jaas 入门

gavinlau

浏览: 295671 次
性别:
来自: 上海

最近访客更多访客>>

icedcoco

stanley_llin

yonghong

bichonghai_1111

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

Liferay portal研究

Security DAO QQ J2SE SUN

本例是认证的实现，JAAS定义了可插拔的认证机制，使认证逻辑独立开来，可通过修改配置文件切换认证模块。

官方参考：
http://java.sun.com/products/archive/jaas/
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html
security.pdf

一、配置文件及设置

1. 配置文件（假设为D:/jaas.conf）：

Xml代码

Sample
{
com.fastunit.samples.jaas.SampleLoginModule required debug=false;
};

Sample
{
  com.fastunit.samples.jaas.SampleLoginModule required debug=false;
};

此文件定义了一个“Sample”验证模块，使用SampleLoginModule来进行验证。

2. 启用配置文件：
-Djava.security.auth.login.config=D:/jaas.conf

二、客户端调用

Java代码

package javaapplication3;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
/**
*
* @author Dao
*/
public class LoginManager
{
public LoginManager()
{
}
public static void main(String[] args)
{
try
{
String username = "username";
String password = "password";
//此处指定了使用配置文件的“Sample"验证模块，对应的实现类为SampleLoginModule
LoginContext lc = new LoginContext("Sample", new SampleCallbackHandler(username, password));
//进行登录操作，如果验证失败会抛出异常
lc.login();
}
catch (LoginException e)
{
e.printStackTrace();
}
catch (SecurityException e)
{
e.printStackTrace();
}
}
}

package javaapplication3;

import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/**
 *
 * @author Dao
 */
public class LoginManager 
{
  

  public LoginManager()
  {
    
  }
  
  public static void main(String[] args)
  {
    try
    {
      String username = "username";
      String password = "password";
      
      //此处指定了使用配置文件的“Sample"验证模块，对应的实现类为SampleLoginModule
      LoginContext lc = new LoginContext("Sample", new SampleCallbackHandler(username, password));
      
      //进行登录操作，如果验证失败会抛出异常
      lc.login();
    }
    catch (LoginException e)
    {
      e.printStackTrace();
    }
    catch (SecurityException e)
    {
      e.printStackTrace();
    }
  }
}

Java代码

package javaapplication3;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
*
* @author Dao
*/
public class SampleCallbackHandler implements CallbackHandler
{
private String username;
private String password;
public SampleCallbackHandler(String username, String password)
{
this.username = username;
this.password = password;
}
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++)
{
if (callbacks[i] instanceof NameCallback)
{
NameCallback ncb = (NameCallback) callbacks[i];
ncb.setName(this.username);
}
else if (callbacks[i] instanceof PasswordCallback)
{
PasswordCallback pcb = (PasswordCallback) callbacks[i];
pcb.setPassword(this.password.toCharArray());
}
}
}
}

package javaapplication3;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

/**
 *
 * @author Dao
 */
public class SampleCallbackHandler implements CallbackHandler
{
  private String username;
  private String password;

  public SampleCallbackHandler(String username, String password)
  {
    this.username = username;
    this.password = password;
  }

  public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
  {
    for (int i = 0; i < callbacks.length; i++)
    {
      if (callbacks[i] instanceof NameCallback)
      {
        NameCallback ncb = (NameCallback) callbacks[i];
        ncb.setName(this.username);
      }
      else if (callbacks[i] instanceof PasswordCallback)
      {
        PasswordCallback pcb = (PasswordCallback) callbacks[i];
        pcb.setPassword(this.password.toCharArray());
      }
    }
  }
}

三、验证实现

Java代码

package javaapplication3;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
/**
*
* @author Dao
*/
public class SampleLoginModule implements LoginModule
{
private boolean isAuthenticated = false;
private CallbackHandler callbackHandler;
private Subject subject;
private SamplePrincipal principal;
public SampleLoginModule()
{
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
}
public boolean login() throws LoginException
{
try
{
NameCallback nameCallback = new NameCallback("username");
PasswordCallback passwordCallback = new PasswordCallback("password", false);
Callback[] calls = new Callback[]{nameCallback, passwordCallback};
this.callbackHandler.handle(calls);
//获得用户数据
String username = nameCallback.getName();
String password = String.valueOf(passwordCallback.getPassword());
//TODO验证，如：查询数据库、LDAP。。。
if (true) //此处省去了实际的验证逻辑，在此假设验证通过
{
this.principal = new SamplePrincipal(username);
this.isAuthenticated = true;
}
else
{
throw new LoginException("user or password is wrong");
}
}
catch (IOException e)
{
throw new LoginException("no such user");
}
catch (UnsupportedCallbackException e)
{
throw new LoginException("login failure");
}
return this.isAuthenticated;
}
/**
* 验证后处理，在Subject中加入用户对象
* @return
* @throws javax.security.auth.login.LoginException
*/
public boolean commit() throws LoginException
{
if (this.isAuthenticated)
{
this.subject.getPrincipals().add(this.principal);
}
else
{
throw new LoginException("Authentication failure");
}
return this.isAuthenticated;
}
public boolean abort() throws LoginException
{
return false;
}
public boolean logout() throws LoginException
{
this.subject.getPrincipals().remove(this.principal);
this.principal = null;
return true;
}
}

package javaapplication3;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/**
 *
 * @author Dao
 */
public class SampleLoginModule implements LoginModule
{
  private boolean isAuthenticated = false;
  private CallbackHandler callbackHandler;
  private Subject subject;
  private SamplePrincipal principal;

  public SampleLoginModule()
  {
    
  }

  public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options)
  {
    this.subject = subject;
    this.callbackHandler = callbackHandler;
  }

  public boolean login() throws LoginException
  {
    try
    {
      NameCallback nameCallback = new NameCallback("username");
      PasswordCallback passwordCallback = new PasswordCallback("password", false);
      
      Callback[] calls = new Callback[]{nameCallback, passwordCallback};
      
      this.callbackHandler.handle(calls);
      
      //获得用户数据
      String username = nameCallback.getName();
      String password = String.valueOf(passwordCallback.getPassword());
      
      //TODO验证，如：查询数据库、LDAP。。。
      if (true)  //此处省去了实际的验证逻辑，在此假设验证通过
      {
        this.principal = new SamplePrincipal(username);
        
        this.isAuthenticated = true;
      }
      else
      {
        throw new LoginException("user or password is wrong");
      }
    }
    catch (IOException e)
    {
      throw new LoginException("no such user");
    }
    catch (UnsupportedCallbackException e)
    {
      throw new LoginException("login failure");
    }
    
    return this.isAuthenticated;
  }

  /**
   * 验证后处理，在Subject中加入用户对象
   * @return
   * @throws javax.security.auth.login.LoginException
   */
  public boolean commit() throws LoginException
  {
    if (this.isAuthenticated)
    {
      this.subject.getPrincipals().add(this.principal);
    }
    else
    {
      throw new LoginException("Authentication failure");
    }
    
    return this.isAuthenticated;
  }

  public boolean abort() throws LoginException
  {
    return false;
  }

  public boolean logout() throws LoginException
  {
    this.subject.getPrincipals().remove(this.principal);
    
    this.principal = null;
    
    return true;
  }
}

Java代码

package javaapplication3;
import java.security.Principal;
/**
*
* @author Dao
*/
public class SamplePrincipal implements Principal
{
private String name;
public SamplePrincipal(String name)
{
this.name = name;
}
public String getName()
{
return name;
}
public boolean equals(Object ob)
{
if (ob instanceof SamplePrincipal)
{
SamplePrincipal principal = (SamplePrincipal) ob;
return this.name.equalsIgnoreCase(principal.getName());
}
return false;
}
public int hashCode()
{
return name.toUpperCase().hashCode();
}
}

分享到：

osgi | JAAS HelloWorld

2010-03-04 17:10
浏览 1909
评论(0)
分类:编程语言
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

jaas 入门

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

jaas 入门

评论

发表评论

相关推荐

ogl的入门

JAAS HelloWorld

liferay sso

liferay 权限

liferay多数据源

杂项2

Simple Apache CXF web service integration

LiferayCounter机制

lifery 老的资源

liferay portal 的开发目录结构

liferay 常用urls

liferay 调用webservice

Database Sharding

Liferay权限管理的讲解

ServiceContext Pattern

Liferay性能调优

Liferay重要对象-Layout

liferay常用配置

liferay学习系列（3）

liferay学习系列（2）

最近访客更多访客>>