JBoss的JAAS定制登录模块 [英] JBoss JAAS custom Login Module

查看:251
本文介绍了JBoss的JAAS定制登录模块的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想使用自定义的 JAAS 对于托管在的JBoss 5.1.0.GA 。所以,一切似乎是工作的罚款,直到用户的增加和会话的数量(这样认为)开始获得混合。

我使用自定义JAAS的原因是因为一个自定义的认证后端并且需要在进一步的应用使用传回的密码。

当我在Servlet中调用request.getUserPrincipal我得到的类型SimplePrincipal的对象上,而不是我的自定义主体。为了让我使用 SecurityAssociation.getSubject()用户。的getPrincipals()和怀疑,在这一点上,我发现了不正确原则。

请告诉我一个实施[用户登录模块和检索JBoss上的Web层(Serlets)上的loggedIn校长的正确方法是什么?

编辑:
EJB层上存在的问题, https://issues.jboss.org/browse/EJBTHREE-1756

编号:


  1. http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/

  2. http://community.jboss.org/wiki/SecurityJAASLoginModule

  3. http://community.jboss.org/message/531986#531986

  4. http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html

  5. http://community.jboss.org/thread/44388

  6. http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/pdf/Security_Guide/JBoss_Enterprise_Application_Platform-5-Security_Guide-en-US.pdf


解决方案

我无法与我的自定义主要的工作获得的LoginModule 。我创建了一个Tomcat 阀> 的HttpSession 。其他servlet将检索和解密密码。

I'm trying to use a custom JAAS authentication module for a web based application hosted on JBoss 5.1.0.GA. So everything seems to be working fine, until the number of users increases and sessions (so it think) start getting mixed.

The reason i'm using the custom JAAS is because of a custom authentication backend and the need to pass back the password for futher usage in the application.

When i call request.getUserPrincipal in servlets i get an object of type SimplePrincipal instead on my custom principal. To get the user i'm using SecurityAssociation.getSubject().getPrincipals() and suspect that at this point i'm getting the incorrect principal.

Whats the correct way to implement a customing login module and retrieving the loggedin Principal on the web layer(Serlets) on JBoss?

EDIT: The problem exists on the EJB layer, https://issues.jboss.org/browse/EJBTHREE-1756

Ref:

  1. http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/
  2. http://community.jboss.org/wiki/SecurityJAASLoginModule
  3. http://community.jboss.org/message/531986#531986
  4. http://download.oracle.com/javase/1.4.2/docs/guide/security/jaas/JAASLMDevGuide.html
  5. http://community.jboss.org/thread/44388
  6. http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/pdf/Security_Guide/JBoss_Enterprise_Application_Platform-5-Security_Guide-en-US.pdf

解决方案

I couldn't get the LoginModule with my custom principal working. I created a Tomcat valve that encrypts and pushes the password to the HttpSession. Other servlets will retrieve and decrypt the password.

这篇关于JBoss的JAAS定制登录模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆