Navigation
User login
Simple Example
This is a very simple useless example to demonstrate how JSecurity works. I was struggling to understand the work flow and the terminology of any security framework. However, I finally got it, or I think I did.
Also, since the documentation of this project is still in its early stages I decided to post what I learned so that everyone can get a brief understanding of how everything fit together
Please let me know if I got anything wrong in this or any suggestion of how it could be better.
Thanks.
Here it goes:
import org.jsecurity.authc.AuthenticationException;
import org.jsecurity.authc.UsernamePasswordToken;
import org.jsecurity.mgt.DefaultSecurityManager;
import org.jsecurity.realm.text.TextConfigurationRealm;
import org.jsecurity.subject.Subject;
public class securityTEST
{
public static void main(String[] args)
{
//Create the realm in this case its just a simple text based realm
TextConfigurationRealm textConfigurationRealm = new TextConfigurationRealm();
//Set the user principals and roles
//format: username = password, role1, role2,...
textConfigurationRealm.setUserDefinitions("admin=admin,role1");
//Set the role permissions. (not required)
//format: rolename = permissionDefinition1, permissionDefinition2, ...
textConfigurationRealm.setRoleDefinitions("role1=permission1");
//Initialize the realm
textConfigurationRealm.init();
//Create the SecurityManager
DefaultSecurityManager securityManager =
new DefaultSecurityManager(textConfigurationRealm);
//and initialize it
securityManager.init();
//Create a username/password token
UsernamePasswordToken token =
new UsernamePasswordToken("admin", "admin");
//Ready to login now
try
{
Subject user = securityManager.login(token);
if (user.hasRole("role1"))
{
secureMethod1();
}
if (user.hasRole("role2"))
{
secureMethod2();
}
if (user.isPermitted("permission1"))
{
secureMethod3();
}
user.logout();
}
catch (AuthenticationException e)
{
System.out.println("Wrong username/password combination");
}
finally
{
//Clean up
securityManager.destroy();
}
}
private static void secureMethod1()
{
System.out.println("Secure method 1 called...");
}
private static void secureMethod2()
{
System.out.println("Secure method 2 called...");
}
private static void secureMethod3()
{
System.out.println("Secure method 3 called...");
}
}
pretty helpful
this sample is pretty helpful to me. thanks man.
just read about jSecurity and thought i'll give it a try. I just hope they'll give more samples in the future. Its tiring to read APIs just to get to the good stuff. I tried using jGuard and gave up after 3 days, the documentation is pretty messy. i can't get the step-by-step example to work. :(
Im a newbie with this (we all are newbie one way or another) and my suggestion to the developers is to give a sample application a bit in detail. and in step-by-step fashion. just like what they did in w3schools. its very much helpful and more developers will use this in effect. my opinion is more simple samples = more users.
all in all, this one is very useful and very light. :)
Thanks
Thank you for your reply.
The problem with most of Security frameworks is that they require a lot of configurations in a confusing places. Usually in separate XML files. To me this type of configuration is like learning a new language. There is a lot of configurations to be configured and when you need to change something you need to dig for it.
Jsecurity, on the other hand, there is only one place for the configuration, in the web.xml file. And it can be bypassed by using your own filter if you don't understand its syntax. which I am still confused about.
Also I am currently trying to figure out how the annotation stuff works, as soon as I figure it out I ll post another simple example. I got it pretty close but still needs some work.
Thanks again and have a good one
Learn from the JSecurity sample applications
Hi guys,
There are two sample applications included with the JSecurity distribution that show you a _lot_ of how to set up JSecurity in both a quickstart environment and a full-blown Spring application. You really should look at those as proper examples - it will save you a lot of time!
Once you download and unzip the JSecurity distribution, cd into the root directory and run
> ant samples.This will generate two war files - a jsecurity-spring.war and a jsecurity-quickstart.war.
You can see all the files and configuration for both under
jsecurity-release-directory/samples/quickstartandjsecurity-release-directory/samples/spring. They are very helpful - please don't feel you need to do this from scratch :)Cheers,
Les
build problems (ant samples)
hi guys,
i have a problem on building the samples on beta2. but the problem is not about jSecurity though. its more on ant and ivy things. but is it possible if you could upload the "jsecurity-spring.war" ? ive tested the jsecurity-quickstart.war since it was posted many months ago but its kinda left me hanging. ive wasted many hours already fixing this ant and ivy thing and it doesn't seem to go my way. hope you guys could help. i just wanted to have a war and put it on tomcat so i could look at the flow from there.
thanks in advance. :)
Can you access Maven repos?
Hi tar_xvzf,
Ivy downloads all the dependencies JSecurity needs from maven repositories. If you can't access maven repositories (maybe because of a firewall?), then you won't be able to build.
Can you please tell me what the problem is (build error) so I can help?
got it
oi, nevermind les. it was a problem on ivy and ant. i fixed the problem already. :)
Excellent!
Sam,
This is fantastic and I'm sure will it help many people. Thanks so much for taking the time to post this :)
It is always a good thing to get documentation approaches from many different people because we all think differently. Your examples will certainly help people where maybe the quickstart wouldn't.
You'll be happy to know that I started on the official reference manual last week. It will take a while, but now I have a little more time to dedicate to it.
Cheers,
Les
Thanks
This is great news.
Keep up the good work.
Thanks.