Jaas: Flexible Java Security Mechanism (3)

zhaozj2021-02-16  84

Profile

What I have mentioned above, JaaS scalability comes from it to perform dynamic configuration, and configuration information is usually saved in text. These text files have many configuration blocks, and we usually call these configuration blocks as applications. Each application corresponds to one or more specific LoginModule objects.

When your code constructs a LogInContext object, you need to pass the name of the application in the configuration file to it. LoginContext will determine which LoginModule objects are activated according to the information in the application, and what rules are activated in order and what rules are used.

The structure of the configuration file is as follows:

Application {ModuleClass Flag ModuleOptions; ModuleClass Flag ModuleOptions; ...}; Application {ModuleClass flag moduleoptions; ...}; ...

Below is an application named SAMPLE

Sample {com.sun.security.auth.module.ntloginmodule rquid debug = true;

The above simple application specifies that the LoginContext object should be verified using NTLoginModule. The name of the class is specified in ModuleClass. FLAG Control When you log in when you include multiple LoginModule: Required, Sufficient, Requisite, and Optional. The most commonly used Required, using it means that the corresponding LoginModule object must be called, and must be required to pass all validation. Because the complexity of the Flag itself, this article is not going to study here.

ModuleOption allows multiple parameters. For example, you can set the debug parameter to true (debug = true) so the diagnostic output will be sent to System.out.

The configuration file can be named any, and can be placed anywhere. The JAAS framework determines the location of the configuration file by using the java.securty.auth.long.config attribute. For example, when your application is Jaastest, the configuration file is jaas.config in the current directory, you need to enter:

Java -djava.security.auth.login.config = jass.config javatestest

Figure 2 depicts the relationship between each element in the configuration file

Figure 2 JaaS configuration file

Login verification by command line mode

In order to explain what JaaS can do, I have written two examples here. One is a simple program that is called by the command line, and the other is the server-side JSP program. Both the two programs are logged in by the username / password, and then verify it with the relational database.

In order to verify through the database, we need:

1. Implement the RDBMSLoginModul class, which can be verified for the input information.

2. Edit a configuration file and tell LogInText how to use RDBMSLoginModule.

3. Implement the consolecallbackHandler class, you can get the user's input through this class.

4. Write application code.

In the RDBMSLoginModul class, we must implement five methods in the LGOINMODULE interface. The first is the initialize () method:

public void initialize (Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = sharedState; this.options = options; url = (String) options.get ( "URL"); driverclass = (string) Options.get ("driver"); debug = "true" .EqualsignoreCase ("debug")));} LoginContext When calling the login () method Call the initialize () method. The first task of RDBMSLoginModule is to save the reference to the input parameters in the class. Feed Principal objects and credentials to the Subject object after the verification is successful.

The CallbackHandler object will be used in the login () method. SharedState allows data to share between different LoginModule objects, but we will not use it in this example. Finally, it is a MAP object called Options. Options passes the value of the parameters defined in the configuration file moduleOption domain to the LGOINModule object. The configuration file is as follows:

Example {rdbmsloginmodule requiredDriver = "org.gjt.mm.mysql.driver" URL = "JDBC: mysql: // localhost / jaasdb? User = root" debug = "true";

In the configuration file, RDBMSLoginModule contains five parameters, where driver, URL, user, and password are required, and Debug is an optional elaboration. Driver, URL, User and Password parameters tell us how to get JDBC connections. Of course, you can also add information on the tables or columns in the database in the ModuleOption domain. The purpose of using these parameters is to be able to operate the database. In the initialize () method of the LoginModule class, we save the value of each parameter.

Let's mention a loginContext corresponding to the configuration file tells it which application should be used in the file. This information is passed through the constructor of LGOINCONTEXT. Below is the code initialized the client's code, created a logincontex object in the code and called the login () method.

ConsolecallbackHandler CBH = New consolecallbackHandler (); logincontext lc = new logincontext ("eXample", cbh); lc.login ();

When the LGOInText.login () method is called, it calls all Login () methods of all loaded LoginModule objects. In our example, it is a login () method in RDBMSLoginmodule.

The login () method in RDBMSLoginModule has the following operations:

1. Create two Callback objects. These objects get username / passwords from user input. The two Callback classes in Jaas are used in the program: NameCallback and PasswordCallback (these two classes are included in the javax.security.auth.callback package). 2. Callback is activated by passing Callbacks as a parameter to the CallbackHandler's Handle () method.

3. Get the username / password through the Callback object.

4. Verify the acquired username / password in the database in the RDBMSValidate () method.

Below is the code of the login () method in RDBMSLoginmodule

public boolean login () throws LoginException {if (callbackHandler == null) throw new LoginException ( "no handler"); NameCallback nameCb = new NameCallback ( "user:"); PasswordCallback passCb = new PasswordCallback ( "password:", true) ; callbacks = new Callback [] {nameCb, passCb}; callbackHandler.handle (callbacks); String username = nameCb.getName (); String password = new String (passCb.getPassword ()); success = rdbmsValidate (username, password) Return (TRUE);

In the Handle () method of the consolecallbackhandler class, you can see how the Callback object interacts with users:

public void handle (Callback [] callbacks) throws java.io.IOException, UnsupportedCallbackException {for (int i = 0; i

转载请注明原文地址:https://www.9cbs.com/read-15407.html

New Post(0)