2. Tech
  3. Authentication, Authorization, Authentication, Authorization

Authentication, Authorization, Authentication, Authorization

xiaoxiao2021-03-06  66

Foreword: Many online articles are talking about LDAP Server, but few people mention how to use it to do verification and authorization, write this post today, hoping to help developers.

Objective: Using the JaAs framework, use the Struts framework, use LDAP Server, use JBoss, to do user authentication and authorization (verification meaning is user effective, ie user name, password input is correct; authorization meaning is the user to give some role)

Basic Requirements: Excellent J2EE Framework will use Struts to develop IPLANET Directory Server, and have experience with Jaas frameworks.

Preparing: Windows 2K (To join the domain) J2SDK1.4.2 Installedjboss3.2.5 Higher InstallediPlanet Directory Server 5.1 Service Pack 2 Installed

First, JaaS and LDAP: In the actual development process, many projects use the same user information source, such as the customer's Notes system, ERP system, and more. If we have been developing a new application to develop a new application, you need to use a user information source "LDAP Server" with the above system. Jaas is a Java application verification, authorization framework. Many Application Server will implement this framework (JBoss is one of them), so that developers can use high and reliable security validation systems in the project without having to do their own hands.

First, we have to develop an app on JBoss, called "MyApp" to add an organizational structure from SUN IPLANET Directory ServerLDAP to add an organizational structure Group: admin, engineerrole: sysuser, admin, engineeruser: jzhao (password: Password, role: sysuser, admin, ENGINEER)

If you don't want to create a user manually, you can store the contents below the temp.ldif file, use the iPlanet's import function to create the content of the user Temp.ldif file: # =============== =================== oo definitions # people ou - for Holding Records of all individualsdn: ou = people, dc = China, dc = xxx, dc = comou: peopleObjectClass: TopObjectClass: OrganizationAlUnit

# Groups ou - for Holding Records of Groupings of IndividualsDN: OU = Groups, DC = China, DC = XXX, DC = Comou: GroupsObjectClass: TopiPjectClass: OrganizationAlUnit

# Roles OU - for holding records of roles and the groups to which those roles have been assigneddn: ou = Roles, dc = china, dc = xxx, dc = comou: RolesobjectClass: topobjectClass: organizationalUnit # ======== ========================== people entriesdn: uid = jzhao, ou = people, DC = China, DC = xxx, DC = comObjectClass: topObjectClass : personobjectClass: organizationalPersonobjectClass: inetorgpersonsn: Zhaocn: Jun Zhaouid: JZhaouserPassword: {SSHA} UvEbEwmjbUYCjugQ8p53EPj0z22bbAxiWmSCaA == mail: junzhao@vandagroup.com.cn

# =========================================== Groups entriesDN: CN = Sysuser, Ou = Groups, DC = China, DC = XXX, DC = ComobjectClass: topObjectClass: Groupofuniquenamescn: SYSUSERUNIQUEMEMBER: UID = Jzhao, Ou = People, DC = CHINA, DC = XXX, DC = COM

DN: cn = admin, = groups, dc = china, DC = XXX, DC = COMOBJECTCLASS: TopiBjectClass: Groupofuniquenamescn: adminuniquenamescn: adminuniquename: uid = jzhao, ou = people, dc = COM, DC = xxx, DC = COM

DN: CN = ENGINEER, OU = Groups, DC = China, DC = XXX, DC = COMOBJECTCLASS: TopjectClass: GroupOfuniquenamescn: Engineer

# ================================== r e = ROLES, DC = China, dc = xxx, dc = comobjectClass: topobjectClass: groupOfUniqueNamescn: SysUseruniqueMember: cn = Everyone, ou = Groups, dc = china, dc = xxx, dc = comuniqueMember: uid = JZhao, ou = People, dc = china, dc = xxx, DC = COM # ======================= DN: CN = Admin, Ou = Roles, DC = China, DC = XXX, DC = COMOBJECTCLASS: TopjectClass : Groupofuniquenamescn: AdminuniquEmenamescn: cn = admin, ou = groups, DC = China, DC = xxx, dc = comuniquemember: uid = jzhao, ou = people, dc = CHINA, DC = XXX, DC = COM

# =================================, "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" " EngineeruniqueMember: cn = engineer, ou = groups, dc = china, DC = xxx, dc = comuniquemember: uid = jzhao, ou = people, dc = China, DC = xxx, DC = COM

Add the following contents in web-inf / web.xml:

index.jsp < Security-constraint> restricted DECLARATIVE Security TESTS *. do / servet / comandLineServlet head get post PUT delete sysuser no description none < ! - Define the page and login page of login -> form /login.jsp / Login.jsp

a user allowed to login sysuser

WEB-INF / JBOSS-Web.xml java: / jaaS / myapp-security myApp

JBoss_Home / Server / Default / conf / login-config.xml Add

ldap: //home.china.xxx.com: 389 / UID = , OU = people, DC = China, DC = xxx, DC = COM uniqueMember CN True

Index.jsp content: <% out.write ("login successful!" new java.util.date ()); out.write ("is sysuser =" httpservletRequest.isuserinrole ("sysuser")); Out.write ("is admin =" httpservletRequest.isuserinrole ("admin")); out.write ("is engineer =" httpservletRequest.isuserinrole ("engineer"));%> login.jsp in the form:

* Account J_USERNAME * Password j_password * Action j_security_check "*" content is fixed, can not change

After all ready is complete, start JBoss, enter http: // ip: 8080 / myapp in the browser to enter index.jsp, but permissions do not allow anonymous entry, so it will be requested to be requested to be requested to login.jsp, enter Jzhao: Password After the judgment is successful, it will be automatically transferred to index.jsp, you will see the input below on the page.

Login SuccessFull! Sat Nov 27 11:52:36 CST 2004 Sysuser = trueis admin = trueis engineer = true

Reprint, please indicate the author's source: Yucula http://blog.9cbs.net/oicqren

转载请注明原文地址:https://www.9cbs.com/read-87353.html

9cbs

New Post(0)