RSS

Designing and Developing Secure Java EE Applications using GlassFish Security

October 6, 2010

Java / J2EE

«»

Implementing the Business and Persistence layers


The Persistence layer consists of an Entity Bean named Visit; we use this entity bean
to store information about each visit. We will use a session bean with three business
methods to convert a given length in meter to centimeter, millimeter, and inch.


Implementing the Persistence layer


We are using EJB 3 to develop the Persistence layer so we will only need to
implement the entity bean and define the persistence unit. The following listing
shows the Visit class.




		Complete code for this class is available in the book’s source code:


https://www.packtpub.com//sites/default/files/


		downloads/9386_Code.zip.




	@Entity

	public class Visit implements Serializable {

		private static final long serialVersionUID = 1L;

		@Id

		@GeneratedValue(strategy = GenerationType.AUTO)

		private Long id;

		@Temporal(javax.persistence.TemporalType.DATE)

		private Date visitDate;

		private String username;

		private String operationName;

		private int conversionValue;

		public Visit() {

		}

		public Visit(Date visitDate, String username, String Operation,

		int conversionValue) {

			this.visitDate = visitDate;

			this.username = username;

			this.operationName = Operation;

			this.conversionValue = conversionValue;

		}

	}


Now that our entity bean is ready we can start looking at our session bean
that drives the application business logic and also stores information about each
invocation using the Visit entity bean. The following listing shows Conversion
session bean local interface.




	@ Local

	public interface ConversionLocal {

		float toInch(int meter);

		int toCentimeter(int meter);

		int toMillimeter(int meter);

	}


All of these methods are implemented in Conversion bean implementation which is
as follows:




	@ Stateless

	public class ConversionBean implements ConversionLocal {

		@PersistenceContext(unitName = “chapter3″)

		private EntityManager em;

		@Resource

		private SessionContext ctx;

		@RolesAllowed({“manager_role”})

		public float toInch(int meter) {

			persist(meter, “toInch”);

			return Math.round(meter * 39.37);

		}

		@PermitAll

		public int toCentimeter(int meter) {

			persist(meter, “toCentimeter”);

			return meter * 100;

		}

		@RolesAllowed(“employee_role”)

		public int toMillimeter(int meter) {

			persist(meter, “toInch”);

			return meter * 1000;

		}

		private void persist(int value, String operationName) {

			String userName = ctx.getCallerPrincipal().getName();

			Visit v = new Visit(new Date(), userName, operationName,

			value);

			em.persist(v);

		}

	}


Starting from the first line we are using @S tateless to mark this class as a stateless
Session Bean. Later on we are using @P ersistenceContext to inject an entity
manager into the instance. We will use this entity manager to store Visit entities.
Then we are using @R esource to inject the current SessionContext into the session
bean. Later on we will use it to extract the current principal and username of the
invoker. The first security-related annotation is @R olesAllowed({“manager”}),
which instructs the application server to only permit an authenticated user with
manager role to invoke this method. After this we have @P ermitAll which instructs
the application server to allow anyone, either authenticated or not, to invoke this
method. And finally we are using @R olesAllowed(“employee”) to instruct the
application server that any authenticated user with employee role can invoke
this method.


The persist method stores the invocation information. This information includes
the current invoker username, which we extract from SessionContext using the
getCallerPrincipal().getName() method.


Finally we have a persistence unit that uses sample data source and sample
database which is bundled with GlassFish. The listing shown below contains a
snippet of persistence.xml file, which configures a persistence unit for chapter3.




	<?xml version=”1.0″ encoding=”UTF-8″?>

	<persistence version=”1.0″

		xmlns=”http://java.sun.com/xml/ns/persistence”

		xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”

		xsi:schemaLocation=”http://java.sun.com/xml/ns/persistence

		http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd”>

		<persistence-unit name=”chapter3″ transaction-type=”JTA”>

			<provider>oracle.toplink.essentials.PersistenceProvider

			</provider>

			<jta-data-source>jdbc/sample</jta-data-source>

			<class>book.glassfish.security.chapter3.Visit</class>

			<exclude-unlisted-classes>true</exclude-unlisted-classes>

			<properties>

				<property name=”toplink.ddl-generation”

					value=”drop-and-create-tables”/>

			</properties>

		</persistence-unit>

	</persistence>


Now that we have our Persistence and Business layers ready we can start looking
at the Web layer and how the Web layer can complement the inner layer in securing
the system.

email

«»

Comments

comments

Related posts:

  1. Java Security Packages using JCA/JCE
  2. Developing JSF NetBeans 6.0
  3. How to Configure Java Messaging Service (JMS) in GlassFish 3 Application Server?
  4. Developing Applications with JBoss, Hibernate and EJB 3.0
  5. Spring Security 3.0

About krishnas

View all posts by krishnas