Java快速開發(fā)平臺(tái)

www.fastunit.com

:: 管理

23 Posts :: 0 Stories :: 273 Comments :: 0 Trackbacks

JAAS：Java Authentication and Authorization Service，提供了認(rèn)證和授權(quán)框架。

本例是認(rèn)證的實(shí)現(xiàn)，JAAS定義了可插拔的認(rèn)證機(jī)制，使認(rèn)證邏輯獨(dú)立開來(lái)，可通過(guò)修改配置文件切換認(rèn)證模塊。

官方參考：
http://java.sun.com/products/archive/jaas/
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html
security.pdf

一、配置文件及設(shè)置

1. 配置文件（假設(shè)為D:/jaas.conf）：

Sample{

com.fastunit.samples.jaas.SampleLoginModule required debug=false;

};

此文件定義了一個(gè)“Sample”驗(yàn)證模塊，使用SampleLoginModule來(lái)進(jìn)行驗(yàn)證。

2. 啟用配置文件：
-Djava.security.auth.login.config=D:/jaas.conf

二、客戶端調(diào)用

import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;

public class LoginManager {

  public static boolean login(HttpServletRequest request) {
    try {
      String username = request.getParameter("username");
      String password = request.getParameter("password");
      //此處指定了使用配置文件的“Sample”驗(yàn)證模塊，對(duì)應(yīng)的實(shí)現(xiàn)類為SampleLoginModule
      LoginContext lc = new LoginContext("Sample", new SampleCallbackHandler(
          username, password));
      lc.login();// 如果驗(yàn)證失敗會(huì)拋出異常
      return true;
    } catch (LoginException e) {
      e.printStackTrace();
      return false;
    } catch (SecurityException e) {
      e.printStackTrace();
      return false;
    }
  }

}

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

public class SampleCallbackHandler implements CallbackHandler {
  private String username;
  private String password;

  public SampleCallbackHandler(final String username, final String password) {
    this.username = username;
    this.password = password;
  }

  public void handle(Callback[] callbacks) throws IOException,
      UnsupportedCallbackException {
    for (int index = 0; index < callbacks.length; index++) {
      if (callbacks[index] instanceof NameCallback) {
        NameCallback ncb = (NameCallback) callbacks[index];
        ncb.setName(username);
      }
      if (callbacks[index] instanceof PasswordCallback) {
        PasswordCallback pcb = (PasswordCallback) callbacks[index];
        pcb.setPassword(password.toCharArray());
      }
    }
  }
}

三、驗(yàn)證實(shí)現(xiàn)

import java.io.IOException;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

public class SampleLoginModule implements LoginModule {
  private boolean isAuthenticated = false;
  private CallbackHandler callbackHandler;
  private Subject subject;
  private SamplePrincipal principal;

  public void initialize(Subject subject, CallbackHandler callbackHandler,
      Map sharedState, Map options) {
    this.subject = subject;
    this.callbackHandler = callbackHandler;
  }

  public boolean login() throws LoginException {
    try {
      NameCallback nameCallback = new NameCallback("username");
      PasswordCallback passwordCallback = new PasswordCallback("password",
          false);
      final Callback[] calls = new Callback[] { nameCallback, passwordCallback };

      // 獲取用戶數(shù)據(jù)
      callbackHandler.handle(calls);
      String username = nameCallback.getName();
      String password = String.valueOf(passwordCallback.getPassword());

      // TODO 驗(yàn)證，如：查詢數(shù)據(jù)庫(kù)、LDAP。。。

      if (true) {// 驗(yàn)證通過(guò)
        principal = new SamplePrincipal(username);
        isAuthenticated = true;
      } else {
        throw new LoginException("user or password is wrong");
      }

    } catch (IOException e) {
      throw new LoginException("no such user");
    } catch (UnsupportedCallbackException e) {
      throw new LoginException("login failure");
    }
    return isAuthenticated;
  }

  /**
   * 驗(yàn)證后的處理,在Subject中加入用戶對(duì)象
   */
  public boolean commit() throws LoginException {
    if (isAuthenticated) {
      subject.getPrincipals().add(principal);
    } else {
      throw new LoginException("Authentication failure");
    }
    return isAuthenticated;
  }

  public boolean abort() throws LoginException {
    return false;
  }

  public boolean logout() throws LoginException {
    subject.getPrincipals().remove(principal);
    principal = null;
    return true;
  }
}

import java.security.Principal;

public final class SamplePrincipal implements Principal {

  private String name;

  public SamplePrincipal(String name) {
    this.name = name;
  }

  public String getName() {
    return name;
  }

  public boolean equals(Object o) {
    return (o instanceof SamplePrincipal)
        && this.name.equalsIgnoreCase(((SamplePrincipal) o).name);
  }

  public int hashCode() {
    return name.toUpperCase().hashCode();
  }

}

posted on 2008-01-28 16:12 FastUnit 閱讀(20313) 評(píng)論(11) 編輯收藏所屬分類: Java

Feedback

# re: 基于JAAS實(shí)現(xiàn)登錄 2008-01-28 21:26 BeanSoft

收藏支持了！回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2008-01-30 09:09 loocky

一般來(lái)說(shuō)不用編程的方式來(lái)通過(guò)JAAS 實(shí)現(xiàn)權(quán)限設(shè)置，可以用可配置方式來(lái)實(shí)現(xiàn)，你可以看看SERVLET EJB都有對(duì)JAAS的可配置的方式的支持 ,非常方便回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2008-02-14 13:37 FastUnit

@loocky
承教。回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2009-02-08 00:24 YinPSoft

比較清晰，有參考價(jià)值回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2009-05-23 19:15 steeven

loginModule是給個(gè)session一個(gè)實(shí)例嗎？
如果在多線程環(huán)境下，成員變量在pricipal在commit()的時(shí)候可能已經(jīng)變掉了回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2009-06-06 10:54 lao

好東西！回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2009-08-30 17:59 jaas

似乎jaas沒(méi)什么實(shí)用價(jià)值回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄[未登錄](méi) 2009-08-31 15:13 steeven

jboss安全的基石啊回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2010-06-10 15:57 zone

http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnAndAzn.html#RunAzn 回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄 2010-08-26 14:32 啊啊啊

先圣先師回復(fù) 更多評(píng)論

# re: 基于JAAS實(shí)現(xiàn)登錄[未登錄](méi) 2014-12-04 16:51 Abc

抄來(lái)的吧？回復(fù) 更多評(píng)論

新用戶注冊(cè) 刷新評(píng)論列表


只有注冊(cè)用戶登錄后才能發(fā)表評(píng)論。




網(wǎng)站導(dǎo)航: 博客園 IT新聞 Chat2DB C++博客博問(wèn) 管理
相關(guān)文章: 招聘（北京）Java開發(fā)人員銷售訂單管理 - 主從表開發(fā)案例字符串的壓縮和解壓縮文件過(guò)濾器FileFilter Comparator和Comparable在排序中的應(yīng)用通過(guò)url地址抓取網(wǎng)頁(yè)html代碼金額數(shù)字轉(zhuǎn)中文大寫 Java操作Cookie HTML編輯器FCKeditor使用詳解 Java定時(shí)任務(wù)的實(shí)現(xiàn)

Java快速開發(fā)平臺(tái)

公告

常用鏈接

留言簿(23)

隨筆分類

隨筆檔案

Links

搜索

最新評(píng)論

閱讀排行榜

評(píng)論排行榜

Feedback