KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > objectweb > easybeans > examples > security > StatelessBean


1 /**
2  * EasyBeans
3  * Copyright (C) 2006 Bull S.A.S.
4  * Contact: easybeans@objectweb.org
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19  * USA
20  *
21  * --------------------------------------------------------------------------
22  * $Id: StatelessBean.java 1151 2006-10-11 13:37:06Z benoitf $
23  * --------------------------------------------------------------------------
24  */
25
26 package org.objectweb.easybeans.examples.security;
27
28 import javax.annotation.Resource;
29 import javax.annotation.security.DeclareRoles;
30 import javax.annotation.security.DenyAll;
31 import javax.annotation.security.PermitAll;
32 import javax.annotation.security.RolesAllowed;
33 import javax.ejb.EJB JavaDoc;
34 import javax.ejb.Remote JavaDoc;
35 import javax.ejb.SessionContext JavaDoc;
36 import javax.ejb.Stateless JavaDoc;
37
38 /**
39  * Stateless Bean with secured methods.
40  * Two roles are declared : user and admin.
41  * @author Florent Benoit
42  */
43 @Stateless JavaDoc(mappedName="securityBean")
44 @Remote JavaDoc(StatelessRemote.class)
45 @DeclareRoles({"user", "admin"})
46 public class StatelessBean implements StatelessRemote {
47
48     /**
49      * SessionContext used to get current caller.
50      */
51     @Resource
52     private SessionContext JavaDoc sessionContext;
53
54     /**
55      * Link to run-as bean.
56      */
57     @EJB JavaDoc
58     private StatelessRunAsRemote other;
59
60     /**
61      * Method can be called by some roles.
62      */
63     @RolesAllowed({"user", "admin"})
64     public void someRolesAllowed() {
65         System.out.println("someRolesAllowed() called");
66         printCurrentCaller();
67     }
68
69     /**
70      * Method can be called by all security roles.
71      */
72     @PermitAll
73     public void allRolesAllowed() {
74         System.out.println("someRolesAllowed() called");
75         printCurrentCaller();
76         System.out.print("for run-as bean, caller is ");
77         other.printCurrentCaller();
78     }
79
80     /**
81      * Only "admin" role can invoke this method.
82      */
83     @RolesAllowed("admin")
84     public void onlyAdminAllowed() {
85         System.out.println("onlyAdminAllowed() called");
86         printCurrentCaller();
87     }
88
89     /**
90      * No role can invoke this method.
91      */
92     @DenyAll
93     public void deniedForAll() {
94         // nothing as it can't be called
95 throw new RuntimeException JavaDoc("Method denied, should not be called");
96     }
97
98
99     /**
100      * Prints the current caller.
101      */
102     public void printCurrentCaller() {
103         System.out.println("-> Caller is '" + sessionContext.getCallerPrincipal() + "'.");
104     }
105
106     /**
107      * Make a call on a run-as bean which call our bean after that..
108      */
109     public void callRunAsBean() {
110         other.callBeanWithRunAsAdmin();
111     }
112 }
113
Popular Tags