本文发表在 rolia.net 枫下论坛经过一段时间的研究,感觉理解了一些,但是有些关键的东西,还是迷惑。
jboss的文档写的太简单了。
public class McAuthLoginModule implements LoginModule {
private final Logger logger = LoggerFactory.getLogger(getClass());
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// this is the roles organised into group of the login person, who might
// have
// many roles.
private McAuthGroup rolesGroup;
private McAuthGroup callerPrincipal;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
logger.info("Initiating init");
// these 4 must be init. otherwise it wont work
setSubject(subject);
setCallbackHandler(callbackHandler);
setSharedState(sharedState);
setOptions(options);
logger.info("Ending init");
}
// commit must return true for successful login
@Override
public boolean login() throws LoginException {
logger.info("Initiating login");
long loginDuration = System.currentTimeMillis();
NameCallback nameCallback = new NameCallback("Username");
PasswordCallback passwordCallback = new PasswordCallback("Password",
false);
try {
getCallbackHandler().handle(
new Callback[] { nameCallback, passwordCallback });
} catch (IOException | UnsupportedCallbackException e) {
e.printStackTrace();
}
String loginName = nameCallback.getName();
char[] password = passwordCallback.getPassword();
logger.info("user name is {}, password is {}", loginName,
String.valueOf(password));
/*
* http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Login_Modules.html#sect-Custom_Modules
*
* The JBossSX framework uses two well-known role sets with the names Roles and CallerPrincipal. The Roles group is the collection of Principals for the named roles as known in the application
* domain under which the Subject has been authenticated. This role set is used by methods like the EJBContext.isCallerInRole(String), which EJBs can use to see if the current caller belongs
* to the named application domain role. The security interceptor logic that performs method permission checks also uses this role set. The CallerPrincipalGroup consists of the single
* Principal identity assigned to the user in the application domain. The EJBContext.getCallerPrincipal() method uses the CallerPrincipal to allow the application domain to map from the
* operation environment identity to a user identity suitable for the application. If a Subject does not have a CallerPrincipalGroup, the application identity is the same used for login.
*/
McAuthGroup callerPrincipal = new McAuthGroup("CallerPrincipal");
callerPrincipal.addMember(new McAuthRole(new Random().nextInt()
+ "user"));
setCallerPrincipal(callerPrincipal);
McAuthGroup rolesGroup = new McAuthGroup("Roles");
McAuthRole role = new McAuthRole("user");
rolesGroup.addMember(role);
setRolesGroup(rolesGroup);
loginDuration = System.currentTimeMillis() - loginDuration;
logger.info("Ending login {} successfully in {} ms", loginName,
loginDuration);
return true;
}
private Principal[] getPrincipals() {
return new Principal[] { getCallerPrincipal(), getRolesGroup() };
}
// commit must return true for successful login
@Override
public boolean commit() throws LoginException {
logger.info("Initiating commit");
Set<Principal> principals = getSubject().getPrincipals();
for (Principal principal : getPrincipals())
principals.add(principal);
logger.info("Ending commit");
return true;
}
@Override
public boolean abort() throws LoginException {
logger.info("Initiating abort");
logger.info("Ending abort");
return true;
}
@Override
public boolean logout() throws LoginException {
logger.info("Initiating logout");
Set<Principal> principals = getSubject().getPrincipals();
for (Principal principal : getPrincipals())
principals.remove(principal);
logger.info("Ending logout");
return true;
}
// getters and setters
public Subject getSubject() {
return subject;
}
public void setSubject(Subject subject) {
this.subject = subject;
}
public CallbackHandler getCallbackHandler() {
return callbackHandler;
}
public void setCallbackHandler(CallbackHandler callbackHandler) {
this.callbackHandler = callbackHandler;
}
public Map<String, ?> getSharedState() {
return sharedState;
}
public void setSharedState(Map<String, ?> sharedState) {
this.sharedState = sharedState;
}
public Map<String, ?> getOptions() {
return options;
}
public void setOptions(Map<String, ?> options) {
this.options = options;
}
public McAuthGroup getRolesGroup() {
return rolesGroup;
}
public void setRolesGroup(McAuthGroup rolesGroup) {
this.rolesGroup = rolesGroup;
}
public McAuthGroup getCallerPrincipal() {
return callerPrincipal;
}
public void setCallerPrincipal(McAuthGroup callerPrincipal) {
this.callerPrincipal = callerPrincipal;
}
}更多精彩文章及讨论,请光临枫下论坛 rolia.net
jboss的文档写的太简单了。
public class McAuthLoginModule implements LoginModule {
private final Logger logger = LoggerFactory.getLogger(getClass());
private Subject subject;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
// this is the roles organised into group of the login person, who might
// have
// many roles.
private McAuthGroup rolesGroup;
private McAuthGroup callerPrincipal;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
logger.info("Initiating init");
// these 4 must be init. otherwise it wont work
setSubject(subject);
setCallbackHandler(callbackHandler);
setSharedState(sharedState);
setOptions(options);
logger.info("Ending init");
}
// commit must return true for successful login
@Override
public boolean login() throws LoginException {
logger.info("Initiating login");
long loginDuration = System.currentTimeMillis();
NameCallback nameCallback = new NameCallback("Username");
PasswordCallback passwordCallback = new PasswordCallback("Password",
false);
try {
getCallbackHandler().handle(
new Callback[] { nameCallback, passwordCallback });
} catch (IOException | UnsupportedCallbackException e) {
e.printStackTrace();
}
String loginName = nameCallback.getName();
char[] password = passwordCallback.getPassword();
logger.info("user name is {}, password is {}", loginName,
String.valueOf(password));
/*
* http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html/Login_Modules.html#sect-Custom_Modules
*
* The JBossSX framework uses two well-known role sets with the names Roles and CallerPrincipal. The Roles group is the collection of Principals for the named roles as known in the application
* domain under which the Subject has been authenticated. This role set is used by methods like the EJBContext.isCallerInRole(String), which EJBs can use to see if the current caller belongs
* to the named application domain role. The security interceptor logic that performs method permission checks also uses this role set. The CallerPrincipalGroup consists of the single
* Principal identity assigned to the user in the application domain. The EJBContext.getCallerPrincipal() method uses the CallerPrincipal to allow the application domain to map from the
* operation environment identity to a user identity suitable for the application. If a Subject does not have a CallerPrincipalGroup, the application identity is the same used for login.
*/
McAuthGroup callerPrincipal = new McAuthGroup("CallerPrincipal");
callerPrincipal.addMember(new McAuthRole(new Random().nextInt()
+ "user"));
setCallerPrincipal(callerPrincipal);
McAuthGroup rolesGroup = new McAuthGroup("Roles");
McAuthRole role = new McAuthRole("user");
rolesGroup.addMember(role);
setRolesGroup(rolesGroup);
loginDuration = System.currentTimeMillis() - loginDuration;
logger.info("Ending login {} successfully in {} ms", loginName,
loginDuration);
return true;
}
private Principal[] getPrincipals() {
return new Principal[] { getCallerPrincipal(), getRolesGroup() };
}
// commit must return true for successful login
@Override
public boolean commit() throws LoginException {
logger.info("Initiating commit");
Set<Principal> principals = getSubject().getPrincipals();
for (Principal principal : getPrincipals())
principals.add(principal);
logger.info("Ending commit");
return true;
}
@Override
public boolean abort() throws LoginException {
logger.info("Initiating abort");
logger.info("Ending abort");
return true;
}
@Override
public boolean logout() throws LoginException {
logger.info("Initiating logout");
Set<Principal> principals = getSubject().getPrincipals();
for (Principal principal : getPrincipals())
principals.remove(principal);
logger.info("Ending logout");
return true;
}
// getters and setters
public Subject getSubject() {
return subject;
}
public void setSubject(Subject subject) {
this.subject = subject;
}
public CallbackHandler getCallbackHandler() {
return callbackHandler;
}
public void setCallbackHandler(CallbackHandler callbackHandler) {
this.callbackHandler = callbackHandler;
}
public Map<String, ?> getSharedState() {
return sharedState;
}
public void setSharedState(Map<String, ?> sharedState) {
this.sharedState = sharedState;
}
public Map<String, ?> getOptions() {
return options;
}
public void setOptions(Map<String, ?> options) {
this.options = options;
}
public McAuthGroup getRolesGroup() {
return rolesGroup;
}
public void setRolesGroup(McAuthGroup rolesGroup) {
this.rolesGroup = rolesGroup;
}
public McAuthGroup getCallerPrincipal() {
return callerPrincipal;
}
public void setCallerPrincipal(McAuthGroup callerPrincipal) {
this.callerPrincipal = callerPrincipal;
}
}更多精彩文章及讨论,请光临枫下论坛 rolia.net