我想对我的Web应用程序使用JAAS身份验证。我不知道错误在哪里。我没有收到任何错误消息,但是登录部分无法正常工作。
我有一个HTML页面(index.html)作为首页。登录时,获取用户名和密码,并将其带到servlet。
index.html
<html>
<head>
<title>Login
</title>
</head>
<body>
<br><br>
<center>
<h1>Railway Reservation</h1>
<br><br>
<form action="Authentication" method="post">
User Name:<input type="text" name="user"><br><br>
Password:<input type="password" name="pass"><br><br>
<input type="submit" value="Login">
</form>
</center>
</body>
</html>
Authentication.java
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.WebServlet;
import javax.security.auth.login.*;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
public class Authentication extends HttpServlet
{
public Authentication()
{
super();
}
protected void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException
{
response.setContentType("text/html");
PrintWriter pw = response.getWriter();
pw.println("hiii");
String user = request.getParameter("user");
String password = request.getParameter("pass");
pw.println(user + " " + password );
if((user!=null)&&(password!=null))
{
pw.println("if");
CBHandler cbhandler = new CBHandler(user,password);
boolean authFlag = true;
try
{
HttpSession session = request.getSession();
session.setAttribute("username",user);
pw.println("inside try block");
System.setProperty("java.security.auth.login.config","jaas.config");
LoginContext loginContext = new LoginContext("Railway",cbhandler);
loginContext.login();
pw.println("try ");
}
catch(LoginException e)
{
pw.println(e);
e.printStackTrace();
authFlag = false;
pw.println("hello");
}
if(authFlag)
{
pw.println(user + " " + password);
pw.println("Authentication success...");
Connection con = DB.getDBconnection();
if(con!=null)
{
String sql = "select role from login where uname=?";
try
{
PreparedStatement pst = con.prepareStatement(sql);
pst.setString(1,user);
ResultSet rs = pst.executeQuery();
rs.next();
String role = rs.getString("role");
if(role.equals("user"))
response.sendRedirect("user.jsp");
else
response.sendRedirect("admin.jsp");
}
catch(Exception e)
{
pw.println(e);
}
}
}
else
pw.println("Authentication failed...");
}
else
{
pw.println("Invalid authentication...");
}
}
}
CBHandler.java
import java.io.*;
import javax.security.auth.callback.*;
public class CBHandler implements CallbackHandler
{
private String user = null;
private String password = null;
public CBHandler(String user,String password)
{
this.user = user;
this.password = password;
}
@Override
public void handle(Callback[] callbackArray) throws IOException,UnsupportedCallbackException
{
int counter = 0;
while(counter < callbackArray.length)
{
if(callbackArray[counter] instanceof NameCallback)
{
NameCallback nameCallback = (NameCallback)callbackArray[counter++];
nameCallback.setName(user);
}
else if(callbackArray[counter] instanceof PasswordCallback)
{
PasswordCallback passwordCallback = (PasswordCallback)callbackArray[counter++];
passwordCallback.setPassword(password.toCharArray());
}
}
}
}
LoginMod.java
import java.util.*;
import java.sql.*;
import java.io.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.* ;
import javax.security.auth.spi.LoginModule;
public class LoginMod implements LoginModule
{
private CallbackHandler callbackHandler = null;
private boolean successFlag = false;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler,Map<String,?> sharedState,Map<String,?> options)
{
this.callbackHandler = callbackHandler;
}
@Override
public boolean login() throws LoginException
{
Callback[] callbackArray = new Callback[2];
callbackArray[0] = new NameCallback("User Name: ");
callbackArray[1] = new PasswordCallback("Password : ",false);
try
{
callbackHandler.handle(callbackArray);
}
catch(IOException e)
{
e.printStackTrace();
}
catch(UnsupportedCallbackException e)
{
e.printStackTrace();
}
String name = ((NameCallback) callbackArray[0]).getName();
String password = new String(((PasswordCallback) callbackArray[1]).getPassword());
if((name.equals("root"))&&(password.equals("root")))
{
System.out.println("auth success");
successFlag = true;
}
else
{
successFlag = false;
throw new FailedLoginException ("auth failed");
}
return successFlag;
}
@Override
public boolean commit() throws LoginException
{
return successFlag;
}
@Override
public boolean abort() throws LoginException
{
return false;
}
@Override
public boolean logout() throws LoginException
{
return false;
}
}
jaas.config
Railway
{
LoginMod required debug=true;
};
运行此代码时,我将其作为输出获取
hiii root root if inside try block
答案 0 :(得分:0)
我要去的地方是在java.security文件中提供配置文件的位置,该文件位于C:\Program Files\Java\jre1.8.0_77\lib\security\java.security中。
在Windows中复制jaas.config文件的路径时,该路径以反斜杠(/)给出,应将其替换为正斜杠(\)。
例如,它应该像login.config.url.1=file:D:/mani/java/sample_jaas.config而不是login.config.url.1=file:D:\mani\java\sample_jaas.config
我想这对某人会有帮助。