`
Dead_knight
  • 浏览: 1202223 次
  • 性别: Icon_minigender_1
  • 来自: 杭州
博客专栏
752c8642-b795-3fe6-946e-a4e845bffdec
Spring Securi...
浏览量:240599
33caa84e-18a6-3036-a82b-6e2106a4de63
clojure专题
浏览量:49035
E17ca077-44df-3816-a3fe-471c43f6e1e5
WebLogic11g
浏览量:237060
社区版块
存档分类
最新评论

Weblogic扩展JAAS身份验证案例

阅读更多
步骤一、首先通过MDF的XML文件定义验证提供程序,文件路径为:d:\src\ImepAuthenticator.xml

<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<!-- MBean Definition File (MDF) for the Sample Authenticator.
     Copyright (c) 2003 by BEA Systems, Inc.  All Rights Reserved.
-->
<!-- Declare your mbean.
     Since it is for an authenticator, it must extend the
     weblogic.management.security.authentication.Authenticator mbean.
     The Name and DisplayName must be the same.
     They specify the name that will appear on the
     console for this provider.
     Set the PeristPolicy to "OnUpdate" so that if an attribute
     value is changed, the new value is written to disk immediately.
     See the "Developing Security Services" manual for more info.
     Note that since this is an xml document, you can't use double
     quotes directly.  Instead you need to use &quot;
     Note that setting "Writeable" to "false" on an attribute
     makes the attribute read-only.  The default is read-write.
-->
<MBeanType
Name          = "ImepSecurityAuthenticator"
DisplayName   = "Imep Security Authenticator"
Package       = "com.imep.security"
Extends       = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<!-- You must set the value of the ProviderClassName attribute
      (inherited from the weblogic.management.security.Provider mbean)
      to the name of the java class you wrote that implements the
      weblogic.security.spi.AuthenticationProvider interface.
      You can think of the provider's mbean as the factory
      for your provider's runtime implementation.
-->
<MBeanAttribute
  Name          = "roviderClassName"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;com.imep.security.ImepAuthProviderImpl&quot;"
/>
<!-- You must set the value of the Description attribute
      (inherited from the weblogic.management.security.Provider mbean)
      to a brief description of your provider.
      It is displayed in the console.
-->
<MBeanAttribute
  Name          = "Description"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;Authenticator used for the MedRec sample application only&quot;"
/>
<!-- You must set the value of the Version attribute
      (inherited from the weblogic.management.security.Provider mbean)
      to your provider's version.  There is no required format.
-->
<MBeanAttribute
  Name          = "Version"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;1.0&quot;"
/>
<!-- Add any custom attributes for your provider here.
      The sample authenticator does not have any custom attributes.
      Note: custom attributes do not appear in the
      console in WLS 7.0.  Use the admin command line tool
      (java weblogic.Admin) to view and set their values.
      Refer to the "Developing Security Services" manual
      for more info on defining custom attributes.
-->
</MBeanType>


步骤二、使用MbeanMaker实用工具来处理MDF文件,并生成MBean和桩:

D:\>java -classpath "D:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;D:
\bea\weblogic81\server\lib\weblogic.jar;D:\bea\jdk142_05\lib\tools.jar;D:\bea\jd
k142_05\lib\rt.jar;d:\src" -DcreateStubs="true" weblogic.management.commo.WebLog
icMBeanMaker -MDF d:\src\ImepAuthenticator.xml -files d:\src
Parsing the MBean definition file: d:\src\ImepAuthenticator.xml
Generating the source files...
Generating the MBean interface file...
Generating the MBean implementation file...
Compiling the implementation file...
Compiling these files   d:\src\ImepSecurityAuthenticatorImpl.java
Generating the MBI generator file...
Compiling the MBI generator file...
Compiling these files   d:\src\ImepSecurityAuthenticatorMBI.java
Creating the MBI file...
Deleting the MBI generator temp files.......
Done.

步骤三、通过com.imep.security.ImepAuthProviderImpl类中设置JAAS验证模块

    private AppConfigurationEntry getConfiguration(HashMap hashmap)
    {
        hashmap.put("database", new ImepAuthDatabase());
        return new AppConfigurationEntry("com.imep.security.ImepLoginModuleImpl", controlFlag, hashmap);
    }

其中com.imep.security.ImepLoginModuleImpl实现LoginModule

步骤四、在com.imep.security.ImepLoginModuleImpl验证模块中,实现自定义验证:
实现源码在附件中

步骤五、将以上代码打成jar包,并通过WebLogicMBeanMaker打成MJF包:

D:\>java -classpath "D:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;D:
\bea\weblogic81\server\lib\weblogic.jar;D:\bea\jdk142_05\lib\tools.jar;D:\bea\jd
k142_05\lib\rt.jar;d:\src" -DcreateStubs="true" weblogic.management.commo.WebLog
icMBeanMaker -MJF ImepAuthenticatorProvider.jar -files d:\src
Compiling the files...
Compiling these files   d:\src\ImepSecurityAuthenticatorImpl.java
   d:\src\ImepSecurityAuthenticatorMBean.java
   d:\src\ImepSecurityAuthenticatorMBI.java
Creating the MJF...
MJF is created.
Done.

步骤六、将MJF包:
ImepAuthenticatorProvider.jar 放置到
D:\bea\weblogic81\server\lib\mbeantypes\下,
并登录weblogic的console控制台,在
domain->Security->Realms->myrealm->roviders->Authentication
中添加Imep Security Authenticator即可。
  • src.rar (7.7 KB)
  • 下载次数: 104
分享到:
评论
9 楼 haoppywang 2014-09-28  
hello, 我最近需要做Weblogic的自定义登陆模块,有问题想请教一下。qq:2324366756
8 楼 genius 2011-04-22  
大哥,非常感谢,文章写的不错,不过在创建的过程中碰到点细节问题,例如:Authenticator.xml 是放在mbeantypes里面执行的,要不然会报找不到commo.dtd的错误。还有,顺带问一下,这些开发有没有好的工具支持一下,我搞你这个例子搞到晚上二点多呢。
7 楼 Dead_knight 2011-04-21  
忘记提醒你了,配置domain->Security->Realms->myrealm->roviders->Authentication时,需要重新设置鉴权顺序,点击“Re-order the Configured Authentication Providers”,然后将你的移动最上面,并且需要设置Control Flag的值为sufficient
6 楼 genius 2011-04-21  
我测试他不进去啊,我在里面的打印信息没出来。
5 楼 Dead_knight 2011-04-21  
就是部署一个web应用,通过在web.xml和weblogic.xml中设置角色等信息,然后登录页面用j_security_check处理,应该就能测试了
4 楼 genius 2011-04-21  
大哥,我做好了,怎么去测试呢?
3 楼 genius 2011-04-21  
我重新做了一遍好了。非常感谢!
2 楼 Dead_knight 2011-04-21  
进入weblogic控制台,进入如下路径
domain->Security->Realms->myrealm->roviders->Authentication
即可看到所有的鉴权列表,包括自定义的JAAS模块
1 楼 genius 2011-04-21  
你好,按照你说的,我最后放到mbeantypes,它没有显示啊。 他会自动显示在下拉列表吗?还有,你的roviders 少个P,应该是Providers吧?

相关推荐

    WLS 实战集锦-weblogic

    通过WebLogic的安全配置,可以实现用户身份验证、权限管理和审计功能。 8. **性能优化** 优化WebLogic Server涉及调整内存设置、线程池大小、缓存策略等。通过监控和诊断工具,可以分析性能瓶颈,进行针对性优化。...

    javaee课设应急供货系统可复制版本共34页.pdf.z

    5. 安全性:考虑到数据敏感性,系统应包含身份验证和授权机制,例如使用JAAS(Java Authentication and Authorization Service)和SSL/TLS协议来保护用户信息和交易安全。 6. 部署与容器:JavaEE应用通常部署在应用...

    J2EE课程设计--仓库管理系统.rar

    1. 用户认证与授权:这是任何系统的基础,J2EE中的Servlet和JSP可以实现用户登录界面,而JAAS(Java Authentication and Authorization Service)则负责处理用户的身份验证和权限控制。 2. 数据持久化:通过JDBC...

    GemstonesInternational.pdf【oracle OCM认证2018年6月1Z0-865】

    同时,需要考虑身份验证和授权机制,如OAuth或JAAS(Java Authentication and Authorization Service)。 6. **性能和可扩展性**:考虑到需要处理大量实时数据,系统应能处理高并发,并且能够随着业务增长而扩展。...

    J2EE架构师培训手册

    11. **安全性**:涉及身份验证、授权、加密以及合规性要求,如SSL/TLS、JAAS(Java Authentication and Authorization Service)等。 12. **持续集成与部署**:如Jenkins、Maven和Docker等工具的使用,能提升开发...

    CRMS客户关系管理系统

    6. **安全控制**:集成JAAS(Java Authentication and Authorization Service),实现用户身份验证和权限控制,保障系统安全。 7. **部署与伸缩性**:J2EE应用服务器如Tomcat、WildFly、WebLogic等提供了高可用性和...

    J2EE架构师手册

    6. **安全与认证**:J2EE平台内置了安全机制,包括角色基的访问控制(RBAC)、SSL/TLS加密、容器管理的身份验证和授权,以及JAAS(Java Authentication and Authorization Service)。 7. **部署与容器**:J2EE应用...

    J2EE电子票务分销系统

    - **JAAS**:Java Authentication and Authorization Service,用于用户身份验证和权限控制。 - **HTTPS**:确保数据传输的安全性,防止敏感信息被窃取。 - **角色与权限**:定义不同用户角色(如管理员、普通...

    Hotel:基于J2EE的web酒店预订系统的管理员web端

    “Hotel”系统可能采用了Spring Security或 JAAS(Java Authentication and Authorization Service)进行用户身份验证和权限控制,保护系统免受非法访问。 7. **数据库设计**: 数据库是系统的基础,合理的表结构...

Global site tag (gtag.js) - Google Analytics