Added new quickstart security quick starts< ejb-security, servlet-sec…

…urity>

ejb-security/README.md

@@ -0,0 +1,61 @@
+EJB Security Example
+
+Author: Sherif Makary, RH MW SA
+
+This example demonstrates the use of JEE declarative security to control access to EJB 3 and Security in JBoss EAP 6
+
+The example can be deployed using Maven from the command line or from Eclipse using JBoss Tools.
+
+To set up Maven or JBoss Tools in Eclipse, refer to the Getting Started Developing Applications Guide.
+
+To deploy to JBoss AS 7, start JBoss AS 7 and type mvn package jboss-as:deploy. The application is deployed to http://localhost:8080/jboss-as-secured-servlet/CallSecuredEJBServlet. You can read more details in the Getting Started Developing Applications Guide.
+
+To implement EJB security, you need to:
+-Add a security-domain to your jboss-web.xml
+-Configure a security domain in standalone.xml
+-Have users.properties and roles.properties files in WEB-INF/classes directory of your web application
+
+To implement EJB declerative security, you need to:
+-Add security annotations to your EJB declaration
+-Make sure the allowed user role is the same as the role defined in roles.properties file
+-Make sure the security domain referenced in jboss-web.xml is defined in the EAP 6 standalone.xml, this is the configuration snipt:
+
+<security-domain name="WebSecurityBasic" cache-type="required"></pre>
+
+<authentication>
+
+<login-module code="UsersRoles" flag="required">
+
+<module-option name="usersProperties" value="users.properties"/>
+
+<module-option name="rolesProperties" value="roles.properties"/>
+
+</login-module>
+
+</authentication>
+
+</security-domain>
+
+For references, please refer to:
+
+Getting Started Developing Applications Guide.
+JBoss AS7: Security : EJB3 Security.
+
+Test Scenario:
+-After successful war deployment to EAP 6
+-Run the url http://localhost:8080/jboss-as-ejb-security/CallSecuredEJBServlet
+-You should get a browser log-in challenge
+-After successful login using admin/admin, the browser will display some security info:
+
+"Successfully called Secured EJB
+
+Principal : admin
+
+Remote User : admin
+
+Authentication Type : BASIC
+"
+
+
+-Change the role in roles.properties to "gooduser1"
+-Redeploy the war and refresh the browser and clear the active login and you should get a security exception. 

ejb-security/pom.xml

@@ -0,0 +1,114 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+   <modelVersion>4.0.0</modelVersion>
+
+   <groupId>org.jboss.as.quickstarts</groupId>
+   <artifactId>jboss-as-ejb-security</artifactId>
+   <version>7.0.2.CR4</version>
+   <packaging>war</packaging>
+   <name>JBoss AS Quickstarts: ejb-security</name>
+   <description>JBoss AS Quickstarts: ejb-security</description>
+
+   <url>http://jboss.org/jbossas</url>
+   <licenses>
+      <license>
+         <name>Apache License, Version 2.0</name>
+         <distribution>repo</distribution>
+         <url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
+      </license>
+   </licenses>
+
+   <properties>
+      <!-- Explicitly declaring the source encoding eliminates the following 
+         message: -->
+      <!-- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered 
+         resources, i.e. build is platform dependent! -->
+      <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+   </properties>
+
+   <dependencyManagement>
+      <dependencies>
+         <!-- Define the version of JBoss' Java EE 6 APIs we want to use -->
+         <!-- JBoss distributes a complete set of Java EE 6 APIs including
+            a Bill of Materials (BOM). A BOM specifies the versions of a "stack" (or
+            a collection) of artifacts. We use this here so that we always get the correct
+            versions of artifacts. Here we use the jboss-javaee-6.0 stack (you can
+            read this as the JBoss stack of the Java EE 6 APIs). You can actually
+            use this stack with any version of JBoss AS that implements Java EE 6, not
+            just JBoss AS 7! -->
+         <dependency>
+            <groupId>org.jboss.spec</groupId>
+            <artifactId>jboss-javaee-6.0</artifactId>
+            <version>3.0.0.Beta1-redhat-1</version>
+            <type>pom</type>
+            <scope>import</scope>
+         </dependency>
+      </dependencies>
+   </dependencyManagement>
+
+   <dependencies>
+
+      <!-- Import the CDI API, we use provided scope as the API is included 
+         in JBoss AS 7 -->
+      <dependency>
+         <groupId>javax.enterprise</groupId>
+         <artifactId>cdi-api</artifactId>
+         <scope>provided</scope>
+      </dependency>
+
+      <!-- Import the Common Annotations API (JSR-250), we use provided scope 
+         as the API is included in JBoss AS 7 -->
+      <dependency>
+         <groupId>org.jboss.spec.javax.annotation</groupId>
+         <artifactId>jboss-annotations-api_1.1_spec</artifactId>
+         <scope>provided</scope>
+      </dependency>
+
+      <!-- Import the Servlet API, we use provided scope as the API is included 
+         in JBoss AS 7 -->
+      <dependency>
+         <groupId>org.jboss.spec.javax.servlet</groupId>
+         <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+         <scope>provided</scope>
+      </dependency>
+
+      <dependency>
+      	<groupId>org.jboss.spec.javax.ejb</groupId>
+      	<artifactId>jboss-ejb-api_3.1_spec</artifactId>
+      </dependency>
+   </dependencies>
+
+   <build>
+      <!-- Set the name of the war, used as the context root when the app 
+         is deployed -->
+      <finalName>jboss-as-ejb-security</finalName>
+      <plugins>
+         <plugin>
+            <artifactId>maven-war-plugin</artifactId>
+            <version>2.1.1</version>
+            <configuration>
+               <!-- Java EE 6 doesn't require web.xml, Maven needs to catch 
+                  up! -->
+               <failOnMissingWebXml>false</failOnMissingWebXml>
+            </configuration>
+         </plugin>
+         <!-- JBoss AS plugin to deploy war -->
+         <plugin>
+            <groupId>org.jboss.as.plugins</groupId>
+            <artifactId>jboss-as-maven-plugin</artifactId>
+            <version>7.1.0.CR1</version>
+         </plugin>
+         <!-- Compiler plugin enforces Java 1.6 compatibility and activates 
+            annotation processors -->
+         <plugin>
+            <artifactId>maven-compiler-plugin</artifactId>
+            <version>2.3.1</version>
+            <configuration>
+               <source>1.6</source>
+               <target>1.6</target>
+            </configuration>
+         </plugin>
+      </plugins>
+   </build>
+
+</project>

ejb-security/src/main/java/org/jboss/as/quickstarts/ejb_security/CallSecuredEJBServlet.java

@@ -0,0 +1,91 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2011, Red Hat, Inc. and/or its affiliates,
+ * and individual contributors as indicated by the @author tags.
+ * See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU Lesser General Public License, v. 2.1.
+ * This program is distributed in the hope that it will be useful, but WITHOUT A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA  02110-1301, USA.
+ *
+ * (C) 2012,
+ * @author Sherif Makary Red Hat MW SA.*/
+
+package org.jboss.as.quickstarts.ejb_security;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import javax.ejb.EJB;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.jboss.as.quickstarts.ejb_security.SecuredEJB;
+
+/**
+ * <p>
+ * Simple Servlet calling secured ejb
+ * using Servlet 3 security annotations
+ * Upon successful authentication and authorization the servlet 
+ * will call the secured ejb and retrieve the principal name
+ * </p>
+ * 
+ * 
+ * 
+ * @author Sherif Makary MW SA
+ * 
+ */
+@SuppressWarnings("serial")
+@WebServlet("/CallSecuredEJBServlet")
+
+public class CallSecuredEJBServlet extends HttpServlet {
+
+   static String PAGE_HEADER = "<html><head /><body>";
+
+   static String PAGE_FOOTER = "</body></html>";
+
+   //Injecting the Secured EJB
+   @EJB
+   private SecuredEJB securedEJB;
+
+   /**
+    * <p>
+    * Servlet entry point method which calls  securedEJB.getSecurityInfo()
+    * </p>
+    * */
+
+   @Override
+   protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+      PrintWriter writer = resp.getWriter();
+      //Get user principal
+      String principal = null; 
+      String authType = null;
+      String remoteUser=null;
+
+      	//Get security principal  
+      	principal = securedEJB.getSecurityInfo();
+        //Get user name from login principal
+    	remoteUser = req.getRemoteUser();
+    	//Get authentication type
+    	authType = req.getAuthType();
+
+
+      writer.println(PAGE_HEADER);
+      writer.println("<h1>" + "Successfully called Secured EJB " + "</h1>");
+      writer.println("<p>" + "Principal  : " + principal  + "</p>");
+      writer.println("<p>" + "Remote User : " + remoteUser +"</p>");
+      writer.println("<p>" + "Authentication Type : " + authType  + "</p>");
+      writer.println(PAGE_FOOTER);
+      writer.close();
+   }
+
+}

ejb-security/src/main/java/org/jboss/as/quickstarts/ejb_security/SecuredEJB.java

@@ -0,0 +1,40 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2011, Red Hat, Inc. and/or its affiliates,
+ * and individual contributors as indicated by the @author tags.
+ * See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU Lesser General Public License, v. 2.1.
+ * This program is distributed in the hope that it will be useful, but WITHOUT A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA  02110-1301, USA.
+ *
+ * (C) 2012,
+ * @author Sherif Makary Red Hat MW SA.*/
+
+
+package org.jboss.as.quickstarts.ejb_security;
+
+import javax.ejb.Local;;
+
+
+/**
+ * <p>
+ * Simple secured ejb Interface
+ * </p>
+ * 
+ * @author Sherif Makary MW SA
+ * 
+ */
+
+@Local
+public interface SecuredEJB {
+	public String getSecurityInfo();
+
+}

ejb-security/src/main/java/org/jboss/as/quickstarts/ejb_security/SecuredEJBBean.java

@@ -0,0 +1,67 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2011, Red Hat, Inc. and/or its affiliates,
+ * and individual contributors as indicated by the @author tags.
+ * See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU Lesser General Public License, v. 2.1.
+ * This program is distributed in the hope that it will be useful, but WITHOUT A
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
+ * You should have received a copy of the GNU Lesser General Public License,
+ * v.2.1 along with this distribution; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA  02110-1301, USA.
+ *
+ * (C) 2012,
+ * @author Sherif Makary Red Hat MW SA.*/
+
+
+package org.jboss.as.quickstarts.ejb_security;
+
+import javax.ejb.Stateless;
+import org.jboss.as.quickstarts.ejb_security.SecuredEJB;
+import java.security.Principal;
+import javax.ejb.SessionContext;
+import javax.annotation.Resource;
+import javax.annotation.security.RolesAllowed;
+
+/**
+ * <p>
+ * Simple secured ejb
+ * using ejb security annotations
+ * </p>
+ * 
+ * @author Sherif Makary MW SA
+ * 
+ */
+
+public @Stateless class SecuredEJBBean implements SecuredEJB {
+
+	private Principal principal= null;
+
+	//Inject Session Context
+	@Resource	SessionContext ctx;
+
+	/**
+	 * <p>
+	 * sample Secured ejb method using security annotations
+	 * </p>
+	 * 
+	 */	
+
+	@Override
+	@RolesAllowed({"gooduser"})
+	public String getSecurityInfo()
+	   {
+		//Session context injected using the resource annotation
+		principal = ctx.getCallerPrincipal();
+
+   		return principal.toString();
+	   }
+
+
+
+}

ejb-security/src/main/webapp/WEB-INF/beans.xml

@@ -0,0 +1,7 @@
+<!-- Marker file indicating CDI should be enabled -->
+<beans xmlns="http://java.sun.com/xml/ns/javaee"
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+   xsi:schemaLocation="
+      http://java.sun.com/xml/ns/javaee 
+      http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+</beans>

ejb-security/src/main/webapp/WEB-INF/classes/roles.properties

@@ -0,0 +1 @@
+admin=gooduser

ejb-security/src/main/webapp/WEB-INF/classes/users.properties

@@ -0,0 +1 @@
+admin=admin