JBoss JAAS 自定义登录模块 [英] JBoss JAAS custom Login Module
问题描述
我正在尝试将自定义 JAAS
身份验证模块用于 JBoss 5.1.0.GA
上托管的基于 Web 的应用程序.所以一切似乎都运行良好,直到用户数量增加并且会话(如此认为)开始变得混乱.
I'm trying to use a custom JAAS
authentication module for a web based application hosted on JBoss 5.1.0.GA
. So everything seems to be working fine, until the number of users increases and sessions (so it think) start getting mixed.
我使用自定义 JAAS 的原因是因为自定义身份验证后端以及需要回传密码以便在应用程序中进一步使用.
The reason i'm using the custom JAAS is because of a custom authentication backend and the need to pass back the password for futher usage in the application.
当我在 servlet 中调用 request.getUserPrincipal 时,我在我的自定义主体上得到一个 SimplePrincipal 类型的对象.为了获得用户,我正在使用 SecurityAssociation.getSubject().getPrincipals()
并怀疑此时我得到了不正确的主体.
When i call request.getUserPrincipal in servlets i get an object of type SimplePrincipal instead on my custom principal. To get the user i'm using SecurityAssociation.getSubject().getPrincipals()
and suspect that at this point i'm getting the incorrect principal.
在 JBoss 的 Web 层(Serlets)上实现自定义登录模块和检索登录主体的正确方法是什么?
Whats the correct way to implement a customing login module and retrieving the loggedin Principal on the web layer(Serlets) on JBoss?
问题存在于EJB层,https://issues.jboss.org/browse/EJBTHREE-1756
参考:
- http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/
- http://community.jboss.org/wiki/SecurityJAASLoginModule
- http://community.jboss.org/message/531986#531986
- http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html
- http://community.jboss.org/thread/44388
- http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/pdf/Security_Guide/JBoss_Enterprise_Application_Platform-5-Security_Guide-en-US.pdf
推荐答案
当我的自定义主体正常工作时,我无法获得 LoginModule
.我创建了一个 Tomcat valve
加密并将密码推送到 HttpSession代码>
.其他 servlet 将检索和解密密码.
I couldn't get the LoginModule
with my custom principal working. I created a Tomcat valve
that encrypts and pushes the password to the HttpSession
. Other servlets will retrieve and decrypt the password.
这篇关于JBoss JAAS 自定义登录模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!