This quickstart demonstrates the creation of a custom authorization example using @SecurityBindingType from DeltaSpike in Red Hat JBoss Enterprise Application Platform.
Security binding is DeltaSpike feature that restricts who can invoke a method (under the covers, it uses interceptors).
To restrict who can invoke a method, we create an annotation, called a security binding type. This quickstart has two security binding types -
deltaspike-authorization quickstart defines an
Authorizer class that implements the restrictions for the security binding types. The authorizer is a CDI bean which defines methods (annotated with `@Secures) which perform the authorization checks for each security binding we create.
In this quickstart the
Authorizer we delegate authentication to JAAS, but other authentication solutions could be used.
Methods on the
Controller bean have been restricted using the security binding types.
The application this project produces is designed to be run on Red Hat JBoss Enterprise Application Platform (JBoss EAP) 6.1 or later with the Red Hat JBoss Web Framework Kit (WFK) 2.7.
All you need to build this project is Java 6.0 (Java SDK 1.6) or later, Maven 3.0 or later.
If you have not yet done so, you must Configure Maven before testing the quickstarts.
This quickstart uses secured management interfaces and requires that you create the following
quickstartUser application user to access the running application.
To add the application user, open a command prompt and type the following commands:
For Linux: EAP_HOME/bin/add-user.sh -a -u quickstartUser -p quickstartPwd1! -g 'guest' For Windows: EAP_HOME\bin\add-user.bat -a -u quickstartUser -p quickstartPwd1! -g 'guest'
If you have not added an administrative user to your server, add the following
admin management user. The password below is just a suggestion. If you prefer, you can choose a different administrative password.
For Linux: EAP_HOME/bin/add-user.sh -u admin -p admin-123 For Windows: EAP_HOME\bin\add-user.sh -u admin -p admin-123
If you prefer, you can use the add-user utility interactively. For an example of how to use the add-user utility, see instructions in the root README file located here: Add an Application User.
The following shows the command line to start the server with the default profile:
For Linux: EAP_HOME/bin/standalone.sh For Windows: EAP_HOME\bin\standalone.bat
NOTE: The following build command assumes you have configured your Maven user settings. If you have not, you must include Maven setting arguments on the command line. See Build and Deploy the Quickstarts for complete instructions and additional options.
Type this command to build and deploy the archive:
mvn clean package jboss-as:deploy
target/jboss-deltaspike-authorization.warto the running instance of the server.
You can access the running application in a browser at the following URL: <localhost:8080/jboss-deltaspike-authorization/>
When you access the application you are redirected to a login form, already filled in with the details of the application user you set up above. Once you have logged into the application you see a page showing your username and two buttons.
When you click on the
Employee Method button you will see the following message:
You executed a @EmployeeAllowed method - you are authorized to invoke this method.
When you click on the
Admin Method button you will be redirected to a error page with the following exception:
org.apache.deltaspike.security.api.authorization.AccessDeniedException - you aren't authorized to invole thos method.
When you are finished testing, type this command to undeploy the archive:
This quickstart provides Arquillian functional tests. They are located under the directory "functional-tests". Functional tests verify that your application behaves correctly from the user's point of view - simulating clicking around the page as a normal user would do.
To run these tests, you must build the main project as described above.
Build the quickstart WAR using the following command:
mvn clean package
If you have a running instance of the JBoss EAP server, as described above, run the remote tests by typing the following command:
mvn clean verify -Parq-jbossas-remote
NOTE: For this to work, Arquillian needs to know the location of the JBoss EAP server. This can be declared through the
JBOSS_HOME environment variable or the
jbossHome property in
arquillian.xml. See Run the Arquillian Tests for complete instructions and additional options.
mvn clean verify -Parq-jbossas-managed
You can also start the server and deploy the quickstarts or run the Arquillian tests from Eclipse using JBoss tools. For more information, see Use JBoss Developer Studio or Eclipse to Run the Quickstarts
If you want to debug the source code or look at the Javadocs of any library in the project, run either of the following commands to pull them into your local repository. The IDE should then detect them.
mvn dependency:sources mvn dependency:resolve -Dclassifier=javadoc