Weblogic扩展JAAS身份验证案例

步骤一、首先通过MDF的XML文件定义验证提供程序，文件路径为：d:\src\ImepAuthenticator.xml

<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<!-- MBean Definition File (MDF) for the Sample Authenticator.
     Copyright (c) 2003 by BEA Systems, Inc.  All Rights Reserved.
-->
<!-- Declare your mbean.
     Since it is for an authenticator, it must extend the
     weblogic.management.security.authentication.Authenticator mbean.
     The Name and DisplayName must be the same.
     They specify the name that will appear on the
     console for this provider.
     Set the PeristPolicy to "OnUpdate" so that if an attribute
     value is changed, the new value is written to disk immediately.
     See the "Developing Security Services" manual for more info.
     Note that since this is an xml document, you can't use double
     quotes directly.  Instead you need to use &quot;
     Note that setting "Writeable" to "false" on an attribute
     makes the attribute read-only.  The default is read-write.
-->
<MBeanType
Name          = "ImepSecurityAuthenticator"
DisplayName   = "Imep Security Authenticator"
Package       = "com.imep.security"
Extends       = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<!-- You must set the value of the ProviderClassName attribute
      (inherited from the weblogic.management.security.Provider mbean)
      to the name of the java class you wrote that implements the
      weblogic.security.spi.AuthenticationProvider interface.
      You can think of the provider's mbean as the factory
      for your provider's runtime implementation.
-->
<MBeanAttribute
  Name          = "roviderClassName"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;com.imep.security.ImepAuthProviderImpl&quot;"
/>
<!-- You must set the value of the Description attribute
      (inherited from the weblogic.management.security.Provider mbean)
      to a brief description of your provider.
      It is displayed in the console.
-->
<MBeanAttribute
  Name          = "Description"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;Authenticator used for the MedRec sample application only&quot;"
/>
<!-- You must set the value of the Version attribute
      (inherited from the weblogic.management.security.Provider mbean)
      to your provider's version.  There is no required format.
-->
<MBeanAttribute
  Name          = "Version"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;1.0&quot;"
/>
<!-- Add any custom attributes for your provider here.
      The sample authenticator does not have any custom attributes.
      Note: custom attributes do not appear in the
      console in WLS 7.0.  Use the admin command line tool
      (java weblogic.Admin) to view and set their values.
      Refer to the "Developing Security Services" manual
      for more info on defining custom attributes.
-->
</MBeanType>

步骤二、使用MbeanMaker实用工具来处理MDF文件，并生成MBean和桩：

D:\>java -classpath "D:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;D:
\bea\weblogic81\server\lib\weblogic.jar;D:\bea\jdk142_05\lib\tools.jar;D:\bea\jd
k142_05\lib\rt.jar;d:\src" -DcreateStubs="true" weblogic.management.commo.WebLog
icMBeanMaker -MDF d:\src\ImepAuthenticator.xml -files d:\src
Parsing the MBean definition file: d:\src\ImepAuthenticator.xml
Generating the source files...
Generating the MBean interface file...
Generating the MBean implementation file...
Compiling the implementation file...
Compiling these files   d:\src\ImepSecurityAuthenticatorImpl.java
Generating the MBI generator file...
Compiling the MBI generator file...
Compiling these files   d:\src\ImepSecurityAuthenticatorMBI.java
Creating the MBI file...
Deleting the MBI generator temp files.......
Done.

步骤三、通过com.imep.security.ImepAuthProviderImpl类中设置JAAS验证模块

    private AppConfigurationEntry getConfiguration(HashMap hashmap)
    {
        hashmap.put("database", new ImepAuthDatabase());
        return new AppConfigurationEntry("com.imep.security.ImepLoginModuleImpl", controlFlag, hashmap);
    }

其中com.imep.security.ImepLoginModuleImpl实现LoginModule

步骤四、在com.imep.security.ImepLoginModuleImpl验证模块中，实现自定义验证：
实现源码在附件中

步骤五、将以上代码打成jar包，并通过WebLogicMBeanMaker打成MJF包：

D:\>java -classpath "D:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;D:
\bea\weblogic81\server\lib\weblogic.jar;D:\bea\jdk142_05\lib\tools.jar;D:\bea\jd
k142_05\lib\rt.jar;d:\src" -DcreateStubs="true" weblogic.management.commo.WebLog
icMBeanMaker -MJF ImepAuthenticatorProvider.jar -files d:\src
Compiling the files...
Compiling these files   d:\src\ImepSecurityAuthenticatorImpl.java
   d:\src\ImepSecurityAuthenticatorMBean.java
   d:\src\ImepSecurityAuthenticatorMBI.java
Creating the MJF...
MJF is created.
Done.

步骤六、将MJF包：
ImepAuthenticatorProvider.jar 放置到
D:\bea\weblogic81\server\lib\mbeantypes\下，
并登录weblogic的console控制台，在
domain->Security->Realms->myrealm->roviders->Authentication
中添加Imep Security Authenticator即可。

评论

9 楼 haoppywang 2014-09-28  

hello, 我最近需要做Weblogic的自定义登陆模块，有问题想请教一下。qq:2324366756

8 楼 genius 2011-04-22  

大哥，非常感谢，文章写的不错，不过在创建的过程中碰到点细节问题，例如：Authenticator.xml 是放在mbeantypes里面执行的，要不然会报找不到commo.dtd的错误。还有，顺带问一下，这些开发有没有好的工具支持一下，我搞你这个例子搞到晚上二点多呢。

7 楼 Dead_knight 2011-04-21  

忘记提醒你了，配置domain->Security->Realms->myrealm->roviders->Authentication时，需要重新设置鉴权顺序，点击“Re-order the Configured Authentication Providers”，然后将你的移动最上面，并且需要设置Control Flag的值为sufficient

6 楼 genius 2011-04-21  

我测试他不进去啊，我在里面的打印信息没出来。

5 楼 Dead_knight 2011-04-21  

就是部署一个web应用，通过在web.xml和weblogic.xml中设置角色等信息，然后登录页面用j_security_check处理，应该就能测试了

4 楼 genius 2011-04-21  

大哥，我做好了，怎么去测试呢？

3 楼 genius 2011-04-21  

我重新做了一遍好了。非常感谢！

2 楼 Dead_knight 2011-04-21  

进入weblogic控制台，进入如下路径
domain->Security->Realms->myrealm->roviders->Authentication
即可看到所有的鉴权列表，包括自定义的JAAS模块

1 楼 genius 2011-04-21  

你好，按照你说的，我最后放到mbeantypes,它没有显示啊。 他会自动显示在下拉列表吗？还有，你的roviders 少个P,应该是Providers吧？