本实验的目的是比较Container Security和ADF Security API,本实验基于《为ADF Web应用增加安全》。
1. 在products.jsf中增加如下代码:
<af:inputText label="User" id="it1" value="#{securityBean.currentUser}"/>
<af:inputText label="Groups" id="it2" value="#{securityBean.currentUserGroups}"/>
<af:inputText label="Roles" id="it3" value="#{securityBean.currentUserRoles}"/>
<af:inputText label="Belong To WLS Group: users ?" id="it4" value="Got the users role from weblogic"
rendered="#{securityBean.wlsUserGroup}" columns="80"/>
<af:inputText label="Belong To WLS Role: valid-users" id="it5" value="Got the valid-users mapped by weblogic.xml"
rendered="#{securityBean.containerUserRole}" columns="80"/>
2. 对应的SecurityBean.java代码如下:
package view;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Set;
import javax.faces.context.FacesContext;
import javax.security.auth.Subject;
import oracle.adf.share.ADFContext;
import weblogic.security.Security;
import weblogic.security.SubjectUtils;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;
public class SecurityBean {
private String user = null;
private ArrayList
public SecurityBean() {
Subject subject = Security.getCurrentSubject();
Set
for (Principal principal : allPrincipals) {
if (principal instanceof WLSGroupImpl) {
System.out.println("Found WLS Group: " + principal.getName());
groups.add(principal.getName());
}
if (principal instanceof WLSUserImpl) {
System.out.println("Found WLS User: " + principal.getName());
user = principal.getName();
}
}
}
public String getCurrentUserGroups() {
String curGroups = "";
for (String group : groups) {
curGroups = curGroups + ", " + group;
}
return curGroups;
}
public String getCurrentUserRoles() {
ADFContext adfctx = ADFContext.getCurrent();
String[] roles = adfctx.getSecurityContext().getUserRoles();
String curRoles = "";
for (String role : roles) {
curRoles = curRoles + ", " + role;
}
return curRoles;
}
public boolean isWlsUserGroup() {
for (int i = 0; i < groups.size(); i++) {
if ("users".equalsIgnoreCase(groups.get(i))) {
return true;
}
}
return false;
}
public boolean isContainerUserRole() {
if (FacesContext.getCurrentInstance().getExternalContext().isUserInRole("valid-users")) {
return true;
}
return false;
}
public String getCurrentUser() {
return user;
}
}
3. 运行
使用sking/welcome1登录,发现SecurityContext.getUserRoles()返回的是sking所属的组和角色信息,而不只是角色信息,这一点和我们想的有些出入。
参考文献:
1. http://blog.whitehorses.nl/2010/01/29/weblogic-web-application-container-security-part-1/
2. http://blog.whitehorses.nl/2010/02/01/weblogic-web-application-container-security-part-2-adf-security/