- 浏览: 194532 次
- 性别:
- 来自: 深圳
文章分类
最新评论
-
Ma__sm:
感谢
yyyy-MM-dd格式的Java日期校验代码 -
samjavaeye:
weirihai 写道访问都地址都打不开。
刚点了一遍,都能 ...
WebLogic在线文档中心 -
weirihai:
访问都地址都打不开。
WebLogic在线文档中心
经过几天研究,终于跑起来了第一个JAAS例子。把代码贴上来,免得以后忘了。
MyCallbackHandler.java(处理用户输入)
SampleAcn.java(客户端)
SamplePrincipal.java(自定义Principal类)
SampleLoginModule.java(自定义登录模块)
该类没有实现javax.security.auth.spi.LoginModule接口,似乎也可以运行。为简单起见,代码里面用户名固定为testUser,密码固定为testPassword。 还有一个MyLoginModule类,跟SampleLoginModule类是一样的,只是修改了硬编码的用户名和密码,便于测试。 Sample_jaas.config(JAAS配置文件)
为了测试不同情况,配置了多个组合,具体使用哪个组合,在上文中客户端代码指定。package com.pingan.jaas.tutorial;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PushbackInputStream;
import java.util.Arrays;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
public class MyCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
// 根据指定的类型显示信息
TextOutputCallback toc = (TextOutputCallback) callbacks[i];
switch (toc.getMessageType()) {
case TextOutputCallback.INFORMATION:
System.out.println(toc.getMessage());
break;
case TextOutputCallback.ERROR:
System.out.println("ERROR: " + toc.getMessage());
break;
case TextOutputCallback.WARNING:
System.out.println("WARNING: " + toc.getMessage());
break;
default:
throw new IOException("Unsupported message type: "
+ toc.getMessageType());
}
} else if (callbacks[i] instanceof NameCallback) {
// 如果命令行没有提供用户名,提示用户输入用户名
NameCallback nc = (NameCallback) callbacks[i];
System.err.print(nc.getPrompt());
System.err.flush();
nc
.setName((new BufferedReader(new InputStreamReader(
System.in))).readLine());
} else if (callbacks[i] instanceof PasswordCallback) {
// prompt the user for a password
PasswordCallback pc = (PasswordCallback) callbacks[i];
System.err.print(pc.getPrompt());
System.err.flush();
pc.setPassword(readPassword(System.in));
} else {
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
}
}
private char[] readPassword(InputStream in) throws IOException {
char[] lineBuffer;
char[] buf;
buf = lineBuffer = new char[128];
int room = buf.length;
int offset = 0;
int c;
loop: while (true) {
switch (c = in.read()) {
case -1:
case '\n':
break loop;
case '\r':
int c2 = in.read();
if ((c2 != '\n') && (c2 != -1)) {
if (!(in instanceof PushbackInputStream)) {
in = new PushbackInputStream(in);
}
((PushbackInputStream) in).unread(c2);
} else
break loop;
default:
if (--room < 0) {
buf = new char[offset + 128];
room = buf.length - offset - 1;
System.arraycopy(lineBuffer, 0, buf, 0, offset);
Arrays.fill(lineBuffer, ' ');
lineBuffer = buf;
}
buf[offset++] = (char) c;
break;
}
}
if (offset == 0) {
return null;
}
char[] ret = new char[offset];
System.arraycopy(buf, 0, ret, 0, offset);
Arrays.fill(buf, ' ');
return ret;
}
}
package com.pingan.jaas.tutorial;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
public class SampleAcn {
public static void main(String[] args) {
LoginContext lc = null;
try {
lc = new LoginContext("test5", new MyCallbackHandler());
} catch (LoginException le) {
System.err
.println("Cannot create LoginContext. " + le.getMessage());
System.exit(-1);
} catch (SecurityException se) {
System.err
.println("Cannot create LoginContext. " + se.getMessage());
System.exit(-1);
}
// 给用户3次登录机会
int retryTimes = 3;
int i;
for (i = 0; i < retryTimes; i++) {
try {
// attempt authentication
lc.login();
// if we return with no exception,
// authentication succeeded
break;
} catch (LoginException le) {
System.err.println("Authentication failed:");
System.err.println(" " + le.getMessage());
try {
Thread.sleep(3000);
} catch (Exception e) {
// ignore
}
}
}
// did they fail three times?
if (i == retryTimes) {
System.out.println("Sorry");
System.exit(-1);
}
System.out.println("Authentication succeeded!");
}
}
package com.pingan.jaas.tutorial;
import java.security.Principal;
public class SamplePrincipal implements Principal, java.io.Serializable {
private static final long serialVersionUID = -5974294088673749367L;
private String name;
public SamplePrincipal(String name) {
if (name == null)
throw new NullPointerException("illegal null input");
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return ("SamplePrincipal: " + name);
}
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof SamplePrincipal))
return false;
SamplePrincipal that = (SamplePrincipal) o;
if (this.getName().equals(that.getName()))
return true;
return false;
}
public int hashCode() {
return name.hashCode();
}
}
package com.pingan.jaas.tutorial;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import examples.util.LogHelper;
public class SampleLoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// configurable option
private boolean debug = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// username and password
private String username;
private char[] password;
// testUser's SamplePrincipal
private SamplePrincipal userPrincipal;
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String) options.get("debug"));
}
public boolean login() throws LoginException {
// prompt for a user name and password
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available "
+ "to garner authentication information from the user");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("user name: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1])
.getPassword();
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
}
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
((PasswordCallback) callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString()
+ " not available to garner authentication information "
+ "from the user");
}
// print debugging information
if (debug) {
System.out.println("\t\t[SampleLoginModule] "
+ "user entered user name: " + username);
System.out.print("\t\t[SampleLoginModule] "
+ "user entered password: ");
for (int i = 0; i < password.length; i++)
System.out.print(password[i]);
System.out.println();
}
// 校验用户名和密码(用户名为testUser,密码为testPassword,区分大小写)
boolean usernameCorrect = false;
boolean passwordCorrect = false;
if (username.equals("testUser"))
usernameCorrect = true;
if (usernameCorrect && password.length == 12 && password[0] == 't'
&& password[1] == 'e' && password[2] == 's'
&& password[3] == 't' && password[4] == 'P'
&& password[5] == 'a' && password[6] == 's'
&& password[7] == 's' && password[8] == 'w'
&& password[9] == 'o' && password[10] == 'r'
&& password[11] == 'd') {
// authentication succeeded!!!
passwordCorrect = true;
if (debug)
System.out.println("\t\t[SampleLoginModule] "
+ "authentication succeeded");
succeeded = true;
return true;
} else {
// authentication failed -- clean out state
if (debug)
System.out.println("\t\t[SampleLoginModule] "
+ "authentication failed");
succeeded = false;
username = null;
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
if (!usernameCorrect) {
throw new FailedLoginException("User Name Incorrect");
} else {
throw new FailedLoginException("Password Incorrect");
}
}
}
public boolean commit() throws LoginException {
LogHelper.log2Console("succeeded=" + succeeded);
if (succeeded == false) {
return false;
} else {
// add a Principal (authenticated identity)
// to the Subject
// assume the user we authenticated is the SamplePrincipal
userPrincipal = new SamplePrincipal(username);
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (debug) {
System.out.println("\t\t[SampleLoginModule] "
+ "added SamplePrincipal to Subject");
}
// in any case, clean out state
username = null;
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
commitSucceeded = true;
return true;
}
}
public boolean abort() throws LoginException {
LogHelper.log2Console("succeeded=" + succeeded);
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// login succeeded but overall authentication failed
succeeded = false;
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
userPrincipal = null;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
public boolean logout() throws LoginException {
subject.getPrincipals().remove(userPrincipal);
succeeded = false;
succeeded = commitSucceeded;
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
userPrincipal = null;
return true;
}
}
Sample {
com.pingan.jaas.tutorial.SampleLoginModule required debug=true;
};
Sample2 {
com.pingan.jaas.tutorial.MyLoginModule required debug=true;
};
all_required {
com.pingan.jaas.tutorial.SampleLoginModule required debug=true;
com.pingan.jaas.tutorial.MyLoginModule required debug=true;
};
test3 {
com.pingan.jaas.tutorial.SampleLoginModule required debug=true;
com.pingan.jaas.tutorial.MyLoginModule Sufficient debug=true;
};
test4 {
com.pingan.jaas.tutorial.MyLoginModule Sufficient debug=true;
com.pingan.jaas.tutorial.SampleLoginModule required debug=true;
};
test5 {
com.pingan.jaas.tutorial.MyLoginModule Optional debug=true;
com.pingan.jaas.tutorial.SampleLoginModule required debug=true;
};
编译后运行客户端,需要在命令行指定JAAS配置文件位置,参考命令行如下:
java -Djava.security.auth.login.config=com/pingan/jaas/tutorial/sample_jaas.config -cp ".;%CLASSPATH%;C:\bea\weblogic81\server\lib\weblogic.jar;C:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;" com.pingan.jaas.tutorial.SampleAcn
运行结果:
C:\bea\user_projects\applications\Test3\Test3Web\WEB-INF\classes>java -Djava.security.auth.login.config=com/pingan/jaas/tutorial/sample_jaas.config -cp ".;%CLASSPATH%;C:\bea\weblogic81\server\lib\weblogic.jar;C:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;" com.pingan.jaas.tutorial.SampleAcn
user name: testUser
password: testPassword
[MyLoginModule] 用户输入的用户名: testUser
[MyLoginModule] 用户输入的密码:testPassword
[MyLoginModule] authentication failed
user name: testUser
password: testPassword
[SampleLoginModule] user entered user name: testUser
[SampleLoginModule] user entered password: testPassword
[SampleLoginModule] authentication succeeded
com.pingan.jaas.tutorial.MyLoginModule.commit(131)
---------------------------------- <2011-02-14 10:03:14> ----------------------------------
succeeded=false
---------------------------------- <2011-02-14 10:03:14> ----------------------------------
com.pingan.jaas.tutorial.SampleLoginModule.commit(131)
---------------------------------- <2011-02-14 10:03:14> ----------------------------------
succeeded=true
---------------------------------- <2011-02-14 10:03:14> ----------------------------------
[SampleLoginModule] added SamplePrincipal to Subject
Authentication succeeded!
还有一个帮助类LogHelper.java:
package examples.util; import java.text.SimpleDateFormat; import java.util.Date; public class LogHelper { private static final String 换行符 = "\r\n"; private static final String 分隔线 = "----------------------------------"; private static final SimpleDateFormat sf = new SimpleDateFormat( "yyyy-MM-dd HH:mm:ss"); public static void log2Console(String msg) { StackTraceElement[] stackTraceElements = new Throwable() .getStackTrace(); StackTraceElement stackTraceElement = stackTraceElements[1]; StringBuffer sb = new StringBuffer(); // sb.append(换行符); sb.append(换行符).append(stackTraceElement.getClassName()); sb.append('.'); sb.append(stackTraceElement.getMethodName()).append("("); sb.append(stackTraceElement.getLineNumber()).append(")"); sb.append(换行符); String separateLine = buildSeparateLine(); sb.append(separateLine); sb.append(msg).append(换行符); sb.append(separateLine); System.out.println(sb.toString()); } public static void log2Console(String[] array) { StackTraceElement[] stackTraceElements = new Throwable() .getStackTrace(); StackTraceElement stackTraceElement = stackTraceElements[1]; StringBuffer sb = new StringBuffer(); // sb.append(换行符); sb.append(换行符).append(stackTraceElement.getClassName()); sb.append('.'); sb.append(stackTraceElement.getMethodName()).append("("); sb.append(stackTraceElement.getLineNumber()).append(")"); sb.append(换行符); String separateLine = buildSeparateLine(); sb.append(separateLine); if (array == null) { sb.append("数组为空(NULL)").append(换行符); } else { sb.append('{'); for (int i = 0; i < array.length; i++) { if (i >= 0) { sb.append(", "); } sb.append('"').append(array[i]).append('"'); } sb.append('}').append(换行符); } sb.append(separateLine); System.out.println(sb.toString()); } private static String buildSeparateLine() { StringBuffer sb = new StringBuffer(); Date currentTime = new Date(); sb.append(分隔线).append(" <").append(sf.format(currentTime)).append("> ") .append(分隔线).append(换行符); return sb.toString(); } }
- tutorial.rar (6.5 KB)
- 下载次数: 6
发表评论
-
Java处理Json的简单方式
2017-01-04 10:56 673先按Json字符串的格式定义好各级POJO对象,然后就可以简 ... -
Junit4中测试抛异常
2014-07-14 15:43 760虽然很简单,但是久了不用很容易忘记…… 其实就是在@Te ... -
使用apache poi读写excel文件
2014-06-06 10:26 1511apache poi软件包可以用来操作office文档,并 ... -
Log4j2配置入门
2014-04-14 14:29 1484首先是Log4j升级到2.0版本以后,只支持XML格式的配 ... -
Log4j日志格式化pattern参数
2014-03-24 14:39 1165格式名 含义 %c 输出日志信息所属的类的全名 %d ... -
对私有方法进行单元测试
2014-03-05 16:40 1751为了提升代码质量, ... -
使用jxl读写Excel文件
2013-12-04 15:54 1000代码: import java.io.File; imp ... -
Quartz表达式
2013-12-02 17:37 658通配符说明 “*”字符代表所有可能的值 “/”字符用 ... -
enum简单示例
2013-09-18 09:30 713最简单的情况,只有name,适合程序内部使用,不需要在界面 ... -
构造人性化的运行耗时字符串
2013-05-03 09:34 809工具类 /** * 构造人性化的运行耗时字符串。 ... -
用SAX(JDK自带API)解析XML文件
2013-04-15 17:11 3972解析的工具类继承org.xml.sax.helpers.D ... -
XML命名空间与验证小结
2013-04-07 15:00 911命名空间主要是用来避 ... -
jetty-distribution-9.0.0.M0
2013-01-08 23:16 770jetty-distribution-9.0.0.M0 -
常用正则表达式
2013-01-06 10:16 634解析IP地址 ((?:(?:25[0-5]|2[0-4]\d| ... -
读取控制台输入
2013-01-06 10:13 786以下代码适用于JDK1.5以上 private s ... -
Java命令行指定lib目录
2012-11-08 10:43 3033java -Djava.ext.dirs=xxx -
HttpClient简单示例
2012-10-18 13:36 1375代码中用到的是httpclie ... -
使用dom4j解析XML简单示例
2012-10-18 10:51 879从字符串解析XML public class Dom4 ... -
LDAP身份验证示例
2012-07-26 10:46 1759public class LDAPAuthenticat ... -
yyyy-MM-dd格式的Java日期校验代码
2012-03-01 09:49 12460用正则表达式匹配,从1970-01-01开始往后2万天逐一测试 ...
相关推荐
jaas.jar jaas.jar jaas.jar
Java Authentication and Authorization Service (JAAS) 是Java平台提供的一种安全框架,用于实现用户身份验证和权限管理。这个框架使得开发者可以轻松地在Java应用程序中集成安全性,而不必深入理解底层的复杂安全...
Java Authentication and Authorization Service (JAAS) 是Java平台中用于安全性的核心组件,它为开发者提供了一种机制来处理用户身份验证和权限控制。这个服务允许应用程序执行基于角色的安全性,这意味着用户的...
Java Authentication and Authorization Service (JAAS) 是 Java 平台中用于安全管理的重要组件,它提供了一种框架,使得应用程序可以进行用户身份验证和权限控制。在本文中,我们将深入探讨 JAAS 的核心概念、工作...
Java Authentication and Authorization Service (JAAS) 是Java平台中用于安全性的框架,主要用于用户身份验证和权限授权。在Java应用程序中,尤其是服务器端应用,确保只有合法的用户能够访问资源是至关重要的。...
Java Authentication and Authorization Service (JAAS) 是Java平台中用于安全性的关键组件,它提供了一种框架,使得应用程序能够实现用户身份验证和权限管理。在这个教程中,我们将深入探讨JAAS的核心概念、工作...
Java Authentication and Authorization Service (JAAS) 是Java平台中用于安全性的关键组件,它提供了一种标准框架来实现用户身份验证和授权。在Web应用程序中,JAAS被用来控制对资源的访问,确保只有经过验证的用户...
**Java Authentication and Authorization Service (JAAS) 深入解析** JAAS,全称为Java Authentication and Authorization Service,是Java平台中的一个核心组件,用于处理应用系统的用户身份验证和权限授权。这个...
Java Authentication and Authorization Service (JAAS) 是Java平台中用于安全认证和授权的核心组件。它为开发者提供了一种标准的方式来管理用户的身份验证和访问控制,从而确保应用程序的安全性。在本精讲中,我们...
Java Authentication and Authorization Service (JAAS) 是Java平台中用于安全性的关键组件,它提供了一种框架,用于在Java应用程序中实现认证(Authentication)和授权(Authorization)。`jaas.jar` 文件是这个...
### JAAS登录验证知识点 #### 一、JAAS概述 Java Authentication and Authorization Service(JAAS)是Java平台提供的一种安全框架,它允许开发者为应用程序添加认证和授权功能。与传统的基于容器的身份验证不同,...
标题 "websphere 6 JAAS登陆例子" 描述了一个在Websphere 6版本中集成LDAP用户和实现Single Sign-On (SSO)的实践案例。这个主题涉及到Java Authentication and Authorization Service (JAAS)的安全框架,以及它如何...
### JAAS基础知识与应用 #### 一、JAAS概述 JAAS(Java Authentication and Authorization Service)作为Java平台标准版(JSE)的一部分,为Java应用程序提供了灵活且强大的身份验证和授权服务。相比于早期版本的...
Java Authentication and Authorization Service (JAAS) 是Java平台中用于安全管理的框架,它是Java Cryptography Extension (JCE) 安全框架的重要补充。JAAS的主要目标是提供用户认证和授权服务,确保应用程序能...
### JAAS基础教程详解 #### 一、JAAS概述与背景 Java Authentication and Authorization Service (JAAS) 是Java平台提供的一种灵活且可扩展的安全机制,用于确保Java应用程序的安全性。JAAS的设计理念在于通过验证...
jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas j2se例子jaas ...
### 基于JAAS的Java安全编程 #### JAAS概览 JAAS(Java Authentication and Authorization Service,Java认证与授权服务)是Sun Microsystems为Java 2平台开发的一套安全框架扩展,旨在加强Java应用程序的安全性。...