<div class="artdesc">In this tutorial you will learn how to configure JAAS authentication in Tomcat using the HTTP Basic authentication scheme.
Tomcat provides a default JAAS Realm implementation so developers may implement JAAS Login Modules and easily integrate them with the container. In this tutorial we will implement all the required components to put JAAS up and running in Tomcat web container.
This tutorial considers the following software and environment:
- Ubuntu 12.04
- JDK 1.7.0.09
- Tomcat 7.0.35
One of the core concepts of JAAS is the existence of users and roles (roles are similar to groups in UNIX systems). Authorization may be issued to specific?users?or to?roles. In JAAS this is concept is translated to?Principals: Principals may represent?users?orroles?independently. Let's define User and Role Principals to be used in this example:
<span class="kwd">import<span class="pln"> java<span class="pun">.<span class="pln">security<span class="pun">.<span class="typ">Principal<span class="pun">;<span class="pln">
<span class="kwd">public<span class="pln"> <span class="kwd">class<span class="pln"> <span class="typ">UserPrincipal<span class="pln"> <span class="kwd">implements<span class="pln"> <span class="typ">Principal<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">String<span class="pln"> name<span class="pun">;<span class="pln">
<span class="kwd">public<span class="pln"> <span class="typ">UserPrincipal<span class="pun">(<span class="typ">String<span class="pln"> name<span class="pun">)<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">super<span class="pun">();<span class="pln">
<span class="kwd">this<span class="pun">.<span class="pln">name <span class="pun">=<span class="pln"> name<span class="pun">;<span class="pln">
<span class="pun">}<span class="pln">
<span class="kwd">public<span class="pln"> <span class="kwd">void<span class="pln"> setName<span class="pun">(<span class="typ">String<span class="pln"> name<span class="pun">)<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">this<span class="pun">.<span class="pln">name <span class="pun">=<span class="pln"> name<span class="pun">;<span class="pln">
<span class="pun">}<span class="pln">
<span class="lit">@Override<span class="pln">
<span class="kwd">public<span class="pln"> <span class="typ">String<span class="pln"> getName<span class="pun">()<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">return<span class="pln"> name<span class="pun">;<span class="pln">
<span class="pun">}<span class="pln">
<span class="pun">}
<div class="codetit">Role Principal
<pre class="prettyprint prettyprinted"><span class="pln">
<span class="kwd">package<span class="pln"> com<span class="pun">.<span class="pln">byteslounge<span class="pun">.<span class="pln">jaas<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> java<span class="pun">.<span class="pln">security<span class="pun">.<span class="typ">Principal<span class="pun">;<span class="pln">
<span class="kwd">public<span class="pln"> <span class="kwd">class<span class="pln"> <span class="typ">RolePrincipal<span class="pln"> <span class="kwd">implements<span class="pln"> <span class="typ">Principal<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">String<span class="pln"> name<span class="pun">;<span class="pln">
<span class="kwd">public<span class="pln"> <span class="typ">RolePrincipal<span class="pun">(<span class="typ">String<span class="pln"> name<span class="pun">)<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">super<span class="pun">();<span class="pln">
<span class="kwd">this<span class="pun">.<span class="pln">name <span class="pun">=<span class="pln"> name<span class="pun">;<span class="pln">
<span class="pun">}<span class="pln">
<span class="kwd">public<span class="pln"> <span class="kwd">void<span class="pln"> setName<span class="pun">(<span class="typ">String<span class="pln"> name<span class="pun">)<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">this<span class="pun">.<span class="pln">name <span class="pun">=<span class="pln"> name<span class="pun">;<span class="pln">
<span class="pun">}<span class="pln">
<span class="lit">@Override<span class="pln">
<span class="kwd">public<span class="pln"> <span class="typ">String<span class="pln"> getName<span class="pun">()<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">return<span class="pln"> name<span class="pun">;<span class="pln">
<span class="pun">}<span class="pln">
<span class="pun">}
Basically we are defining two simple Principals,each one of them requiring just a name so they may be promptly identified (a username or a role name). Remember that our principals must implement the?java.security.Principal?interface.
Now we need to define a Login Module that will actually implement the authentication process. The Login module must implement the?javax.security.auth.spi.LoginModule?interface:
<span class="kwd">import<span class="pln"> java<span class="pun">.<span class="pln">io<span class="pun">.<span class="typ">IOException<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> java<span class="pun">.<span class="pln">util<span class="pun">.<span class="typ">ArrayList<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> java<span class="pun">.<span class="pln">util<span class="pun">.<span class="typ">List<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> java<span class="pun">.<span class="pln">util<span class="pun">.<span class="typ">Map<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="typ">Subject<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="pln">callback<span class="pun">.<span class="typ">Callback<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="pln">callback<span class="pun">.<span class="typ">CallbackHandler<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="pln">callback<span class="pun">.<span class="typ">NameCallback<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="pln">callback<span class="pun">.<span class="typ">PasswordCallback<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="pln">callback<span class="pun">.<span class="typ">UnsupportedCallbackException<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="pln">login<span class="pun">.<span class="typ">LoginException<span class="pun">;<span class="pln">
<span class="kwd">import<span class="pln"> javax<span class="pun">.<span class="pln">security<span class="pun">.<span class="pln">auth<span class="pun">.<span class="pln">spi<span class="pun">.<span class="typ">LoginModule<span class="pun">;<span class="pln">
<span class="kwd">public<span class="pln"> <span class="kwd">class<span class="pln"> <span class="typ">BytesLoungeLoginModule<span class="pln"> <span class="kwd">implements<span class="pln"> <span class="typ">LoginModule<span class="pln"> <span class="pun">{<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">CallbackHandler<span class="pln"> handler<span class="pun">;<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">Subject<span class="pln"> subject<span class="pun">;<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">UserPrincipal<span class="pln"> userPrincipal<span class="pun">;<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">RolePrincipal<span class="pln"> rolePrincipal<span class="pun">;<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">String<span class="pln"> login<span class="pun">;<span class="pln">
<span class="kwd">private<span class="pln"> <span class="typ">List<span class="pun"><<span class="typ">String<span class="pun">><span class="pln"> userGroups<span class="pun">;<span class="pln">
<span class="lit">@Override<span class="pln">
<span class="kwd">public<span class="pln"> <span class="kwd">void<span class="pln"> initialize<span class="pun">(<span class="typ">Subject<span class="pln"> subject<span class="pun">,<span class="pln">
<span class="typ">CallbackHandler<span class="pln"> callbackHandler<span class="pun">,<span class="pln">
<span class="typ">Map<span class="pun"><<span class="typ">String<span class="pun">,<span class="pln"> <span class="pun">?><span class="pln"> sharedState<span class="pun">,<span class="pln"> <span class="pun">?><span class="pln"> options<span class="pun">)<span class="pln"> <span class="pun">{<span class="pln">
handler <span class="pun">=<span class="pln"> callbackHandler<span class="pun">;<span class="pln">
<span class="kwd">this<span class="pun">.<span class="pln">subject <span class="pun">=<span class="pln"> subject<span class="pun">;<span class="pln">
<span class="pun">}<span class="pln">
<span class="lit">@Override<span class="pln">
<span class="kwd">public<span class="pln"> <span class="kwd">boolean<span class="pln"> login<span class="pun">()<span class="pln"> <span class="kwd">throws<span class="pln"> <span class="typ">LoginException<span class="pln"> <span class="pun">{<span class="pln">
<span class="typ">Callback<span class="pun" class="pln">[]<span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></pre>
(编辑:李大同)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
