我用JAAS auth创建了简单的Web应用程序,一切正常,但我需要在servlet中获取用户的角色列表,我得到主题,但它不会返回任何角色列表和相关的主体。它只返回第一个添加的主体?为什么这样?如何获得角色?
这里是我的消息来源:
AccLoginModule.java
public class AccLoginModule implements LoginModule {
public Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
private AccPrincipal principal;
private boolean committed = false;
@Override
public boolean abort() throws LoginException {
System.out.println("abort");
if (!committed)
return false;
if (principal != null) {
logout();
principal = null;
}
return true;
}
@Override
public boolean commit() throws LoginException {
try {
if (subject.getPrincipals().size() == 0) {
subject.getPrincipals().add(new AccPrincipal("principal 1"));
subject.getPrincipals().add(new AccPrincipal("principal 2"));
subject.getPrincipals().add(new AccRole("Acc User"));
subject.getPrincipals().add(new AccRole("Acc User1"));
}
return true;
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
@Override
public boolean login() throws LoginException {
// System.out.println("login");
if (callbackHandler == null)
throw new LoginException("No CallbackHandler specified");
Callback callbacks[] = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
// Interact with the user to retrieve the username and password
String username = null;
String password = null;
try {
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
password = new String(((PasswordCallback) callbacks[1]).getPassword());
return true;
} catch (Exception e) {
throw new LoginException(e.toString());
}
}
@Override
public boolean logout() throws LoginException {
System.out.println("logout");
committed = false;
subject.getPrincipals().remove(principal);
return false;
}
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
}
public Subject getSubject() {
return subject;
}
public void setSubject(Subject subject) {
this.subject = subject;
}
}
AccPrincipal
public class AccPrincipal implements Principal, Serializable {
/**
*
*/
private static final long serialVersionUID = 5002820876845306935L;
private final String loginResponse;
public AccPrincipal(String lr) {
this.loginResponse=lr;
}
@Override
public String getName() {
return loginResponse;
}
public String getLoginResponse() {
return loginResponse;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((loginResponse == null) ? 0 : loginResponse.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AccPrincipal other = (AccPrincipal) obj;
if (loginResponse == null) {
if (other.loginResponse != null)
return false;
} else if (!loginResponse.equals(other.loginResponse))
return false;
return true;
}
}
AccRole
public class AccRole implements Principal, Serializable {
/**
*
*/
private static final long serialVersionUID = 2764250372647034496L;
private String name;
public AccRole(String name){
this.name = name;
}
@Override
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((name == null) ? 0 : name.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AccRole other = (AccRole) obj;
if (name == null) {
if (other.name != null)
return false;
} else if (!name.equals(other.name))
return false;
return true;
}
}
context.xml中
<Context>
<Realm className="org.apache.catalina.realm.JAASRealm" appName="acczk"
userClassNames="com.laws.acc.jaas.AccPrincipal"
roleClassNames="com.laws.acc.jaas.AccRole">
</Realm>
</Context>
MyServlet.java
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
final Subject subject = Subject.getSubject(AccessController.getContext());
for (Principal princ : subject.getPrincipals()) {
System.out.println(princ.getName());
}
}
控制台:
09.04.2012 17:11:29 org.apache.catalina.startup.Catalina start
INFO: Server startup in 1385 ms
principal 1
我如何获得所有实体主体(主体+角色)?我做错了什么?
答案 0 :(得分:1)
Tomcat和Java EE一般不会那样工作。您无法以您的方式访问主题。
有关完整说明,请参阅此答案:Tomcat-Jaas - How to retrieve subject?