星期六, 九月 13, 2008

JBOSS JAAS如何编写自己的身份(principal)?

详细的步骤在:http://wiki.jboss.org/wiki/UsingCustomPrincpalsWith
不过经过事件发现只需要重载两个方法就可以了。如果直接从org.jboss.security.auth.spi.DatabaseServerLoginModule扩展,这样可以利用JBOSS已经有的密码加密,编码等其他一些特性,不需要再重写。

类似如下:
public class StandardLoginModule extends DatabaseServerLoginModule
编写自己的定制身份类Principal,可以加入除了名字之外的其他属性.

public class userPropertiesPrincipal extends SimplePrincipal
{
//User's property
private String email;
public String getEmail()
{
return email;
}
public void setEmail(String email)
{
this.email=email;
}
//gender
private String gender;
public String getGender()
{
return gender;
}
public void setGender(String gender)
{
this.gender=gender;
}
public userPropertiesPrincipal(String name)
{
super(name);
}

}

必须重载的三个方法(红色)
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
   public boolean login() throws LoginException
   {
}
   protected Principal getIdentity()
   {
 可能需要重载的类.
  protected Group[] getRoleSets() throws LoginException
  {}

具体设置步骤:在login-config.xml里加入,通过
principalClass来制定自己定制的身份类.也注意加入了
userPropertiesQuery,这个需要在initialize方法中从Map options中取出来,如下:
      super.initialize(subject, callbackHandler, sharedState, options);
     
      userPropertiesQuery=(String ) options.get("userPropertiesQuery");
      if(userPropertiesQuery==null)
       userPropertiesQuery="select * from sysUser where userid=?";
     

   <application-policy name = "seamAC">
      <authentication>
  
         <login-module code = "org.security.login.jass.StandardLoginModule"
            flag = "required">

            <module-option name = "dsJndiName">java:/SecMasterDS</module-option>
            <module-option name = "principalsQuery">select password from sysUser where userid=? </module-option>
            <module-option name = "userPropertiesQuery">select * from sysUser where userid=? </module-option>            
            <module-option name = "rolesQuery">SELECT A.roleID as Role,'Roles' FROM sysRoles A,UserRoles B WHERE A.roleID=B.roleID AND B.userId=?</module-option>
            <module-option name = "debug">true</module-option>
            <module-option name="principalClass">org.security.login.jass.userPropertiesPrincipal</module-option>
<!--Password is md5 encrypt-->
      <module-option name="hashAlgorithm">MD5</module-option>
           <module-option name ="hashEncoding">HEX</module-option>
         </login-module>
      </authentication>
   </application-policy>

Web.xml中必须指明使用使用JAAS Security Manage RealM

<Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
  certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
  allRolesMode="authOnly"
  debug="99"
 />
发帖者 时间: