Solved

EJB Security and Web Server Authentication

Posted on 2001-06-18
7
222 Views
Last Modified: 2013-11-24
Hello J2EE gurus.

My warm wishes to u all.

I am stuck with this problem from a long time. Please Help......

I have a Session bean which calls 6 entity beans for getting the data out and displaying. The whole applications has 2 roles defined. I have selected the basic authentication model for the login jsp file.

I am running on Win 2000 and sun Java refrence implentation (j2sdkee1.3).
The problem is when I login as the first role, the system is stuck to it. It does not change the its behavior for the other role. The system gets tied to the first login role. How do i make the application behave appropriatley to the login role.

I have attched my session bean code here...
----------------------------------------------------
/*
 *
 * Client Controller ejb
 *
 */

import java.util.*;
import javax.ejb.*;
import javax.naming.*;
import javax.rmi.PortableRemoteObject;
import java.rmi.RemoteException;

import org.w3c.dom.*;
import com.sun.xml.tree.*;
import com.sun.xml.parser.Resolver;
import com.sun.xml.parser.Parser;
import org.xml.sax.helpers.ParserFactory;
import org.xml.sax.DocumentHandler;
import org.xml.sax.SAXException;
import org.xml.sax.InputSource;
import java.io.*;
import javax.servlet.http.*;



public class ClientControllerEJB implements SessionBean {

   private SessionContext sc;
   public String doSomething(String ctx, String act, String clientid)throws RemoteException {

      String outstr = new String();
      try {
             if(act.equals("list")) {
         XmlDocumentBuilder builder=new XmlDocumentBuilder();
             com.sun.xml.tree.XmlDocument doc = builder.createDocument();
             Element root = doc.createElement("clients");
             doc.appendChild(root);
                  
         Context initial = new InitialContext();
         Object objref = initial.lookup("java:comp/env/ejb/client");
             
             ClientHome home =
               (ClientHome)PortableRemoteObject.narrow(objref, ClientHome.class);
         
                  Collection c = home.findAll();
                Iterator i=c.iterator();
                  //outstr += "<table border=1> <tr> <td> <b> clientid</b> </td> <td> <b>name </b></td> </tr>"      ;
           while (i.hasNext()) {
              Client client = (Client)i.next();
                     String mclientid = (String)client.getPrimaryKey();
                    // outstr += "<tr><td>" + mclientid + "</td> <td> <a href='router.jsp?ctx=client&act=view&clientid=" + mclientid+ "'>" + client.getName() + "</a></td></tr>";
                     Element element=doc.createElement("client");
              SeabedUtil.createElementNode(doc,"clientid",mclientid,element);          
              SeabedUtil.createElementNode(doc,"name",client.getName(),element);
              root.appendChild(element);
              //System.out.println(client.getName() + client.getAddress() + client.getPhone() + client.getFax() + client.getWebsite() + client.getProfile());
              //outstr += clientid + "      " +  client.getName() + " \n" ;
             
           }
           //outstr = SeabedUtil.convertXml2String(doc);
           
           //outstr += "</table>";

           //SeabedUtil.createFile("d:\\genClient.xml" ,outstr);
           outstr = PageBuilder.getMinipage(doc,"",ctx,act);
           Hashtable ht = new Hashtable();
           ht.put("clientlist", outstr);
           PageAssembler pa = new PageAssembler();
           outstr = pa.getPage(ht,"","client");
           //outstr = PageBuilder.transform(out);
           System.out.println(sc.getCallerPrincipal().getName());
           return outstr;
           
            }
            
            if(act.equals("view")) {
           
           Context initial = new InitialContext();
           Object objref = initial.lookup("java:comp/env/ejb/client");
             
               ClientHome clienthome =
               (ClientHome)PortableRemoteObject.narrow(objref, ClientHome.class);
             
           Client client = clienthome.findByPrimaryKey(clientid);
           outstr += "<table border=1>";
           outstr += "<tr> <td>Name </td><td>" + client.getName()+"</td></tr><tr><td>Address </td><td>" + client.getAddress() +" </td> </tr> <tr><td> Phone </td><td>" + client.getPhone() +"</td> </tr> <tr><td> Fax </td> <td>" + client.getFax() +"</td></tr> <tr> <td> Website </td> <td>"+ client.getWebsite() +"</td></tr><tr><td> Profile </td><td> "+ client.getProfile() + "</td></tr></table>";
           
           objref = initial.lookup("java:comp/env/ejb/notes4client");
           Notes4ClientHome n4chome =
               (Notes4ClientHome)PortableRemoteObject.narrow(objref,
                                            Notes4ClientHome.class);
                                           
           Collection c = n4chome.findByClientid(clientid);
           if (c.size() > 0) {
                       outstr +=  "<br><b> Notes </b><table>";
                       Iterator i=c.iterator();
           
                       while (i.hasNext()) {
                             Notes4Client notes4client = (Notes4Client)i.next();
                             Object noteobjref = initial.lookup("java:comp/env/ejb/notes");

                             NoteHome notehome =  (NoteHome)PortableRemoteObject.narrow(noteobjref,
                                            NoteHome.class);
                             Note note = notehome.findByPrimaryKey(notes4client.getNoteid());
                             outstr += "<br><tr>"+ notes4client.getNoteid() + note.getSubject() + note.getNotedetails() + note.getAuthor() + note.getCreatedate() + "</tr>";
                  }
                  outstr += "</table>";
           }

           objref = initial.lookup("java:comp/env/ejb/orgh4client");

           Orgh4ClientHome orgh4chome =
               (Orgh4ClientHome)PortableRemoteObject.narrow(objref,
                                            Orgh4ClientHome.class);
                                           
           Collection co = orgh4chome.findByClientid(clientid);
           if (co.size() > 0 && sc.isCallerInRole("ProjectManager")) {
                       outstr +=  "<br><b> Organizational Highlights </b><table>";
                       Iterator i=co.iterator();
           
                       while (i.hasNext()) {
                             Orgh4Client orgh4Client = (Orgh4Client)i.next();
                             Object orghref = initial.lookup("java:comp/env/ejb/orghighlights");
                             

                             OrghighlightsHome orghhome =  (OrghighlightsHome)PortableRemoteObject.narrow(orghref,
                                            OrghighlightsHome.class);
                             Orghighlights orghighlights = orghhome.findByPrimaryKey(orgh4Client.getOrghid());
                             outstr += "<br><tr>"+ orghighlights.getHighlight1() + orghighlights.getHighlight2() + orghighlights.getHighlight3() + "</tr>";
                  }
                  outstr += "</table>";
           }

           return outstr;
           
            }
            
      } catch (NamingException ex) {
           System.out.println(ex.getMessage());
           throw new EJBException("NamingException: " + ex.getMessage());
           
      }
      catch (Exception ex) {
           System.err.println("Caught an unexpected exception!");
           ex.printStackTrace();
           return outstr;
     }
     return null;
   }
       
   public ClientControllerEJB() {}
   public void setSessionContext(SessionContext sc) {
        this.sc = sc;
    }
   public void ejbCreate() {System.out.println("ClientController: ejbCreate()");}
   public void ejbRemove()  {}
   public void ejbActivate() {}
   public void ejbPassivate() {}
   
}

------------------------------------------------------
Please help me.
Thanx
regds.
Keerthi Kumar M
0
Comment
Question by:keerthikm
7 Comments
 
LVL 4

Expert Comment

by:jerch
ID: 6202842
Do you reuse the InitialContext object throughout the application?

Jerson
0
 

Author Comment

by:keerthikm
ID: 6204959
Dear jerch

I have re used the initial context object in the session bean in order to call 6 entity beans.
0
 
LVL 4

Expert Comment

by:jerch
ID: 6207011
Try to instantiate a new InitialContext for each thread. Do not keep the InitialContext as the session bean's attribute.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 4

Expert Comment

by:jerch
ID: 6207027
Can you post the code that connects to your session bean? Because I just read your code and based on the code, you didn't reuse the InitialContext.
0
 

Author Comment

by:keerthikm
ID: 6209078
dear jerch
sorry i have not re used the initial context
Heres my code,
----------------------------------------------------
<%@page import ="java.util.*" %>
<%@page import ="javax.ejb.*" %>
<%@page import ="javax.naming.*" %>
<%@page import="javax.rmi.PortableRemoteObject"%>
<%@page import="com.sun.enterprise.security.*" %>
<html>

<head>
    <title>Client JSP</title>
</head>

<body background="back.gif">
<font size = 5 color="#CC0000">

<h1><b><center>Client Test</center></b></h1>

<%
   LoginContext lc = new LoginContext();
   if(request.getParameter("ctx").equals("logoff"))
             lc.logout();
   
   lc.login(request.getParameter("username"),request.getParameter("password"));
   Context initial = new InitialContext();
   Object objref = initial.lookup("java:comp/env/ejb/MyClientController");
     
     ClientControllerHome home =
               (ClientControllerHome)PortableRemoteObject.narrow(objref,
                                            ClientControllerHome.class);
   ClientController cc = home.create();
   String s = cc.doSomething(request.getParameter("ctx"), request.getParameter("act"), request.getParameter("clientid"));
   cc.remove();
   out.println(s);    
   //String url = new String("route?ctx=" + request.getParameter("ctx") + "&act=" + request.getParameter("act") +"&clientid=" + request.getParameter("clientid"));
   //response.sendRedirect(url);

%>
<a href="router.jsp?ctx=logoff">Sign out</a>
       
</body>
</html>
----------------------------------------------------------
0
 
LVL 14

Expert Comment

by:sudhakar_koundinya
ID: 9009999
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:


[paq'ed/points refunded]


Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
sudhakar_koundinya
EE Cleanup Volunteer
---------------------
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post your concern in THIS thread.
0
 
LVL 6

Accepted Solution

by:
Mindphaser earned 0 total points
ID: 9099099
Force accepted

** Mindphaser - Community Support Moderator **
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now