Java EE 6/7应用程序中的自定义安全机制 [英] Custom Security mechanism in Java EE 6/7 application

问题描述

我想创建(由我自己实现)身份验证机制，该机制将是 插入我的Java EE应用程序.

I would like to create (implement by my own) authentication mechanism which will be plugged into my Java EE application.

据我所知，我必须实现LoginModule并将此实现与 容器机制以某种方式.但是问题是我不知道该怎么做. 也许您知道我在哪里可以找到示例代码或教程?

As far as I know I have to implement LoginModule and connect this implementation with container mechanisms somehow. But the problem is that I don't know how to do it. Maybe You know where I can find sample code or tutorial about it?

换句话说，我想在任何方法时强制容器调用我的类: 进行身份验证，登录和注销.

In other words I would like to force container to call my classes whenever methods: authenticate, login, and logout are called.

示例实施: HttpServletRequest.login方法将仅对登录时具有偶数个字母的用户成功进行身份验证.

Sample implementation: HttpServletRequest.login method will successfully authenticate only users with even numer of letters in login.

推荐答案

在阅读了有关JAAS的内容之后，您应该基于 org.jboss.security.auth.spi.AbstractServerLoginModule (来自 org.picketbox/picketbox maven工件).然后将模块与您的应用程序一起部署，并在WildFly的standalone.xml中创建适当的安全域和领域，例如:

After reading about JAAS, you should implement your login module basing on org.jboss.security.auth.spi.AbstractServerLoginModule (from org.picketbox/picketbox maven artifact). Then deploy the module with your app, and create a proper security domain and realm in WildFly's standalone.xml, like such:

<security-domain name="myDomain" cache-type="default">
  <authentication>
    <login-module code="com.example.TestLoginModule" flag="required" 
module="deployment.sample.jar"/>
  </authentication>
</security-domain>

...

<security-realm name="MyRealm">
 <authentication>
   <jaas name="myDomain"/>
 </authentication>
</security-realm>

请注意不同JBoss AS版本上的不同行为. 7.1.1不允许您部署登录模块，您必须创建一个单独的jboss模块并将其与org.picketbox和jboss.security模块绑定.

Look out for different behaviour on different JBoss AS versions. 7.1.1 will not allow you to deploy the login module, you would have to create a separate jboss module and bind it with org.picketbox and jboss.security modules.

其他阅读: https://docs.jboss.org/author/display/WFLY8/Security +子系统+配置

https://docs.jboss.org/author/display/WFLY8/安全+领域

http://java.dzone.com/articles/creating-custom-登录模块(虽然有些过时，但是给出了主要思想)

http://java.dzone.com/articles/creating-custom-login-modules (it is a little outdated, but the gives the main idea)

这篇关于Java EE 6/7应用程序中的自定义安全机制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！