...
The security provider varies by runtime. The Standalone, Maven, and Ant runtimes are configured by default to use a basic security provider. The Tomcat runtime is configured with a provider that delegates to Tomcat security realms. There is also a Fabric3 extension that uses Spring Security, which can be installed in any of the Fabric3 runtimes.
Configuring The Basic Security Provider
The Standalone runtime includes a basic security provider that allows users and roles to be statically defined in a configuration file, security.xml, located in the runtime /config directory. An example file is shown below:
...
<users>
<user>
<username>foo</username>
<password>bar</password>
<roles>
<role>role1</role>
<role>role2</role>
</roles>
</user>
</users>
In the Maven runtime, the same security information is configured using a systemConfig entry:
...
<systemConfig>
<\!\[CDATA\[
<config>
<users>
<user>
<username>foo</username>
<password>bar</password>
</user>
</users>
</config>
\]\]>
</systemConfig>
Using Authentication and Authorization in Application Code
...
Code Block | ||||
---|---|---|---|---|
| ||||
import org.fabric3.api.Fabric3RequestContext; public class SecureRolesServiceImpl implements SecureService { @Context protected Fabric3RequestContext context; public void call() \{ SecuritySubject context.getCurrentSubject(); String userName = context.getUsername(); // iterate roles for (Role role: context.getRoles() { String roleName = role.getName(); } } } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
<component name="SecurityTest"> <f3:junit class="..."> <configuration> <username>scott</username> <password>wombat</password> </configuration> </f3:junit> <reference name="service" target="SCASecureService"/> </component> |
Custom Security Providers
...