Guosheng Huang, PhD, is a seniorsoftware developer withWysdom Inc. He has over 15years of experience in software engineering and technical architecture. gorsenhuang@yahoo.com
緲昏瘧錛氱豢閲庨鐑?2003/10
鐢ㄦ埛璁よ瘉鍜岃闂帶鍒舵槸澶у鏁癹ava搴旂敤鐨勯噸瑕佸畨鍏ㄥ昂搴︼紝鐗瑰埆鏄疛2EE搴旂敤銆侸ava璁よ瘉鍜屾潈闄愭湇鍔?鍗矹AAS)錛孞2SE1.4鍜?.5鐨勬牳蹇傾PI錛屾弿緇樿〃杈句簡鏂扮殑瀹夊叏鏍囧噯銆傚叾鎻愪緵浜嗕竴涓彲鎻掓嫈鐨?pluggable)鍜屽瘜鏈夊脊鎬х殑(flexible)妗嗘灦(framework)鍏佽寮鍙戣呮販鍚堜笉鍚岀殑瀹夊叏鏈哄埗鍜屼赴瀵岀殑宸茬粡瀛樺湪鍚勭瀹夊叏鏂歸潰鐨勮祫婧愩?BR>浼撮殢鐫鍗沖皢鏉ヤ復鐨凧2SE1.5鐗堟湰鐨勫彂甯冿紝瀹冨寘鍚簡璁稿璇稿鍔犲瘑鎶鏈乆ML瀹夊叏鎬с佸叕閽ユ満鍒訛紙PKI錛夈並erberos 錛堟槸涓涓綉緇滈檮鍔犵郴緇?鍗忚錛屽彲浠ュ厑璁哥敤鎴烽氳繃涓涓畨鍏ㄤ己鏈嶅櫒鐨勬湇鍔℃潵楠岃瘉 鑷繁銆傝薄榪滅鐧婚檰錛岃繙绔嫹璐濓紝緋葷粺闂寸殑鐩鎬簰妗f嫹璐濆拰鍙﹀楂橀闄╀換鍔$殑鏈嶅姟灝嗚鍙?寰楃浉褰撳畨鍏ㄥ拰鍙帶鍒躲傦級鍜岀粨鐩熻璇侊紙the federating identity錛夌殑澧炲己錛侊紝JAAS灝嗕細鍦↗2EE瀹炵幇涓壆婕斾竴涓洿鍔犻噸瑕佺殑瑙掕壊銆?BR>
璁よ瘉
璁よ瘉灝辨槸鏍¢獙涓涓敤鎴鋒嫢鏈変嬌鐢ㄥ凡緇忚浼佷笟鐢ㄦ埛娉ㄥ唽鏈烘瀯璇佹槑浜嗙殑韜喚閴村畾鐨勬潈闄愮殑澶勭悊榪囩▼銆侸AAS鐨勮璇佹満鍒跺緩绔嬩簬涓鏁村鍙彃鎷旂殑妯″潡錛堝弬鐪嬪浘1錛夊熀紜涓娿侸AAS鍏佽涓嶅悓鐨勯獙璇佹ā鍨嬪湪榪愯鏃跺彲琚彃鎷斻傚鎴峰簲鐢ㄦ繪槸閫氳繃鐧婚檰涓婁笅鏂囧璞″拰JAAS浜や簰銆?BR>璁よ瘉澶勭悊榪囩▼鍏稿瀷鐨勮緇忚繃涓嬮潰鐨勬楠わ細
1銆?鐢熸垚涓涓狶oginContext瀵硅薄銆傝繖涓狶oginContext瀵繪壘閰嶇疆鏂囦歡浠ュ喅瀹氫嬌鐢ㄩ偅涓狶oginModule銆傚悓鏍鳳紝鍙夋嫨鐨勶紝鏈夊彲鑳戒紶閫掍竴涓狢allbackHandler緇橪oginContext.
2銆?閫氳繃璋冪敤LoginContext鐨刲ogin鏂規硶鎵ц璁よ瘉錛屽畠浼氬姞杞介瀹氫箟鐨凩oginModule鍘繪楠屾槸鍚︾敤鎴峰彲浠ヨ璁よ瘉銆?BR>3銆?濡傛灉鐢ㄦ埛琚璇侊紝閭d箞鐢ㄨ鍒欏拰鏍囪瘑鍜屽叾鎵灞為」榪涜鍏寵仈銆?BR>4銆?鎴栬呭湪鐧婚檰澶辮觸鐨勬儏鍐典笅璺戝嚭涓涓狶oginException
5銆?浣跨敤LoginContext鐨刲ogout鏂規硶榪涜娉ㄩ攢鐧婚檰
鍦↗AAS涓紝鐧婚檰鏄竴涓袱闃舵(two-phase)鐨勫鐞嗚繃紼嬨傜涓闃舵鏄滅櫥闄嗭紙login錛夆濋樁孌碉紙灝卞儚涓婇潰2鎵鎻忚堪鐨勶級銆傝繖涓樁孌靛敮涓鐨勪換鍔℃槸璁よ瘉銆傚彧瑕佸鐞嗚繃紼嬫垚鍔熼氳繃榪欎釜闃舵錛岃璇佸鐞嗚繃紼嬪氨榪涘叆浜嗏滄彁浜?commit)鈥濋樁孌碉紙濡備笂姝ラ3錛夛紝榪欎竴闃舵LoginModule鐨刢ommit鏂規硶琚皟鐢ㄥ幓鍏寵仈鎵灞炲瓙欏圭浉鍏崇殑瑙勫垯鍜屾爣璇嗐?BR>鍦↗AAS涓竴涓墍灞炲瓙欏硅〃紺轟竴涓璇佸疄浣擄紝姣斿涓涓漢鎴栬呬竴鍙拌澶囥傚畠鍖呭惈浜嗕竴鏁村娉曞垯鍜屽畨鍏ㄧ浉鍏崇殑灞炴ц濡傚瘑鐮佸拰鍔犲瘑瀵嗛挜銆傚湪JAAS浣撶郴緇撴瀯涓紝鎵灞炲瓙欏瑰拰鍏舵墍闄勫睘鐨勭浉鍏蟲潈闄愶紝鎵紨浜嗛噸瑕佺殑瑙掕壊鍦ㄨ璇佽繃紼嬪綋涓傛墍鏈夌殑璁よ瘉妯″潡褰撲腑錛孡oginModule鏄簨瀹炰笂鐨勮璇佹満鍒剁殑鍊熷彛銆傝櫧鐒禠oginModule鍐蟲病鏈夊緱鍒扮洿鎺ヨ皟鐢ㄥ鎴峰簲鐢ㄧ殑鏈轟細錛屼絾鏄粬緇忕敱涓涓彲鎻掓嫈鐨勬ā鍧楁彁渚涗簡涓涓璇佺殑鍏蜂綋綾誨瀷錛屽叾瀹炵幇浜嗚璇佺殑綆楁硶騫朵笖鍐沖畾瀹為檯鐨勮璇佽繃紼嬫槸鎬庢牱琚墽琛岀殑銆?BR>SUN鎻愪緵浜嗗嚑涓粯璁ょ殑LoginModule 瀹炵幇錛屽湪sun.com.security.auth.module鍖呴噷鏈夎濡侸ndiLoginModule,Krb2LoginModule,UnixLoginModule鍜孨TLoginModule絳夊嚑涓狶oginModule瀹炵幇銆傚洜涓篔AAS鐧誨綍緇撴瀯浣撶郴鏄彲鎵╁睍鐨勶紝鎵浠ヤ綘鍙鍦ㄩ厤緗枃浠朵腑鎸囧畾浣跨敤鍝釜LoginModule妯″潡灝卞彲浠ュ嚑涔庡叏閮ㄦ彃鍏ヤ換浣昄oginModule妯″潡銆?BR>濡備笅鍗充負涓涓厤緗枃浠剁殑渚嬪瓙錛?BR>
MySample {
com.sample.module.MyLoginModule required debug=true;
};榪欓噷MySample鏄櫥褰曚笂涓嬫枃鐜(login context)鐨勫悕瀛楋紝褰撲綘鐢熸垚涓涓柊鐨凩oginContext寮濮嬭璇佽繃紼嬫椂瀹冧細琚紶鍏oginContex鐨勬瀯閫犲嚱鏁頒腑銆備緷鎹厤緗潡鎻愮ず錛岄偅涓枃鏈潡鎻愰啋JAAS鏈夊叧LoginModule鍦ㄧ櫥褰曡繃紼嬩腑搴旇琚敤鏉ユ墽琛岃璇併傚彟澶栵紝瀵逛簬LoginModule錛屼換浣曞叧浜庝粬鐨勯夐」涔熷彲浠ュ湪榪欓噷琚寚瀹氥傚湪鎵ц鐧誨綍榪欎竴姝ラ鐨勮繃紼嬩腑錛孋allbackHandler綾昏LoginModule綾葷敤鏉ヨ窡鐢ㄦ埛閫氫俊宸蹭究浜庡彇寰楄璇佷俊鎭侰allbackHandler綾誨鐞嗕笁縐嶇被鍨嬬殑鍥炶皟錛圕allback錛夛細NameCallback,鎻愮ず鐢ㄦ埛杈撳叆涓涓敤鎴峰悕錛汸asswordCallcack,鎻愮ず杈撳叆瀵嗙爜錛汿extOutputCallback,鎶ュ憡閿欒銆佽鍛婃垨鍒欏彂閫佺粰鐢ㄦ埛涓浜涘叾浠栦俊鎭?BR>
鎺堟潈鏄喅瀹氭槸鍚﹁璇佺殑鐢ㄦ埛鍙互鎵ц涓浜涘姩浣滅殑宸ヤ綔錛屼緥濡傝闂竴澶勮祫婧愩傚洜涓篔AAS寤虹珛浜庡凡緇忓瓨鍦ㄧ殑Java瀹夊叏妯″瀷鐨勫熀紜涓婏紝鏁呰繖涓繃紼嬫椂鍩轟簬絳栫暐鐨勩傜瓥鐣ラ厤緗枃浠跺疄璐ㄤ笂鍖呭惈浜嗕竴緋誨垪鐨勫叆鍙o紝璇稿鈥淜eystore鈥濆拰/鎴栤済rant鈥?
grant鍏ュ彛鍖呭惈浜嗘墍鏈夌殑鏉冮檺錛屼粬鏄氳繃璁よ瘉鐨勪唬鐮佹垨鍒欐硶鍒欒鎺堜簣鍙互榪涜瀹夊叏鏁忔劅鐨勬搷浣滐紝渚嬪錛岃闂竴涓叿浣撶殑Web欏甸潰鎴栧垯鏈湴鐨勬枃浠躲侸AAS鏀寔鍩轟簬娉曞垯鐨勭瓥鐣ュ叆鍙o紝璧嬫潈鍏ュ彛鍩烘湰鏍煎紡濡備笅錛?
grant Codebase 鈥渃odebase_URL鈥?Signedby 鈥渟igner_name,鈥?BR>Principal principal_class_name 鈥減rincipal_name鈥?
Principal principal_class_name 鈥減rincipal_name鈥?
鈥?{
permission permission_class_name 鈥渢arget_name鈥? 鈥渁ction鈥?
permission permission_class_name 鈥渢arget_name鈥? 鈥渁ction鈥?
鈥?BR>}
涓婇潰鏍煎紡涓滃姩浣滐紙action錛夆濆彲鑳芥槸蹇呴渶鐨勬垨鍒欏彲鑳借蹇界暐渚濊禆浜庢潈闄愮被鍨嬨傚湪JAAS浣撶郴緇撴瀯涓紝絳栫暐瀵硅薄琛ㄨ揪浜嗕竴涓狫ava搴旂敤鐜鐨勭郴緇熷畨鍏ㄧ瓥鐣ュ拰鍦ㄤ換浣曟椂闂翠簨瀹炰笂鍙湁涓涓瓥鐣ュ璞°備緷鎹甁ava2 SDK鏂囨。錛岄粯璁ょ殑絳栫暐瀹炵幇鏄痵un.security.provider.PolicyFile,鍏朵腑絳栫暐琚寚瀹氬湪涓涓垨澶氫釜絳栫暐閰嶇疆鏂囦歡閲屻?BR>鍙鐢ㄦ埛琚璇侊紝鎺堟潈緇忕敱Subject.doAs鏂規硶鍙戠敓錛屾垨鑰呬粠Subject綾葷殑闈欐佹柟娉昫oAsPrivileged錛宒oAS鏂規硶鐢ㄥ綋鍓嶇殑AccessControlContext鍔ㄦ佸拰瀛愰」騫朵笖鍚屾椂璋冪敤run鏂規硶鍘繪墽琛屽姩浣滐紝浠栧鑷村畨鍏ㄩ獙璇併傛潈闄愰獙璇佽繃紼嬮氳繃涓嬮潰鐨勬楠ゅ湪鍥?:
灝卞儚LoginModule,絳栫暐涔熸槸鍙彃鎷旂殑妯″瀷銆備綘鍙互鎸備笂鍏跺畠鐨勭瓥鐣ュ疄鐜伴氳繃鍦╦ava.security鐨勫睘鎬ф枃浠朵腑鏀瑰彉鈥減olicy.provider=sun.security.provider.PolicyFile鈥?
鍒頒竴涓綘欏逛嬌鐢ㄧ殑絳栫暐綾匯?BR>
Extend JAAS
JAAS寤虹珛浜庡凡緇忓瓨鍦ㄧ殑Java瀹夊叏妯″瀷鐨勯《绔紝鍏跺熀浜庘淐odeSource鈥濆拰騫抽潰鏂囨湰鏍煎紡絳栫暐鏂囦歡瀹炵幇銆傝繖鍙兘瀵逛紒涓氬簲鐢ㄦ槸涓嶅鐢ㄧ殑錛屼綘鍙兘鎯充嬌鐢ㄥ彲瀹氬埗鐨勫畨鍏ㄤ粨搴撱傚浜嶫AAS鐨勫叾瀹冨疄鐜?璇稿LDAP(杞誨瀷鐩綍璁塊棶鍗忚)錛屾暟鎹簱鎴栬呭叾浠栨枃浠剁郴緇燂紝瀹冨彲浠ラ氳繃緙栧啓浣犺嚜宸辯殑鍙畾鍒舵ā鍧楄瀹屾垚錛屾劅璋AAS鐨勫彲鎻掓嫈鐨勭壒鎬с傜劧鑰岋紝榪欓渶瑕佸妯″潡鍜孞AAS涓殑澶勭悊榪囩▼鏈夊畬鍠勭殑鐞嗚В錛屽悓鏃朵綘蹇呴』鍋氳澶氱紪鐮佸幓瑕嗗啓鐩稿叧鐨勭被錛屽茍涓斿鐞嗗ソ閰嶇疆鍜岀瓥鐣ヤ袱縐嶆枃浠躲?BR>鐞嗘兂鎯呭喌涓嬶紝鎴戜滑鎰挎剰鑳藉鎵╁睍JAAS浠ヤ竴涓洿鍔犲鏄撶殑鏂瑰紡浠ヤ究浜庢棤璁轟綍鏃朵竴涓彲瀹氬埗鐨勫畨鍏ㄧ煡璇嗗簱鎴栬呬笉鍚岀殑璁塊棶鎺у埗鏈哄埗鏀瑰彉鎴栬呭繀欏誨幓澧炲姞鏃訛紝浣犺兘澶熷彧寮鍙戝拰鎻掑叆榪欎簺涓嶅悓鐨勫皬妯″潡錛堝嵆錛岄傞厤鍣級鍘婚傚簲榪欎簺鏂扮殑鍙樺寲鍜岄渶姹傦紝騫朵笖鍦ㄦ渶濂界殑鎯呭喌涓嬶紝涓嶅繀鍘葷悊瑙e拰鐔熸倝JAAS澶勭悊榪囩▼鐨勭粏鑺傦紝鍚屾牱錛屾垜浠篃鎰挎剰鑳藉鍘誨仛榪欎簺鍙樺寲浠呬粎閫氳繃鏀瑰彉涓涓厤緗枃浠躲傚彟涓涓洰鏍囨槸鎴戜滑鐨凧AAS鎵╁睍緇勪歡鑳藉琚嬌鐢ㄥ湪涓嶅悓鐨凧2EE搴旂敤涓旂嫭绔嬬殑鎴栬匴eb涓婄殑銆傚浘3鎻忚堪浜咼AAS鎵╁睍緇勪歡鐨勮璁℃剰鍥俱傛垜浠殑JAAS鎵╁睍緇勫湪瀹炵幇鍙畾鍒剁殑LoginModule鍜岀瓥鐣ユā鍧楁椂鍏呭垎浠跺埄鐢ㄤ簡JAAS鎻掓嫈寮忕殑浣撶郴緇撴瀯銆傝繖浜涙ā鍧椾腑錛屾垜浠媧炬暟鎹姹傚埌閫傞厤鍣ㄣ傝繖浜涢傞厤鍣ㄧ殑姣忎釜瀵逛簬璇稿鏁版嵁鍙栧洖鐨勭畝鍗曚換鍔℃槸闅旂鐨勶紝鎵浠ヤ綘鍙互蹇熷湴浣跨敤涓嶅悓鐨勫畨鍏ㄧ煡璇嗘垨鑰呯畻娉曞紑鍙戜笉鍚岀殑閫傞厤鍣ㄨ屼笉鏄皾璇曞幓瀹炵幇涓嶅悓鐨凩oginModule鎴栬呯瓥鐣ユā鍧楋紝瀹冧滑鏇村姞澶嶆潅騫朵笖闇瑕佹洿澶氱殑鍔姏銆?BR>浣犲彲浠ヤ粠www.sys-con.com/java/sourcec.cfm.涓嬪湪瀹屾暣鐨勬簮鐜涖?BR>
瀹炵幇鐨凙uthLoginModule綾?/B>
AuthLoginModule綾繪槸鎴戜滑瀹氬埗鐨凩oginModule瀹炵幇錛孡oginModule綾繪槸鍦↗AAS涓槸涓涓彲鎻掓嫈緇勪歡騫朵笖鏈嶅姟浜庝袱涓洰鐨勶細
1銆侀壌瀹氳璇佺敤鎴?BR>2銆佸鏋滆璇佹垚鍏紝鍒欑敤鐩稿叧鐨勮礋璐d漢淇℃伅鎴栬呰瘉涔︽洿鏂頒富棰樸?BR>
LoginModule鏈?涓柟娉曞幓瀹炵幇鍔熻兘錛岃鎴戜滑鍏蟲敞涓涓媗ogin()鏂規硶銆傝繖涓柟娉曡璋冪敤浠ヨ璇佷富棰樺茍涓斾富瑕佷綔涓や歡浜嬫儏錛?BR>1銆佸寘鍚敤鎴峰悕鍜屽瘑鐮侊紝鍏稿瀷鍦幫紝LoginModule瑕佽皟鐢–allbackHandler綾葷殑handle鏂規硶鍘誨緱鍒扮敤鎴峰悕鍜屽瘑鐮?BR>2銆侀氳繃鍜屾暟鎹簮涓殑姣旇緝鏍¢獙瀵嗙爜銆侺oginModule浠嶤allbacks鍙栧洖鐢ㄦ埛鍚嶅拰瀵嗙爜銆?鍏墮粯璁ゆ湡鏈涚敤鎴鋒帴鍙g殑鏌愮鎺掑簭)錛岃繖涓鐐瑰浜庝竴涓畝鍗曠殑婕旂ず紼嬪簭鎴栬呭氨鍦ㄥ懡浠よ錛屽彲鏄粬瀵逛簬涓涓狫2EE搴旂敤鏉ヨ涓嶅お瀹炵敤錛屼緥濡傦紝瀵逛簬澶у鏁扮殑Web搴旂敤錛岀敤鎴峰悕鍜屽瘑鐮佸皢姣旇緝鍏稿瀷鐨勪粠涓涓猣orm涓鍑恒傚湪榪欑鎯呭喌涓嬶紝浣跨敤JAAS璁よ瘉浼氭瘮杈冨洶闅俱傝冭檻鎴戜滑涓嶇洿鎺ヤ嬌鐢↙oginModule,瑙e喅鏂規鏄疄鐜頒竴涓彲瀹氬埗鐨凜allbackHandler綾伙紝浠栦細鎺ユ敹鐢ㄦ埛鍚嶅拰瀵嗙爜鐒跺悗閫掍氦瀹冧滑緇橪oginModule錛屾墍浠ヤ粬娌℃湁蹇呰鎻愮ず鐢ㄦ埛杈撳叆淇℃伅
浠ヤ笅紺轟緥瑾槑鐢ㄦ埛淇℃伅濡備綍浠嶫SP鎴栬匰ervlet涓紶閫掞細
String userName = request.getParameter (鈥渦ser鈥?;
String password = request.getParameter(鈥減assword鈥?;
LoginContext context = new LoginContext (鈥淢ySample鈥?
new AuthCallbackHandler (userName, password));
涓鏃︽嫢鏈変簡鐢ㄦ埛鍚嶅拰瀵嗙爜鍦ㄦ墜錛孉uthLoginModule綾伙紝鎴戜滑鐨凩oginModule綾葷殑瀹氬埗瀹炵幇錛屼細緇忕敱LoginSourceAdapterFactory瀹炰緥鍖朙oginSourceAdapter騫跺悓鏃跺媧懼疄闄呯殑璁よ瘉榪囩▼鍒拌祫婧愰傞厤鍣ㄣ傞傞厤鍣ㄥ彧涓嶈繃鏄竴涓畝鍗曠殑綾伙紝鍏朵粠涓涓叿浣撶殑鏁版嵁閫傞厤鍣紙姣斿鏁版嵁搴撴垨鑰匧DAP,鎴栬呬竴浜涘埆鐨勭郴緇燂級棰嗗彇鐢ㄦ埛淇℃伅銆傚湪鈥滄彁浜も濋樁孌碉紝AuthLoginModule綾諱粠LoginSourceAdapter綾誨彇鍥炵浉鍏崇殑淇℃伅騫朵笖鎶婁粬浠拰涓婚鐩稿叧鑱斻?BR>
LoginSourceAdapter綾?/B>
LoginSourceAdapter綾繪槸涓涓璇佺洰鐨勭殑璧勬簮閫傞厤鍣ㄧ殑鎺ュ彛錛屽畠鏈?涓渶瑕佸疄鐜扮殑鏂規硶錛?BR>1銆乿oid initialize(Hashtable parameters):initialized鏂規硶琚皟鐢ㄦ潵浠ョ浉鍏崇殑鍙傛暟鍒濆鍖栭傞厤鍣ㄣ傛鏂規硶鍦ㄥ璞$敓鎴愬悗绔嬪嵆琚皟鐢ㄥ茍涓斾紭鍏堜簬浠諱綍瀵瑰叾浠栨柟娉曠殑璋冪敤銆?BR>2銆乥oolean authenticate(String username,char[] password):姝よ璇佹柟娉曡璋冪敤鏉ヨ璇佺敤鎴楓?BR>3. String[] getGroupNames (String userName):getGroupNames鏂規硶琚皟鐢ㄦ潵鍦ㄨ璇佹垚鍔熷悗寰楀埌鐩稿叧鐨勪富瑕佷俊鎭?BR>4. void terminate ():榪欎釜鏂規硶鍦↙oginModule綾葷殑logout鏂規硶琚墽琛屽悗璋冪敤錛屽畠緇欓傞厤鍣ㄥ仛涓浜涙竻鐞嗗伐浣滅殑鏈轟細銆?BR>
AuthPolicy綾?/B>
鍦↗AAS鏋舵瀯涓嬶紝瀹夊叏絳栫暐琚玧ava.securety.Policy 綾繪潵澶勭悊錛屼粬浼氳瘉鏄庤祴緇欎竴涓叿浣撶殑浠g爜婧愭垨鑰呬富浣撶殑澶氱鏉冮檺銆傚氨鍍忓湪涓婁竴孌佃璁ㄨ鐨勶紝sun.securety.provider.PolicyFile鏄叾榛樿瀹炵幇銆侾olicyFile綾諱嬌鐢ㄥ鉤闈㈡枃鏈枃浠跺幓璇佹槑鍦ㄦ潈闄愬拰浠g爜婧愪箣闂寸殑瀵瑰簲鍏崇郴錛岃繖鐐瑰浜庝紒涓氱駭搴旂敤鍙兘涓嶆槸澶ソ銆備竴涓泦涓殑緋葷粺姣斿鏀寔鍩轟簬瑙掕壊鐨勫畨鍏ㄦх殑鍏崇郴鏁版嵁搴撳皢浼氭洿濂姐傚緢鏄庢樉錛屾墿灞旿AAS鎺堟潈浠ュ鐞嗕笉鍚岀殑鏉ユ簮鐨勪笉鍚岀殑瀹夊叏鏍囪錛屾垜浠渶瑕佸啓鎴戜滑鑷繁鐨勭瓥鐣ュ疄鐜般?BR>
鐢熸垚涓涓畾鍒剁殑絳栫暐瀹炵幇鐨勬楠ゅ涓嬶細
•鎵╁睍java.securety.Policy綾?BR>•瀹炵幇getPermissions()鏂規硶
•瀹炵幇refresh()鏂規硶.
濡傛灉浣犵湅鍒版垜浠畾鍒剁殑絳栫暐綾葷殑瀹炵幇錛屼綘鍙兘娉ㄦ剰鍒版垜浠殑AuthPolicy綾繪淳鐢熷湪sun.security.provider.PolicyFile鑰屼笉鏄痡ava.security.Policy. 涓轟粈涔堬紵棣栧厛錛屾垜鎯寵瀹炵幇AuthPolicy綾諱綔涓洪氱敤鐨凱olicy綾伙紝榪欏彲浠ュ鐞嗛粯璁ょ殑絳栫暐綾諱笉闇瑕佺敤浠諱綍閫傞厤鍣ㄤ粙鍏ャ傞氳繃浠嶱olicyFile綾伙紝鎴戜滑涓嶉渶瑕佸幓瀹炵幇絳栫暐鏂囦歡瑙f瀽鍜屽叾浠栫浉鍏崇殑浠g爜銆傚悓鏃訛紝鍏氬簲鐢ㄨ繍琛屼簬涓涓畨鍏ㄧ鐞嗗櫒璧蜂綔鐢ㄧ殑鎯呭喌涓嬶紝涓浜涙潈闄愶紝姣斿doAsPrivileged AuthPermission綾誨拰璇誨叆閰嶇疆鏂囦歡鐨凢ilePermission(涓轟簡杞藉叆閰嶇疆鏂囦歡)錛岄渶瑕佽璧嬫潈涓轟簡鎵цJAAS.
褰撶劧,榪欎簺鏉冮檺鍙互琚瓨鍌ㄥ湪鏁版嵁婧愰噷錛屼絾鏄妸瀹冧滑鏀懼叆鏍囧噯Java瀹夊叏絳栫暐鏂囦歡涓彲鑳芥洿涓烘湁鍒┿傚彲鏄紝瀵逛簬姝h寮鍙戜綘搴旇瀹炵幇涓涓傞厤鍣ㄤ互搴斾粯榪欎簺浜嬫儏銆傚湪鎵╁睍璁よ瘉鏃惰閬靛驚鐩稿悓鐨勮璁℃ā寮忋傛垜浠殑絳栫暐綾誨鎵樻潈闄愯姹備簬
PermisssionAdapter綾?/B>
鍦ㄦ潈闄愮被閲岋紝涓嶅悓鐨勬潈闄愪繚瀛樹簬鑷繁鐨凱ermissionCollection綾誨疄渚嬶紝濡傛灉浣犲垱寤轟竴涓畾鍒剁殑鏉冮檺綾伙紝浣犻渶瑕佺敓鎴愪綘鑷繁鐨凱ermissionCollection綾葷被鍨嬶紝鍚﹀垯涓嶈兘淇濊瘉浣犵殑鏉冮檺瀵硅薄灝嗚鍙傝冪‘璁ゃ?BR>
PermissionAdapter綾?BR>PermissionAdapter綾誨湪鎴戜滑鐨凧AAS鎵╁睍緇勪歡涓槸璁よ瘉榪囩▼鍙彃鎷旀ā鍧楃殑鎺ュ彛銆傚畠浠庝竴涓叿浣撶殑鏁版嵁婧愯瘎浼扮瓥鐣ュ茍涓斿垎鍙戜竴涓寘鍚竴濂楀凡璧嬩簣鐨勬潈闄愮殑PermissionCollection綾匯侾ermissionAdapter綾繪帴鍙f湁涓嬮潰鐨勬柟娉曪細
• void initialize (Hashtable initParams):initialize鏂規硶琚皟鐢ㄤ互鐩稿叧鐨勫弬鏁板垵濮嬪寲閫傞厤鍣ㄣ傛鏂規硶浼氳绔嬪嵆璋冪敤騫朵笖浼樺厛浜庝換浣曞叾瀹冪殑鏂規硶璋冪敤銆傚悓鏃訛紝鍦≒olicy綾葷殑refresh鏂規硶琚墽琛屽悗瀹冧篃浼氳璋冪敤銆?BR>• PermissionCollection getPermissions (ProtectionDomain
domain): 鏈柟娉曞彧瑕佹煇縐嶄富浣撴潈闄愯璇鋒眰灝變細琚皟鐢ㄣ?BR>浣滀負涓渚嬪瓙錛岃鎴戜滑鐪嬬湅濡備綍瀹炵幇涓涓熀浜庤鑹茬殑PermissionAdapter綾匯傚亣璁炬湁涓変釜瑙掕壊錛氱鐞嗗憳錛岀敤鎴鳳紝鍜屽浜猴紝閮芥嫢鏈変笉鍚岀殑鏉冮檺錛屽茍涓旀墍鏈夌殑鏉冮檺淇℃伅琚瓨鍌ㄥ湪鏁版嵁搴撲腑銆?BR>棣栧厛錛屽湪initialize鏂規硶涓紝鎴戜滑灝嗕粠鏁版嵁涓彇寰楁墍鏈夎鑹茬殑鏉冮檺淇℃伅騫朵笖緇勮鍏ラ泦鍚堢被涓紝姣斿錛孒ashtable.鎺ヤ笅鏉ワ紝鍦╣etPermissions鏂規硶涓紝鎴戜滑浼氭敹闆嗗埌鐩稿叧涓諱綋鏈夊叧鐨勬潈闄愶紙榪欐槸浠呮湁鐨勪細娑夊強鍒板熀浜庤鑹茬殑璁塊棶鎺у埗錛夊茍涓旇繑鍥炲畠浠傛敞鎰忔垜浠彲浠ュ緱鍒扮浉鍏崇殑涓諱綋閫氳繃璋冪敤ProtectedDomain綾葷殑getPrincipals鏂規硶銆傚畠鏄姝ょ殑綆鍗曪紝涓嶆槸鍚楋紵
JaasUtil綾?/B>
瀵逛簬鎴戜滑鐨凧AAS鎵╁睍緇勪歡JaasUtil綾繪槸涓昏鐨勭航甯︼紝騫朵笖瀹冩湁涓涓瀯閫犲嚱鏁板彇寰楃敤鎴峰悕鍜屽瘑鐮併傛湁涓や釜鍏抽敭鐨勬柟娉曪細
1錛?boolean authenticate()
2錛?boolean checkPermission(Subject subject,final Permission perm)
JaasUtil綾誨疄闄呭歡榪熶簡LoginContext綾葷殑鐧婚檰璇鋒眰鍜孲ecurityManager綾葷殑鏉冮檺媯鏌ユ楠ゃ?Listing 1 鏄劇ず浜嗗浣曚嬌鐢↗aasUtil綾匯傝繖孌典唬鐮侀鍏堜粠HtttpServletRequest綾誨彇寰楃敤鎴峰悕鍜屽瘑鐮佸茍涓斿皾璇曡璇佺敤鎴?鐒跺悗鍏舵嫻嬫槸鍚︾敤鎴鋒湁鏉冮檺璁塊棶鈥渆ditReg.jsp鈥?
閰嶇疆
鐜板湪鎴戜滑鎷ユ湁鑷繁鐨勫畾鍒剁殑LoginModule,Policy鍜屽叾浠栫浉鍏蟲ā鍧楀疄鐜般傝繖浜涙ā鍧楀彲浠ュ鎵樼浉鍏崇殑鏁版嵁璇鋒眰緇欏悎閫傜殑閫傞厤鍣紱榪欐槸寰堝ソ鐨勪簨鎯呫傜劧鑰岋紝鍦↗AAS緇撴瀯涓璍oginModule綾誨拰Policy綾葷粷瀵逛笉浼氳搴旂敤紼嬪簭鐩存帴璋冪敤錛屾墍浠ユ垜浠庢牱鐭ラ亾閭g閫傞厤鍣ㄥ簲璇ヨ瀹炲姏鍖栧拰鎬庢牱浼犻掗渶瑕佺殑鍙傛暟鎴栬呬俊鎭紝姣斿鏁版嵁榪炴帴錛岀粰閫傞厤鍣紵絳旀鏄傞厤鍣ㄥ彲浠ラ氳繃鏇存柊涓涓猉ML閰嶇疆鏂囦歡琚姩鎬侀厤緗傝繖涓猉ML閰嶇疆鏂囦歡鐢變袱涓富瑕佺殑鏁版嵁孌電粍鎴愶細
1銆?lt;authentication>:鏈鍐呭瀹氫箟鐧婚檰婧愰傞厤鍣ㄥ拰璁よ瘉榪囩▼闇瑕佺殑鍚勭鍙兘鐨勮緭鍏ュ弬鏁般?BR>2銆?lt;authorization>:鏈鍐呭瀹氫箟鏉冮檺閫傞厤鍣ㄥ拰鎺堟潈榪囩▼搴忚鐨勫悇縐嶅彲鑳界殑杈撳叆鍙傛暟
浣犲彲浠ュ埗瀹氫嬌鐢ㄥ摢涓狶oginSourceAdapter綾誨拰PermissionAdapter綾匯傚湪閰嶇疆鏂囦歡涓紶閫掗澶栫殑淇℃伅涔熸槸鍙兘鐨勩傝JaasUtil綾葷煡閬撳湪閭i噷瀵繪壘閰嶇疆鏂囦歡鏈変袱縐嶉斿緞錛?BR>1銆?鍒跺畾閰嶇疆鏂囦歡緇忕敱鍛戒護琛屽睘鎬у紑鍏? -Dcon.auth.config
2銆?璋冪敤JaasUtil.setConfigFile錛坈onfigFile錛夋柟娉?
褰撲綘閮ㄧ講JAAS鎵╁睍緇勪歡鏃訛紝榪欎釜瀹氬埗瀹夊叏絳栫暐綾繪枃浠跺繀欏昏鍔犲叆鍒癑ava鐨刯re/lib鐩綍錛岃繖灝嗗紩璧風瓥鐣ョ被鏂囦歡琚玝ootstrap綾誨姞杞藉叾杞藉叆銆傚惁鍒欙紝鍗充究浣犳斁緗瓥鐣ユ枃浠跺湪浣犵殑Java綾昏礬寰勪腑錛屽畠涔熷皢涓嶈兘琚鍑哄茍涓擲un榛樿鎻愪緵鐨勭瓥鐣ョ被灝嗕細浠f浛鑰岃浣跨敤銆?BR>
鎬葷粨
鎵╁睍JAAS鏄笉鍥伴毦鐨勩侸AAS緇撴瀯鎻愪緵緇欎綘瀹氬埗瀹炵幇璁よ瘉鍜屾巿鏉冭繃紼嬬殑寮規с傜悊瑙h繖浜涜繃紼嬪浣曞伐浣滄槸鎳傚緱濡備綍鏇挎崲浣犺嚜宸辯殑瀹炵幇鐨勭涓姝ャ傚湪鏈枃涓紝鎴戜滑閲嶆俯JAAS鐨勫熀紜錛屽茍涓旀鏌ラ獙璇佷簡濡備綍鎵╁睍JAAS浣垮叾鎴愪負涓涓洿鍔犲叿澶囧姩鎬佸寲銆佺伒媧誨寲鍜岃妯″寲鐨勭壒鎬х殑妗嗘灦銆備嬌鐢ㄨ繖縐嶆墿灞曟鏋訛紝浣犳棦鑳藉杞繪澗鐨勭敓鎴愯嚜宸辯櫥闄嗗拰璁塊棶鎺у埗鏈哄埗浠ユ敮鎸佷綘鑷繁鐨勪紒涓氱駭鍒殑瀹夊叏闇姹備篃鑳藉鏀寔鏂板叴鐨勫畨鍏ㄦ爣鍑嗭紝鎴栬呭鉤琛′綘浠凡緇忓瓨鍦ㄧ殑鎴栧畾鍒跺畨鍏ㄦā鍨嬩綔涓洪傞厤鍣紝鐒跺悗鐑彃鎷斾粬浠繘鍏AAS涓傝繖搴旇鍙互緇欎綘鐨勪紒涓氬簲鐢ㄦ彁渚涗竴涓熀浜庢爣鍑嗙殑鍚屾椂楂樺彲瀹氬埗鐨勮璇佸拰鎺堟潈榪囩▼
]]>