如何将 Subject 关联 访问控制上下文
策略文件
/** Java 2 Access Control Policy for the JAAS Sample Application **/
/* grant the sample LoginModule permissions */
grant codebase "file:./DemoLoginModule.jar" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
};
grant codebase "file:./DemoAzn.jar" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
};
/** User-Based Access Control Policy for the SampleAction class
** instantiated by SampleAzn
**/
grant codebase "file:./DemoAction.jar",
Principal jaas.DemoPrincipal "testUser" {
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "foo.txt", "read";
};
运行授权代码
1、将以下文件放入一个文件夹:
-- Demo.conf 登录配置文件
-- DemoAzn.policy 策略文件
2、创建子文件夹 jaas ,放入以下文件
-- DemoClient.java
-- DemoAction.java
-- DemoLoginModule.java
-- DemoPrincipal.java
3、在顶层目录,编译源文件
4、创建命为DemoAzn.jar的JAR文件,包含DemoClient.class和DemoCallbackHandler.class
jar -cvf DemoAzn.jar jaas/DemoClient.class jaas/DemoCallbackHandler.class
5、创建命为DemoAction.jar的JAR文件,包含DemoAction.class
jar -cvf DemoAction.jar jaas/DemoAction.class
6、创建命为DemoLoginModule.jar的JAR文件,包含DemoLoginModule.class和DemoPrincipal.class
jar -cvf DemoLoginModule.jar jaas/DemoLoginModule.class jaas/DemoPrincipal.class
7、执行程序
java -classpath DemoAzn.jar:DemoAction.jar:DemoLoginModule.jar
-Djava.security.manager
-Djava.security.policy==DemoAzn.policy
-Djava.security.auth.login.config==Demo.conf jaas.DemoClient