This sample demonstrates how to secure EJBs in your application. The application consists of a servlet protected by a role, servletRole, which invokes the method hello on an injected EJB, which is in turn protected by a role, ejbRole. The sample's server is configured so that all authenticated users can access the servlet. However, only user1 is allowed to access the EJB method ejbRole. The following steps describe the how to test the sample, and what the expected results are.
This sample can be installed onto runtime versions 18.104.22.168 and later.
Online installation (requires 22.214.171.124 or later):
installUtility install SecureEJBSample
Any missing features required by the server will be installed for you.
SecureEJBSample.jarusing the download button at the top of the page and place it in the root of your server installation.
java -jar SecureEJBSample.jar
Any missing features required by the server will need to be installed separately.
To run the EJBSample application:
bindirectory in the Liberty profile installation:
server run EJBSample
CWWKZ0001I: Application SecureEJBSample started in XX.XX seconds.
In this scenario, you will access the servlet with a user who is authorized to both the servlet and the EJB method.
In SecureEJBServlet, Hello Secure EJB World.
In this scenario, you will access the servlet with a user who is not authorized to the EJB, because they are not mapped to the ejbRole in the application-bnd stanza of the server.xml
javax.ejb.EJBAccessException: CWWKS9400A: Authorization failed for user user2 while invoking hello on SecureEJBSample. The user is not granted access to any of the required roles: [ejbRole].