JAAS generally has the following two steps:
1, Authentication: define principals, implement LoginModule and callback handler, associate designated principals with the subject object in the commit method of LoginModule implementation, configure the module implementation in a login configuration file, i.e
Sample {
sample.module.SampleLoginModule required debug=true;
};
lc = new LoginContext("Sample", new MyCallbackHandler());
Subject s = lc.getSubject();
Subject.doAs(s, new PrivilegedAction(){...}); // the authenticated subject s will be associated with the current access control context.
2. Authorization: write policy file to grant principals access right to any critical resources. e.g.
grant
Principal sample.principal.SamplePrincipal "testUser" {
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "foo.txt", "read";
};
posted @
2011-12-31 14:32 Sam Zheng 閱讀(131) |
評論 (0) |
編輯 收藏
to decouple modules or sub systems: define interfaces and dependencies between modules
posted @
2011-11-22 12:24 Sam Zheng 閱讀(100) |
評論 (0) |
編輯 收藏