Author charles @ chinaxp.org
Take XForum how to use JaAS to do user authentication
Jaa's simple process:
Initialize a generic logincontext
Call logincontext.login () Verify users
If successful, get a Subject Object that represents the current user contains user data.
Uncomfortable get a loginexception
development process:
1. Create User Object of IMPLEMENTS JAVA.SECUIRTY.PRINCIPAL because the data in Subject must be
Pricipal, so we recommend a user Principal, this Principal currently saves username information.
2. Create a customized LoginModule, this class needs import javax.security.auth.spi.loginmodule;
Since XForum uses the MySQL database as the data source of user data, we create a Database LoginModule.
All Methods in LoginModule are called by a generic logincontext.
/ *
* A Dependent Database Login Module for Jaas
* And create the connection
*
* @Author Charles Huang
* @since jdk1.4
* @version $ ID: DatabaseLoginmodule.java, V 1.1 2002/09/10 02:05:48 Charles Exp $
* /
Public Class DatabaseLoginmodule Implements Loginmodule {
/ **
*
* /
Public void Initialize (Subject Subject, CallbackHandler CallbackHandler,
Map SharedState, Map Options) {
THIS.SUBJECT = SUBJECT;
// CallbackHandler is JaAs used in the user's Application
/ / For example, the user interface of JSP or SWING Application and the data between LoginModule
// Data Holder
This.CallbackHandler = CallbackHandler;
}
Public boolean login () throws loginexception {
Try {
// Use Callback Objects
Final Callback [] Calls = New Callback [2];
Calls [0] = New NameCallback ("Name");
Calls [1] = New PasswordCallback ("Password", False;
/ / Get users from CallbackHandler
// Enter the username and password,
CallbackHandler.Handle (Calls);
// Query the database, the password
} catCh (AccountNotFoundException) {
Throw Loginexceptionm ("No Such User");
}
Isauthenticated = true;
Return isauthenticated;
}
/ **
* Here is the verification process, if XForum is successful, join the username in Subject. A Subject represents one
* Verified
* User. Subject can include rich data, such as user name, role and other data, will be referenced by the web application
* /
Public boolean commit () throws loginexception {if (isauthenticated) {
Subject.getPrincipals (). Add (username);
// Todo: PUT in role information lat
} else {
Throw New Loginexception ("Authentication Fails");
}
Return isauthenticated;
}
......
}
3. Create a customized CallbackHandler to deliver data between the user's Application and LoginModule. Because of the web
Application does not call LoginModul directly. This uses the CallbackHandler in Visitor Pattern.xForum.
Hand two data: username and password
Public Class SimpleCallbackHandler Implements CallbackHandler {
PRIVATE STRING UserName;
PRIVATE STRING Password;
Public SIMPLECALLBACKHANDLER (FINAL STRING PASSWORD) {
THIS.USERNAME = UserName;
this.password = password;
}
// In LoginModule's Login Method, loginmodule calls this handle () and Pass IN
// Callback Objects, two Callback Objects are populated
Public void Handle (Callback [] CallBacks)
Throws oException, unsupportedCallbackException {
For (int index = 0; index IF (Callbacks [index] instanceof namecallback) { NameCallback NCB = (NameCallback) Callbacks [index]; ncb.setname (username); } IF (Callbacks [index] instanceof passwordcallback { PasswordCallback PCB = (PasswordCallback) Callbacks [index]; PCB.SetPassword (Password.tochararray ()); } } } } 4. Use JaaS strict users in Web Application, in Xforum, this is in logonaction ...... // let the logincontext instantiate a new subject, where UserName and Password // Get from httpRequest and transfer to LoginModule with SimpleCallbackHandler LoginContext lc = new logincontext ("xforumlogin", New SimpleCallbackHandler (Username, Password); // logincontext calls LoginModule's login () to verify the user Lc.login (); // Get a verified subject object, this subject contains a user object SUBJECT = lc.getsubject (); ... 5. LoginContext in the Configuration File.jaas of the establishment of LoginModule will see this file and dynamically load this Class and generating a LoginModule Instance to verify the user, in the XForum in the configuration file XForumlogin.config XForumlogin { Org.redsoft.forum.security.databaseEloginmodule Required Debug = true; } 6. Modify {java_home} /jre/lib/security/java.security to tell JaaS configuration file XForumlogin.config in # # Default login configuration file # Login.config.url.1 = file: e: /jakarta-tomcat-4.0.2/webapps/forum/web-inf/xforumlogin.config Take the Tomcat, DONE
