1.写自己的LoginMoudle,实现LoginMoudle接口:
package tomcat.test;
import javax.security.auth.spi.LoginModule;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import java.util.Map;
import javax.security.auth.login.LoginException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.FailedLoginException;
public class TestLoginMoudle
implements LoginModule
{
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// 配置选项.
private boolean debug = false;
// 鉴别状况
private boolean succeeded = false;
private boolean commitSucceeded = false;
// 用户名和用户密码.
private String username;
private char[] password;
// 用户的Principal
private User user;
private Role role;
/**//**
* initialize
*
* @param subject Subject
* @param callbackHandler CallbackHandler
* @param map Map
* @param map3 Map
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map map, Map map3)
{
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = map;
this.options = map3;
}
/**//**
* login
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean login()
throws LoginException
{
//提示输入用户名和密码;
if (callbackHandler == null)
{
throw new LoginException("No CallBackHandler!");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("user name");
callbacks[1] = new PasswordCallback("password", false);
try
{
callbackHandler.handle(callbacks);
username = ( (NameCallback) callbacks[0]).getName();
password = ( (PasswordCallback) callbacks[1]).getPassword();
System.out.println("username=" + username);
System.out.println("password=" + new String(password));
}
catch (Exception e)
{
e.printStackTrace();
}
// 检验用户名和用户密码.
boolean isuser = false;
boolean ispass = false;
//应该调用ORM操作数据对比用户名和密码;
if (username.equals("hello"))
{
isuser = true;
String pw_str = new String(password);
if (pw_str.equals("hello"))
{
System.out.println("Login succesed!");
ispass = true;
succeeded = true;
return succeeded;
}
}
if (!isuser)
{
throw new FailedLoginException("User Name Incorrect");
}
else
{
throw new FailedLoginException("Password Incorrect");
}
}
/**//**
* commit
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean commit()
throws LoginException
{
if (!succeeded)
{
return false;
}
else
{
user = new User(username);
role = new Role("admin");
if (!subject.getPrincipals().contains(user))
{
//注册用户
subject.getPrincipals().add(user);
}
if (!subject.getPrincipals().contains(role))
{
//注册角色
subject.getPrincipals().add(role);
}
if (debug)
{
System.out.println("Add Subject Successed!");
}
username = null;
for (int i = 0; i < password.length; i++)
{
password[i] = ' ';
}
commitSucceeded = true;
return true;
}
}
/**//**
* abort
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean abort()
throws LoginException
{
System.out.println("abort()");
if (succeeded == false)
{
return false;
}
else if (succeeded == true && commitSucceeded == false)
{
// login succeeded but overall authentication failed
succeeded = false;
username = null;
if (password != null)
{
for (int i = 0; i < password.length; i++)
{
password[i] = ' ';
}
password = null;
}
user = null;
role = null;
}
else
{
logout();
}
return true;
}
/**//**
* logout
*
* @return boolean
* @throws LoginException
* @todo Implement this javax.security.auth.spi.LoginModule method
*/
public boolean logout()
throws LoginException
{
System.out.println("logout()");
subject.getPrincipals().remove(user);
subject.getPrincipals().remove(role);
succeeded = false;
succeeded = commitSucceeded;
username = null;
if (password != null)
{
for (int i = 0; i < password.length; i++)
{
password[i] = ' ';
}
password = null;
}
user = null;
role = null;
return true;
}
}
2.定义自己的用户Principal,角色Principal.:
package tomcat.test;
import java.security.Principal;
public class User
implements Principal
{
private String username;
public User(String username)
{
this.username=username;
}
/**//**
* equals
*
* @param object Object
* @return boolean
* @todo Implement this java.security.Principal method
*/
public boolean equals(Object object)
{
System.out.print("object="+object.getClass().toString());
boolean flag=false;
if(object==null)
flag=false;
if(this==object)
flag= true;
if(!(object instanceof User))
flag= false;
if(object instanceof User)
{
User that = (User) object;
if (this.getName().equals(that.getName()))
{
flag= true;
}
}
System.out.println("flag="+flag);
return flag;
}
/**//**
* toString
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String toString()
{
return this.getName();
}
/**//**
* hashCode
*
* @return int
* @todo Implement this java.security.Principal method
*/
public int hashCode()
{
return username.hashCode();
}
/**//**
* getName
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String getName()
{
return this.username;
}
}
package tomcat.test;
import java.security.Principal;
public class Role
implements Principal
{
private String rolename;
public Role(String rolename)
{
this.rolename=rolename;
}
/**//**
* equals
*
* @param object Object
* @return boolean
* @todo Implement this java.security.Principal method
*/
public boolean equals(Object object)
{
System.out.print("object="+object.getClass().toString());
boolean flag=false;
if(object==null)
flag=false;
if(this==object)
flag= true;
if(!(object instanceof Role))
flag= false;
if(object instanceof Role)
{
Role that = (Role) object;
if (this.getName().equals(that.getName()))
{
flag= true;
}
}
System.out.println("flag="+flag);
return flag;
}
/**//**
* toString
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String toString()
{
return this.getName();
}
/**//**
* hashCode
*
* @return int
* @todo Implement this java.security.Principal method
*/
public int hashCode()
{
return rolename.hashCode();
}
/**//**
* getName
*
* @return String
* @todo Implement this java.security.Principal method
*/
public String getName()
{
return this.rolename;
}
}
3.把编辑的JAR包放到TOMCAT的CLASSPATH目录.
4.编辑jaas.config文件,使用自定义的LoginMoudle.
MyFooRealm{
tomcat.test.TestLoginMoudle required debug=true;
};
设置系统变量 JAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config
5.编辑WEB.XML文件,加入J2EE角色控制.
6.编辑%TOMCAT_HOME%/conf/server.xml文件,添加JAASRealm.类似:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="MyFooRealm"
userClassNames="tomcat.test.User"
roleClassNames="tomcat.test.Role" debug="99"/>
7.重新启动TOMCAT.
浙公网安备 33010602011771号