Take XForum how to use JaAS to do user authentication

xiaoxiao2021-03-06  51

Author charles @ chinaxp.org

Take XForum how to use JaAS to do user authentication

Jaa's simple process:

Initialize a generic logincontext

Call logincontext.login () Verify users

If successful, get a Subject Object that represents the current user contains user data.

Uncomfortable get a loginexception

development process:

1. Create User Object of IMPLEMENTS JAVA.SECUIRTY.PRINCIPAL because the data in Subject must be

Pricipal, so we recommend a user Principal, this Principal currently saves username information.

2. Create a customized LoginModule, this class needs import javax.security.auth.spi.loginmodule;

Since XForum uses the MySQL database as the data source of user data, we create a Database LoginModule.

All Methods in LoginModule are called by a generic logincontext.

/ *

* A Dependent Database Login Module for Jaas

* And create the connection

*

* @Author Charles Huang

* @since jdk1.4

* @version $ ID: DatabaseLoginmodule.java, V 1.1 2002/09/10 02:05:48 Charles Exp $

* /

Public Class DatabaseLoginmodule Implements Loginmodule {

/ **

*

* /

Public void Initialize (Subject Subject, CallbackHandler CallbackHandler,

Map SharedState, Map Options) {

THIS.SUBJECT = SUBJECT;

// CallbackHandler is JaAs used in the user's Application

/ / For example, the user interface of JSP or SWING Application and the data between LoginModule

// Data Holder

This.CallbackHandler = CallbackHandler;

}

Public boolean login () throws loginexception {

Try {

// Use Callback Objects

Final Callback [] Calls = New Callback [2];

Calls [0] = New NameCallback ("Name");

Calls [1] = New PasswordCallback ("Password", False;

/ / Get users from CallbackHandler

// Enter the username and password,

CallbackHandler.Handle (Calls);

// Query the database, the password

} catCh (AccountNotFoundException) {

Throw Loginexceptionm ("No Such User");

}

Isauthenticated = true;

Return isauthenticated;

}

/ **

* Here is the verification process, if XForum is successful, join the username in Subject. A Subject represents one

* Verified

* User. Subject can include rich data, such as user name, role and other data, will be referenced by the web application

* /

Public boolean commit () throws loginexception {if (isauthenticated) {

Subject.getPrincipals (). Add (username);

// Todo: PUT in role information lat

} else {

Throw New Loginexception ("Authentication Fails");

}

Return isauthenticated;

}

......

}

3. Create a customized CallbackHandler to deliver data between the user's Application and LoginModule. Because of the web

Application does not call LoginModul directly. This uses the CallbackHandler in Visitor Pattern.xForum.

Hand two data: username and password

Public Class SimpleCallbackHandler Implements CallbackHandler {

PRIVATE STRING UserName;

PRIVATE STRING Password;

Public SIMPLECALLBACKHANDLER (FINAL STRING PASSWORD) {

THIS.USERNAME = UserName;

this.password = password;

}

// In LoginModule's Login Method, loginmodule calls this handle () and Pass IN

// Callback Objects, two Callback Objects are populated

Public void Handle (Callback [] CallBacks)

Throws oException, unsupportedCallbackException {

For (int index = 0; index

IF (Callbacks [index] instanceof namecallback) {

NameCallback NCB = (NameCallback) Callbacks [index];

ncb.setname (username);

}

IF (Callbacks [index] instanceof passwordcallback {

PasswordCallback PCB = (PasswordCallback) Callbacks [index];

PCB.SetPassword (Password.tochararray ());

}

}

}

}

4. Use JaaS strict users in Web Application, in Xforum, this is in logonaction

......

// let the logincontext instantiate a new subject, where UserName and Password

// Get from httpRequest and transfer to LoginModule with SimpleCallbackHandler

LoginContext lc = new logincontext ("xforumlogin",

New SimpleCallbackHandler (Username, Password);

// logincontext calls LoginModule's login () to verify the user

Lc.login ();

// Get a verified subject object, this subject contains a user object

SUBJECT = lc.getsubject (); ...

5. LoginContext in the Configuration File.jaas of the establishment of LoginModule will see this file and dynamically load this

Class and generating a LoginModule Instance to verify the user, in the XForum in the configuration file

XForumlogin.config

XForumlogin {

Org.redsoft.forum.security.databaseEloginmodule Required Debug = true;

}

6. Modify {java_home} /jre/lib/security/java.security to tell JaaS configuration file XForumlogin.config

in

#

# Default login configuration file

#

Login.config.url.1 = file: e: /jakarta-tomcat-4.0.2/webapps/forum/web-inf/xforumlogin.config

Take the Tomcat, DONE

转载请注明原文地址:https://www.9cbs.com/read-116177.html

New Post(0)