我想在我的webapp上使用JAAS Authentification。
为此,我有以下课程:
UserPrincipal:
import java.security.Principal;
public class UserPrincipal implements Principal {
private String name = "";
public UserPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
RolePrincipal:
import java.security.Principal;
public class RolePrincipal implements Principal {
private String name = "";
public RolePrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
的LoginModule:
public class MyLoginModule implements LoginModule {
private CallbackHandler callbackHandler = null;
private Subject subject = null;
private UserPrincipal userPrincipal = null;
private RolePrincipal rolePrincipal = null;
private String login = null;
private List<String> userGroups = null;
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
this.callbackHandler = callbackHandler;
this.subject = subject;
}
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("login");
callbacks[1] = new PasswordCallback("password", true);
try {
callbackHandler.handle(callbacks);
String name = ((NameCallback)callbacks[0]).getName();
String password = String.valueOf(((PasswordCallback) callbacks[1]).getPassword());
if(name != null && name.equals("admin") && password != null && password.equals("admin")) {
this.login = name;
this.userGroups = new ArrayList<String>();
this.userGroups.add("admin");
return true;
}
throw new LoginException("Authentication failed");
} catch (IOException e) {
throw new LoginException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new LoginException(e.getMessage());
}
}
public boolean commit() throws LoginException {
this.userPrincipal = new UserPrincipal(this.login);
this.subject.getPrincipals().add(this.userPrincipal);
if(this.userGroups != null && this.userGroups.size() > 0) {
for(String groupName: this.userGroups) {
this.rolePrincipal = new RolePrincipal(groupName);
this.subject.getPrincipals().add(this.rolePrincipal);
}
}
return true;
}
public boolean abort() throws LoginException {
return false;
}
public boolean logout() throws LoginException {
this.subject.getPrincipals().remove(this.userPrincipal);
this.subject.getPrincipals().remove(this.rolePrincipal);
return true;
}
}
如何告诉我的Glassfish服务器他必须使用MyLoginModule 作为LoginModule?
我的web.xml安全配置是:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Admin</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
我发现的文档实际上并不清楚。
希望有人知道!
答案 0 :(得分:4)
编辑config / login.conf并为您使用的领域添加LoginModule。在您的web.xml中,您使用“Admin”域(域名)。所以我猜你的login.conf文件应该是这样的:
Admin {
com.mycompany.MyLoginModule required;
}