cayenne-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Cayenne Documentation > Remote Object Persistence Tutorial Authentication
Date Wed, 06 Jan 2010 12:07:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=CAYDOC&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><s>Remote Object Persistence Tutorial Authentication</s></h2>
     <h4>Page <b>removed</b> by             <a href="http://cwiki.apache.org/confluence/display/~andrus">Andrus
Adamchik</a>
    </h4>
     <br/>
     <div class="notificationGreySide">
         <p>You probably don't want everybody in the world to connect to your service
and access (and update!) arbitrary data. The first step in securing Cayenne service is implementing
client authentication. The easiest way to do it is to delegate the authentication task to
the web container that is running the service. HessianConnection used in the <a href="/confluence/pages/createpage.action?spaceKey=CAYDOC&amp;title=Remote+Object+Persistence+Tutorial+Client+Code&amp;linkCreation=true&amp;fromPageId=10504"
class="createlink">previous chapter</a> supports such authentication on the client
side.</p>

<h3><a name="RemoteObjectPersistenceTutorialAuthentication-ConfiguringJettyLauncher"></a>Configuring
JettyLauncher</h3>

<p>First we need to setup support for BASIC authentication in Jetty. </p>

<ul>
	<li>In <tt>cayenne-tutorial</tt> project folder create a file called <tt>"jetty-realm.properties"</tt>
with the following line of text:</li>
</ul>


<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>cayenne-user: secret,cayenne-service-user</pre>
</div></div>

<p>This file will store our user database. In each line the first word is a user name,
the second - password, the rest are the roles of this user. So we've created a single user
with login id "cayenne-user", password "secret" and "cayenne-service-user" role.</p>

<ul>
	<li>In the same folder create another file called "jetty-run-config.xml" with the following
contents:</li>
</ul>


<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>jetty-run-config.xml</b></div><div
class="codeContent panelContent">
<pre class="code-java">&lt;?xml version=<span class="code-quote">"1.0"</span>
 encoding=<span class="code-quote">"UTF-8"</span>?&gt;
&lt;!DOCTYPE Configure PUBLIC <span class="code-quote">"-<span class="code-comment">//Mort
Bay Consulting//DTD Configure//EN"</span> <span class="code-quote">"http://jetty.mortbay.org/configure.dtd"</span>&gt;
</span>
&lt;Configure class=<span class="code-quote">"org.mortbay.jetty.Server"</span>&gt;

    &lt;Call name=<span class="code-quote">"addListener"</span>&gt;
        &lt;Arg&gt;
            &lt;New class=<span class="code-quote">"org.mortbay.http.SocketListener"</span>&gt;
                &lt;Set name=<span class="code-quote">"Port"</span>&gt;&lt;SystemProperty
name=<span class="code-quote">"jetty.port"</span> <span class="code-keyword">default</span>=<span
class="code-quote">"8080"</span>/&gt;
                &lt;/Set&gt;
                &lt;Set name=<span class="code-quote">"MinThreads"</span>&gt;2&lt;/Set&gt;
                &lt;Set name=<span class="code-quote">"MaxThreads"</span>&gt;100&lt;/Set&gt;
                &lt;Set name=<span class="code-quote">"MaxIdleTimeMs"</span>&gt;30000&lt;/Set&gt;
                &lt;Set name=<span class="code-quote">"LowResourcePersistTimeMs"</span>&gt;5000&lt;/Set&gt;
                &lt;Set name=<span class="code-quote">"PoolName"</span>&gt;Listener&lt;/Set&gt;
                &lt;Set name=<span class="code-quote">"ConfidentialPort"</span>&gt;8443&lt;/Set&gt;
                &lt;Set name=<span class="code-quote">"IntegralPort"</span>&gt;8443&lt;/Set&gt;
            &lt;/New&gt;
        &lt;/Arg&gt;
    &lt;/Call&gt;

    &lt;Set name=<span class="code-quote">"WebApplicationConfigurationClassNames"</span>&gt;
        &lt;Array type=<span class="code-quote">"java.lang.<span class="code-object">String</span>"</span>&gt;
            &lt;Item&gt;org.mortbay.jetty.servlet.XMLConfiguration&lt;/Item&gt;
        &lt;/Array&gt;
    &lt;/Set&gt;
	
    &lt;Call name=<span class="code-quote">"addRealm"</span>&gt;
        &lt;Arg&gt;
            &lt;New class=<span class="code-quote">"org.mortbay.http.HashUserRealm"</span>&gt;
                &lt;Arg&gt;Cayenne Realm&lt;/Arg&gt;
                &lt;Arg&gt;&lt;SystemProperty name=<span class="code-quote">"user.dir"</span>
<span class="code-keyword">default</span>=<span class="code-quote">"."</span>/&gt;/jetty-realm.properties&lt;/Arg&gt;
            &lt;/New&gt;
        &lt;/Arg&gt;
    &lt;/Call&gt;

    &lt;Call name=<span class="code-quote">"addWebApplication"</span>&gt;
        &lt;Arg&gt;/&lt;/Arg&gt;
        &lt;Arg&gt;webapp&lt;/Arg&gt;
    &lt;/Call&gt;
&lt;/Configure&gt;</pre>
</div></div>

<p>This file is a Jetty-specific descriptor that emulates your existing JettyLauncher
setup with one extra twist - an authentication realm.</p>

<ul>
	<li>In Eclipse go to <tt>"Run &gt; Run..."</tt> and select "cayenne-tutorial"
Jetty configuration.</li>
	<li>Select a "Use a Jetty XML Configuration File" radio button and navigate to "jetty-run-config.xml"
file that we just created:</li>
</ul>


<p><img src="/confluence/download/attachments/10504/custom-jetty.jpg" align="absmiddle"
border="0" /></p>

<ul>
	<li>Click "Apply" and close the dialog.</li>
</ul>


<p>As you may have guessed the procedure above is Jetty-specific and will be different
on other servers (such as Tomcat) or with other authentication mechanisms (such as database
realms).</p>

<h3><a name="RemoteObjectPersistenceTutorialAuthentication-ConfiguringSecurityConstraints"></a>Configuring
Security Constraints</h3>

<ul>
	<li>open <tt>web.xml</tt> and add security constraints for the web service,
just like you would do in a normal web application. The following XML has to be added just
before 	the closing "web-app" tag:</li>
</ul>


<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>"web.xml"</b></div><div class="codeContent
panelContent">
<pre class="code-java">    
    &lt;security-constraint&gt;
        &lt;web-resource-collection&gt;
            &lt;web-resource-name&gt;CayenneService&lt;/web-resource-name&gt;
            &lt;url-pattern&gt;/cayenne-service&lt;/url-pattern&gt;
        &lt;/web-resource-collection&gt;
        &lt;auth-constraint&gt;
            &lt;role-name&gt;cayenne-service-user&lt;/role-name&gt;
        &lt;/auth-constraint&gt;
    &lt;/security-constraint&gt;
    
    &lt;login-config&gt;
        &lt;auth-method&gt;BASIC&lt;/auth-method&gt;
        &lt;realm-name&gt;Cayenne Realm&lt;/realm-name&gt;
    &lt;/login-config&gt;
	
    &lt;security-role&gt;
        &lt;role-name&gt;cayenne-service-user&lt;/role-name&gt;
    &lt;/security-role&gt;</pre>
</div></div>

<ul>
	<li>Save the file, shut down and restart the server and try to run the client. This
time you should get an exception similar to this one:</li>
</ul>


<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent
panelContent">
<pre>Exception in thread "main" org.apache.cayenne.CayenneRuntimeException: [v.2.0.1
September 23 2006] Error establishing remote session. URL - http://localhost:8080/cayenne-service
	at org.apache.cayenne.remote.hessian.HessianConnection.connect(HessianConnection.java:257)
	at org.apache.cayenne.remote.hessian.HessianConnection.getServerEventBridge(HessianConnection.java:147)
	at org.apache.cayenne.remote.ClientChannel.setupRemoteChannelListener(ClientChannel.java:254)
	at org.apache.cayenne.remote.ClientChannel.&lt;init&gt;(ClientChannel.java:115)
	at org.apache.cayenne.remote.ClientChannel.&lt;init&gt;(ClientChannel.java:105)
	at org.apache.cayenne.remote.ClientChannel.&lt;init&gt;(ClientChannel.java:101)</pre>
</div></div>

<ul>
	<li>Go to the client Main class, and change the line that creates ClientConnection
to take user name and password:</li>
</ul>


<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>Main.java</b></div><div class="codeContent
panelContent">
<pre class="code-java">ClientConnection connection = <span class="code-keyword">new</span>
HessianConnection(<span class="code-quote">"http:<span class="code-comment">//localhost:8080/cayenne-service"</span>,

</span>   <span class="code-quote">"cayenne-user"</span>,
   <span class="code-quote">"secret"</span>, 
   <span class="code-keyword">null</span>);</pre>
</div></div>

<p>Now if you start the client again, it should successfully connect to the server and
print the output similar to what <a href="/confluence/pages/createpage.action?spaceKey=CAYDOC&amp;title=Remote+Object+Persistence+Tutorial+Client+Code&amp;linkCreation=true&amp;fromPageId=10504"
class="createlink">we've seen before</a>. Of course in a real application you might
want secure the autentication with SSL. The technique above still applies, but you'll need
to do some setup on the server. Consult your server documentation on how to enable HTTPS.
On the client you would simply replace "http://" with "https://" in the server URL.</p>

<p>You are done with the tutorial!</p>

     </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message