如何在自定义安全领域(Glassfish)中使用自定义主体? [英] How to use a Custom Principal in a custom security realm (Glassfish)?
问题描述
我遵循了说明,以为我的玻璃鱼.一切正常,对用户进行了正确的身份验证.但是,问题如下:
I followed the instructions to create a custom security realm for my glassfish. It all works fine, users are authenticated correctly. The problem however is the following:
- 用户凭据以字符串加密
- 领域解密该字符串并针对数据库执行验证(有效)
- 不是在securityContext中将解密的值用作主体,而是将加密的 字符串被传递.
- The user credentials are encrypted in a string
- The realm decrypts this string and performs the authentication against a database (works)
- Instead of using the decrypted values as principal in the securityContext the encrypted String is passed.
我已经尝试重写commit()方法来替换_userPrincipal或使用getSubject().getPrincipals().add(new PrincipalImpl("user"))附加我自己的实现.两者均未按预期工作.基本上,问题很简单:我如何在Glassfish的自定义安全领域中设置自己的主体,从而使其可以与注入的securityContext一起使用?
I already tried to override the commit() method to replace the _userPrincipal or attach my own implementation using getSubject().getPrincipals().add(new PrincipalImpl("user")). Neither was working as expected. Basically the question is a simple as this: How can I set my own principal in a custom security realm in glassfish in a way which makes it possible to use it together with an injected securityContext?
我的环境:
- Glassfish 3.1.2.2(内部版本5)完整个人资料
- 身份验证后面运行的应用程序是基于JAX-RS 1.1的应用程序
- 通过注入获得SecurityContext
推荐答案
我已经尝试覆盖commit()方法来替换 _userPrincipal或使用getSubject().getPrincipals().add(new PrincipalImpl("user"))附加我自己的实现.两者都不 正在按预期工作.
I already tried to override the commit() method to replace the _userPrincipal or attach my own implementation using getSubject().getPrincipals().add(new PrincipalImpl("user")). Neither was working as expected.
您会遇到哪种错误?
无论如何,我认为您的问题在于此过程的第三步. SecurityContext仅将BASIC_AUTH,FORM_AUTH,CLIENT_CERT_AUTH,DIGEST_AUTH定义为AuthenticationScheme,因此SecurityContext可能看不到您对安全方案或类型的实现.但是您可以尝试这些步骤,希望它们对您有用.
Regardless, I think your issue lies on the third step of this process. SecurityContext only defines BASIC_AUTH, FORM_AUTH, CLIENT_CERT_AUTH, DIGEST_AUTH as AuthenticationScheme so perhaps SecurityContext cannot see your implementation of your security scheme or type. But you can try these steps and I hope they would work for you.
A-实现Java身份验证和授权服务(JAAS)LoginModule或扩展com.sun.appserv.security.AppservPasswordLoginModule
A- Implement a Java Authentication and Authorization Service (JAAS) LoginModule or extend com.sun.appserv.security.AppservPasswordLoginModule
public class MyLoginModule extends AppservPasswordLoginModule {
@Override
protected void authenticateUser() throws LoginException {
if (!authenticate(_username, _password)) {
//Login fails
throw new LoginException("LoginFailed");
}
String[] myGroups = getGroupNames(_username);
commitUserAuthentication(myGroups);
}
private boolean authenticate(String username, String password) {
/*
Check the credentials against the authentication source, return true if authenticated, return false otherwise
*/
return true;
}
private String[] getGroupNames(String username) {
// Return the list of groups this user belongs to.
}
B-实现您的领域类.
B- Implementing your realm class.
public class MyRealm extends AppservRealm {
@Override
public void init(Properties props)
throws BadRealmException, NoSuchRealmException {
//here you initialize the realm
}
@Override
public String getAuthType() {
return "Custom Realm";
}
}
C-将领域和LoginModule安装并配置到服务器中.
C- Installing and configuring the realm and LoginModule into the server.
为此,您需要查看JSR 196并通过实现javax.security.auth.message.module.ServerAuthModule编写自己的SAM.看看下面的链接. https://blogs.oracle.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the
for this you need to look at JSR 196 and write you own SAM by implmenting javax.security.auth.message.module.ServerAuthModule. Take a look at thelink below. https://blogs.oracle.com/enterprisetechtips/entry/adding_authentication_mechanisms_to_the
这篇关于如何在自定义安全领域(Glassfish)中使用自定义主体?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
