NewUser.jsp Example

This example builds a JSP page that implements programmatic access to the WebLogic Server realm. This JSP page includes a Web form that has three text fields and three submit buttons (see Figure 12-14).

The JSP page processes the submitted values. If all three spaces are filled in, and the Create User button is clicked, then a new user is created and logged into the system. The Create Group button enables the user to create a new group in the caching realm. Finally, the Delete User button deletes the account of the user whose name is entered in the Username field.

To begin creating this page, we define the Web form to be processed:

<html>
<head>
   <title>New User</title>
</head>
<body text="#000000" bgcolor="#FFFFFF">

<p>Please complete the following to register yourself as a user
in the
  application.</font>
<p>
<form method="post" name="NewUser" action="newuser.jsp">

Username :<input type="text" name="userName" size=16><p>

Password :<input type="password" name="password" size=16><p>

Group :<input type="text" name="groupName" size=16><p>

<font face="Helvetica"><input type="submit"
  value="Create User" name="Command">
<p>

<font face="Helvetica"><input type="submit"
  value="Delete User" name="Command">
<p>

<font face="Helvetica"><input type="submit"
  value="Create Group" name="Command">
<p>

The standard HTML form uses a POST that is directed back to the same JSP page. Three buttons are defined for submit, each with a different value for the “Command” parameter name.

Now, we put Java code into the JSP page to demonstrate access to the realm API.

<%

  // We will encapsulate everything in a try/catch block to catch
  // exceptions.  Because this is an example, it does not include
  // complete error checking:

  try {

    // Next check to see if the request method is a POST of
    // information from the form:

    if ("POST".equals(request.getMethod())) {

    weblogic.security.acl.CachingRealm realm =
    (weblogic.security.acl.CachingRealm)
weblogic.security.acl.Security.getRealm();

    // Define variables to be used internally:

    weblogic.security.acl.User u;
    java.security.acl.Group g;

    String userName;
    String groupName;
    String password;
    // Get the command that has been received with the POST:
    String command = request.getParameterValues("Command")[0];

    if (command.equals("Create User")) {

      userName = request.getParameterValues("userName")[0];
      password = request.getParameterValues("password")[0];
      groupName = request.getParameterValues("groupName")[0];

      //  Add a new user to the realm with the appropriate username
      //  and password.  Then, add that user to the appropriate group:
      u = realm.newUser(userName, password, null);
      realm.getGroup(groupName).addMember(u);

      out.println("New user "+ userName + " created!");

      // This piece of code allows applications to register a new
      // user & automatically log them into the WebLogic realm:
      int ret = weblogic.servlet.security.ServletAuthentication.weak
        (userName, password, session);

      out.println("<br>New user created, added to group " + groupName
        + " and logged in!");

      out.println("<br>Now that you are logged in, go " +
        "<a href="welcome.jsp">visit welcome.jsp</a>.");

    } else if (command.equals("Delete User")) {

      userName = request.getParameterValues("userName")[0];

      //  Locate a User object with the appropriate username and
      //  delete it.
      u = realm.getUser(userName);
      realm.deleteUser(u);
      out.println("User " + userName+ " created and logged in!");

    } else if (command.equals("Create Group")) {

      groupName = request.getParameterValues("groupName")[0];
      g = realm.newGroup(groupName);
      out.println("New group " + groupName + " created.");

    }

  }
  }
  catch (Exception e) {
    out.println(e);
  }


%>

</body>
</html>

Deploying a Realm API Authentication Example Using the RDBMS Realm

To practice using the RDBMS security realm, we can modify the form-based authentication example from the previous section. The RDBMS realm example is contained in the rdbmsauth.war file in the /code/ch12 directory on the CD-ROM. Use the Cloudscape database (installed with WebLogic Server) as the RDBMS, and use the Examples Server version of WebLogic Server (rather than the default).

Step 0: Set Up the RDBMS Realm in the Examples Server

First, configure the Examples Server to use the Cloudscape RDBMS realm instead of the default file store. Start the Examples Server using the shortcut on the Windows Start menu. Then, launch a Web browser and visit the Examples Server console. Use the following URL:

http://127.0.0.1:7001/console/.

The database connectivity to Cloudscape, the caching realm, and the RDBMS realm have been pre-configured for the Examples Server, as you can see from the console's security settings in the left-hand navigation panel of the Security section.

To enable the RDBMS realm with Cloudscape, simply instruct WebLogic Server to use its currently defined caching realm instead of the file realm.

Navigate to the Security section in the left-hand navigation panel (see Figure 12-15).

Under the option for configuring your caching realm, choose to use defaultCachingRealm. Click the Apply button. You will be prompted to restart the Examples Server. Do that now either through the console or by closing the window where the server started.

Step 1: Set Up the Development Environment

Create a new, empty directory on your local hard disk. For this example, the directory c:dev15 will be used. To set your environment variables correctly to access Java services, execute the configuration script for the Examples Server environment:

c:eaweblogic600configexamplessetExamplesEnv.cmd

The preceding path will differ if you have installed WebLogic Server in a different directory.

Next, navigate to your new directory.

Step 2: Copy and Unpack the Example

Copy the example code from the CD-ROM into this directory. If your CD-ROM is the E: drive, you can use the following command:

copy E:examplesch12dbmsauth.war c:dev15

Double check that the file has arrived correctly by doing a directory listing.

Unpack the package using the jar utility:

jar xvf *.war

Step 3: Build and Deploy the Example

Use the build script (build.bat) to compile the example for Microsoft Windows. Edit this script to reflect the correct location of your WebLogic Server installation. The build script also can be modified to work for other platforms. Then, type “build” and press Enter. The compilation, packaging, and deployment of the application should proceed automatically (see Figure 12-16).

Step 4: View the Example

To view the example, point a Web browser to http://127.0.0.1:7001/dbmsauth/ after starting the WebLogic Server default server (the example runs on the default server even though it had to be built on the Examples Server).

You should automatically be redirected to login.jsp and see something that looks exactly like the form-based authentication example from the previous section. You should attempt to log in. Enter a user name of “ruslan” and a password of “sporty” and click Login (see Figure 12-17).

Your user name and password will not be recognized! We have not yet created groups and users in the WebLogic Server realm.

Step 5: Create User and Group

In the form-based authentication example, we used the WebLogic Server console to manage users and groups. In this example, we can use the JSP that we previously created to manipulate the RDBMS realm underlying the caching realm. To visit this JSP page, launch a Web browser and type in “http://127.0.0.1:7001/dbmsauth/newuser.jsp”.

Create a new group to match the group defined in weblogic.xml. Because the principal named myGroup has been defined to match the web-user role in web.xml, type “myGroup” into the field labeled Group (see Figure 12-18).

Click on the Create Group button. You should receive a message stating that the group was successfully created.

Next, add the user name and password (“ruslan” and “sporty”) to the fields in the form (see Figure 12-19).

Click Create User. You should receive a message stating that your user has been successfully created and logged into the system (see Figure 12-20).

You can now go directly to the welcome page. Check the WebLogic Server console to make sure the new user is in the RDBMS realm (see Figure 12-21).