Building Secure Enterprise Beans in Java EE 5

Support for the Java EE 5 specification in NetBeans IDE enables you to take full advantage of the many Java EE 5 features simplifying application development. A significant development in the Java EE 5 specification was the incorporation of annotations. Using annotations enables you to eliminate a lot of the boilerplate code used when coding applications and minimizes the amount of configuration needed when deploying your application.

One area that has become greatly simplified through the use of annotations is the development and configuration of enterprise beans. Annotations enable you to specify many configuration properties that were previously specified in deployment descriptor files, making many of the deployment descriptor files unnecessary. Though applications may still require some deployment descriptor files (such as web.xml), the IDE's multi-view deployment descriptor editor makes editing the files much easier.

Using annotations, building secure enterprise beans is now much easier. Instead of configuring enterprise bean security in the ejb-jar.xml deployment descriptor you can use security annotations to configure authorization directly in the source code. Java EE 5 enterprise applications do not require ejb-jar.xml or application.xml.

For an overview of some of the features of the Java EE 5 specification, see Introduction to Java EE 5 Technology. For more information about annotation specifications, see JSR 250: Common Annotations for the Java Platform.

This document uses the NetBeans IDE 6.5 Release. The steps outlined in this document can also be applied if you are using the 6.0 or 6.1 version of the IDE, but there are some options available in NetBeans IDE 6.5 that are not available in earlier releases.

Expected duration: 30 minutes

Contents

To follow this tutorial, you need the following software and resources.

For this tutorial you need to register a local instance of GlassFish/Sun Java System Application Server with the IDE. If you have installed the "Java" version of the IDE, the application server should already be installed and registered. If the application server is not registered in the IDE, choose Tools > Servers to register the server in the Servers manager. You cannot deploy enterprise applications to the Tomcat web server.

Prerequisites

This document assumes you have some basic knowledge of, or programming experience with, the following technologies:

Creating a Security Group on the Application Server

In this example, you only want users from the group bank_users to access the enterprise bean. You will create the user manager in the group bank_users in the file security realm on the application server.

Creating the Enterprise Application

The enterprise application will consist of a simple session bean and an application client that attempts to access it.

public class AccountStatusBean implements AccountStatusRemote {
    private String amount = "250";

public String getStatus() {
    return "The account contains $" + amount;
}

@RolesAllowed({"USERS"})
public String getStatus() {

@EJB
private static AccountStatusRemote accountStatusBean;

public static void main(String[] args) {
    System.out.println(accountStatusBean.getStatus());

Configuring the Deployment Descriptors

In Java EE 5, enterprise applications usually do not require deployment descriptor files such as ejb-jar.xml. If you expand the Configuration Files node under Secure-ejb or the Secure enterprise application, you can see that there are no deployment descriptors. You can use annotations to specify many of the properties that were configured in ejb-jar.xml. In this example you specified the security roles for the EJB methods by using the @RolesAllowed annotation in the session bean.

However, when configuring security for an application you still have to specify some properties in the deployment descriptors. In this example you need to map the security roles used in the enterprise application (USERS) to the users and groups you configured on the application server. You created the group bank_users on the application server, and you now need to map this group to the security role USERS in the enterprise application. To do this you will edit the sun-application.xml deployment descriptor for the enterprise appplication.

Because the enterprise application does not need deployment descriptors to run, the IDE did not create the deployment descriptors by default. So you first need to create the deployment descriptor and then configure it.

You can click on the XML tab in the multi-view editor to view deployment descriptor file in XML view. You can see that the deployment descriptor file now contains the following:

<sun-application>
  <security-role-mapping>
    <role-name>USERS</role-name>
    <group-name>bank_users</group-name>
  </security-role-mapping>
</sun-application>

Running the Application

The application is now ready. When you run the project you will be prompted for a username and password for a user in the bank_users group.

Right-click the Secure project node and choose Run project. The IDE builds the EAR file, starts the application server (if it's not running) and deploys the EAR file to the application server. A dialog box appears prompting us for a username and password.
Enter the user name (manager) and password (password) in the dialog box and click OK. The following will appear in the Output window:

The account contains 250$

This is very basic example demonstrates how to secure a method in an enterprise bean using Java annotations.

See Also

For more information about using annotations to secure enterprise beans, see the following resources:

For more information about using NetBeans IDE to develop Java EE applications, see the following resources:

To send comments and suggestions, get support, and keep informed on the latest developments on the NetBeans IDE Java EE development features, join the nbj2ee mailing list.