welcome to xlongwei.com

欢迎大家一起学习、交流、分享


QQ:9167702333 邮箱:admin@xlongwei.com

JAAS Java认证与授权服务


分类 Java   关键字 分享   标签 java   发布 admin  1431356004123
注意 转载须保留原文链接,译文链接,作者译者等信息。  
JAAS登录的简单demo
public class SampleAcn {
public static void main(String[] args) throws Exception {
LoginContext lc = new LoginContext("Sample", new MyCallbackHandler());
lc.login();//创建登录上下文,然后登录
System.out.println("Authentication succeeded!");
Subject subject = lc.getSubject();//获取身份subject
lc.logout();//登出
}
}
MyCallbackHandler提供用户名和密码
class MyCallbackHandler implements CallbackHandler {
public void handle(Callback[] callbacks) {//通过回调获取登录信息
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback)callbacks[i];
nc.setName(userName);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback)callbacks[i];
pc.setPassword(password);
}
}
}
}
配置登录上下文Sample
# vi sample_jaas.config
Sample {
sample.module.SampleLoginModule required debug=true;
};
# java -cp . -Djava.security.auth.login.config=sample\sample_jaas.config sample.SampleAcn
自定义SampleLoginModule
public class SampleLoginModule implements LoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;

// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;

// username and password
private String username;
private char[] password;

// testUser's SamplePrincipal
private SamplePrincipal userPrincipal;

public void initialize(Subject subject,
CallbackHandler callbackHandler,
Map<java.lang.String, ?> sharedState,
Map<java.lang.String, ?> options) {

this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
}

public boolean login() throws LoginException {
// prompt for a user name and password
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");

Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("user name: ");
callbacks[1] = new PasswordCallback("password: ", false);

try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
}
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0,
password, 0, tmpPassword.length);
((PasswordCallback)callbacks[1]).clearPassword();

} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
}

// verify the username/password
boolean usernameCorrect = false;
boolean passwordCorrect = false;
if (username.equals("testUser"))
usernameCorrect = true;
if (usernameCorrect &&
password.length == 12 &&
password[0] == 't' &&
password[1] == 'e' &&
password[2] == 's' &&
password[3] == 't' &&
password[4] == 'P' &&
password[5] == 'a' &&
password[6] == 's' &&
password[7] == 's' &&
password[8] == 'w' &&
password[9] == 'o' &&
password[10] == 'r' &&
password[11] == 'd') {

// authentication succeeded!!!
passwordCorrect = true;
succeeded = true;
return true;
} else {
succeeded = false;
username = null;
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
if (!usernameCorrect) {
throw new FailedLoginException("User Name Incorrect");
} else {
throw new FailedLoginException("Password Incorrect");
}
}
}

public boolean commit() throws LoginException {
if (succeeded == false) {
return false;
} else {
// add a SamplePrincipal to the Subjec
userPrincipal = new SamplePrincipal(username);
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);

// in any case, clean out state
username = null;
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;

commitSucceeded = true;
return true;
}
}

public boolean abort() throws LoginException {
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// login succeeded but overall authentication failed
succeeded = false;
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
userPrincipal = null;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}

public boolean logout() throws LoginException {
subject.getPrincipals().remove(userPrincipal);
succeeded = false;
succeeded = commitSucceeded;
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
userPrincipal = null;
return true;
}
}
自定义SamplePrinciple
public class SamplePrincipal implements Principal, java.io.Serializable {
private String name;
public SamplePrincipal(String name) {
if (name == null) throw new NullPointerException("illegal null input");
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return("SamplePrincipal: " + name);
}
public boolean equals(Object o) {
if (o == null) return false;
if (this == o) return true;
if (!(o instanceof SamplePrincipal)) return false;
SamplePrincipal that = (SamplePrincipal)o;
if (this.getName().equals(that.getName())) return true;
return false;
}
public int hashCode() {
return name.hashCode();
}
}

然无卵用,要么学习用shiro或spring security,要么自造轮子……