生活已是百般艰难,为何不努力一点。下面图老师就给大家分享JAAS 实现in Struts Web App使用XMLPolicy文件不改变VM安全,希望可以让热爱学习的朋友们体会到设计的小小的乐趣。
【 tulaoshi.com - 编程语言 】
JAAS参考资料中流行的文章是扩展JAAS实现类实例级授权%@ taglib uri="/tags/struts-logic" prefix="logic" %
logic:redirect forward="index"/
%-- welcome.jsp
Redirect default requests to Welcome global ActionForward.
By using a redirect, the user-agent will change address to match the path of our Welcome ActionForward.
--%
%@ page contentType="text/Html; charset=UTF-8"%
%@ taglib uri="/tags/struts-bean" prefix="bean"%
%@ taglib uri="/tags/struts-html" prefix="html"%
%@ taglib uri="/tags/struts-logic" prefix="logic"%
html:html
TitleLogon/Title
body
html:form action="/LoginAction.do"
pUser ID: input type="text" name="userID" value="tyrone" /br
Passord: input type="passWord" name="password" value="password"/br
html:submit //p
/html:form
/body
/html:html
?xml version="1.0" encoding="ISO-8859-1" ?
!DOCTYPE struts-config PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 1.2//EN"
"http://jakarta.apache.org/struts/dtds/struts-config_1_2.dtd"
struts-config
!-- ================================================ Form Bean Definitions --
form-beans
!--2 Login formbean--
form-bean
name="LoginForm"
type="com.nova.colimas.web.form.LoginForm"/
/form-beans
global-forwards
!-- Default forward to "Welcome" action --
!-- Demonstrates using index.jsp to forward --
forward
name="index"
path="/index.do"/
/global-forwards
!-- =========================================== Action Mapping Definitions --
action-mappings
!-- Default "Welcome" action --
!-- Forwards to Welcome.jsp --
action path="/index"
type="com.nova.colimas.web.action.StartupServlet"
forward name="sUCcess" path="/pages/index.jsp"/
/action
!-- 2 Login --
action path="/LoginAction"
type="com.nova.colimas.web.action.LoginAction"
name="LoginForm"
scope="request"
input="/pages/indexcon.jsp"
validate="true"
forward name="success" path="/pages/index.jsp"/
forward name="failure" path="/pages/index.jsp"/
/action
/action-mappings
/struts-config
public class StartupServlet extends Action {
public ActionForward execute(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception{
// Initialization of the log
//LoggerFactory.setFactory(new EPricerLogFactory ());
//Log.info (this, "Startup of Settings application");
initJAAS();
return mapping.findForward("success");
}
//初始化JAAS需要的系统属性
private void initJAAS(){
//set env variable
//用于认证JAASConstants接口内保存login.config文件地址 System.setProperty("java.security.auth.login.config",JAASConstants.AUTH_SECURITY_LOGINFILE);
}
}public interface JAASConstants {
String AUTH_SECURITY_POLICYXMLFILE="D:MyProjectcolimasclms-webcolimassecurity-policy.xml";
String AUTH_SECURITY_LOGINFILE="D:MyProjectcolimasclms-webcolimaslogin.config";
String AUTH_SECURITY_MODULENAME="ColimasLogin";
}ColimasLogin {
com.nova.colimas.security.auth.ColimasLoginModule required debug=true;
};/*
* Created on 2005/07/01
*
* TODO To change the template for this generated file go to
* Window - Preferences - Java - Code Style - Code Templates
*/
package com.nova.colimas.security.auth;
import java.util.*;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import javax.security.auth.spi.LoginModule;
//import java.security.*;
//import org.w3c.dom.traversal.*;
import org.w3c.dom.*;
//import org.apache.XPath.*;
/**
* @author tyrone
*
* TODO To change the template for this generated type comment go to
* Window - Preferences - Java - Code Style - Code Templates
*/
public class ColimasLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private boolean debug = false;
private boolean succeeded = false;
private boolean commitSucceeded = false;
private String username;
private char[] password;
/**
* Initializes the codeLoginModule/code.
*
* @param subject the codeSubject/code to be authenticated.
*
* @param callbackHandler a codeCallbackHandler/code for
* prompting and retrieving the userid and password from the user.
*
* @param sharedState shared codeLoginModule/code state.
*
* @param options options specified in the login configuration
* file for this codeLoginModule/code.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
// initialize configuration options
debug = "true".equalsIgnoreCase((String) options.get("debug"));
}
/**
* Prompts the user for a userid and password.
*
* @return true if the authentication succeeded,
* or false if this LoginModule should be ignored
*
* @exception FailedLoginException if the authentication fails.
*
* @exception LoginException if the codeLoginModule/code
* is unable to authenticate.
*/
public boolean login() throws LoginException {
if (callbackHandler == null)
throw new LoginException("Error: CallbackHandler cannot be null");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("userid: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback) callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
}
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
((PasswordCallback) callbacks[1]).clearPassword();
} catch (java.io.IOException e) {
throw new LoginException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new LoginException("Error: " + e.getMessage());
}
if(debug) {
//System.out.println("ColimasLoginModule: userid = " + username);
String pwd = new String(password);
System.out.println("ColimasLoginModule: password = " + pwd);
}
// Check the userid and password
if (isValidUser(username, password)) {
// authentication succeeded
if(debug)
System.out.println("ColimasLoginModule: authentication succeeded");
succeeded = true;
return true;
} else {
// authentication failed
if(debug)
System.out.println("ColimasLoginModule: authentication failed");
succeeded = false;
// clear the values
username = null;
password = null;
throw new FailedLoginException("Invalid userid or password");
}
}
/**
* This method is called if the LoginContext's overall authentication
* succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and
* OPTIONAL LoginModules succeeded).
* p
* If this LoginModule's own authentication attempt succeeded
* (checked by retrieving the private state saved by the
* codelogin/code method), then this method associates the
* relevant codePrincipAlexamples/code with the
* codeSubject/code located in the codeLoginModule/code.
* If this LoginModule's own authentication attempted failed, then
* this method removes any state that was originally saved.
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit attempts
* succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if(succeeded == false)
return false;
subject.getPrincipals().add(new PrincipalUser(username));
subject.getPrincipals().addAll(getUserRoles(username));
username = null;
password = null;
commitSucceeded = true;
return true;
}
/**
* This method is called if the LoginContext's overall
* authentication failed. (the relevant REQUIRED, REQUISITE,
* SUFFICIENT and OPTIONAL LoginModules did not succeed).
* p
* If this LoginModule's own authentication attempt succeeded
* (checked by retrieving the private state saved by the
* codelogin/code and codecommit/code methods),
* then this method cleans up any state that was originally
* saved.
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
if (succeeded == false)
return false;
if(succeeded == true && commitSucceeded == false) {
// login succeeded but overall authentication failed
succeeded = false;
username = null;
password = null;
} else {
// overall authentication succeeded and commit
// succeeded, but someone else's commit failed.
Logout();
}
return true;
}
/**
* Logouts a Subject.
* p
* This method removes the codePrincipalExample/code
* instances that were added by the codecommit/code
* method.
*
* @exception LoginException if the Logout fails.
*
* @return true if this method succeeded, or false if this
* LoginModule should be ignored.
*/
public boolean Logout() throws LoginException {
subject.getPrincipals().clear();
succeeded = false;
succeeded = commitSucceeded;
username = null;
password = null;
return true;
}
/**
* Searches the users XML file for the specified
* userid and password.
*/
private boolean isValidUser(String uid, char[] passwd) {
try {
/*get userid and password from db */
String name="tyrone1979";
String password="197913";
if (uid.equals(name)){
if (password.equals(new String(password)))
return true;
}
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.getMessage());
}
return false;
}
/**
* Searches the user's group XML file and returns a
* collection of PrincipalExamples for each group
* a user is a member of.
*/
private Collection getUserRoles(String username) {
Collection collection =null;
try {
/*
get Roles from db
*/
ArrayList roles=new ArrayList();
roles.add(new PrincipalUser("00001"));
collection=roles;
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e.getMessage());
}
return collection;
}
}
public class LoginCallbackHandler implements CallbackHandler {
private String name=null;
private String password=null;
public LoginCallbackHandler(String name,String password){
super();
this.name=name;
this.password=password;
}
/**
* @see CallbackHandler#handle(Callback[])
*/
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i callbacks.length; i++) {
if (callbacks[i] instanceof TextOutputCallback) {
TextOutputCallback textOutputCallback = (TextOutputCallback) callbacks[i];
switch (textOutputCallback.getMessageType()) {
case TextOutputCallback.INFORMATION :
//System.out.println(textOutputCallback.getMessage());
break;
case TextOutputCallback.ERROR :
//System.out.println("ERROR: " + textOutputCallback.getMessage());
break;
case TextOutputCallback.WARNING :
//System.out.println("WARNING: " + textOutputCallback.getMessage());
break;
default :
throw new IOException("Invalid message type: " + textOutputCallback.getMessageType());
}
} else if(callbacks[i] instanceof NameCallback) {
// prompt the user for a userid
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(this.name);
} else if(callbacks[i] instanceof PasswordCallback) {
// prompt the user for the password
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(this.password.toCharArray());
} else {
throw new UnsupportedCallbackException(callbacks[i], "Invalid Callback");
}
}
}
}public class LoginAction extends Action {
LoginContext loginContext=null;
LoginForm loginForm=null;
public ActionForward execute(ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception{
/**
* 1 get Login form Bean
* 2 get the value
* 3 call JAAS Login Module
*/
try {
loginForm=(LoginForm)form;
loginContext=new LoginContext(JAASConstants.AUTH_SECURITY_MODULENAME, new LoginCallbackHandler(loginForm.getUserID(),loginForm.getPassword()));
}catch(SecurityException e){
e.printStackTrace();
} catch (LoginException e) {
e.printStackTrace();
//System.exit(-1);
}
// Authenticate the user
try {
loginContext.login();//先运行ColimasLoginModule的initialize(Subject, CallbackHandler, Map, Map)方法,然后运行ColimasLoginModule的login()
System.out.println("Creating a new UserProfile...");
System.out.println("Successfully!");
} catch (Exception e) {
System.out.println("Unexpected Exception - unable to continue");
e.printStackTrace();
//System.exit(-1);
return mapping.findForward("failure");
}
return mapping.findForward("success");
}
} 来源:http://www.tulaoshi.com/n/20160219/1603148.html
看过《JAAS 实现in Struts Web App使用XMLPolicy文件不改变VM安全》的人还看了以下文章 更多>>
