JBoss LoginInitialContext Factory Implementation

      Jboss has a series of implementation of InitialContext Factory, but  this blog only concentrated on org.jboss.security.jndi.LoginInitialContextFactory, and I was planned to prestent this issue as Two main part, Part One: Theroy-based(including some definition of LoginInitialContextFactory, InitialContext Properties description), and Part Two: Demo-based(Complete a simple demo which use LoginInitialContextFactory).

 

PART ONE: The Login InitialContext Factory Implementation

1. why LoginInitialContextFactory?

      JAAS is the preferred method for authenticating a remote client to JBoss. However, for simplicity and to ease the migration from other application server environment that does not use JAAS, JBoss allows you the security credentials to be passed through the InitialContext, so the LoginInitialContextFactory came out.

 

2. Originally or Old version JBoss DO NOT support LoginInitialContextFactory.

      Historically JBoss has not supported providing login information via the InitialContext factory environment. The reason being that is JAAS provides a much more flexible framework. For simplicity and migration from other application server environment that do make use of this mechanism, since jboss-3.0.3 there has been an InitialContext factory implementation that allow this.

 

3. How the LoginInitialContextFactory work(authenticating clients through JAAS)?

      Authough this kinds of authentication is thought as J2EE JAAS, but there is no manifest use of the JAAS interface in the client application, Only be taken placed in Server which we can say what JAASis used under the covers.

      What this basically does is that when the client is trying to download the naming proxy on the client side, JAAS login is performed with the login configuration name to be equal to the name passed in Context.SECURITY_PROTOCOL, username and credential from the context information. Only after the login succeeds, will the naming proxy be returned.

 

4. InitialContext environment properties for LoginInitialContextFactory

      The factory class that provides this capability is the org.jboss.security.jndi.LoginInitialContextFactory. The complete set of supported InitialContext environment properties for this factory as the below Table:

NameDescriptionValue

java.naming.factory.initial

(Context.INITIAL_CONTEXT_FACTORY )

The name of the environment property for specifying the initial context factory,org.jboss.security.jndi.LoginInitialContextFactory

java.naming.provider.url

(java.naming.provider.url )

  

java.naming.security.principal

(Context.SECURITY_PRINCIPAL )

The principal to authenticateThis may be either a java.security.Principal implementation or a string representing the name of a principal.

java.naming.security.credentials

(Context.SECURITY_CREDENTIALS )

The credentials that should be used to authenticate the principal 
java.naming.factory.url.pkgs For all JBoss JNDI provider this must be
org.jboss.naming:org.jnp.interfaces

java.naming.security.protocol

(Context.SECURITY_PROTOCOL)

This gives the name of the
JAAS login module to use for the authentication of the principal and credentials.
 

Sample Java Code for this properties:

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
env.put(Context.PROVIDER_URL, "jnp://192.168.68.83");
env.put(Context.SECURITY_PRINCIPAL, "principal ");
env.put(Context.SECURITY_CREDENTIALS, "credentials ");
new InitialContext(env);

 

PART TWO: a simple Demo to use The Login InitialContext Factory Implementation

1. deploy a ejb on JBoss, the session bean class and remote interfaces as following:

public interface TestService {
	public abstract String ping();
	public abstract String getDate();
}

 

public interface TestServiceLocal extends TestService {

}

 

@Stateless
@Remote(TestService.class)
@Local(TestServiceLocal.class)
@TransactionManagement(TransactionManagementType.CONTAINER)
@TransactionAttribute(TransactionAttributeType.REQUIRED)
@PermitAll
public class LoginInitialContextFactoryTestSession implements TestServiceLocal{

	public String ping() {
		return "Ping LoginInitialContextFactoryTestSession suceessful...";
	}

	public String getDate() {
		return "[" + new SimpleDateFormat("yyyy-MM-dd'T'kk:mm:ss").format(new Date()) + "]";
	}

}

 as depicted: LoginInitialContextFactoryTestSession is a stateless seeion bean, it own a remote interface and local interface, also need transaction attribute and security setting. when we complete the deploy we can use LoginInitialContextFactory as factoty and pass the princial and credencials what to execute JAAS authentication and authrization, as fllowing code:

File authFile = new File("D:/dev-tools/jboss-eap-4.3/jboss-as/client/auth.conf");   
System.setProperty("java.security.auth.login.config", "file:///" + authFile.getAbsolutePath()); 
		
        Properties properties = new Properties();
        properties.setProperty(Context.INITIAL_CONTEXT_FACTORY , "org.jboss.security.jndi.LoginInitialContextFactory");
        properties.setProperty(Context.PROVIDER_URL, "jnp://192.168.68.83:1099");
        properties.setProperty(Context.SECURITY_PRINCIPAL, "homeTest");
        properties.setProperty(Context.SECURITY_CREDENTIALS, "kylin");
        
        Context ctx = new InitialContext(properties);
        TestService stub = (TestService) ctx.lookup("home-test-v2/LoginInitialContextFactoryTestSession/remote");
        System.out.println(stub);
        System.out.println(stub.ping());
        System.out.println(stub.getDate());

 

run the method the output stream will print:

jboss.j2ee:ear=home-test-v2.ear,jar=LoginInitialContextFactoryTestSession.jar,name=LoginInitialContextFactoryTestSession,service=EJB3
Ping LoginInitialContextFactoryTestSession suceessful...
[2011-05-19T16:28:36]

 

ENDING...

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值