与Websphere AS的简单TAI(TrustAssociationInterceptor)

时间:2015-05-11 16:55:15

标签: websphere jaas

尝试简单实现TAI。 创建TAI类,为每个用户设置登录" user1"和"用户组"不使用UserRegistry的列表。 将角色组映射添加到我的ear-file("用户组" =>"用户角色")。 为我的战争添加了安全约束:允许具有角色"用户角色的用户访问资源"。尝试访问页面后有403错误:

[11.05.15 19:43:27:444 MSK] 0000007c WebCollaborat A   SECJ0129E: ... user2:defaultWIMFileBasedRealm ... default_host:/war/page.html, Authorization failed, Not granted any of the required roles: user-role

我错了什么? 使用WAS 8.5.5。

我的TAI实施:

package ru.test.tai;

// imports

public class SimpleTAI implements TrustAssociationInterceptor {
    public SimpleTAI() {
        super();
    }

    public boolean isTargetInterceptor(HttpServletRequest req)
            throws WebTrustAssociationException {
        System.out.println("isTargetInterceptor called");
        if (req.getRequestURI().matches(".*war.*")) {
            System.out.println("true");
            return true;
        } else {
            System.out.println("false");
            return false;
        }
    }

    public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest req,
            HttpServletResponse resp) throws WebTrustAssociationFailedException {

        String userid = "user2";
        String uniqueid = "user2";
        List<String> groups = new ArrayList<String>();
        groups.add("user-group");
        String key = "user1Key";
        Subject subject = createSubject(userid, uniqueid, groups, key);
        return TAIResult.create(HttpServletResponse.SC_OK, "notused", subject);
    }

    public int initialize(Properties arg0)
            throws WebTrustAssociationFailedException {
        return 0;
    }

    public String getVersion() {
        return "1.0";
    }

    public String getType() {
        return this.getClass().getName();
    }

    public void cleanup() {
    }

    private Subject createSubject(String userid, String uniqueid, List groups,
            String key) {
        Subject subject = new Subject();
        Hashtable hashtable = new Hashtable();
        hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID, uniqueid);
        hashtable.put(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME, userid);
        hashtable.put(AttributeNameConstants.WSCREDENTIAL_GROUPS, groups);
        System.out.println("Subject cache key is " + key);
        hashtable.put(AttributeNameConstants.WSCREDENTIAL_CACHE_KEY, key);
        subject.getPublicCredentials().add(hashtable);

        return subject;
    }
}

IBM-应用bnd.xml:

<?xml version="1.0" encoding="UTF-8"?>
<application-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee
         http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd"
    version="1.0">

    <security-role name="user-role">
        <group name="user-group" />
    </security-role>
</application-bnd>

1 个答案:

答案 0 :(得分:0)

如果您使用的是注册表中不存在的群组,那么在ArrayAdapter<String> adapter = new ArrayAdapter<String>(this,android.R.layout.simple_list_item_1,titulares); listadoTitulos.setAdapter(adapter); 中您必须添加titulares = new String[your_lenght]; 这样的内容(示例显示用户,群组):

ibm-application-bnd.xml

Realm应与您当前配置的用户注册表匹配。

相关问题
最新问题