Tomcat5.x配置JAASRealm
1.写自己的LoginMoudle,实现LoginMoudle接口:
package tomcat.test;
import javax.security.auth.spi.LoginModule; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import java.util.Map; import javax.security.auth.login.LoginException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.login.FailedLoginException;
public class TestLoginMoudle implements LoginModule {
// initial state private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// 配置选项. private boolean debug = false;
// 鉴别状况 private boolean succeeded = false;
private boolean commitSucceeded = false;
// 用户名和用户密码. private String username;
private char[] password;
// 用户的Principal private User user; private Role role;
/**//** * initialize * * @param subject Subject * @param callbackHandler CallbackHandler * @param map Map * @param map3 Map * @todo Implement this javax.security.auth.spi.LoginModule method */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map3) { this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = map; this.options = map3; }
/**//** * login * * @return boolean * @throws LoginException * @todo Implement this javax.security.auth.spi.LoginModule method */ public boolean login() throws LoginException { //提示输入用户名和密码; if (callbackHandler == null) { throw new LoginException("No CallBackHandler!"); } Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("user name"); callbacks[1] = new PasswordCallback("password", false); try { callbackHandler.handle(callbacks); username = ( (NameCallback) callbacks[0]).getName(); password = ( (PasswordCallback) callbacks[1]).getPassword(); System.out.println("username=" + username); System.out.println("password=" + new String(password)); } catch (Exception e) { e.printStackTrace(); } // 检验用户名和用户密码. boolean isuser = false; boolean ispass = false;
//应该调用ORM操作数据对比用户名和密码; if (username.equals("hello")) { isuser = true; String pw_str = new String(password); if (pw_str.equals("hello")) { System.out.println("Login succesed!"); ispass = true; succeeded = true; return succeeded; } } if (!isuser) { throw new FailedLoginException("User Name Incorrect"); } else { throw new FailedLoginException("Password Incorrect"); } }
/**//** * commit * * @return boolean * @throws LoginException * @todo Implement this javax.security.auth.spi.LoginModule method */ public boolean commit() throws LoginException { if (!succeeded) { return false; } else { user = new User(username); role = new Role("admin"); if (!subject.getPrincipals().contains(user)) { //注册用户 subject.getPrincipals().add(user); } if (!subject.getPrincipals().contains(role)) { //注册角色 subject.getPrincipals().add(role); } if (debug) { System.out.println("Add Subject Successed!"); } username = null; for (int i = 0; i < password.length; i++) { password[i] = ' '; } commitSucceeded = true; return true; } }
/**//** * abort * * @return boolean * @throws LoginException * @todo Implement this javax.security.auth.spi.LoginModule method */ public boolean abort() throws LoginException { System.out.println("abort()"); if (succeeded == false) { return false; } else if (succeeded == true && commitSucceeded == false) { // login succeeded but overall authentication failed succeeded = false; username = null; if (password != null) { for (int i = 0; i < password.length; i++) { password[i] = ' '; } password = null; } user = null; role = null; } else { logout(); } return true;
}
/**//** * logout * * @return boolean * @throws LoginException * @todo Implement this javax.security.auth.spi.LoginModule method */ public boolean logout() throws LoginException { System.out.println("logout()"); subject.getPrincipals().remove(user); subject.getPrincipals().remove(role); succeeded = false; succeeded = commitSucceeded; username = null; if (password != null) { for (int i = 0; i < password.length; i++) { password[i] = ' '; } password = null; } user = null; role = null; return true;
} }
2.定义自己的用户Principal,角色Principal.:
package tomcat.test;
import java.security.Principal;
public class User implements Principal { private String username; public User(String username) { this.username=username; }
/**//** * equals * * @param object Object * @return boolean * @todo Implement this java.security.Principal method */ public boolean equals(Object object) { System.out.print("object="+object.getClass().toString()); boolean flag=false; if(object==null) flag=false; if(this==object) flag= true; if(!(object instanceof User)) flag= false; if(object instanceof User) { User that = (User) object; if (this.getName().equals(that.getName())) { flag= true; } } System.out.println("flag="+flag); return flag; }
/**//** * toString * * @return String * @todo Implement this java.security.Principal method */ public String toString() { return this.getName(); }
/**//** * hashCode * * @return int * @todo Implement this java.security.Principal method */ public int hashCode() { return username.hashCode(); }
/**//** * getName * * @return String * @todo Implement this java.security.Principal method */ public String getName() { return this.username; }
}
package tomcat.test;
import java.security.Principal;
public class Role implements Principal { private String rolename; public Role(String rolename) { this.rolename=rolename; }
/**//** * equals * * @param object Object * @return boolean * @todo Implement this java.security.Principal method */ public boolean equals(Object object) { System.out.print("object="+object.getClass().toString()); boolean flag=false; if(object==null) flag=false; if(this==object) flag= true; if(!(object instanceof Role)) flag= false; if(object instanceof Role) { Role that = (Role) object; if (this.getName().equals(that.getName())) { flag= true; } } System.out.println("flag="+flag); return flag;
}
/**//** * toString * * @return String * @todo Implement this java.security.Principal method */ public String toString() { return this.getName(); }
/**//** * hashCode * * @return int * @todo Implement this java.security.Principal method */ public int hashCode() { return rolename.hashCode(); }
/**//** * getName * * @return String * @todo Implement this java.security.Principal method */ public String getName() { return this.rolename; } }
3.把编辑的JAR包放到TOMCAT的CLASSPATH目录.
4.编辑jaas.config文件,使用自定义的LoginMoudle.
MyFooRealm{ tomcat.test.TestLoginMoudle required debug=true; };
设置系统变量 JAVA_OPTS=-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.config
5.编辑WEB.XML文件,加入J2EE角色控制.
6.编辑%TOMCAT_HOME%/conf/server.xml文件,添加JAASRealm.类似:
<Realm className="org.apache.catalina.realm.JAASRealm" appName="MyFooRealm" userClassNames="tomcat.test.User" roleClassNames="tomcat.test.Role" debug="99"/>
7.重新启动TOMCAT.
浙公网安备 33010602011771号