tomcat下jaas配置实例
来源:互联网 发布:硬盘重新分区不动数据 编辑:程序博客网 时间:2024/06/05 14:58
这次项目例子是采用struts+hibernate来搭建的,其目的是为了实现jaas在tomcate中的简化实现。在参考了很多资源后,发现利用现有框架和服务器来实现身份的验证和授权是最简单的途径,所以这次我采用的是在tomcate提供的jaas验证框架下实现jaas。虽然这个框架的功能很有限,但结合struts的授权机制就可以满足中等项目的需求了。
一
首先参考tomcate下文档的jaasRealm的配置,注意文档中的两个地方:
Quick Start
To set up Tomcat to use JAASRealm with your own JAAS login module, you will need to follow these steps:
1. Write your own LoginModule, User and Role classes based on JAAS (seethe JAAS Authentication Tutorial and the JAAS Login Module Developer's Guide) to be managed by the JAAS Login Context (javax.security.auth.login.LoginContext) When developing your LoginModule, note that JAASRealm's built-in CallbackHandler +only recognizes the NameCallback and PasswordCallback at present.
2. Although not specified in JAAS, you should create seperate classes to distinguish between users and roles, extending javax.security.Principal, so that Tomcat can tell which Principals returned from your login module are users and which are roles (see org.apache.catalina.realm.JAASRealm). Regardless, the first Principal returned is always treated as the user Principal.
3. Place the compiled classes on Tomcat's classpath
4. Set up a login.config file for Java (seeJAAS LoginConfig file) and tell Tomcat where to find it by specifying its location to the JVM, for instance by setting the environment variable: JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config
5. Configure your security-constraints in your web.xml for the resources you want to protect
6. Configure the JAASRealm module in your server.xml
7. Restart Tomcat 5 if it is already running.
Additional Notes
· When a user attempts to access a protected resource for the first time, Tomcat 5 will call the authenticate() method of this Realm. Thus, any changes you have made in the security mechanism directly (new users, changed passwords or roles, etc.) will be immediately reflected.
· Once a user has been authenticated, the user (and his or her associated roles) are cached within Tomcat for the duration of the user's login. For FORM-based authentication, that means until the session times out or is invalidated; for BASIC authentication, that means until the user closes their browser. Any changes to the security information for an already authenticated user will not be reflected until the next time that user logs on again.
· As with other Realm implementations, digested passwords are supported if the <Realm> element in server.xml contains a digest attribute; JAASRealm's CallbackHandler will digest the password prior to passing it back to the LoginModule
二
按照文档Quick Start的顺序先编写jaas’s code
Role
package bo;
import java.security.Principal;
public class Role
implements Principal
{
private String rolename;
public Role(String rolename)
{
this.rolename=rolename;
}
/**//**
* equals
*
* @param object Object
* @return boolean
* @todo Implement this java.security.Principal method
*/
public boolean equals(Object object){
System.out.print("object="+object.getClass().toString());
boolean flag=false;
if(object==null)
flag=false;
if(this==object)
flag= true;
if(!(object instanceof Role))
flag= false;
if(object instanceof Role)
{
Role that = (Role) object;
if (this.getName().equals(that.getName()))
{
flag= true;
}
}
System.out.println("flag="+flag);
return flag;
}
/**//**
* toString
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String toString()
{
return this.getName();
}
/**//**
* hashCode
*
* @return int
* @todo Implement this java.security.Principal method
*/
public int hashCode()
{
return rolename.hashCode();
}
/**//**
* getName
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String getName()
{
return this.rolename;
}
}
User
package bo;
import java.security.Principal;
public class User
implements Principal
{
private String username;
public User(String username)
{
this.username=username;
}
/**//**
* equals
*
* @param object Object
* @return boolean
* @todo Implement this java.security.Principal method
*/
public boolean equals(Object object)
{
System.out.print("object="+object.getClass().toString());
boolean flag=false;
if(object==null)
flag=false;
if(this==object)
flag= true;
if(!(object instanceof User))
flag= false;
if(object instanceof User)
{
User that = (User) object;
if (this.getName().equals(that.getName()))
{
flag= true;
}
}
System.out.println("flag="+flag);
return flag;
}
/**//**
* toString
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String toString()
{
return this.getName();
}
/**//**
* hashCode
*
* @return int
* @todo Implement this java.security.Principal method
*/
public int hashCode()
{
return username.hashCode();
}
/**//**
* getName
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String getName()
{
return this.username;
}
}
TestLoginMoudle
package bo;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
public class TestLoginMoudle implements LoginModule{
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// 配置选项.
private boolean debug = false;
// 鉴别状况
private boolean succeeded = false;
private boolean commitSucceeded = false;
// 用户名和用户密码.
private String username;
private char[] password;
// 用户的Principal
private User user;
private Role role;
/**//**
* initialize
*
* @param subject Subject
* @param callbackHandler CallbackHandler
* @param map Map
* @param map3 Map
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map map, Map map3)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = map;
this.options = map3;
}
/**//**
* login
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean login() throws LoginException{
//提示输入用户名和密码;
if (callbackHandler == null){
throw new LoginException("No CallBackHandler!");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("user name");
callbacks[1] = new PasswordCallback("password", false);
try{
callbackHandler.handle(callbacks);
username = ( (NameCallback) callbacks[0]).getName();
password = ( (PasswordCallback) callbacks[1]).getPassword();
System.out.println("username=" + username);
System.out.println("password=" + new String(password));
}
catch (Exception e)
{
e.printStackTrace();
}
// 检验用户名和用户密码.
boolean isuser = false;
boolean ispass = false;
//应该调用ORM操作数据对比用户名和密码;
if (username.equals("hello"))
{
isuser = true;
String pw_str = new String(password);
if (pw_str.equals("hello"))
{
System.out.println("Login succesed!");
ispass = true;
succeeded = true;
return succeeded;
}
}
if (!isuser)
{
throw new FailedLoginException("User Name Incorrect");
}
else
{
throw new FailedLoginException("Password Incorrect");
}
}
/**//**
* commit
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean commit()
throws LoginException
{
if (!succeeded)
{
return false;
}
else
{
user = new User(username);
role = new Role("guest");
if (!subject.getPrincipals().contains(user))
{
//注册用户
subject.getPrincipals().add(user);
}
if (!subject.getPrincipals().contains(role))
{
//注册角色
subject.getPrincipals().add(role);
}
if (debug)
{
System.out.println("Add Subject Successed!");
}
username = null;
for (int i = 0; i < password.length; i++)
{
password[i] = ' ';
}
commitSucceeded = true;
return true;
}
}
/**//**
* abort
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean abort()
throws LoginException
{
System.out.println("abort()");
if (succeeded == false)
{
return false;
}
else if (succeeded == true && commitSucceeded == false)
{
// login succeeded but overall authentication failed
succeeded = false;
username = null;
if (password != null)
{
for (int i = 0; i < password.length; i++)
{
password[i] = ' ';
}
password = null;
}
user = null;
role = null;
}
else
{
logout();
}
return true;
}
/**//**
* logout
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean logout()
throws LoginException
{
System.out.println("logout()");
subject.getPrincipals().remove(user);
subject.getPrincipals().remove(role);
succeeded = false;
succeeded = commitSucceeded;
username = null;
if (password != null)
{
for (int i = 0; i < password.length; i++)
{
password[i] = ' ';
}
password = null;
}
user = null;
role = null;
return true;
}
}
将上述文件打包在一个jar文件中,jar文件名字可以任意取!
假设$CATALINA_HOME=D:\jakarta-tomcat-5.0.24
当将文件打包后,需要将打包的文件放在$CATALINA_HOME\server\lib下。
如果不将上述文件打包的话,可以直接将上述文件和所属的包放在$CATALINA_HOME\server\classes文件夹下。
三
首先要建立jaas.config文件,我的jaas.config文件内容如下:
MyFooRealm{
bo.TestLoginMoudle required debug=true;
};
在环境变量中配置JAVA_OPTS=-Djava.security.auth.login.config==%CATALINA_HOME%/conf/jaas.config
四
在你建的工程web.xml中配置你想保护的资源和验证形势,其代码如下:
<security-constraint>
<display-name>Tomcat server configuation security constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>guest</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jaas role validate</realm-name>
<form-login-config>
<form-login-page>/roleValidate/login.jsp</form-login-page>
<form-error-page>/roleValidate/error.jsp</form-error-page>
</form-login-config>
</login-config>
五
在tomcate中配置servlet.xml来修改服务器默认的验证框架:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="MyFooRealm"
userClassNames="bo.User"
roleClassNames="bo.Role" debug="99"/>
好了,现在重新启动服务器就可以看到效果了!
- tomcat下jaas配置实例
- Tomcat下的JAAS实例
- Tomcat下的JAAS实例
- Tomcat jaas 配置
- tomcat下配置jspservletbean小实例
- Tomcat下JSP经典配置实例(1)
- Tomcat下JSP经典配置实例
- Tomcat下JSP经典配置实例
- windows下Tomcat配置多实例
- linux下配置两个tomcat实例
- JAAS简介及实例
- JAAS简介及实例
- jaas之登录实例
- jboss EAP-6.3.0下配置JAAS安全应用
- Tomcat JAAS 身份验证和授权
- Tomcat下的jsp、servlet和javabean的配置实例
- myeclipse下 配置 多个相同版本的tomcat实例
- Zabbix 下监控tomcat多实例,自动化脚本配置
- Qt 如何生成可执行程序
- baidu称中国80% Android手机将装置baidu浏览器
- Android实现圆角
- spring aop expression简单说明
- python常见问题总结
- tomcat下jaas配置实例
- x86版本及ARM版本编译脚本
- SE16直接修改数据
- 有效使用STL迭代器的三条基本原则
- linux ip命令
- ASP.NET缓存
- 如何提供网站的浏览速度
- Android 保存图片到SQLite
- 字符编码:ASCII,Unicode和UTF-8
