mapped to the role name defined in the Authorized Roles section of the WAR file's Security tabbed pane.
</p>
    </blockquote>

   <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">


    <table width="550" summary="layout" id="SummaryNotReq1">
      <tr>
	<td align="left" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/download.html#tutorial" target="_blank">Download</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/faq.html" target="_blank">FAQ</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/history.html" target="_blank">History</a>
	</td>
        <td align="center" valign="center">
<a accesskey="p" href="Security4.html"><img id="LongDescNotReq1" src="images/PrevArrow.gif" width="26" height="26" border="0" alt="Prev" /></a><a accesskey="c" href="J2EETutorialFront.html"><img id="LongDescNotReq1" src="images/UpArrow.gif" width="26" height="26" border="0" alt="Home" /></a><a accesskey="n" href="Security6.html"><img id="LongDescNotReq3" src="images/NextArrow.gif" width="26" height="26" border="0" alt="Next" /></a><a accesskey="i" href="J2EETutorialIX.html"></a>
        </td>
	<td align="right" valign="center">
	<font size="-1">
	<a href="http://java.sun.com/j2ee/1.4/docs/api/index.html" target="_blank">API</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/search.html" target="_blank">Search</a>
	<br>
	<a href="http://java.sun.com/j2ee/1.4/docs/tutorial/information/sendusmail.html" target="_blank">Feedback</a></font>
	</font>
	</td>
      </tr>
    </table>

    <img src="images/blueline.gif" width="550" height="8" ALIGN="BOTTOM" NATURALSIZEFLAG="3" ALT="Divider">

<p><font size="-1">All of the material in <em>The J2EE(TM) 1.4 Tutorial</em> is 
<a href="J2EETutorialFront2.html">copyright</a>-protected and may not be published in other works
without express written permission from Sun Microsystems.</font>

  </body>
</html>