在WAR中放置安全配置文件的位置？ [英] Where to place security configuration file in WAR?

问题描述

我正在尝试在WAR中使用JAAS进行身份验证。我了解我的配置文件（另一个链接）应放在某处（如这里）。不幸的是，如果我们谈论WAR，我无法理解究竟在哪里？以及如何命名文件？

I'm trying to use JAAS for authentication in my WAR. I understand that my configuration file (another link) should be placed somewhere (as explained here). Unfortunately, I can't understand where exactly, if we're talking about WAR? And how to name the file?

// JAAS has to find the file and retrieve "foo" from it
LoginContext ctx = new LoginContext("foo", this);

推荐答案

我有同样的问题，我想看看是否我无法根据当前的类路径（它将位于war本身内）动态设置此属性。

I had the same problem and I wanted to see if I couldn't dynamically set this property based on the current classpath (which would be located inside the war itself).

public class SecurityListener implements ServletContextListener {
    public SecurityListener() {
    }

    @Override
    public void contextDestroyed(ServletContextEvent arg0) {
    }

    @Override
    public void contextInitialized(ServletContextEvent arg0) {
        if(System.getProperty("java.security.auth.login.config") == null) {
            String jaasConfigFile = null;
            URL jaasConfigURL = this.getClass().getClassLoader().getResource("login.conf");
            if(jaasConfigURL != null) {
                jaasConfigFile = jaasConfigURL.getFile();
            }
            System.setProperty("java.security.auth.login.config", jaasConfigFile);
        }
    }
}

显然，你需要添加你的web.xml的监听器：

Obviously, you need to add the listener to your web.xml:

<listener>
    <listener-class>example.SecurityListener</listener-class>
</listener>

这样做是设置属性 java.security.auth.login.config 在实例化Web应用程序时，如果尚未定义。这意味着你可以把它扔到你的源文件夹中并自动加载它，如果没有在其他地方重新定义。我已经测试了它，它可以在Tomcat 6上运行。

What this does is set the property java.security.auth.login.config upon instantiation of the web application if it has not yet been defined. This means you could throw it in your source folder and load it automatically if not otherwise redefined elsewhere. I have tested this and it works on Tomcat 6.

所以，例如，如果你的tomcat安装在C：\program files \ tomcat6 \中你的战争部署在C：\program files \tomcat6 \webapps \ mywar中，它找到的路径是C：\ program program \ tomcat6 \ webapp \ mywar \ WEB-INF \classes这总是准确的。不确定这个解决方案是否也适用于其他Web应用程序，但我想是这样，因为login.conf将成为类路径根目录。

So, for example if your tomcat installation was in "C:\program files\tomcat6\" with your war deployed in "C:\program files\tomcat6\webapps\mywar", the path it would find would be "C:\program files\tomcat6\webapp\mywar\WEB-INF\classes" which is always accurate. Not sure if this solution also works with other web applications, but I would imagine so since login.conf is going to be where the classpath root is.

希望有所帮助！

这篇关于在WAR中放置安全配置文件的位置？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！