...
The security provider varies by runtime. The Standalone, Maven, and Ant runtimes are configured by default to use a basic security provider. The Tomcat runtime is configured with a provider that delegates to Tomcat security realms. There is also a Fabric3 extension that uses Spring Security, which can be installed in any of the Fabric3 runtimes.
Configuring The Basic Security Provider
The Standalone runtime includes a basic security provider that allows users and roles to be statically defined in a configuration file, security.xml, located in the runtime /config directory. An example file is shown below:
...
<users>
<user>
<username>foo</username>
<password>bar</password>
<roles>
<role>role1</role>
<role>role2</role>
</roles>
</user>
</users>
In the Maven runtime, the same security information is configured using a systemConfig entry:
...
<systemConfig>
<\!\[CDATA\[
<config>
<users>
<user>
<username>foo</username>
<password>bar</password>
</user>
</users>
</config>
\]\]>
</systemConfig>
Using Authentication and Authorization in Application Code
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
import org.fabric3.api.Fabric3RequestContext;
public class SecureRolesServiceImpl implements SecureService {
@Context
protected Fabric3RequestContext context;
public void call() \{
SecuritySubject context.getCurrentSubject();
String userName = context.getUsername();
// iterate roles
for (Role role: context.getRoles() {
String roleName = role.getName();
}
}
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<component name="SecurityTest">
<f3:junit class="...">
<configuration>
<username>scott</username>
<password>wombat</password>
</configuration>
</f3:junit>
<reference name="service" target="SCASecureService"/>
</component>
|
Custom Security Providers
...