- 浏览: 290296 次
- 性别:
- 来自: 上海
文章分类
- 全部博客 (155)
- Liferay portal研究 (23)
- spring研究 (7)
- Displaytag (2)
- Flash Builder (0)
- 搜索引擎 (12)
- 杂项 (17)
- SCM管理 (7)
- Jquery (5)
- Linux (7)
- Oracle (10)
- httpd集成 (3)
- Maven2 (5)
- 企业管理 (1)
- tomcat高级 (4)
- dos命令 (1)
- ldap (2)
- Java (8)
- webservice (1)
- jetty代码研究 (3)
- OpenCMS (1)
- JMX (2)
- hibernate (5)
- Ant (1)
- js tree (4)
- Quartz (0)
- CMS (1)
- springside (1)
- proxool (1)
- freemarker (1)
- Cookie (1)
- CAS SSO (4)
- mysql (1)
- php (1)
- js (2)
- Asset (1)
- openmeeting (1)
- h2数据库 (2)
- wcf vs java ws (1)
最新评论
-
22199143:
...
当在重启Tomcat容器时 Exception in Thread "HouseKeeper" java.lang.NullPointerException -
liuqq:
一直用Oracle开发,几乎没有接触过其他数据库。使用Mysq ...
The Nested Set Model -
yjsxxgm:
yjsxxgm 写道FFFFFFFFFFFFFFFWWW
java 访问wcf -
yjsxxgm:
FFFFFFFFFFFFFFF
java 访问wcf -
hjp222:
scanIntervalSeconds 是重新启动,并非真正的 ...
Jetty 热部署
本例是认证的实现,JAAS定义了可插拔的认证机制,使认证逻辑独立开来,可通过修改配置文件切换认证模块。
官方参考:
http://java.sun.com/products/archive/jaas/
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html
security.pdf
一、配置文件及设置
1. 配置文件(假设为D:/jaas.conf):
Sample
{
com.fastunit.samples.jaas.SampleLoginModule required debug=false;
};
此文件定义了一个“Sample”验证模块,使用SampleLoginModule来进行验证。
2. 启用配置文件:
-Djava.security.auth.login.config=D:/jaas.conf
二、客户端调用
- package javaapplication3;
- import javax.security.auth.login.LoginContext;
- import javax.security.auth.login.LoginException;
- /**
- *
- * @author Dao
- */
- public class LoginManager
- {
- public LoginManager()
- {
- }
- public static void main(String[] args)
- {
- try
- {
- String username = "username";
- String password = "password";
- //此处指定了使用配置文件的“Sample"验证模块,对应的实现类为SampleLoginModule
- LoginContext lc = new LoginContext("Sample", new SampleCallbackHandler(username, password));
- //进行登录操作,如果验证失败会抛出异常
- lc.login();
- }
- catch (LoginException e)
- {
- e.printStackTrace();
- }
- catch (SecurityException e)
- {
- e.printStackTrace();
- }
- }
- }
package javaapplication3; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; /** * * @author Dao */ public class LoginManager { public LoginManager() { } public static void main(String[] args) { try { String username = "username"; String password = "password"; //此处指定了使用配置文件的“Sample"验证模块,对应的实现类为SampleLoginModule LoginContext lc = new LoginContext("Sample", new SampleCallbackHandler(username, password)); //进行登录操作,如果验证失败会抛出异常 lc.login(); } catch (LoginException e) { e.printStackTrace(); } catch (SecurityException e) { e.printStackTrace(); } } }
- package javaapplication3;
- import java.io.IOException;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.NameCallback;
- import javax.security.auth.callback.PasswordCallback;
- import javax.security.auth.callback.UnsupportedCallbackException;
- /**
- *
- * @author Dao
- */
- public class SampleCallbackHandler implements CallbackHandler
- {
- private String username;
- private String password;
- public SampleCallbackHandler(String username, String password)
- {
- this.username = username;
- this.password = password;
- }
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
- {
- for (int i = 0; i < callbacks.length; i++)
- {
- if (callbacks[i] instanceof NameCallback)
- {
- NameCallback ncb = (NameCallback) callbacks[i];
- ncb.setName(this.username);
- }
- else if (callbacks[i] instanceof PasswordCallback)
- {
- PasswordCallback pcb = (PasswordCallback) callbacks[i];
- pcb.setPassword(this.password.toCharArray());
- }
- }
- }
- }
package javaapplication3; import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; /** * * @author Dao */ public class SampleCallbackHandler implements CallbackHandler { private String username; private String password; public SampleCallbackHandler(String username, String password) { this.username = username; this.password = password; } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { NameCallback ncb = (NameCallback) callbacks[i]; ncb.setName(this.username); } else if (callbacks[i] instanceof PasswordCallback) { PasswordCallback pcb = (PasswordCallback) callbacks[i]; pcb.setPassword(this.password.toCharArray()); } } } }
三、验证实现
- package javaapplication3;
- import java.io.IOException;
- import java.util.Map;
- import javax.security.auth.Subject;
- import javax.security.auth.callback.Callback;
- import javax.security.auth.callback.CallbackHandler;
- import javax.security.auth.callback.NameCallback;
- import javax.security.auth.callback.PasswordCallback;
- import javax.security.auth.callback.UnsupportedCallbackException;
- import javax.security.auth.login.LoginException;
- import javax.security.auth.spi.LoginModule;
- /**
- *
- * @author Dao
- */
- public class SampleLoginModule implements LoginModule
- {
- private boolean isAuthenticated = false;
- private CallbackHandler callbackHandler;
- private Subject subject;
- private SamplePrincipal principal;
- public SampleLoginModule()
- {
- }
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options)
- {
- this.subject = subject;
- this.callbackHandler = callbackHandler;
- }
- public boolean login() throws LoginException
- {
- try
- {
- NameCallback nameCallback = new NameCallback("username");
- PasswordCallback passwordCallback = new PasswordCallback("password", false);
- Callback[] calls = new Callback[]{nameCallback, passwordCallback};
- this.callbackHandler.handle(calls);
- //获得用户数据
- String username = nameCallback.getName();
- String password = String.valueOf(passwordCallback.getPassword());
- //TODO验证,如:查询数据库、LDAP。。。
- if (true) //此处省去了实际的验证逻辑,在此假设验证通过
- {
- this.principal = new SamplePrincipal(username);
- this.isAuthenticated = true;
- }
- else
- {
- throw new LoginException("user or password is wrong");
- }
- }
- catch (IOException e)
- {
- throw new LoginException("no such user");
- }
- catch (UnsupportedCallbackException e)
- {
- throw new LoginException("login failure");
- }
- return this.isAuthenticated;
- }
- /**
- * 验证后处理,在Subject中加入用户对象
- * @return
- * @throws javax.security.auth.login.LoginException
- */
- public boolean commit() throws LoginException
- {
- if (this.isAuthenticated)
- {
- this.subject.getPrincipals().add(this.principal);
- }
- else
- {
- throw new LoginException("Authentication failure");
- }
- return this.isAuthenticated;
- }
- public boolean abort() throws LoginException
- {
- return false;
- }
- public boolean logout() throws LoginException
- {
- this.subject.getPrincipals().remove(this.principal);
- this.principal = null;
- return true;
- }
- }
package javaapplication3; import java.io.IOException; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; /** * * @author Dao */ public class SampleLoginModule implements LoginModule { private boolean isAuthenticated = false; private CallbackHandler callbackHandler; private Subject subject; private SamplePrincipal principal; public SampleLoginModule() { } public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) { this.subject = subject; this.callbackHandler = callbackHandler; } public boolean login() throws LoginException { try { NameCallback nameCallback = new NameCallback("username"); PasswordCallback passwordCallback = new PasswordCallback("password", false); Callback[] calls = new Callback[]{nameCallback, passwordCallback}; this.callbackHandler.handle(calls); //获得用户数据 String username = nameCallback.getName(); String password = String.valueOf(passwordCallback.getPassword()); //TODO验证,如:查询数据库、LDAP。。。 if (true) //此处省去了实际的验证逻辑,在此假设验证通过 { this.principal = new SamplePrincipal(username); this.isAuthenticated = true; } else { throw new LoginException("user or password is wrong"); } } catch (IOException e) { throw new LoginException("no such user"); } catch (UnsupportedCallbackException e) { throw new LoginException("login failure"); } return this.isAuthenticated; } /** * 验证后处理,在Subject中加入用户对象 * @return * @throws javax.security.auth.login.LoginException */ public boolean commit() throws LoginException { if (this.isAuthenticated) { this.subject.getPrincipals().add(this.principal); } else { throw new LoginException("Authentication failure"); } return this.isAuthenticated; } public boolean abort() throws LoginException { return false; } public boolean logout() throws LoginException { this.subject.getPrincipals().remove(this.principal); this.principal = null; return true; } }
- package javaapplication3;
- import java.security.Principal;
- /**
- *
- * @author Dao
- */
- public class SamplePrincipal implements Principal
- {
- private String name;
- public SamplePrincipal(String name)
- {
- this.name = name;
- }
- public String getName()
- {
- return name;
- }
- public boolean equals(Object ob)
- {
- if (ob instanceof SamplePrincipal)
- {
- SamplePrincipal principal = (SamplePrincipal) ob;
- return this.name.equalsIgnoreCase(principal.getName());
- }
- return false;
- }
- public int hashCode()
- {
- return name.toUpperCase().hashCode();
- }
- }
发表评论
-
ogl的入门
2010-03-30 08:24 1360http://jxb8901.iteye.com/blog/2 ... -
JAAS HelloWorld
2010-03-04 17:09 1221Examples: JAAS HelloWorld Thes ... -
liferay sso
2010-01-28 16:18 2302基于Liferay的CAS SSO ... -
liferay 权限
2010-01-04 13:49 1551liferay的权限很多资料说 ... -
liferay多数据源
2009-12-15 15:46 1755Configure MySQL Master/Slave ... -
杂项2
2009-11-18 21:44 897function <portlet:namespace ... -
Simple Apache CXF web service integration
2009-11-18 20:24 1176For those who wants to use the ... -
LiferayCounter机制
2009-10-24 14:08 1025public long increment(String na ... -
lifery 老的资源
2009-10-23 14:40 820http://docs.liferay.com/portal/ ... -
liferay portal 的开发目录结构
2009-10-17 11:59 1702portal-kenel.jar 不依赖任何非标准jar(只依 ... -
liferay 常用urls
2009-10-16 22:43 914http://blog.csdn.net/smilingleo ... -
liferay 调用webservice
2009-10-16 22:34 4516Liferay是基于SOA理念设计的,很容易通过Web Ser ... -
Database Sharding
2009-10-15 12:40 1553Database sharding is a way of s ... -
Liferay权限管理的讲解
2009-10-12 21:37 1518这篇文章讲解了liferay中使用的权限管理系统的内部细节,涉 ... -
ServiceContext Pattern
2009-10-12 21:30 1000The Service Context is an objec ... -
Liferay性能调优
2009-10-12 21:25 2173CONTRIBUTIONS WANTED Corné|Corn ... -
Liferay重要对象-Layout
2009-10-12 21:19 2188A layout is an instance of a si ... -
liferay常用配置
2009-10-12 20:47 1136在实际需求中,如果是做网站那我们有时候会有这样的需求,即希望用 ... -
liferay学习系列(3)
2009-10-11 20:16 1224在一个Portlet中链接到另一个Portlet 这个问题,应 ... -
liferay学习系列(2)
2009-10-07 20:31 6923想做个用户积分管理,类似于论坛积分的概念,首先在用户管理里面添 ...
相关推荐
jaas 入门经典实例,jaas 入门经典实例,jaas 入门经典实例jaas 入门经典实例,jaas 入门经典实例
学习jaas入门经典实例,学习jaas入门经典实例,学习jaas入门经典实例,学习jaas入门经典实例,学习jaas入门经典实例
NULL 博文链接:https://andilyliao.iteye.com/blog/407192
JAAS 身份验证技术入门 作者 马林
JAAS简单入门例子
JAAS基础教程,学习JAAS的入门好资料,适合初学,也适合深入学习,不错的教程。
服务:JNDI JDBC RMI JAAS JavaMail等等 Java EE包括2个体系:标准(上面介绍的)+流行(Struts+Hibernate+Spring) 两套体系都是JSP+Servlet为基础。 2 JSP会涉及哪些内容 JSP语法基础(Java+HTML)...
eclipse.zip //01.Eclipse入门样例 database.zip //02.数据库文件 (2)EJB入门样例 EJBTest.zip //03.EJB入门样例——HelloWorld EJBTestJava.zip //03.Java测试客户端 EJBTestJSP.zip //03.JSP...
eclipse.zip //01.Eclipse入门样例 database.zip //02.数据库文件 (2)EJB入门样例 EJBTest.zip //03.EJB入门样例——HelloWorld EJBTestJava.zip //03.Java测试客户端 EJBTestJSP.zip //03.JSP...
eclipse.zip //01.Eclipse入门样例 database.zip //02.数据库文件 (2)EJB入门样例 EJBTest.zip //03.EJB入门样例——HelloWorld EJBTestJava.zip //03.Java测试客户端 EJBTestJSP.zip //03.JSP...
eclipse.zip //01.Eclipse入门样例 database.zip //02.数据库文件 (2)EJB入门样例 EJBTest.zip //03.EJB入门样例——HelloWorld EJBTestJava.zip //03.Java测试客户端 EJBTestJSP.zip //03.JSP...
消息摘要,消息验证码,数字签名,口令保护,数字证书和证书链的生成、签发、检验和维护,SSL和HTTPS客户及服务器程序、基于代码位置和签发者的授权,签名Java Applet以及基于身份的验证和授权(JAAS)等。...
入门 简介 Spring Security是什么? 历史 发布版本号 Getting Spring Security Spring Security 4.1新特性 Java 配置提升 Web应用程序安全性提升 授权改进 密码模块的改进 测试的改进 一般的改进 样品和指南 (Start ...
这个wiki提供jetty的入门教程、基础配置、功能特性、优化、安全、JavaEE、监控、常见问题、故障排除帮助等等。它包含教程、使用手册、视频、特征描述、参考资料以及常见问题。 Jetty文档 ---------------- 入门...
2.7.6rc1.jar asm.jar asm-attrs.jar cglib-2.1.3.jar commons-collections-2.1.1.jar commons-logging-1.0.4.jar dom4j-1.6.1.jar ehcache-1.1.jar hibernate3.jar jaas.jar jaxen-...
本书于2011-11月出版,此为该书的前面部分章节电子版 首先,这是一本高水平的书,作为对Oracle 在线文档和其他Java EE 及WebLogic ...● JAAS、SAML 1.1 和2.0、XACML、SSL、TLS 1.0、JSSE ● JMX、SNMP、WLST、WLDF
第二部分详细讲解了jsf ri、jta、jndi、rmi、jms、javamail、ejb 3的session bean、message driven bean、jpa、jax-ws 2、jaas等java ee知识,这部分知识以jsf+ejb 3+jpa整合开发为重点,通过使用netbeans ide工具...
入门 1. 介绍 1.1. Spring Security是什么? 1.2. 历史 1.3. 发行版本号 1.4. 获得Spring Security 1.4.1. 项目模块 1.4.1.1. Core - spring-security-core.jar 1.4.1.2. Web - spring-security-...
入门 1. 介绍 1.1. Spring Security是什么? 1.2. 历史 1.3. 发行版本号 1.4. 获得Spring Security 1.4.1. 项目模块 1.4.1.1. Core - spring-security-core.jar 1.4.1.2. Web - spring-security-web.jar ...
入门 1. 介绍 1.1. Spring Security 是什么? 1.2. 历史 1.3. 发行版本号 1.4. 获得Spring Security 1.4.1. 项目模块 1.4.1.1. Core - spring-security-core.jar 1.4.1.2. Web - spring-security-...