Thông tin tài liệu
Fundamentals of Java Enterprise Components Fundamentals of Java Enterprise Components © 2014 Aptech Limited All rights reserved No part of this book may be reproduced or copied in any form or by any means – graphic, electronic or mechanical, including photocopying, recording, taping, or storing in information retrieval system or sent or transferred without the prior written permission of copyright owner Aptech Limited All trademarks acknowledged APTECH LIMITED Contact E-mail: ov-support@onlinevarsity.com Edition - 2014 Dear Learner, We congratulate you on your decision to pursue an Aptech course Aptech Ltd designs its courses using a sound instructional design model – from conceptualization to execution, incorporating the following key aspects: ¾¾ Scanning the user system and needs assessment Needs assessment is carried out to find the educational and training needs of the learner Technology trends are regularly scanned and tracked by core teams at Aptech Ltd TAG* analyzes these on a monthly basis to understand the emerging technology training needs for the Industry An annual Industry Recruitment Profile Survey# is conducted during August - October to understand the technologies that Industries would be adapting in the next to years An analysis of these trends & recruitment needs is then carried out to understand the skill requirements for different roles & career opportunities The skill requirements are then mapped with the learner profile (user system) to derive the Learning objectives for the different roles ¾¾ Needs analysis and design of curriculum The Learning objectives are then analyzed and translated into learning tasks Each learning task or activity is analyzed in terms of knowledge, skills and attitudes that are required to perform that task Teachers and domain experts this jointly These are then grouped in clusters to form the subjects to be covered by the curriculum In addition, the society, the teachers, and the industry expect certain knowledge and skills that are related to abilities such as learning-to-learn, thinking, adaptability, problem solving, positive attitude etc These competencies would cover both cognitive and affective domains A precedence diagram for the subjects is drawn where the prerequisites for each subject are graphically illustrated The number of levels in this diagram is determined by the duration of the course in terms of number of semesters etc Using the precedence diagram and the time duration for each subject, the curriculum is organized ¾¾ Design & development of instructional materials The content outlines are developed by including additional topics that are required for the completion of the domain and for the logical development of the competencies identified Evaluation strategy and scheme is developed for the subject The topics are arranged/organized in a meaningful sequence The detailed instructional material – Training aids, Learner material, reference material, project guidelines, etc.- are then developed Rigorous quality checks are conducted at every stage ¾¾ Strategies for delivery of instruction Careful consideration is given for the integral development of abilities like thinking, problem solving, learning-to-learn etc by selecting appropriate instructional strategies (training methodology), instructional activities and instructional materials The area of IT is fast changing and nebulous Hence considerable flexibility is provided in the instructional process by specially including creative activities with group interaction between the students and the trainer The positive aspects of web based learning –acquiring information, organizing information and acting on the basis of insufficient information are some of the aspects, which are incorporated, in the instructional process ¾¾ Assessment of learning The learning is assessed through different modes – tests, assignments & projects The assessment system is designed to evaluate the level of knowledge & skills as defined by the learning objectives ¾¾ Evaluation of instructional process and instructional materials The instructional process is backed by an elaborate monitoring system to evaluate - on-time delivery, understanding of a subject module, ability of the instructor to impart learning As an integral part of this process, we request you to kindly send us your feedback in the reply prepaid form appended at the end of each module *TAG – Technology & Academics Group comprises of members from Aptech Ltd., professors from reputed Academic Institutions, Senior Managers from Industry, Technical gurus from Software Majors & representatives from regulatory organizations/forums Technology heads of Aptech Ltd meet on a monthly basis to share and evaluate the technology trends The group interfaces with the representatives of the TAG thrice a year to review and validate the technology and academic directions and endeavors of Aptech Ltd Industry Recruitment Profile Survey - The Industry Recruitment Profile Survey was conducted across 1581 companies in August/September 2000, representing the Software, Manufacturing, Process Industry, Insurance, Finance & Service Sectors Aptech New Products Design Model Key Aspects Evaluation of Instructional Processes and Material Scanning the user system and needs assessment Need Analysis and design of curriculum Design and development of instructional material Assessment of learning Strategies for delivery of instructions Preface Web and enterprise applications have become very popular today due to their efficiency and distributed nature They can be used for different types of transactions and online activities The use of Enterprise applications allows distribution of components at different levels that helps better management and troubleshooting in case of application errors This book has been designed to equip you with the knowledge required to develop distributed and efficient Web and enterprise applications After reading this book, you will be able to identify and create components of Web and enterprise applications It also introduces Web Services and security features available in Java EE applications The knowledge and information in this book is the result of the concentrated effort of the Design Team, which is continuously striving to bring to you the latest, the best and the most relevant subject matter in Information Technology As a part of Aptech’s quality drive, this team does intensive research and curriculum enrichment to keep it in line with industry trends and learner requirements We will be glad to receive your suggestions Please send us your feedback, addressed to the Design Centre at Aptech’s corporate office Design Team Table of Contents Sessions Introduction to Java EE Enterprise Application Architecture Introduction to Web Application Development Application Resources Java Servlets JavaServer Pages Introduction to JavaServer Faces JavaServer Faces as Web Pages Facelets 10 Enterprise JavaBeans 11 Java Persistence API 12 Transactions 13 Java Message Service Components 14 Building Web Services with JAX-WS and JAX-RS 15 Java Security Session 15 Java Security yy isUserInRole – This method returns the role associated with the username of a client If the yy getUserPrincipal - This method returns the principal name associated with the current user user name is associated with a role then the method returns the role name otherwise the method returns false name This method returns a javax.security.Principal object 15.9 Configuring Declarative Security for Web Applications in NetBeans7.4 A Web application can be configured with different security options The developer can give access to certain Web pages to a specific role of the application In this example, two types of users have been defined – admin and user The Web server (GlassFish) is configured with appropriate access rights To begin with, create a Web application named SecureWebApplication in the NetBeans IDE Select JSF from the frameworks while creating the application Once the Web application is created, define two different security domains in the Web Pages folder of the application by creating new folders in the Web pages folder of the application (These are normal folders and not Java Package) The hierarchy of the folders in the application is as shown in figure 15.3 Figure 15.3: Directory Structure of Web Application Note: To create the folders, right-click Web Pages and select New → Other → Other → Folder Create Web pages within the secureAdmin and secureUser directories These two directories define the domain of the admin and user roles The Web pages created are named secureAdminPage.html and secureUserPage.html respectively Code Snippet shows the html code of the secureAdminPage Concepts Code Snippet 2: Admin page V 1.0 © Aptech Limited Session 15 Java Security Secure admin page The code is the default code generated by the NetBeans IDE, except the title of the Web page and the text added in the body section of the HTML Code Snippet shows the HTML code of the secureUserPage Code Snippet 3: Secure User page Secure user page Add the code given in Code Snippet to the body section of index.xhtml Code Snippet 4: Access to secure Admin page here!
Concepts Access to secure User page here!
V 1.0 © Aptech Limited Session 15 Java Security The roles of the application should be defined on the Web server In order to define the users and roles on the application access the Domain Admin Console as shown in figure 15.4 Figure 15.4: Accessing the Domain Admin Console In order to define the roles for the intended files in the application, follow the given path Configurations → server-config → Security → Realms → file ‘File’ is selected as security is defined at the file level here in the application The selection appears as shown in figure 15.5 Concepts Figure 15.5: Selecting the Component for Security Configuration V 1.0 © Aptech Limited Session 15 Java Security Click the Manage Users button in the server configuration screen This will lead to an interface where users for the application can be defined as shown in figure 15.6 Figure 15.6: Adding New Users ClickNew The New File Realm User screen is displayed as shown in figure 15.7 Here, a new user and the validation credentials can be defined Figure 15.7: Defining User Credentials Concepts Create two users, admin and user (specify the names in the User ID box) as per the application requirement Provide password as admin123 for admin and user123 for user V 1.0 © Aptech Limited Session 15 Java Security Figure 15.8 shows creation of the admin user Figure 15.8: Creating the admin User Once the users are created they will appear in the user table as shown in figure 15.9 Figure 15.9: Users in the File Users Table The File Users table contains all the users defined on the Web server Concepts Once the users are defined, the developer has to define the authentication mechanism to login and access the resources This is done in the application deployment descriptor web.xml V 1.0 © Aptech Limited Session 15 Java Security Click the Security tab in the deployment descriptor as shown in figure 15.10 Figure 15.10: Selecting the Login Mechanism Define the login mechanism in the Login Configuration section; here the Basic login mechanism is selected Add security roles to the application by clicking Add in the Security Roles section It will lead to the screen as shown in figure 15.11 where the security roles can be added to the application Concepts Figure 15.11: Adding Security Roles V 1.0 © Aptech Limited Session 15 Java Security Figure 15.12 shows the state of the security roles table after the roles are added with corresponding description Figure 15.12: Roles Added to the Deployment Descriptor Once the roles are added, define the security constraints in the deployment descriptor by clicking Add Security Constraint It leads to a screen as shown in figure 15.13 Figure 15.13: Defining Security Constraint Concepts Specify UserConstraint in the Display Name box and click Add This will lead to screen as shown in figure 15.14 Figure 15.14: Mapping the User to the Access Domain V 1.0 © Aptech Limited Session 15 Java Security In this wizard, map the user to the folder which the user can access The role ‘user’ can access all the files in the folder secureUser according to the given URL pattern Click OK The user to resource mapping will be displayed in the Web Resource Collection section Similarly, add the AdminConstraint for admin with respect to the secureAdmin folder Select the checkbox ‘Enable Authentication Constraint’ while defining the UserConstraint as well as the AdminConstraint Click Edit to set the Role Name as user for UserConstraint and admin for AdminConstraint Figure 15.15 shows the final state of the User Constraint after all the values are configured Figure 15.15: User Constraint Created Concepts It is essential to select ‘Enable Authentication Constraint’ while defining the Security Constraint This choice will prompt for the username and password credentials while accessing the resource The access to these resources is allowed only for the value in the ‘Role Name(s)’ field V 1.0 © Aptech Limited Session 15 Java Security Once the application’s deployment descriptor is configured, configure the Web server deployment descriptor In case of GlassFish server it is GlassFish-web.xml If the deployment descriptor is not already present in the application, right-click the project and select New → Other → GlassFish → GlassFish Descriptor as shown in figure 15.16 Concepts Figure 15.16: Adding GlassFish Deployment Descriptor V 1.0 © Aptech Limited Session 15 Java Security Once the Web server deployment descriptor is created, open it and click the Security tab This will lead to the screen as shown in figure 15.17 The roles created earlier in the server’s Admin Console are seen listed here Figure 15.17: Mapping the Security Roles On expanding the security roles, the screen shown in figure 15.18 appears Click Add Principal to add users to the role For admin role, add ‘admin’ as the Principal Similarly, add ‘user’ as Principal for the user role Figure 15.18: Adding Principals Figure 15.19: Executing the Secure Web Application V 1.0 © Aptech Limited Concepts After all the configurations are completed, deploy and run the application The application execution will lead to the index page as shown in figure 15.19 Session 15 Java Security Click the hyperlink It will prompt for user name and password as shown in figure 15.20 Figure 15.20: Prompting for User Name and Password On providing the appropriate credentials, it will lead to the Web page as shown in figure 15.21 Figure 15.21: Accessing the Web Page after Authentication Concepts Note: The application may not behave as expected at the first execution It may give a ‘403:Forbidden page’ error The roles and respective credentials have to be properly deployed onto the application/ Web server This may require refreshing/restarting the Web server V 1.0 © Aptech Limited Session 15 Java Security 15.10 Check Your Progress (A) Deployment descriptor (C) HttpServletRequest interface (B) (D) None of these Annotations Which of the following authentication mechanisms uses public key cryptography? (A) Basic authentication (C) Digest authentication (B) Form authentication (D) Client authentication Which of the following can be a sub element of security-constraint element? (A) web-resource-constraint (C) user-data constraint (B) auth-constraint (D) All of these Which of the following annotations are not used for security mechanisms in Java EE applications? (A) @Stateless (C) @RolesAllowed (B) @DenyAll (D) None of these Identify the method which is used to define the security mechanism programmatically in Web applications (A) authenticate (C) getUserName (B) logout (D) All of these Concepts Which of the following is used for defining the security mechanism programmatically for Web applications? V 1.0 © Aptech Limited Session 15 Java Security 15.10.1 Answers C D D A D Concepts V 1.0 © Aptech Limited Session 15 Java Security Summary S ecurity mechanisms in both enterprise and Web applications are specified both declaratively and programmatically ỴỴ Security mechanisms are declaratively specified through annotations and deployment descriptors ÎÎ Programmatically security mechanisms are specified through Java security APIs such as JAAS ỴỴ S ecurity mechanisms in Web applications are implemented at three levels: application level security, transport level security, and message level security ỴỴ ethods of HttpServletRequest interface are used to programmatically define security M mechanisms for Web applications ỴỴ T he security roles and mapping can be done on the application deployment descriptor and Web server deployment descriptor Concepts ẻẻ V 1.0 â Aptech Limited
Ngày đăng: 27/10/2019, 21:19
Xem thêm:
