Java EE 6/7应用程序中的自定义安全机制
我想创建(由我自己实现)身份验证机制,该机制将是 插入我的Java EE应用程序.
I would like to create (implement by my own) authentication mechanism which will be plugged into my Java EE application.
据我所知,我必须实现LoginModule并将此实现与 容器机制以某种方式.但是问题是我不知道该怎么做. 也许您知道我在哪里可以找到示例代码或教程?
As far as I know I have to implement LoginModule and connect this implementation with container mechanisms somehow. But the problem is that I don't know how to do it. Maybe You know where I can find sample code or tutorial about it?
换句话说,我想在任何方法时强制容器调用我的类: 进行身份验证,登录和注销.
In other words I would like to force container to call my classes whenever methods: authenticate, login, and logout are called.
示例实施: HttpServletRequest.login方法将仅对登录时具有偶数个字母的用户成功进行身份验证.
Sample implementation: HttpServletRequest.login method will successfully authenticate only users with even numer of letters in login.
在阅读了有关JAAS的内容之后,您应该基于 org.jboss.security.auth.spi.AbstractServerLoginModule (来自 org.picketbox/picketbox maven工件).然后将模块与您的应用程序一起部署,并在WildFly的standalone.xml中创建适当的安全域和领域,例如:
After reading about JAAS, you should implement your login module basing on org.jboss.security.auth.spi.AbstractServerLoginModule (from org.picketbox/picketbox maven artifact). Then deploy the module with your app, and create a proper security domain and realm in WildFly's standalone.xml, like such:
<security-domain name="myDomain" cache-type="default">
<authentication>
<login-module code="com.example.TestLoginModule" flag="required"
module="deployment.sample.jar"/>
</authentication>
</security-domain>
...
<security-realm name="MyRealm">
<authentication>
<jaas name="myDomain"/>
</authentication>
</security-realm>
请注意不同JBoss AS版本上的不同行为. 7.1.1不允许您部署登录模块,您必须创建一个单独的jboss模块并将其与org.picketbox和jboss.security模块绑定.
Look out for different behaviour on different JBoss AS versions. 7.1.1 will not allow you to deploy the login module, you would have to create a separate jboss module and bind it with org.picketbox and jboss.security modules.
其他阅读: https://docs.jboss.org/author/display/WFLY8/Security +子系统+配置
https://docs.jboss.org/author/display/WFLY8/安全+领域
http://java.dzone.com/articles/creating-custom-登录模块(虽然有些过时,但是给出了主要思想)
http://java.dzone.com/articles/creating-custom-login-modules (it is a little outdated, but the gives the main idea)