Enterprise Java Development@TOPIC@
Secure access to EJB and Web applications
Decouple business logic from common tasks
Provide for asynchronous processing.
Re-use the eSales and eBidbot implementations from projects 1 and 2.
Define access controls and implement authentication mechanisms for applications.
Implement DTO validation using interceptors
Implement a publish/subscribe capability between the eBidbot and stand-alone client applications.
Trigger certain behaviors based on timers.
The project will build on the core implementation from Projects 1 and 2. We will mostly extend existing projects with security and asynchronous logic.
Java EE defines authentication and authorization to be independent of the overall API and capability. JBoss and other application servers provide simple, default mechanisms that are easy to demonstrate and more sophisticated mechanisms that are realistic for deployments that require no change to the JavaEE-compliant application code. We will use the simple, default/"other" security-domain defined within the standard JBoss installation. This uses the RealmUsersRoles login-module -- which is powered by two property files supplied and pre-populated by the class server files from ejava-wildfly901.
Table 26.1. User Credential Files
| File | Description |
|---|---|
| ${jboss.server.config.dir}/application-users.properties | defines username=password lines that list the login username and hashed password |
| ${jboss.server.config.dir}/application-roles.properties | defines username=role1,role2 lines that list the login username and assigned roles |
We are going to have a couple types of users. Some of the users will have zero, one, or more of these roles. Because of the static nature of our authentication, all users will have a login configured before the application is even deployed to the server.
Table 26.2. Application Roles
| Role | Description |
|---|---|
| anonymous | these users can view auctions and create an account |
| esales-admin | these users can reset and populate the eSales database |
| esales-user | these users can create and auction, and bid on auctions. This role is also required to subscribe to JMS auction events. |
| esales-sys | role required to perform internal auction actions like JMS publishing |
| esales-trusted | these users can bid on auctions on behalf of a specified user |
| ebidbot-admin | these users will be able to perform management and test functions on eBidbot |
| ebidbot-user | these users can and manage their orders |
If a user has a login for one application, they will use the same account to access the other application (e.g., user3 might have both esales-user and ebidbot-user roles).
Table 26.3. User Roles
| User | Roles |
|---|---|
| known | (no roles) |
| admin1 | esales-admin |
| admin2 | ebidbot-admin |
| syssales1 | esales-sys |
| sysbidbot1 | esales-trusted |
| user1 | esales-user |
| user2 | esales-user |
| user3 | esales-user,bidbot-user |
To clarify, your application will have a static set of logins and will ingest a set of accounts. A user with a login and no account can login, but won't be able to do anything meaningful. A user with an account and no login won't be able to access the system. Normally the login would be created at the same time as the account. Except for your JBoss configuration and your "Create Account" logic, no other part of your project should be aware of this tradeoff made for class project simplicity.
Some actions are open to any users; authenticated or not. Authentication will be performed using a JNDI login. All users will have a password of "password1!".
eBidbot will run-as an esales-trusted user and pass the userId for the eSales bidder with the placed bid.
For some asynchronous activity, we will implement an Auction Topic with eSales that will be used to provide updates to auction information. eBidbot will listen to this topic using a Message Driven Bean to keep orders up to date and to specifically know when they are closed. A stand-alone client will also be used to subscribe to auction events. The topic(s) will be pre-defined in your application server along with users and roles. However, you will have to design the type, structure, and payload of the messages on the topic(s).
eSales and eBidbot will use EJB Timers to help perform periodic business logic, like checking for completed auctions or making bids.