JAAS: Java Authentication and Authorization Service

最新推荐文章于 2024-09-25 11:06:23 发布
最新推荐文章于 2024-09-25 11:06:23 发布
阅读量138 收藏
点赞数
分类专栏: Java Security 文章标签: java 数据库

Subject:

 

/**
 * <p> A <code>Subject</code> represents a grouping of related information
 * for a single entity, such as a person.
 * Such information includes the Subject's identities as well as
 * its security-related attributes
 * (passwords and cryptographic keys, for example).
 *
 * <p> Subjects may potentially have multiple identities.
 * Each identity is represented as a <code>Principal</code>
 * within the <code>Subject</code>.  Principals simply bind names to a
 * <code>Subject</code>.  For example, a <code>Subject</code> that happens
 * to be a person, Alice, might have two Principals:
 * one which binds "Alice Bar", the name on her driver license,
 * to the <code>Subject</code>, and another which binds,
 * "999-99-9999", the number on her student identification card,
 * to the <code>Subject</code>.  Both Principals refer to the same
 * <code>Subject</code> even though each has a different name.
 *
 * <p> A <code>Subject</code> may also own security-related attributes,
 * which are referred to as credentials.
 * Sensitive credentials that require special protection, such as
 * private cryptographic keys, are stored within a private credential
 * <code>Set</code>.  Credentials intended to be shared, such as
 * public key certificates or Kerberos server tickets are stored
 * within a public credential <code>Set</code>.  Different permissions
 * are required to access and modify the different credential Sets.
 *
 * <p> To retrieve all the Principals associated with a <code>Subject</code>,
 * invoke the <code>getPrincipals</code> method.  To retrieve
 * all the public or private credentials belonging to a <code>Subject</code>,
 * invoke the <code>getPublicCredentials</code> method or
 * <code>getPrivateCredentials</code> method, respectively.
 * To modify the returned <code>Set</code> of Principals and credentials,
 * use the methods defined in the <code>Set</code> class.
 * For example:
 * <pre>
 *	Subject subject;
 *	Principal principal;
 *	Object credential;
 *
 *	// add a Principal and credential to the Subject
 *	subject.getPrincipals().add(principal);
 *	subject.getPublicCredentials().add(credential);
 * </pre>
 *
 * <p> This <code>Subject</code> class implements <code>Serializable</code>.
 * While the Principals associated with the <code>Subject</code> are serialized,
 * the credentials associated with the <code>Subject</code> are not.
 * Note that the <code>java.security.Principal</code> class
 * does not implement <code>Serializable</code>.  Therefore all concrete
 * <code>Principal</code> implementations associated with Subjects
 * must implement <code>Serializable</code>.
 *
 * @version 1.123, 05/05/04
 * @see java.security.Principal
 * @see java.security.DomainCombiner
 */

 

 

LoginModule:

 

/**
 * <p> <code>LoginModule</code> describes the interface
 * implemented by authentication technology providers.  LoginModules
 * are plugged in under applications to provide a particular type of
 * authentication.
 *
 * <p> While applications write to the <code>LoginContext</code> API,
 * authentication technology providers implement the
 * <code>LoginModule</code> interface.
 * A <code>Configuration</code> specifies the LoginModule(s)
 * to be used with a particular login application.  Therefore different
 * LoginModules can be plugged in under the application without
 * requiring any modifications to the application itself.
 *
 *...
*/
 

 

PasswordLoginModule.java:

 

package com.wgu.jaas;

import java.io.IOException;
import java.security.Principal;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

public class PasswordLoginModule implements LoginModule {

	public static final String USER_NAME = "jaas";

	/*
	 * A <code>Subject</code> represents a grouping of related information for
	 * a single entity, such as a person. It present a entity who will
	 * manipulate the system.
	 */
	private Subject mySubject;

	private CallbackHandler myCallbackHandler;

	private String username;

	private char[] password;

	private boolean loginSucceeded = false;

	private boolean commitSucceeded = false;

	/*
	 * This interface represents the abstract notion of a principal, which can
	 * be used to represent any entity, such as an individual, a corporation,
	 * and a login id.
	 * 
	 */
	private Principal myPrincipal;

	/**
	 * abort() will be called if overall login failed.
	 */
	public boolean abort() throws LoginException {
		return false;
	}

	/**
	 * This is called once the login successed.
	 */
	public boolean commit() throws LoginException {
		if (!this.loginSucceeded) {
			return false;
		}
		myPrincipal = new PrincipalImpl(username);

		// create a Principal and add it to Subject.
		if (!mySubject.getPrincipals().contains(myPrincipal)) {
			mySubject.getPrincipals().add(myPrincipal);
		}

		username = null;
		clearPassword();
		commitSucceeded = true;
		return true;
	}

	/**
	 * Initialize the LoginModule according to configuration.
	 */
	public void initialize(Subject subject, CallbackHandler callbackHandler,
			Map<String, ?> sharedState, Map<String, ?> options) {
		this.mySubject = subject;
		this.myCallbackHandler = callbackHandler;
		loginSucceeded = false;
		commitSucceeded = false;
		username = null;
		clearPassword();
	}

	private void clearPassword() {
		if (this.password == null) {
			return;
		}

		for (char c : password) {
			c = (char) ' ';
		}

		password = null;
	}

	/**
	 * Attempt to log a user in.
	 */
	public boolean login() throws LoginException {
		if (myCallbackHandler == null) {
			throw new LoginException("No CallbackHandler defined.");
		}

		/*
		 * Implementations of this interface are passed to a <code>CallbackHandler</code>,
		 * allowing underlying security services the ability to interact with a
		 * calling application to retrieve specific authentication data such as
		 * usernames and passwords, or to display certain information, such as
		 * error and warning messages.
		 */
		Callback[] callbacks = new Callback[2];
		callbacks[0] = new NameCallback("UserName");
		callbacks[1] = new PasswordCallback("Password", false);

		try {
			myCallbackHandler.handle(callbacks);
			username = ((NameCallback) callbacks[0]).getName();
			char[] tempPsw = ((PasswordCallback) callbacks[1]).getPassword();
			password = new char[tempPsw.length];
			System.arraycopy(tempPsw, 0, password, 0, tempPsw.length);
			((PasswordCallback) callbacks[1]).clearPassword();
		} catch (IOException e) {
			throw new LoginException(e.getMessage());
		} catch (UnsupportedCallbackException e) {
			throw new LoginException(e.getMessage());
		}

		// we can update this component to check user/psw against database.
		if (username.equals(USER_NAME) && password.length == USER_NAME.length()) {
			loginSucceeded = true;
			return true;
		} else {
			loginSucceeded = false;
			username = null;
			clearPassword();
			return false;
		}
	}

	/**
	 * Logout user. It will remove Principal from Subject.
	 */
	public boolean logout() throws LoginException {
		mySubject.getPrincipals().remove(myPrincipal);
		loginSucceeded = false;
		commitSucceeded = false;
		username = null;
		clearPassword();
		myPrincipal = null;
		return true;
	}

	public static void main(String[] args) {
		char[] a = { 'a', 'b', 'c' };
		char[] b = a;

		// a = null;

		for (char c : a) {
			c = (char) ' ';
		}

		for (char c : b) {
			System.out.println(c);
		}
	}
}
 

 

UserNamePasswordCallbackHandler.java:

 

/**
 * 
 */
package com.wgu.jaas;

import java.io.IOException;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;

/**
 * @author wgu
 * 
 */
public class UserNamePasswordCallbackHandler implements CallbackHandler {

	String username;

	char[] password;

	public UserNamePasswordCallbackHandler(String username, char[] password) {
		this.username = username;
		this.password = password;
	}

	public void handle(Callback[] callbacks) throws IOException,
			UnsupportedCallbackException {
		for (Callback callback : callbacks) {
			if (callback instanceof NameCallback) {
				NameCallback nameCb = (NameCallback) callback;
				nameCb.setName(username);
			} else if (callback instanceof PasswordCallback) {
				PasswordCallback pswCb = (PasswordCallback) callback;
				pswCb.setPassword(password);
			}
		}
	}

}
 

 

PrincipalImpl.java:

 

/**
 * 
 */
package com.wgu.jaas;

import java.io.Serializable;
import java.security.Principal;

/**
 * @author Administrator
 * 
 */
public class PrincipalImpl implements Principal, Serializable {
	private String name;

	public PrincipalImpl(String name) {
		this.name = name;
	}

	@Override
	public int hashCode() {
		return name.hashCode();
	}

	@Override
	public boolean equals(Object obj) {
		if (this == obj)
			return true;
		if (obj == null)
			return false;
		if (getClass() != obj.getClass())
			return false;
		final PrincipalImpl other = (PrincipalImpl) obj;
		if (name == null) {
			if (other.name != null)
				return false;
		} else if (!name.equals(other.name))
			return false;
		return true;
	}

	public String getName() {
		return name;
	}

	public String toString() {
		return getName();
	}
}

 

 

JAASTest.java:

 

/**
 * 
 */
package com.wgu.jaas;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/**
 * @author wgu
 * 
 */
public class JAASTest {
	/**
	 * We have to config "-Djava.security.auth.login.config=jaas.config" to
	 * specify configuration file.
	 * 
	 * @param args
	 * @throws Exception
	 */
	public static void main(String[] args) throws Exception {
		LoginContext lc = new LoginContext("JAASSample",
				new UserNamePasswordCallbackHandler());
		try {
			lc.login();
		} catch (LoginException e) {
			// Authentication failed.
		}

		// Authentication successful, we can now continue.
		// We can use the returned Subject if we like.
		Subject sub = lc.getSubject();
		System.out.println(sub);
	}
}
 

 

 

jaas.config:

 

JAASSample {
	com.wgu.jaas.PasswordLoginModule required
        option1="I am option";
};
 

 

JAASPriveligedActionExample.java:

 

package com.wgu.jaas;

import java.security.PrivilegedAction;

public class JAASPriveligedActionExample implements PrivilegedAction {

	public Object run() {
		System.out.println("Secret text: "
				+ JAASAuthorizationExample.getSecretText());

		return null;
	}

}
 

 

JAASAuthorizationExample.java:

package com.wgu.jaas;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

public class JAASAuthorizationExample {
	private static final String NO_PRINCIPAL = "NO_PRINCIPAL";

	public static String getSecretText() {
		AccessControlContext context = AccessController.getContext();
		Subject sub2 = Subject.getSubject(context);
		if (sub2 == null) {
			return NO_PRINCIPAL;
		}

		for (Principal p : sub2.getPrincipals()) {
			if (p.getName().equals(PasswordLoginModule.USER_NAME)) {
				return "PRINCIPAL_OK";
			}
		}

		return NO_PRINCIPAL;
	}

	/**
	 * We have to config "-Djava.security.auth.login.config=jaas.config" to
	 * specify configuration file.
	 * 
	 * @param args
	 * @throws Exception
	 */
	public static void main(String[] args) throws Exception {
		LoginContext lc = new LoginContext("JAASSample",
				new UserNamePasswordCallbackHandler());
		try {
			lc.login();
		} catch (LoginException e) {
			// Authentication failed.
		}

		// Authentication successful, we can now continue.
		// We can use the returned Subject if we like.
		Subject sub = lc.getSubject();
		/*
		 * Perform work as a particular <code>Subject</code>.
		 * 
		 */
		Subject.doAs(sub, new JAASPriveligedActionExample());
	}

}
 

 

georgeguwenzhong
关注
专栏目录
JAASjava授权与认证服务
哔哔鸟的专栏
01-22 1759
一.  什么是JAASJAASJava Authentication and Authorization Service)是一个在java中验证用户和给用户授权的可移植性接口,能的呢公路一个系统而无须考虑到底底层采用的安全系统是什么。开发者可以通过两种不同应用场景使用到JAAS:1.    java单独连接到远程EJB系统时2.    当客户通过WEB浏览器连接到Servlet或jsp时,WEB浏览器用户需要提供凭证给Servlet或jsp层。随后,Servlet或jsp层能够借助JAAS完成用户
Java认证与授权服务JAAS基础概念
不见其长,日有所长
07-07 2044
1. 前言 JAAS是”Java Authentication and Authorization Service“的缩写,它提供了认证与授权的基础框架与接口定义,而且提供了良好的插件化机制。本文主要探讨JAAS的基础概念,这些概念也是认证与授权技术中的常用概念。 2. Subject 如果要授权访问一些资源,需要先对资源请求主体进行认证。JAAS框架中,使用Subject来描述这个资源请求主体与安全访问相关的信息,因此,一个Subject通常是指一个对象实体,或者一个服务。 Subject中所关联的信息,
spring.security.oauth2-day1
clincz123的博客
07-01 256
今天的任务是追踪spring.security.oauth2的/oauth/token接口 一、springsecurity和cloud组合使用时,通过gateway转发路由到/oauth/token来实现登录,接下来是源码追踪 oauth2的内置接口都在org.springframework.security.oauth2.provider.endpoint包中,这些接口包含登录,授权等,其中有个TokenEndPoint类就是我们的登录入口类了 二、@FrameworkEndpoint
`java.security`是Java平台安全框架的核心包,它**提供了用于加密、密钥管理、认证和安全通信的API*
BLOG域名:programb.blog.csdn.net
05-12 382
例如,Spring Security利用一系列可配置的过滤器来控制用户对资源的访问,并提供身份验证和授权功能。包是Java安全框架的基础,它提供了一系列的工具和API,用于实现加密、密钥管理、认证和安全通信等功能,确保了Java应用程序的安全性。包还与其他安全相关的框架和库紧密合作,例如Spring Security,它是一个功能强大的安全框架,提供了认证和授权等多种安全服务。包对于开发安全的Java应用程序至关重要,尤其是在处理敏感数据或需要遵守特定安全标准的场合。是Java平台安全框架的核心包,它。
基于注解配置的spring mvc 4 + spring security 4实例与解析
selfreeyuan的博客
12-29 4410
关于spring security 4(以下简称SS) ,我们不能不否认,学习的成本是挺高的。如果光光是复制配置代码而不去理解SS的各个组件的实现原理和功能,那当然还是相当简单的一回事,因为配置的代码就那么几行PS:本人不是大神,写博客只是为了增强记忆和理解,以下的内容都是本人通过大量学习SS官方文档和搜索stack overflow探索得来的观点1.SS究竟主要实现什么功能?SS实现了非常多的功能
JAASJava Authentication and Authorization Service 的缩写,是 Java 的一个安全框架
BLOG域名:programb.blog.csdn.net
05-07 823
通过 JAAS,应用程序可以使用多种不同的身份验证技术来验证用户的身份,例如用户名和密码、数字证书、生物特征等,同时也可以使用多种不同的授权技术来控制用户对系统资源的访问权限。因此,更安全的方法是使用一些更强大的加密算法,如bcrypt和scrypt,这些算法具有更高的复杂度和更高的加密强度,可以有效地保护密码不被攻击者获取。3.基于策略的授权(Policy-Based Authorization):在系统级别上授权,指定哪些用户或角色可以访问哪些资源,是 JAAS 中最重要的授权机制。
glassfish4-jaas:Glassfish4.1 JAAS 示例
06-27
Java Authentication and Authorization Service (JAAS) 是 Java 平台的一部分,用于实现安全的身份验证和授权服务。本示例将带你了解如何在 Glassfish 4.1 中配置和使用 JAAS 进行用户身份验证。 **1. JAAS 概述**...
JAAS:灵活的Java安全机制
12-07
Java Authentication and Authorization Service (JAAS, Java验证和授权API)为Java应用程序提供了一种扩展标准Java 2安全模型的方法。通过添加验证主题(即用户或其他实体)的能力以及基于验证标识的授权功能,JAAS...
LPI2:Java EE 项目和 Web 服务
06-12
- **JAASJava Authentication and Authorization Service)**:用于应用级别的用户身份验证和权限管理。 - **SSL/TLS**:为Web服务提供加密和安全通信。 6. **持续集成/持续部署(CI/CD)**: - **Jenkins**:...
JAAS灵活的Java安全机制.docx
09-04
Java Authentication and Authorization Service (JAAS) 是Java平台上用于管理和实施安全策略的重要组件,它提供了一种灵活且可扩展的方法来确保客户端和服务器端Java应用程序的安全性。与早期Java安全框架侧重于...
工厂模式的介绍及实现
户伟伟的博客
09-25 86
工厂模式(Factory Pattern)是一种创建型设计模式,提供了一种创建对象的接口,而无需显式指定对象的具体类。在这种模式中,我们通过定义一个工厂类,专门负责生产各种类型的对象,这样我们可以避免直接在代码中实例化具体类,使代码更具扩展性、灵活性和维护性。解耦:客户端代码与具体的类解耦,避免了对象创建逻辑的重复。简化对象创建:通过工厂统一管理对象的创建逻辑,使代码更清晰易懂。扩展性强:新增类时,只需在工厂中增加创建逻辑,而不必修改现有的业务代码。
Java Stream流编程入门
2301_77207909的博客
09-21 530
Java StreamAPI的使用与常用方法
智能BI平台项目
2302_79400545的博客
09-22 219
BI商业智能:数据可视化、报表可视化系统。
Android系统:系统架构
liufeismart2024的博客
09-23 418
Android的系统结构的设计混合了分层设计和分块设计。
Java Alibaba Druid 数据库连接池
miracle的专栏
09-24 707
Java开发中,数据库连接池是性能优化的重要一环。而作为一款强大的数据库连接池解决方案,凭借其和对多种数据库的支持,成为了许多企业级应用的首选。本篇文章将介绍Druid的核心特性,并结合不同数据库的实际用法。
JPA+Thymeleaf增删改查
最新发布
y050505的博客
09-25 417
在使用JPA(Java Persistence API)和Thymeleaf作为模板引擎进行Web开发时,实现增删改查(CRUD)操作是一个常见的需求。下面,我将简要介绍如何使用Spring Boot框架结合JPA和Thymeleaf来实现这一功能。
Java 入门指南:Java 8 新特性 —— Lambda 表达式
Zachyy的博客
09-21 1182
Java Lambda 表达式是 Java 8 引入的一个功能,它允许以更简洁的方式编写函数式接口的实现。 Lambda 表达式可以被认为是一种匿名函数,它没有名称,但有参数列表、函数体和可能的异常列表。它可以用来替代使用匿名内部类实现函数式接口的方式 Lambda 表达式可以简化代码,使代码更加简洁、可读性更强,尤其在使用函数式接口和结合 Java Stream API 进行编程时非常有用。
第 28 章 Javascript错误处理与调试
weixin_44010641的博客
09-23 1360
JavaScript 在错误处理调试上一直是它的软肋,如果脚本出错,给出的提示经常也让人摸不着头脑。ECMAScript 第 3 版为了解决这个问题引入了 try…catch 和 throw 语句以及一些错误类型,让开发人员更加适时的处理错误。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值