J2EE Blueprints

Java TM Pet Store Demo

 security
   customizing security
 
There are two things that the sample application may not do in a Web-container-independent manner:
  1. The sample application may not log users into the form-based login mechanism of a web server because this mechanism differs on different Web containers.
  2. The sample application may not add users to a specific group in different security realms when new accounts are created, because the mechanism for adding new users to a Web container varies between specific implementations of containers.

Our solution to this was to provide a pluggable interface for programmatically logging users into the form-based login mechanism of a Web container, and an interface for creating new accounts in a Web container. By default, the sample application uses the J2EE SDK-specific services.

The sample application should run without problems on any J2EE compliant Web/EJB container combination if a security adapter implementation for that container is provided. To change the default behavior of the sample application, you will need to provide an interface class for the application server you are porting to, and make two changes to the deployment descriptor files.

The interface for the pluggable security adapter is located in the com.sun.j2ee.blueprints.petstore.util package under the jps1.1/src/petstore/src directory of the sample application source tree in the file name SecurityAdapter.java. The nonportable code for the J2EE SDK is located in the same package under the name J2eeSecurityAdapter.java.

The descriptor key securityAdapterClassName will need to be set in both the EJB (jps1.1/src/petstore/src/estore_ejb.xml) and WAR (jps1.1/src/petstore/src/docroot/WEB-INF/web.xml) deployment descriptors, located in the src directory of the sample application source tree. The default value for the key is com.sun.j2ee.blueprints.petstore.util.J2eeSecurityAdapter. The new value for the key should reflect the fully-qualified name of the security adapter class that implements the com.sun.j2ee.blueprints.petstore.util.SecurityAdapter interface.